Setting up Ansible in Linux for Windows machines

I know I am late to the party; however, I came across Ansible a few days/weeks back and found it a good addition to my toolchain. I haven’t thought about what all I can do with it, but the capabilities seem endless. So setting up Ansible for a Linux machine is no rocket science. The target machine should have SSH and Python, and we are good to go. However, there need to be a few settings done on the target machine and the command machine for windows. So in this post, we’ll look at those specific changes and set things up.

I’ll be using an RHEL 8 machine as my command machine for Ansible. If you wonder where you will get an RHEL machine for free to work on, don’t worry; Red Hat got your back. They offer a developer license, which lets you attach/subscribe to 16 RHEL licenses to RHEL machines for free. There are other tools in that developer license; however, I found the RHEL one to be a perfect one.

Install Ansible on RHEL machine. Things can not get any simpler than this.

$ sudo yum install ansible
Code language: Bash (bash)

Now you can start using Ansible for Linux machines without any problems. However, for Windows machines, there needs to be some configuration done.

On the target, Windows VM run the following in an elevated PowerShell to enable WinRM and set up other configurations [Official Link]

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" $file = "$env:temp\ConfigureRemotingForAnsible.ps1" (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) powershell.exe -ExecutionPolicy ByPass -File $file
Code language: PowerShell (powershell)

Once the setup is complete, run the following command on the target machine

winrm set winrm/config/service '@{AllowUnencrypted="true"}'
Code language: DOS .bat (dos)

This will let the target machine know that it is allowed to accept plain credentials without TLS as an authentication mechanism.

NOTE: Do not do this on public-facing machines. This is okay if your machines are in LAN, behind a VPN, or any other firewall.

On the Ansible command machine install pywinrm package using pip to enable the support for WinRM.

sudo pip3 install "pywinrm>=0.2.2"
Code language: Bash (bash)

Once everything is setup, we are good to go and build an inventory file for our machines. You need to take care of a few things in the inventory file for the Windows machines. Look at my inventory file, and you can build off it if you have a similar infrastructure.

all: children: windows: hosts: ipam: ansible_host: dns.jtnydv.local dc: ansible_host: dc.windows.local vars: ansible_user: USER_NAME_GOES_HERE ansible_password: PASSWORD_GOES_HERE ansible_port: 5985 ansible_connection: winrm ansible_winrm_scheme: http linux: hosts: linux-machine: ansible_host: machine.jtnydv.local ansible_user: rhel vars: ansible_ssh_private_key_file: /home/rhel/id_rsa
Code language: YAML (yaml)

The lines highlighted are the critical inputs that are required to set up machines to work with. Once everything is done, we can go ahead and run commands on the Windows/Linux machines.

$ ansible -i inventory.yaml windows -m win_ping dc | SUCCESS => { "changed": false, "ping": "pong" } ipam | SUCCESS => { "changed": false, "ping": "pong" }
Code language: Bash (bash)

Now we have set up our Ansible for the machines, now we can go ahead and look into commands, modules, and other things to play around with.

If you have questions or need help setting things up, reach out to meĀ @jtnydv