Ansible and Windows – Setup Notes

Using Ansible to manage Windows hosts gives sys admins the ability to use the same tool-set between Linux and Windows hosts.

Below are some notes, issues, and resolutions, you may find useful during your Windows setup.

  1. On the Ansible controller instance, you will want to install the Python library for Windows Remote Management (WinRM).
    • sudo pip install pywinrm
  2. Configure Ansible to work with Windows hosts.  Follow the links below for configuring Ansible to work with your Windows host.
  3. On the Windows host, you will want to execute the bootstrap WinRM powershell script.  This script will setup WinRM on the Windows host(s)
  4. On your Windows host, you will want to configure a new user with Admin privileges.  This username and password will be added to your windows.yml file.
  5. If you encounter the following error, you will want to set “ansible_winrm_server_cert_validation: ignore” in the windows.yml file.
    • msg”: “ssl: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)”
  6. Finish your testing with a quick win ping test.
    • ansible windows -i hosts -m win_ping
  7. If you encounter issues pinging your Windows host, you can manually try to access the Windows host WinRM endpoint with curl.
    • curl -vk -d “” -u ‘<username>:<password>’ https://host:5986/wsman
      • “…the default ports used for WS-Management and PowerShell remoting have been changed to 5985 an 5986 for connections over HTTP and HTTPS, respectively.” Source
    • You can also verify your WinRM configuration on the host as needed using this command.
      • winrm g winrm/config

If all goes well, you should get the following output back from your ping command.

[myUser@myServer]$ ansible windows -i hosts -m win_ping
1.1.1.1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}