ansible笔记2--ansible windows基础
1 介绍
Ansible是一种IT自动化工具,它不仅可以用于控制Linux,还可以用来控制Windows。它具备了丰富的功能模块,而且可以通过playbook执行一系列的复杂任务。
笔者最近项目中需要批量控制Windows主机执行相关任务,因此选择使用ansible来实现项目的部署、更新、启动和停止等操作。此处对Windows和linux的基础配置进行详细说明,并通过相关实例加以介绍。
2 环境配置
2.1 Windows 环境配置
-
配置执行策略
查看当前执行策略 Get-ExecutionPolicy 配置允许远程执行策略 Set-ExecutionPolicy RemoteSigned winrm e winrm/config/listener 没有错误提示即为正常,没有开启则执行 winrm qc
-
配置基础认证
winrm quickconfig 查看winrm service listener winrm e winrm/config/listener 为winrm service 配置auth winrm set winrm/config/service/auth '@{Basic="true"}' 为winrm service 配置加密方式为允许非加密 winrm set winrm/config/service '@{AllowUnencrypted="true"}
-
关闭防火墙
若不关闭防火墙,则无法正常访问服务器的相关端口
Control Panel\System and Security\Windows Firewall\Customize Settings 处的私有网络和共有网络都关闭即可。
也可以通过以下命令直接关闭防火墙:关闭防火墙 NetSh Advfirewall set allprofiles state off 查看防火墙状态 Netsh Advfirewall show allprofiles
笔者测试配置是否正常和系统版本截图如下:
2.2 linux 环境配置
- 软件安装
pip install ansible pywinrm
- ansible hosts文件配置
mkdir /etc/ansible vim /etc/ansible/hosts [windows] 10.202.21.138 [windows:vars] ansible_ssh_user="user" # 登陆机器用户名称 ansible_ssh_pass="password" # 登陆密码 ansible_connection="winrm" ansible_ssh_port=5985 # 默认为5985 ansible_winrm_server_cert_validation=ignore
- 测试 ansible
测试结果:ansible 10.202.21.138 -m win_ping 此处也可以将 ip 改为上述hosts中的 windows, 若上述hosts的 windows 中包括多个ip,则会对所有的ip执行 win_ping 操作
3 常见用法
ansible 提供了很多常见的操作Windows的模块,例如 win_ping,win_command,win_copy,win_file,win_path,win_shell 等,以下对部分模块进行案例介绍,
详细模块说明参考:Ansible.Windows 常见模块
- win_ping 测试机器连通性
ansible 10.202.21.138 -m win_ping 输出: 10.202.21.138 | SUCCESS => { "changed": false, "ping": "pong" }
- 查看windows facts
ansible 10.202.21.138 -m setup 输出: 10.202.21.138 | SUCCESS => { "ansible_facts": { "ansible_architecture": "64-bit", "ansible_architecture2": "x86_64", "ansible_bios_date": "04/01/2014", "ansible_bios_version": "1.7.5-20140531_083030-gandalf", "ansible_date_time": { "date": "2021-02-09", ...... "iso8601": "2021-02-09T15:46:52Z", ...... "year": "2021" }, "ansible_distribution": "Microsoft Windows Server 2016 Standard", "ansible_distribution_major_version": "10", "ansible_distribution_version": "10.0.14393.0", "ansible_domain": "", "ansible_env": { "ALLUSERSPROFILE": "C:\\ProgramData", "APPDATA": "C:\\Users\\Administrator\\AppData\\Roaming", ...... "windir": "C:\\Windows" }, "ansible_fqdn": "WIN-91SUTJ9K7N7", "ansible_hostname": "WIN-91SUTJ9K7N7", "ansible_interfaces": [ { "connection_name": "Ethernet", "default_gateway": "10.202.21.129", "dns_domain": null, "interface_index": 8, "interface_name": "Intel(R) PRO/1000 MT Network Connection", "macaddress": "52:54:00:9E:C4:EF" } ], "ansible_ip_addresses": [ "fe80::d59:4ee4:ff5c:2af4%8", "10.202.21.138", "fe80::5efe:10.202.21.138%3", "2001:0:348b:fb58:2c20:306a:d545:8f82", "fe80::2c20:306a:d545:8f82%6" ], "ansible_kernel": "10.0.14393.0", "ansible_lastboot": "2021-02-02 18:16:59Z", ...... "ansible_powershell_version": 5, "ansible_processor": [ "0", "GenuineIntel", "Intel Core Processor (Broadwell)", "1", "GenuineIntel", "Intel Core Processor (Broadwell)", "2", "GenuineIntel", "Intel Core Processor (Broadwell)", "3", "GenuineIntel", "Intel Core Processor (Broadwell)" ], "ansible_processor_cores": 1, "ansible_processor_count": 4, ...... "ansible_windows_domain_role": "Stand-alone server", "gather_subset": [ "all" ], "module_setup": true }, "changed": false }
- 执行win_shell 命令
ansible windows -m win_shell -a 'date >> C:\xg\date.txt'
- 创建安装包目录
ansible 10.202.21.138 -m win_file -a 'path=C:\xg\package state=directory'
- 同步安装包
ansible 10.202.21.138 -m win_copy -a 'src=./package/Anaconda2-5.3.1-Windows-x86_64.exe dest=C:\xg\package\Anaconda2-5.3.1-Windows-x86_64.exe'
- 安装软件
ansible 10.202.21.138 -m win_package -a 'state=present path=C:\xg\package\Anaconda2-5.3.1-Windows-x86_64.exe arguments=/InstallationType=AllUsers /S'
- 配置环境变量:(该变量提供了基础py环境)
ansible 10.202.21.138 -m win_path -a 'state=present elements=C:\ProgramData\Anaconda2' 注意,环境变量直接单个的添加,如果 elements=aa;bb; 则每次执行后会追加环境变量。
4 注意事项
- Windows系统必须要关闭防火墙,否则无法正常访问ansible端口
- 使用环境变量最好每次单个执行,多个放在一起容易出现多次执行不幂等的情况(追加环境变量)。
- 需要确保ansible hosts中的主机用户是登录状态,若注销了该用户则会导致无法通过指定用户访问Windows的情况,从而出现执行失败的现象。
5 说明
-
参考文档
ansible/latest/user_guide/windows_dsc
Ansible控制windows端设置
Ansible.Windows 常见模块
运维派 ansible教程
运维者说 ansible笔记18篇 -
软件环境
主控机为ubuntu1804 server版本,
被控机为Windows ,
登录Windows的客户端工具:ubuntu Desktop系统直接使用内置的 Remmina 即可,mac 系统直接从应用商店下载免费的Parallels Client即可。