Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail

 

  1. Install these packages on your management Linux system
    1. apt-get -y install python-dev libkrb5-dev python-pip”.
    2. pip install “pywinrm>=0.2.0””.
    3. pip install kerberos”.
    4. apt-get -y install ansible”.
    5. apt-get –y install krb5-user”.
    6. pip install requests-ntlm

 

  1. Check the version of packages by running command “pip list”. The versions to have
    1. pip (1.5.4)
    2. pycrypto (2.6.1)
    3. pykerberos (1.1.13)
    4. python-apt (0.9.3.5ubuntu2)
    5. python-debian (0.1.21-nmu2ubuntu2)
    6. python-ntlm3 (1.0.2)
    7. pywinrm (0.2.0)
    8. requests-ntlm

 

Project root folder:

                  windows

                        |___group_vars / windows.yml

                        |___hosts

windows.yml is used to store the vars for this project, the content is :

ansible_user: Administrator
ansible_password: password
ansible_winrm_scheme: https
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore
ansible_winrm_message_encryption: auto
ansible_winrm_transport: ntlm
  • ansible_winrm_scheme: https
    ansible_port: 5986 — we are going to use https, and the port is 5986
  • ansible_connection: winrm — tell ansible to use winrm instead of ssh
  • ansible_winrm_message_encryption: auto — use encryption so we will not get rejected by windows machine.

hosts file:

[windows]
frank-pc ansible_ssh_host=192.168.10.55
Windows Setup
  • Ansible’s supported Windows versions generally match those under current and extended support from Microsoft. Supported desktop OSs include Windows 7, 8.1, and 10, and supported server OSs are Windows Server 2008, 2008 R2, 2012, 2012 R2, and 2016.
  • Ansible requires PowerShell 3.0 or newer and at least .NET 4.0 to be installed on the Windows host.
  • A WinRM listener should be created and activated. More details for this can be found below.
WinRM setup

Download: https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 to current folder:

powershell.exe -ExecutionPolicy ByPass -File ConfigureRemotingForAnsible.ps1
Setup WinRM Listener

There are three ways to set up a WinRM listener:

  • Using winrm quickconfig for HTTP or winrm quickconfig -transport:https for HTTPS.

  • To get an output of the current service configuration options, run the following command:
    winrm get winrm/config/Service
    winrm get winrm/config/Winrs
    
Problems:
Windows firewall

Following rule needs to be enabled: Windows Remote Management (HTTP-in)

 

The specified credentials were rejected by the server
frank-pc | FAILED! => {
 "failed": true,
 "msg": "ERROR! plaintext: the specified credentials were rejected by the server"
}

You should check the winrm setup on the windows server by powershell command:

PS c:\windows\system32\ > winrm get winrm/config/service

Service
  RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  MaxConcurrentOperations = 4294967295
  MaxConcurrentOperationsPerUser = 1500
  EnumerationTimeoutms = 240000
  MaxConnections = 300
  MaxPacketRetrievalTimeSeconds = 120
  AllowUnencrypted = false

Note the AllowUnencrypted is false, so temporarily change this into allow unencrypted message:

set-item -Path WSMan:\localhost\Service\AllowUnencrypted -Value True

If this works, make sure the following configure is same in the vars file:

ansible_winrm_scheme: https 

ansible_port: 5986

ansible_winrm_message_encryption: auto 

ansible_winrm_transport: ntlm

pip install requests-ntlm

 

Test

Playbook:

---
- name: Install Apache from an MSI
  hosts: all
  tasks:
    - name: Download the Apache installer
      win_get_url:
        url: 'http://www.7-zip.org/a/7z1701-x64.msi'
        dest: 'C:\Users\Support\Downloads\7z1701-x64.msi'

    - name: Install MSI
      win_msi:
      path: 'C:\Users\Support\Downloads\7z1701-x64.msi'
      state: present

Then call it:

ansible-playbook apache_windows.yml -i hosts -u support

 

 

Reference

Configuring Ansible to manage Windows system over PowerShell

 

https://docs.ansible.com/ansible/devel/windows_setup.html#setup-winrm-listener