Shulou(Shulou.com)06/02 Report--

Catalogue

First, the components that control Windows must be installed on the Linux control host of ansible. Install pywinrm,kerberos II and configure Windows host 1. Install Framework 4.5 (minimum 3.0) 2. Modify the registration list: set the permission to run powershell local scripts to remotesigned 2. Upgrade to powershell-3.0 3. Configure winrm III. Functional testing

Let's start.

1. Configure the ansible control machine

Install pywinrm and kerberos using Python's pip

$sudo pip install http://github.com/diyan/pywinrm/archive/master.zip#egg=pywinrm$ sudo pip install kerberos

You need to install kerberos before you install it

$sudo apt-get install libkrb5-dev

Otherwise, report the error as

$sudo pip install kerberosrunning build_extbuilding 'kerberos' extensioncreating buildcreating build/temp.linux-x86_64-2.7creating build/temp.linux-x86_64-2.7/srcgcc-pthread-fno-strict-aliasing-DNDEBUG-g-fwrapv-O2-Wall-Wstrict-prototypes-fPIC-I/usr/include/python2.7-c src/base64.c-o build/temp.linux-x86_64-2.7/src/base64.o sh: 1: krb5-config: not foundgcc: error: sh:: No Such file or directorygcc: error: 1No such file or directorygcc: error: krb5-config:: No such file or directorygcc: error: not: No such file or directorygcc: error: found: No such file or directoryerror: command 'gcc' failed with exit status 1--Command / usr/bin/python-c "import setuptools _ _ file__='/etc/ansible/scripts/build/kerberos/setup.py';exec (compile (open (_ _ file__). Read (). Replace ('\ r\ n','\ n'), _ _ file__, 'exec')) "install--single-version-externally-managed-- record/ tmp/pip-Q3eBF1-record/install-record.txt failed with error code 1Storing complete log in / home/ansible/.pip/pip.log

2. Configure windows hosts

View the .net version and the powershell version in the system

.net version uses Version in $host for CLRVersion;powershell

PSC:\ Users\ ABC > $psversiontableName Value-----CLRVersion 2.0.50727.5485BuildVersion 6.1.7601.17514PSVersion 2.0WSManStackVersion 2.0PSCompatibleVersions 1.0 2} SerializationVersion 1.1.0.1PSRemotingProtocolVersion 2.1PS C:\ Users\ ABC > $hostName: ConsoleHostVersion: 2.0InstanceId: 586e26ae-8630-4add-aa4c-d864726f5384UI: System.Management.Automation.Internal.Host.InternalHostUserInterfaceCurrentCulture: zh-CNCurrentUICulture: zh-CNPrivateData: Microsoft.PowerShell .ConsoleHost + ConsoleColorProxyIsRunspacePushed: FalseRunspace: System.Management.Automation.Runspaces.LocalRunspace

1. Install Framework 4.5 (minimum 3.0)

Http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe

two。 Modify the registration list: set the powershell local script run permission to remotesigned

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ PowerShell\ 1\ ShellIds\ Microsoft\ PowerShell

two。 Upgrade to powershell-3.0 and winrm

It is said on the official website to download and execute the following script, but it has not been successful because the installation package has not been downloaded (it is possible that the network is unreachable, you know)

Https://github.com/cchurch/ansible/blob/devel/examples/scripts/upgrade_to_ps3.ps1

So manually find the download address through Microsoft's official website, the win7_x64 upgrade package is as follows

Https://www.microsoft.com/en-us/download/confirmation.aspx?id=34595

Download the update patch for powershell-3.0, which also integrates WMF3.0,winrm, etc.

Address:

Https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.1-KB2506143-x64.msu

(note: this update package depends on version .net3.0 or later. If .net is not installed, there will be a prompt that "this update is not suitable for your computer")

Restart is required after installation. Verify the powershell version after reboot.

> get-host

3. Configure winrm

Download the following script, run it using powershell, and automatically configure winrm

Https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

(note: the official website tutorial is completed until the end of the above, but generally check whether winrm is running after execution, because the ansible controller needs to access winrm through the port.)

3.2Runing the winrm service on your computer

Execute in powershell 3.0

> winrm qc

This tip, please change the network settings to the work network to the home network, special circumstances may need to restart

After configuring the network type restart service, the results are as follows:

After enabling it, you need to check whether the configuration is enabled.

3.3.The main reason is that Basic in Auth is set to AllowUnencrypted in true,service and true.

> winrm set winrm/config/service'@ {AllowUnencrypted= "true"}'> winrm set winrm/config/service/auth'@ {Basic= "true"}'

III. Functional testing

Configure the ansible controller

There are two ways to configure:

The first kind:

In / etc/ansible/hosts

[windows] 192.168.1.11 [windows: vars] ansible_ssh_user= "Administrator" ansible_ssh_pass= "123456" ansible_ssh_port=5986ansible_connection= "winrm" $ansible windows-m win_ping192.168.1.11 | SUCCESS = > {"changed": false, "ping": "pong"}

The second kind

In / etc/ansible/hosts

[windows] 192.168.1.11 ansible_ssh_user= "Administrator" ansible_ssh_pass= "123456" ansible_ssh_port=5986 ansible_connection= "winrm"

It should be noted that the port aspect of the use of ssl that is https mode 5986 http uses 5985.

Different from the command of controlling Linux host and win host, you need to add win_, for specific support. Please see the official website.

Http://docs.ansible.com/ansible/list_of_windows_modules.html

I do some common tests here.

Transfer documents

Delete a file

Create users (create users, change passwords, create users who can log in to remote desktops)

Execute the cmd command (restart the computer)

1. Transfer files to windows system

$ansible windows-m win_copy-a "src=/etc/passwd dest=e:\ share" 192.168.1.11 | SUCCESS = > {"changed": true, "checksum": "a82c2bd7de3d9a5c5adddd5e4fc7cbf1703720b7", "operation": "file_copy", "original_basename": "passwd", "size": 1755}

two。 Delete a file

$ansible windows-m win_file-a "dest=e:\ share\ passwd state=absent" 192.168.1.11 | SUCCESS = > {"changed": true}

3. Create a user

$ansible windows-m win_user-a "name=aa passwd=123456" 192.168.1.11 | SUCCESS = > {"account_disabled": false, "account_locked": false, "changed": true, "description": "", "fullname": "aa", "groups": [], "name": "aa", "password_expired": true, "password_never_expires": false "path": "WinNT://WORKGROUP/ABC-PC/aa", "sid": "Smur1-5-21-37586581-19248684-93829760-1006", "state": "present", "user_cannot_change_password": false}

Scenario requirements:

Create an administrator user named user1, which requires remote access

$ansible windows-m win_user-a "name=user1 password=123 groups='Administrators,Remote Desktop Users'" 192.168.1.11 | SUCCESS = > {"account_disabled": false, "account_locked": false, "changed": true, "description": "", "fullname": "user1", "groups": [{"name": "Administrators" "path": "WinNT://WORKGROUP/ABC-PC/Administrators"}, {"name": "Remote Desktop Users", "path": "WinNT://WORKGROUP/ABC-PC/Remote Desktop Users"}], "name": "user1", "password_expired": false, "password_never_expires": false "path": "WinNT://WORKGROUP/ABC-PC/user1", "sid": "Smur1-5-21-375864581-19248684-93852960-1009", "state": "present", "user_cannot_change_password": false}

4. Execute the cmd command

The first way to restart

$ansible windows-m win_shell-a "shutdown-r-t 1"

The second way, no parameters is equivalent to the first way.

$ansible windows-m win_reboot

Unfinished to be continued, constantly updated.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.