Skip to content

Ansible: Configuring Windows To Be Managed By Ansible

Jump to bottom
Spencer Heywood edited this page Jun 17, 2019 · 1 revision

Download and run the Powershell Remote Configuration Script:

Run the following command on the Windows host in an Admin Powershell session:

Powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"

This command will configure WinRM to run on the Windows host on port 5986.

Create a Dedicate User for Ansible:

The following Powershell commands will create an Ansible user for you, for Ansible to use.

$username="ansible"
$password="myawesomepassword"


$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$op = Get-LocalUser | Where-Object {$_.Name -eq $username}

if ( -not $op)
{
  New-LocalUser $username -Password $securePassword -FullName "Ansible Service Account" -Description "Account used by ansible." -UserMayNotChangePassword -PasswordNeverExpires
  Add-LocalGroupMember -Group "Administrators" -Member $username
  Remove-Variable username
  Remove-Variable password
  Remove-Variable securePassword
}
else
{
  echo "User $username already exists"
  Remove-Variable username
  Remove-Variable password
  Remove-Variable securePassword
  exit 0
}

Install the pywinrm Python module on the Ansible controller:

sudo pip install pywinrm

If using Python3 on the Ansible controller:

sudo pip3 install pywinrm

Configuring Ansible Inventory:

Use the following variables in inventory files to connect to the Windows hosts:

ansible_user: ansible
ansible_password: mypassword
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore

# If using 'become' to elevate privileges
become_method: runas
become_user: ansible

Mac Errors when Connecting to Windows:

The following error occurs on MacOS and is a bug specific to the Python module pywinrm:

TASK [Gathering Facts] *********************************************************************************************************************************************************************
objc[27587]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[27587]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.

The fix is to run the following command (for persistence place the command in your .bashrc file or in your shell's config file):

export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES

Additional Information:

https://medium.com/the-sysadmin/managing-windows-machines-with-ansible-60395445069f

Clone this wiki locally