Ansible配置管理Windows主机
在配置windows主机的网上查了很多的博客发现都不对,好多地方写的不清不楚的,估计都是复制粘贴的吧。所以自己写一篇比较详细的操作步骤
[任务]
①.在ansible的Linux主控机上安装控制Windows的组件:pywinrm 、kerbers。
②.配置windows主机:安装Framework 4.5(最低3.0),修改注册表,设置powershell本地运行权限为remotesigned,powershell升级到3.0,配置winrm
③.测试配置是否成功
1.用python的pip安装pywinrm、kerberos(我这里是没有装这个,但测试也能通过,可能后续其他操作会用到,自己掂量)
root@newings:~# pip install pywinrm Collecting pywinrm Downloading https://files.pythonhosted.org/packages/0d/12/13a3117bbd2230043aa32dcfa2198c33269665eaa1a8fa26174ce49b338f/pywinrm-0.3.0-py2.py3-none-any.whl Collecting xmltodict (from pywinrm) Downloading https://files.pythonhosted.org/packages/42/a9/7e99652c6bc619d19d58cdd8c47560730eb5825d43a7e25db2e1d776ceb7/xmltodict-0.11.0-py2.py3-none-any.whl Collecting requests-ntlm>=0.3.0 (from pywinrm) Downloading https://files.pythonhosted.org/packages/03/4b/8b9a1afde8072c4d5710d9fa91433d504325821b038e00237dc8d6d833dc/requests_ntlm-1.1.0-py2.py3-none-any.whl Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from pywinrm) (1.10.0) Collecting requests>=2.9.1 (from pywinrm) Downloading https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl (91kB) 100% |████████████████████████████████| 92kB 1.1MB/s Collecting ntlm-auth>=1.0.2 (from requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/8e/5b/4047779fb456b0de503c4acb7b166becf2567efb772abb53998440791d3c/ntlm_auth-1.2.0-py2.py3-none-any.whl Collecting cryptography>=1.3 (from requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/87/e6/915a482dbfef98bbdce6be1e31825f591fc67038d4ee09864c1d2c3db371/cryptography-2.3.1-cp27-cp27mu-manylinux1_x86_64.whl (2.1MB) 100% |████████████████████████████████| 2.1MB 1.5MB/s Collecting idna<2.8,>=2.5 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl (58kB) 100% |████████████████████████████████| 61kB 22.3MB/s Collecting urllib3<1.24,>=1.21.1 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl (133kB) 100% |████████████████████████████████| 143kB 16.0MB/s Collecting chardet<3.1.0,>=3.0.2 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB) 100% |████████████████████████████████| 143kB 11.2MB/s Collecting certifi>=2017.4.17 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/df/f7/04fee6ac349e915b82171f8e23cee63644d83663b34c539f7a09aed18f9e/certifi-2018.8.24-py2.py3-none-any.whl (147kB) 100% |████████████████████████████████| 153kB 12.1MB/s Requirement already satisfied: enum34; python_version < "3" in /usr/lib/python2.7/dist-packages (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) (1.1.2) Collecting cffi!=1.11.3,>=1.7 (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/14/dd/3e7a1e1280e7d767bd3fa15791759c91ec19058ebe31217fe66f3e9a8c49/cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB) 100% |████████████████████████████████| 409kB 7.0MB/s Collecting asn1crypto>=0.21.0 (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB) 100% |████████████████████████████████| 102kB 11.9MB/s Requirement already satisfied: ipaddress; python_version < "3" in /usr/lib/python2.7/dist-packages (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) (1.0.16) Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB) 100% |████████████████████████████████| 163kB 12.3MB/s Installing collected packages: xmltodict, ntlm-auth, idna, urllib3, chardet, certifi, requests, pycparser, cffi, asn1crypto, cryptography, requests-ntlm, pywinrm Found existing installation: idna 2.0 Uninstalling idna-2.0: Successfully uninstalled idna-2.0 Running setup.py install for pycparser ... done Found existing installation: cryptography 1.2.3 Uninstalling cryptography-1.2.3: Successfully uninstalled cryptography-1.2.3 Successfully installed asn1crypto-0.24.0 certifi-2018.8.24 cffi-1.11.5 chardet-3.0.4 cryptography-2.3.1 idna-2.7 ntlm-auth-1.2.0 pycparser-2.19 pywinrm-0.3.0 requests-2.19.1 requests-ntlm-1.1.0 urllib3-1.23 xmltodict-0.11.0
2.这个装完之后就可以放下主控机这边的工作,转移到windows那边去,先检查windows电脑是否有安装Framework组件,如没有需要下载安装,版本最低为3.0
Framework 4.5地址
3.修改注册表,将powershell脚本本地运行权限设置为remotesigned,路径如下
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics
如下所示
3.升级powershell到3.0版本,win7的系统需要先打补丁,不然脚本无法执行成功,脚本放文本里面修改为.ps1即可
补丁地址:
脚本地址:
做完以上操作,需要重启电脑,然后执行自动配置脚本,我执行了好像并什么用
自动配置脚本:
4.运行winrm服务,打开cmd命令输入
winrm qc
如有一下错误提示,请将网络设置为家庭网络,并关掉所有虚拟网络(VMware work/server)
网络没问题,执行winrm qc如下图所示
开启winrm服务后,检查winrm配置是否正确
winrm get winrm/config
配置文件信息如下图所示
将Auth中Basic设置为true,service中AllowUnencrypted设置为true,命令都在CMD窗口中执行
winrm set winrm/config/service @{AllowUnencrypted="true"} winrm set winrm/config/service/auth @{Basic="true"}
剩下的就是配置ansible的Inventory文件,测试主控机和被控制主机通信是否正常,这些东西网上基本都有。
windows主机测试命令
ansible windows -m win_ping
其中windows为主机所在组名称
注:windows主机端口分两种:http=8985,https=8986