Ansible 管理Windows Server遇到的问题
在PowerShell中依此执行以下命令,即可使用ansible管理Windows Server:
Set-ExecutionPolicy RemoteSigned -Force;
winrm quickconfig -q -force;
winrm set winrm/config/service/auth '@{Basic="true"}';
winrm set winrm/config/service '@{AllowUnencrypted="true"}';
New-NetFirewallRule -Name Ansible -DisplayName Ansible -Enabled True -Action Allow -Protocol TCP -LocalPort 5985 -Direction InBound
Inventory文件
[windows] 192.168.1.11 [windows:vars] ansible_user="administrator" ansible_password="password" ansible_port=5985 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_winrm_server_cert_validation=ignore
yaml文件
---
- name: User Mgmt hosts: windows gather_facts: false tasks: - name: create user win_user: name: opsadmin password: "password" update_password: always state: present groups: Administrators groups_action: add password_never_expires: true
---
- name: User Mgmt
hosts: windows
tasks:
- name: update password
win_user:
name: opsadmin
password: "password"
update_password: always
state: present
---
- name: ping test
hosts: windows
gather_facts: false
tasks:
- name: ping
win_ping:
加域Windows Server在Ansible中使用本地账号注意:
报错提示: UNREACHABLE! => {"changed": false, "msg": "ntlm: the specified credentials were rejected by the server", "unreachable": true}
解决办法:
在powershell中执行命令: winrm configSDDL default
将本地账号添加进来,然后给予Full Control权限