Using Ansible to manage Windows hosts gives sys admins the ability to use the same tool-set between Linux and Windows hosts.
Below are some notes, issues, and resolutions, you may find useful during your Windows setup.
- On the Ansible controller instance, you will want to install the Python library for Windows Remote Management (WinRM).
- sudo pip install pywinrm
- Configure Ansible to work with Windows hosts. Follow the links below for configuring Ansible to work with your Windows host.
- On the Windows host, you will want to execute the bootstrap WinRM powershell script. This script will setup WinRM on the Windows host(s)
- https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
- powershell.exe -ExecutionPolicy Bypass -File “ConfigureRemotingForAnsible.ps1”
- Run from cmd windows with Admin privileges
- On your Windows host, you will want to configure a new user with Admin privileges. This username and password will be added to your windows.yml file.
- If you chose to not grant this user Admin rights, then see the following ULR for details on granting users access to Win RM
- https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx
- If you encounter the following error, you will want to set “ansible_winrm_server_cert_validation: ignore” in the windows.yml file.
- msg”: “ssl: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)”
- Finish your testing with a quick win ping test.
- ansible windows -i hosts -m win_ping
- If you encounter issues pinging your Windows host, you can manually try to access the Windows host WinRM endpoint with curl.
- curl -vk -d “” -u ‘<username>:<password>’ https://host:5986/wsman
- “…the default ports used for WS-Management and PowerShell remoting have been changed to 5985 an 5986 for connections over HTTP and HTTPS, respectively.” Source
- You can also verify your WinRM configuration on the host as needed using this command.
- winrm g winrm/config
- curl -vk -d “” -u ‘<username>:<password>’ https://host:5986/wsman
If all goes well, you should get the following output back from your ping command.
[myUser@myServer]$ ansible windows -i hosts -m win_ping
1.1.1.1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}