1. 在windows开启winrm
winrm service 默认都是未启用的状态,先查看状态;如无返回信息,则是没有启动;
winrm enumerate winrm/config/listener
针对winrm service 进行基础配置:
winrm quickconfig
查看winrm service listener:
winrm e winrm/config/listener
为winrm service 配置auth:
winrm set winrm/config/service/auth @{Basic="true"}
为winrm service 配置加密方式为允许非加密:
winrm set winrm/config/service @{AllowUnencrypted="true"}
2. Ansible 官方提供初始化脚本
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
安装winrm(ansible主机)
pip install "pywinrm>=0.1.1"
编译安装方式:https://pypi.org/project/pywinrm/#files
在windows主机powershell执行:.DesktopConfigureRemotingForAnsible.ps1(上图)
3. 将windows信息写入变量文件
cat group_vars/windows.yml
ansible_user: Administrator
ansible_ssh_pass: Mlxg2234
ansible_ssh_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
加密文件:ansible-vault encrypt group_vars/windows.yml
解密文件:ansible-vault decrypt group_vars/windows.yml
关闭windows server防火墙或者开放5986端口
4. 将windows主机写入hosts文件
[windows]
192.168.20.35 #ansible_ssh_user="Administrator" ---不写变量写入host也行
ansible_ssh_pass="Mlxg2234" ansible_ssh_port=5986
ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
5. 执行命令测试
ansible -i hosts windows -m win_ping --ask-vault-pass(输入windows文件密码)
6. 测试文件
ansible -i hosts windows -m win_file -a 'dest=c:ConfigureRemotingForAnsible.ps1 state=directory' --ask-vault-pass
ansible -i hosts windows -m win_copy -a 'src=/etc/hosts dest=c:config_dirhosts.txt' --ask-vault-pass
7. 删除文件/目录
ansible -i hosts windows -m win_file -a 'dest=c:config_dirhosts.txt state=absent' --ask-vault-pass
ansible -i hosts windows -m win_file -a 'dest=c:config state=absent' --ask-vault-pass
8. 测试远程执行cmd命令
ansible -i hosts windows -m win_shell -a 'ipconfig' --ask-vault-pass
9. 远程重启windows服务器
ansible -i hosts windows -m win_reboot --ask-vault-pass --ask-vault-pass
ansible -i hosts windows -m win_shell -a 'shutdown -r -t 0' --ask-vault-pass
10. 测试创建用户(远程在windows客户端上创建用户)
ansible -i hosts windows -m win_user -a "name=test1 passwd=Mlxg2234" --ask-vault-pass
11. 安装iis服务
ansible -i hosts windows -m win_feature -a "name=Web-Server" --ask-vault-pass
ansible -i hosts windows -m win_feature -a "name=Web-Server,Web-Common-Http" --ask-vault-pass
12. 获取iis站点信息
ansible -i hosts -m win_iis_website -a "name='Default Web Site'" windows --ask-vault-pass
13. 停止启动IIS站点(started', 'restarted', 'stopped' or 'absent)
ansible -i hosts windows -m win_iis_website -a "name='Default Web Site' state=stopped" --ask-vault-pass
ansible -i hosts windows -m win_iis_website -a "name='Default Web Site' state=started" --ask-vault-pass
14. 添加站点
ansible -i hosts windows -m win_iis_website -a "name=acme physical_path=c:site_test" --ask-vault-pass
15. 从网站下下载文件
ansible -i hosts -c winrm -m win_get_url -a "url=文件url dest='C:site_test'" windows --ask-vault-pass
playbook下载
- hosts: windows
gather_facts: false
tasks:
- name: Download png
win_get_url:
url: 'url下载链接'
dest: 'C:site_test'
force: no ---playbook方式发生变化时才下载
16. 管理Windows服务
- hosts: windows
gather_facts: false
tasks:
- name: DNS Client(Dnscache)
win_service:
name: Dnscache
start_mode: auto ----开机自启动
state: started
