There are so many ways to step that it became a verb by the 1800s. But what is stepping and how can it be done? This article will take you through the history of steps, and teach you some cool tricks for doing them yourself.
Although Ansible is well known for controlling Linux nodes through SSH, did you realize that it also works on Windows? Ansible can also handle all of your Windows nodes via Windows Remote Management (WinRM).
On Windows, you can use Ansible to accomplish things like apply patches, manage Windows servers, run PowerShell scripts, and more.
You’ll learn how to set up your first Windows node for Ansible management and how to execute commands and playbooks against it in this tutorial.
If you want to follow along with the lesson, make sure you have the following items before you begin:
- Ansible controller host — Ansible v2.9.18 will be used in this lesson on an Ubuntu 18.04.5 LTS system with the IP address 10.111.4.53. Windows is only supported as a managed node, not as a control node.
- Ansible controller host with Python installed — This lesson will use Python version 2, however version 3 should also work.
- On the Ansible controller, the pip package was installed.
- For Ansible to manage, you’ll need a PC running Windows 2012 R2 or above. Two Windows Server 2012 R2 Standard computers with IP addresses of 18.104.22.168 and 10.111.4.106 will be used as remote nodes in this tutorial.
- A Windows computer – This tutorial will need you to sit at a Windows workstation and provide some basic pre-configuration to the node that Windows will control using Ansible.
- PowerShell Remoting is enabled on the Windows server to be managed.
- On the Windows computer, a user account in the local Administrators group. This tutorial will utilize the adminuser account.
On Windows, configure the WinRM listener
Ansible must be able to connect to a remote Windows node before it can interact with it. It accomplishes it using the WinRM protocol from Microsoft. PowerShell Remoting utilizes the same WinRM protocol to conduct remote commands from inside PowerShell.
Ansible does support SSH as a management protocol as of this writing, but it’s still an experimental function.
You must setup WinRM before Ansible can connect with the Windows node. Ansible includes a PowerShell script that adjusts several WinRm parameters to do this.
Although Red Hat’s PowerShell script for configuring WinRM has been tested and is secure, you should read it and understand what it’s doing at a high level.
The first step is to download and execute the configuration script on the Windows node that will be handled by Ansible. If you’re at a Windows workstation and have PowerShell Remoting enabled on your target Windows PC, follow these steps:
Download the PowerShell script ConfigureRemotingForAnsible.ps1 to your own Windows machine. This guide will presume it’s in the Downloads folder.
Using the Invoke-Command command, run the configuration script on the Windows node that Ansible will control. The command below will execute on the two sample computers in this article and request you for the password for the local adminuser account on the Windows nodes.
22.214.171.124, 10.111.4.106 -FilePath ‘DownloadsConfigureRemotingForAnsible.ps1’ -Credential (Get-Credential -UserName adminuser)
The configuration script configures WinRM for basic HTTP authentication by default. Learn How to Configure WinRM over HTTPS for Ansible if you want Ansible to utilize a more secure connection.
Ansible Controller Configuration
Let’s setup the Ansible controller to teach Ansible how to connect with the Windows node now that it’s ready for Ansible.
1. Use your chosen SSH client to connect to your Ansible controller server through SSH.
2. Install the Python package pywinrm. Ansible requires the pywinrm Python module to interface with Windows systems via the WinRM protocol.
3. Create an Ansible inventory file to define the remote Windows nodes. An Ansible inventory is a list of remote hosts identified by their hostname or IP address in a file. Once configured, you may use commands and playbooks to target Ansible inventory, as you’ll see shortly.
The /etc/ansible/hosts directory contains the default Ansible inventory file.
A windows host group is generated in the example inventory file below, which includes each Windows node. The lesson use a host group to make it easy to eventually target all Windows nodes (if you have more than one).
[windows] 126.96.36.199 10.111.4.106
4. Create a windows:vars group in the inventory file to identify a few essential variables Ansible will need while connecting to Windows hosts.
[windows:vars] ansible user=localadmin ## the windows username that ansible will use to communicate with remote windows nodes ansible password=s3crect ## the windows password that ansible will use to communicate with remote windows nodes ansible connection=winrm ## the type of connection that ansible will make with remote windows nodes ## disregard ansible winrm server cert validation Because we’ll be utilizing a self-signed certificate that comes with Ansible, we’ll skip certificate validation.
5. Now, use the Ansible win ping module to run a quick connection test against the hosts in the windows host group you created in step #3.
# ansible windows -m win ping instructs Ansible to use the win ping module # windows is the host group
When Ansible is run, it returns green text with an SUCCESS message, indicating that the ping attempt was successful.
a successful victory Connection _ping
The result validates that the Ansible controller host can successfully interface with the Windows remote host through WinRM.
Using Windows Hosts to Execute Ad-hoc Commands
You’re ready for Ansible to start managing your Windows nodes at this point. Let’s put this to the test by changing the Windows nodes using an ad-hoc command. When you need to perform a basic command on nodes without previously establishing a playbook, ad-hoc commands are ideal.
