Use Ansible to automate Windows Server 2019 and Windows 10 management

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

Ansible is a simple and powerful IT automation engine that thousands of companies are using to reduce the complexity of the environment and accelerate DevOps plans.

Whether it’s application deployment, daily server maintenance, configuration management, continuous delivery, orchestration or any repetitive work you can describe, Ansible can handle it for you.

In order to witness its top-level features, we will use it to automate Windows server management. This will be an adventure, so please fasten your seat belt when you start sailing.

“Don’t wait. Time will never be just right.” –Napoleon Hill

prerequisites

Before delving into the forest, Windows hosts need a few things to “agree” to be managed by Ansible. The following list is sufficient:

  • Powershell 3.0 or higher
  • .NET Framework 4.0 or higher
  • Windows remote management listener or SSH (cygwin)
  • Windows 7+ and server operating systems, including Windows Server 2008+
  • chocolate flavor
  • WSUS is used to update OS packages and patches
  • Ansible or AWX

Step 1: Install Chocalatey and WSUS

As the most widely used operating system in personal computers, Windows users can benefit greatly from tools like Chocolatey to install and manage their software in general. Installing the application via the command line or PowerShell is very easy. On the other hand, WSUS makes it easy for users to deliver operating system updates/patches.

To install Chocolatey, follow the command prompt with Chocolatey to install and manage Windows applications. After completion, you can continue to install WSUS using the Windows Service Update Services installation method in the Windows Server 2019 guide.

Step 2: Install Ansible AWX

Due to the ease of use of this guide and the friendly network management space that most people will like, we will use Ansible AWX to manage Windows hosts in this guide. You can install Ansible AWX using the “Install and Configure Ansible AWX” guide on CentOS 8.

The content added in your AWX server is pywinrm. Ansible uses the pywinrm software package to communicate with the Windows server through WinRM. By default, it is not installed with the Ansible package, but it can be installed by running the following command:

sudo pip3 install "pywinrm>=0.2.2"

After completing the installation and installing pywinrm, follow the instructions in the guide to make the following settings in AWX:

  • Users with required permissions and optional teams
  • An organization, or you can use the default organization
  • Credentials to connect to the Windows host
  • List containing a list of hosts (add the following shared variables)
  • Set up the project – you can use the GitHub repository containing the playbook
  • Set up a template that can start everything

You will add some changes to the list to include special variables that match the features of WinRM. Here is what you shouldstock“And the same screenshot.

ansible_connection: winrm
ansible_winrm_transport: basic
ansible_winrm_server_cert_validation: ignore

Step 3: Configure Windows remote management for Ansible

Since Ansible does not use the agent installed on the managed server, it can utilize the communication functions provided by the operating system. In Windows 2019, Secure Shell (ssh) was introduced, but if you have other server versions below 2019, you will have to use Windows Remote Management (WinRM) because it is also available in other versions.

The two main components of the WinRM service control the way Ansible interfaces with the Windows host: listeners and service configuration settings. The WinRM service listens for requests on one or more ports. A listener must be created and configured for each of these ports.

We will use this script ConfigureRemotingForAnsible.ps1, which can be used to set the basics. The script uses a self-signed certificate to set up HTTP and HTTPS listeners and enables basic authentication options on the service.For more information, see Ansible Docs

To use this script, run the following command in PowerShell (as an administrator):

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:tempConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file

The screenshot is shared below for the same operation.

Use Ansible to automate Windows Server 2019 and Windows 10 management

WinRM listener

The WinRM service listens for requests on one or more ports. For each of these ports, a listener must be created and configured. To view the current listener running on the WinRM service, run the following command:

winrm enumerate winrm/config/Listener

Another screenshot of the same is shared below.

Use Ansible to automate Windows Server 2019 and Windows 10 management

Step 4: Execute Ansible Playbook in Windows

Once WinRM is set up, it can now be managed using Ansible installed on the selected Linux server. If you prefer to use the terminal, you can add a host named windows in the “/etc/ansible/hosts” file, and then execute the following command to test whether everything is normal.

ansible -i windows -m win_ping -e ansible_connection=winrm 
-e ansible_user=<Your-Windows-User> -e ansible_password=<Your-Windows-Password> 
-e ansible_winrm_transport=basic 
-e ansible_winrm_server_cert_validation=ignore

If everything is normal, you should see a message similar to the following

172.19.253.55 | SUCCESS => {
    "changed": false,       
    "ping": "pong"
}

After the test is completed and successfully completed, we can return to the AWX web interface and execute the script. Depending on where you decide to place the Playbook (Git or server), it’s time to create a template and start it. We assume that you have created credentials, users, organizations, projects, inventory, and now have created templates.

I used the project with the script in the server (manual SCM) as shown in the screenshot below.

Use Ansible to automate Windows Server 2019 and Windows 10 management

I created a directory named “test” in “/var/lib/awx/projects” and then created a sample script named “main.yaml” with the following content:

- hosts: all
  gather_facts: true
  tasks:
    - name: Install Git
      win_chocolatey:
        name: git
        state: present

Installing “Git” in the Windows Server 2019 we prepared above is a simple task.

After finishing, we can continue to create a “template”, glue everything together and execute the script. The screenshot is shared below and contains the settings.

Use Ansible to automate Windows Server 2019 and Windows 10 management

Save and start.

Use Ansible to automate Windows Server 2019 and Windows 10 management

If everything goes well, the script will start running and display a success message.The icon is as follows

Use Ansible to automate Windows Server 2019 and Windows 10 management

Step 5: Confirm that Git is installed

After the playback is complete, we can log in to the Windows server to confirm that Ansible has indeed installed Git using Chocolatey. Click the “Start” icon or you will see “Git” as a new application as shown below.

Use Ansible to automate Windows Server 2019 and Windows 10 management

And we are easy to go! !

Final thoughts

Generally, AWX and Ansible are the best choices, especially when you want to manage a large number of servers. Set up everything once, then relax while adding a Playbook to configure the infrastructure. If you have not yet ventured into the colorful world of Ansible and automation, then take the next spaceship to that magical land. Finally, we continue to thank you for your great support and hope this guide will be helpful to you and continue to stay safe. Other guidelines that may catch your attention include the following.

Use Ansible to generate an OpenSSL self-signed certificate

Use Ansible to manage users and groups on Linux

How to generate Linux user encrypted password for Ansible

Setting up an Elasticsearch cluster on CentOS | Ubuntu and Ansible

Install Apache Tomcat on Debian 10 using Ansible

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

Sidebar