I know I am late to the party; however, I came across Ansible a few days/weeks back and found it a good addition to my toolchain. I haven’t thought about what all I can do with it, but the capabilities seem endless. So setting up Ansible for a Linux machine is no rocket science. The target machine should have SSH and Python, and we are good to go. However, there need to be a few settings done on the target machine and the command machine for windows. So in this post, we’ll look at those specific changes and set things up.
I’ll be using an RHEL 8 machine as my command machine for Ansible. If you wonder where you will get an RHEL machine for free to work on, don’t worry; Red Hat got your back. They offer a developer license, which lets you attach/subscribe to 16 RHEL licenses to RHEL machines for free. There are other tools in that developer license; however, I found the RHEL one to be a perfect one.
Install Ansible on RHEL machine. Things can not get any simpler than this.
Code language: Bash (bash)$ sudo yum install ansible
Now you can start using Ansible for Linux machines without any problems. However, for Windows machines, there needs to be some configuration done.
On the target, Windows VM run the following in an elevated PowerShell to enable WinRM and set up other configurations [Official Link]
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
Code language: PowerShell (powershell)
Once the setup is complete, run the following command on the target machine
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
Code language: DOS .bat (dos)
This will let the target machine know that it is allowed to accept plain credentials without TLS as an authentication mechanism.
NOTE: Do not do this on public-facing machines. This is okay if your machines are in LAN, behind a VPN, or any other firewall.
On the Ansible command machine install pywinrm
package using pip
to enable the support for WinRM.
sudo pip3 install "pywinrm>=0.2.2"
Code language: Bash (bash)
Once everything is setup, we are good to go and build an inventory file for our machines. You need to take care of a few things in the inventory file for the Windows machines. Look at my inventory file, and you can build off it if you have a similar infrastructure.
all:
children:
windows:
hosts:
ipam:
ansible_host: dns.jtnydv.local
dc:
ansible_host: dc.windows.local
vars:
ansible_user: USER_NAME_GOES_HERE
ansible_password: PASSWORD_GOES_HERE
ansible_port: 5985
ansible_connection: winrm
ansible_winrm_scheme: http
linux:
hosts:
linux-machine:
ansible_host: machine.jtnydv.local
ansible_user: rhel
vars:
ansible_ssh_private_key_file: /home/rhel/id_rsa
Code language: YAML (yaml)
The lines highlighted are the critical inputs that are required to set up machines to work with. Once everything is done, we can go ahead and run commands on the Windows/Linux machines.
$ ansible -i inventory.yaml windows -m win_ping
dc | SUCCESS => {
"changed": false,
"ping": "pong"
}
ipam | SUCCESS => {
"changed": false,
"ping": "pong"
}
Code language: Bash (bash)
Now we have set up our Ansible for the machines, now we can go ahead and look into commands, modules, and other things to play around with.
If you have questions or need help setting things up, reach out to meĀ @jtnydv