Ansible 管理Windows Server遇到的问题

在PowerShell中依此执行以下命令,即可使用ansible管理Windows Server:

  Set-ExecutionPolicy RemoteSigned -Force;

  winrm quickconfig -q -force;

  winrm set winrm/config/service/auth '@{Basic="true"}';

  winrm set winrm/config/service '@{AllowUnencrypted="true"}';

  New-NetFirewallRule -Name Ansible -DisplayName Ansible -Enabled True -Action Allow -Protocol TCP -LocalPort 5985 -Direction InBound

 

Inventory文件

[windows]
192.168.1.11

[windows:vars]
ansible_user="administrator"
ansible_password="password"
ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore

 

yaml文件

---
- name: User Mgmt hosts: windows gather_facts: false tasks: - name: create user win_user: name: opsadmin password: "password" update_password: always state: present groups: Administrators groups_action: add password_never_expires: true

---
- name: User Mgmt
  hosts: windows
  tasks:
    - name: update password
      win_user:
        name: opsadmin
        password: "password"
        update_password: always
        state: present

---
- name: ping test
  hosts: windows
  gather_facts: false
  tasks:
    - name: ping
      win_ping:

 

加域Windows Server在Ansible中使用本地账号注意:

报错提示:  UNREACHABLE! => {"changed": false, "msg": "ntlm: the specified credentials were rejected by the server", "unreachable": true}

解决办法:

在powershell中执行命令: winrm configSDDL default

将本地账号添加进来,然后给予Full Control权限

 

posted @ 2020-06-24 16:30  Vincen_shen  阅读(4463)  评论(0编辑  收藏  举报