Shulou(Shulou.com)06/02 Report--

Ansible is a common automatic operation and maintenance tool based on python. Ansible was chosen because it is simple and does not require a client. The most important thing is that I have not used anything else.

The management host of Ansible must be installed in the linux environment, which is an official requirement. The system is centos 7.4, not to mention python, the system is required by default. Ansible for the management of linux I will not say, a lot of articles on the Internet, let's study the management of Windows by ansible.

Environment building

Ansible installation method:

Yum install ansible

Yes, you read it right, it's that simple, of course some people like custom compilation and installation, I don't think it's necessary. After centos is upgraded to 7, a lot of things are standardized, unlike 5 or 6, the location of yum and rpm installed files is very difficult to find, after 7, it is in a fixed folder, you can search on your own.

Modify the configuration file, edit / etc/ansible/ansible.cfg, and specify the hosts location:

Vi / etc/ansible/ansible.cfg

[hosts]

Hostfile = / etc/ansible/hosts

Gather_subset = all

# remote_user = root

# remote_port = 22

Host_key_checking = false

Warn=False

Windows connection module installation:

Yum install python-winrm

This is the end of the matter, isn't it very simple?

Next we add the windows machine to the hosts file

[web]

Iistest-2..com ansible_user=@*.COM ansible_password=** ansible_port=5985 ansible_connection=winrm ansible_winrm_transport=kerberos ansible_winrm_kinit_mode=managed

Iistest-2.***.com this is the hostname. If there is no internal dns, you can enter the IP address here.

* all the machines on my side have added domains, and all of them are connected with domain accounts and passwords. Domain accounts use user@DOMAIN.COM, and the domain must be uppercase, otherwise the verification will not pass. The verification method is kerberos. You can see the official document http://docs.ansible.com/ansible/latest/userguide/windowswinrm.html?highlight=kerberos about the authentication method.

Ansiblewinrmkinitmode=managed here I choose automatic or manual manual mode, that is, every once in a while, I use the verification command to verify, kinit user@DOMAIN.COM and then enter the password, and use klist to check the expiration time.

two。 Configure windows winrm Management

Query winrm status

Winrm enumerate winrm/config/Listener

Winrm services are on by default, making it easy for powershell to manage remotely, and basically do not need to be configured like this. Sometimes the failure to connect may be due to the failure of the firewall to open the corresponding policy.

Other configuration methods can be found in the official document: http://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup

And then test the effect.

This is basically done here, the rest is to write the yml file, which is under study.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.