目录
check powershell and .net version
check powershell executionpolicy
ansible test connect to windows
refrence
ansible server
- yum install ansible -y
- pip install pywinrm
- set configure
vi /etc/ansible/hosts
# configure in ansible server
[winhost]
192.168.56.1
[winhost:vars]
ansible_user=domain\usename
ansible_password=xxx
#ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
#ansible_winrm_scheme=http
ansible_winrm_scheme=https
windows
- run powershell as admin
- check powershell and .net version
- check network configure
- setup winrm
- winrm set
- enable port: 5985 or 5986
check powershell and .net version
powershell upgrade
# if cannot run follows code
# then copy https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 as local file: ConfigureRemotingForAnsible.ps1
# run powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
check powershell executionpolicy
get-executionpolicy
# if not remotesigned, then set it use follows code
set-executionpolicy remotesigned
check network
# if NetworkCategory=public, then winrm cannot set winrm/config/service '@{AllowUnencrypted="true"}'
Get-NetConnectionProfile
# NetworkCategory : Private
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
setup winrm
- admin run powershell
- copy code to install winrm
# not secure
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
enable port
- admin run powershell
- copy code to enable ports: 5985 and 5986
netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5985 protocol=TCP action=allow
netsh advfirewall firewall add rule name="Win-RM-HTTP" dir=in localport=5986 protocol=TCP action=allow
enable winrm listener
winrm enumerate winrm/config/listener
set winrm
- set auth
- set AllowUnencrypted
- set TrustedHosts(Option)
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
# allow remote ip to connect
winrm s winrm/config/Client @{TrustedHosts="192.168.1.*"}
use python to test winrm
# python test winrm
from winrm.protocol import Protocol
p = Protocol(
endpoint='https://192.168.1.1:5986/wsman',
transport='ntlm',
username=r'domain\username',
password='xxxxx',
server_cert_validation='ignore')
shell_id = p.open_shell()
command_id = p.run_command(shell_id, 'ipconfig', ['/all'])
std_out, std_err, status_code = p.get_command_output(shell_id, command_id)
p.cleanup_command(shell_id, command_id)
p.close_shell(shell_id)
print(std_out)
ansible test connect to windows
ansible winhost -m win_ping -vvv
ansible winhost -m win_shell -a "ipconfig"