Ansible 管理Windows Server遇到的问题

在PowerShell中依此执行以下命令，即可使用ansible管理Windows Server:

　　Set-ExecutionPolicy RemoteSigned -Force;

　　winrm quickconfig -q -force;

　　winrm set winrm/config/service/auth '@{Basic="true"}';

　　winrm set winrm/config/service '@{AllowUnencrypted="true"}';

　　New-NetFirewallRule -Name Ansible -DisplayName Ansible -Enabled True -Action Allow -Protocol TCP -LocalPort 5985 -Direction InBound

 

Inventory文件

[windows]
192.168.1.11

[windows:vars]
ansible_user="administrator"
ansible_password="password"
ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore

 

yaml文件

---
- name: User Mgmt
  hosts: windows
  gather_facts: false
  tasks:
    - name: create user
      win_user:
        name: opsadmin
        password: "password"
        update_password: always
        state: present
        groups: Administrators
        groups_action: add
        password_never_expires: true

---
- name: User Mgmt
  hosts: windows
  tasks:
    - name: update password
      win_user:
        name: opsadmin
        password: "password"
        update_password: always
        state: present

---
- name: ping test
  hosts: windows
  gather_facts: false
  tasks:
    - name: ping
      win_ping:

 

加域Windows Server在Ansible中使用本地账号注意：

报错提示：  UNREACHABLE! => {"changed": false, "msg": "ntlm: the specified credentials were rejected by the server", "unreachable": true}

解决办法：

在powershell中执行命令: winrm configSDDL default

将本地账号添加进来，然后给予Full Control权限