Ansible: Configuring Windows To Be Managed By Ansible
Spencer Heywood edited this page Jun 17, 2019
·
1 revision
Run the following command on the Windows host in an Admin Powershell session:
Powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"
This command will configure WinRM to run on the Windows host on port 5986.
The following Powershell commands will create an Ansible user for you, for Ansible to use.
$username="ansible"
$password="myawesomepassword"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$op = Get-LocalUser | Where-Object {$_.Name -eq $username}
if ( -not $op)
{
New-LocalUser $username -Password $securePassword -FullName "Ansible Service Account" -Description "Account used by ansible." -UserMayNotChangePassword -PasswordNeverExpires
Add-LocalGroupMember -Group "Administrators" -Member $username
Remove-Variable username
Remove-Variable password
Remove-Variable securePassword
}
else
{
echo "User $username already exists"
Remove-Variable username
Remove-Variable password
Remove-Variable securePassword
exit 0
}
sudo pip install pywinrm
If using Python3 on the Ansible controller:
sudo pip3 install pywinrm
Use the following variables in inventory files to connect to the Windows hosts:
ansible_user: ansible
ansible_password: mypassword
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore
# If using 'become' to elevate privileges
become_method: runas
become_user: ansible
The following error occurs on MacOS and is a bug specific to the Python module pywinrm
:
TASK [Gathering Facts] *********************************************************************************************************************************************************************
objc[27587]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[27587]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.
The fix is to run the following command (for persistence place the command in your .bashrc
file or in your shell's config file):
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
https://medium.com/the-sysadmin/managing-windows-machines-with-ansible-60395445069f