Use Ansible to Manage Windows Servers - Step by Step Guide



This is a real-time demo of how to set up your windows servers so they can be managed by ansible.
—–
GIST Document (cut&paste1):
https://gist.github.com/dmccuk/c39f560feec55fdbbaf5a17c3c52a431#file-ansible_manage_windows_servers_using_winrm-md
——
Please Subscribe to me: https://bit.ly/lon_sub
——

The following is covered by this demo:

• Setup a windows 2016 server so ansible can manage it (over HTTPS)
• Setup my Centos 8 server so it can manage windows servers using winrm
• Create an inventory file to hold the windows connection variables
• Prove the connection with win_ping
• Create a basic ansible playbook to manage directory’s, files (templates), md5checksum & updates.
• Use ansible-vault to hide the password from the inventory file

AnsibleDocs:
Setup Windows:
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
For Windows 2016, change the default powershell TLS version to TLS v1.2 with this powershell command:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Linux WinRM setup:
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html

Windows module links:
https://docs.ansible.com/ansible/2.4/win_file_module.html
https://docs.ansible.com/ansible/2.5/modules/win_template_module.html
https://docs.ansible.com/ansible/2.4/win_stat_module.html
https://docs.ansible.com/ansible/2.5/modules/win_updates_module.html

Protect sensitive variables:
https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html#protecting-sensitive-variables-with-ansible-vault

#Windows #Ansible #automation

source

7 thoughts on “Use Ansible to Manage Windows Servers – Step by Step Guide”
  1. Hi Dennis,

    I’m getting this error {“msg”:”winrm or requests is not installed: cannot import name certs”} can you please tell me what should I do to fix this!!

  2. have you written any windows server hardening playbooks? updating TLS 1.1 to 1.2 and Updating latest SSL…etc?

  3. Thanks. it was very helpful. I have setup the Ansible according to your video and there is no issue, but with Ansible tower, I am not getting it through, I don't know, how to link the host and ansible.cfg with Ansible Tower. When I run the template, I get an error that the host can not be reached. Any advice?

  4. The problem is, we would not want to RDP to the machine and make those changes and be able to just spin up 100s and 1000s of VMs and just run ansible to configure them. If these cannot be eliminated, then probably we would have to make these changes during packer phase to have an image with these settings you made in powershell already in place, and then build all the machine based off of that image.

  5. Probably a next video on Chocolatey for managing software as well over Windows servers would be perfect!

Leave a Reply

Your email address will not be published.

Captcha loading...