ansible自动化管理windows系统
一,ansible配置1、简介
Ansible 从1.7+版本开始支持Windows,但管理机必须为Linux系统,远程主机的通信方式也由Linux下的SSH变为PowerShell,管理机需要安装Python的pywinrm模块,但PowerShell需3.0+版本且Management Framework 3.0+版本,实测Windows 7 SP1和Windows Server 2008 R2及以上版本系统经简单配置可正常与Ansible通信。
2、环境准备
以下配置在CentOS7.4_x64下
安装pip及相关依赖
下载pip
#wget
#python get-pip.py
安装依赖
#pip install pywinrm paramiko PyYAML Jinja2 httplib2 six3、安装ansible
#yum -y install ansible4,配置ansible文件
#vim /etc/ansible/hosts
172.16.70.80 ansible_ssh_user="administrator" ansible_ssh_pass="root" ansible_ssh_port=5985 ansible_connection="winrm"
注意上信息在一行;以空格隔开, 是这台主机的标题;下面的是ip和连接信息等;
二、被管理端win7配置
1、环境简介
和Linux稍有区别,被管理端系统如果是Windows系列时;需预先有以下配置:
安装Framework 3.0+ (有可能需要下载)
配置powershell策略为remotesigned (需要修改)
升级PowerShell至3.0+(win7默认是2.0)
设置Windows远端管理,英文全称WS-Management(WinRM)
2、环境配置
a、升级或安装Framework 4.5
如果Framework版不满足请至微软官方下载
b、修改powershell策略为remotesigned 打开powershell终端
PS C:\Users\Administrator>set-executionpolicy remotesigned
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_11-39-36.png?version=1&modificationDate=1543203576115&api=v2
查看powershell
PS C:\Users\Administrator>get-executionpolicy
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_11-43-29.png?version=1&modificationDate=1543203809658&api=v2
设置Windows远端管理(WS-Management,WinRM)服务
winrm 服务默认都是未启用的状态;注意以下操作在cmd中执行,而非powershell中
对winrm服务进行基础配置:
C:\Users\Administrator>winrm quickconfig
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_11-50-5.png?version=1&modificationDate=1543204205620&api=v2
C:\Users\Administrator>winrm e winrm/config/listener
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_13-14-5.png?version=1&modificationDate=1543209245344&api=v2
C:\Users\Administrator>winrm set winrm/config/service/auth @{Basic="true"}
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_13-16-48.png?version=1&modificationDate=1543209408998&api=v2
C:\Users\Administrator>winrm set winrm/config/service @{AllowUnencrypted="true"}
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_13-17-35.png?version=1&modificationDate=1543209455737&api=v2
在ansible服务器上ping远程windows服务器
#ansible win7 -m win_ping
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_13-22-43.png?version=1&modificationDate=1543209763878&api=v2
可以用ansible-playbook添加用户,将用户加入到对应的组里
#vimadduser.yml
- name: Add a group and user
hosts: all
gather_facts: false
tasks:
- name: Add User
win_user:
name: ops
password: "A123456"
state: present
groups:
- "Remote Desktop Users"
- Users
执行playbook文件,登陆服务器查看用户状态
#ansible-playbook adduser.yml
http://wiki.cheyaoshicorp.com/download/attachments/49448785/image2018-11-26_13-34-52.png?version=1&modificationDate=1543210492842&api=v2
页:
[1]