Installing a Windows feature on the Windows nodes described in the windows host group in the inventory file will illustrate ad-hoc commands. If you’re still SSHed into your Ansible controller node, follow these steps:
1. Call the win feature module (-m) instead of the win ping module this time, sending it two arguments (-a) specifying the name of the Windows feature and the state you want it to be in.
# windows # win feature is the name of the module # state=present indicates that the package or service ansible windows should be installed. -a “name=Telnet-Client state=present” -m win feature
If everything goes properly, Ansible should connect to all of the nodes in the windows host group and execute the win feature command on each, looking for and installing the Telnet-Client Windows feature if it isn’t already installed.
Windows Feature Ansible
2. Ansible reports success, but to be sure, use PowerShell to manually connect to the Windows nodes and check that the Telnet Client Windows feature is now installed. Perform Invoke-Command on your local Windows desktop to run the Get-WindowsFeature PowerShell command on each Windows PC.
Get-WindowsFeature -Name ‘Telnet-Service’ Invoke-Command -ComputerName 188.8.131.52, 10.111.4.106 -ScriptBlock -Credibility (Get-Credential -UserName adminuser)
You may now use any Windows module you want as ad-hoc commands!
Ansible Windows Playbooks: Creating and Executing
The next step is to design and execute playbooks after you’ve mastered the art of executing ad-hoc commands on Windows managed nodes. An Ansible playbook is a collection of instructions that enables you to build complicated logic to automate complex situations.
The win command Module allows you to run remote Windows commands.
Assuming your Ansible controller host is still connected:
1. Create an ansible-windows-demo folder in your home directory and move to it. Your playbook will be kept in this folder.
cd /ansible-windows-demo mkdir /ansible-windows-demo mkdir /ansible-windows-demo
2. In the /ansible-windows-demo directory, use your preferred text editor and create an ansible-windows.yml file.
YAML is used to write Ansible playbooks.
3. Create a single task by copying the following playbook into the ansible-windows.yml file. This playbook will use the win command Windows Ansible module to run the netstat Windows command on all hosts in the windows host group.
The win command module is used to run commands on a remote Windows host. It doesn’t support variables like special characters, line breakers, greater than symbols, and so on.
—- – example of the Ansible win command module # host group to execute the module on tasks: hosts: windows – name: launch a remote Windows system’s executable command win command: netstat -e # win command is a Windows module.
4. Run the following command to invoke the ansible-windows.yml playbook, which runs the task on the remote host.
If everything went correctly, the output should look like this.
Using the win command module, Ansible successfully performed the netstat command.
Using the win shell Module to run remote PowerShell commands
In the last example, you constructed a script to perform a remote cmd.exe command (netstat) on Windows managed nodes. Let’s boost the ante by utilizing the win shell module to perform PowerShell commands.
By default, the win shell module runs on a Windows host using PowerShell.
On your Windows computer, perform the following:
1. On your local Windows computer, open your preferred text editor and create a sample PowerShell script. Copy the following code into it and save it as one. ps1. The script will be saved to one in this lesson. ps1.
The code below generates a blank text file in the C:temp directory named test2.txt.
Set-Content -Value ” -Path C:temptest2.txt
2. Take a copy of it. Use your favorite way to deploy the ps1 PowerShell script to your Windows managed nodes. This lesson will presume you’ve already completed the previous one. ps1 script to each Windows node’s C:Temp folder.
3. Connect to your Ansible controller server and open your preferred text editor once the example PowerShell script is on the Windows node(s). Make a new playbook named ansible-windows-shell.yml in the same /ansible-windows-demo directory this time.
4. In the ansible-windows-shell.yml file, copy and paste the following playbook. To showcase the win shell module, this playbook will execute two activities. It runs the PowerShell script you copied in step 2 and pastes the PowerShell code right into the playbook to show that the script isn’t required.
Use the | pipe character to send several lines of PowerShell code to the win shell module.
# local Windows user to connect with hosts: windows # remote host group tasks: —- – name: Ansible win shell module example remote user: localadmin – name: Single-line PowerShell # Using the win shell module to run a single command win shell: C:tempone.ps1 – name: Win shell: run multi-lined shell commands $text = ‘I am the ATA Author’ Set-Content -Value $text -Path C:temptest3.txt
Related:Reading Text Files in PowerShell Like a Boss
5. Now run the ansible-windows-shell.yml playbook, which runs on the remote server but using PowerShell.
6. Verify that the playbook executes the existing script and the PowerShell code in the playbook on your local Windows workstation, if required.
Test-Path -Path ‘C:Temptest3.txt’,’C:Temptest2.txt’ Invoke-Command -ComputerName 184.108.40.206, 10.111.4.106 -ScriptBlock -Credibility (Get-Credential -UserName adminuser)
PowerShell should return two True statements indicating that the files now exist if the Ansible playbook executed correctly.
You learnt how to set up your first Windows managed node with Ansible in this article. Even while Ansible is most often associated with Linux, it may also be used on Windows!
What Ansible playbooks and Windows modules will you use to handle Windows?
“a step sleep program” is a technology that has been around for a while. The program helps people to fall asleep in just minutes.
- a-step aasm
- a-step introductory course
- a step provider
- how much does the a-step program cost
- a step brownsville