Use Ansible to Manage Windows Servers (SSH | port 22) - Step by Step Guide
ฝัง
- เผยแพร่เมื่อ 26 พ.ย. 2024
- ** To manage Windows Servers using winrm: • Learn How to Use Ansib... ""
* Issue - During the OpenSSH install, the original command was failing. I've added the updated command below so it the command fails, try the new command. - **
For this demo, we’re going to complete the following steps:
• Install SSH
• Configure Ansible to connect on port 22 to our Windows 2022 server
• Test the Ansible CLI works
• Create a playbook and test that work.
Chapters:
Build a Windows 2022 server in AWS: • Use Ansible to Manage ...
Add port 22/SSH to the security group: • Use Ansible to Manage ...
RDP onto the remote Windows 2022 server: • Use Ansible to Manage ...
Install OpenSSH on our Windows 2022 server: • Use Ansible to Manage ...
SSH onto the Windows 2022 server from Linux: • Use Ansible to Manage ...
Setup Ansible to connect to our Windows 2022 server: • Use Ansible to Manage ...
Check Ansible connectivity using win_ping: • Use Ansible to Manage ...
Setup a playbook to run on our Windows 2022 server: • Use Ansible to Manage ...
Use Ansible to install Apache: • Use Ansible to Manage ...
#######################
Windows server commands:
Below are the commands I ran in this turorial:
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
**--------------
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Alternatively use this command to install:
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
**------------
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
############################
Create the hosts.ini file:
[ec2-user@ip-172-31-16-55 windows]$ cat hosts.ini
[win]
IP_ADDRESS
[win:vars]
ansible_user=Administrator
ansible_password=
ansible_connection=ssh
ansible_shell_type=cmd
ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
ansible_ssh_retries=3
ansible_become_method=runas
Run win_ping:
$ ansible win -m win_ping
Now Setup the Playbook:
---
hosts: win
gather_facts: no
tasks:
name: test powershell
win_shell: |
get-host
register: result_get_host
name: display result_get_host
debug:
var: result_get_host
Run the playbook:
$ ansible-playbook -i hosts.ini win_ssh.yml
Next Add the installation of Apache to your playbook:
name: add directory
win_file:
path: C:\ansible_examples
state: directory
name: Download the Apache installer
win_get_url:
url: archive.apache...
dest: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi
force: true
name: Install MSI
win_package:
path: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi
state: present
Now run the playbook again and check Apache is installed
Thanks for watching. I hope this helps some of you to get this working!
A subscribe and a like are always appreciated.
#ansible #windows #ssh
Brilliant!! This is a huge improvement over the tedious winrm config and troubleshooting
Thanks James. Yes, now that SSH is an option for windows servers, I think Ansible management of windows will only grow.
Yep, at some point i just decided that investing time in winrm is not worth it, and then there is video to help me out
I like how your videos are quick and to the point. I appreciate you showing a simple one with ssh. I’m trying to decide on using winrm or ssh. Thanks!
Hi Chad, I feel that SSH is simpler because you don't need to mess around with installing winrm and setting up certificates, as that could be an issue at some work places. If you're managing Linux and windows together with Ansible, the servers would probably sit on the same network and port 22 would probably already be open so again no FW changes to open the winrm ports. Either one will work for you.
Yeah, I agree SSH seems simpler and with WinRM I almost have to learn a new technology. I’m looking to put an infrastructure in place so I have a good framework. Makes sense to tackle new Tech down the road. Thanks.
Keyboard Recommendation:
I actually like my Logitech K520 and K270
This is great Dennis, just what I was looking for
Thanks, It helped with my installation.
You're welcome. Glad it was useful.
That's very informative thanks!, one question can we use ssh key instead of password to kick off security updates on windows machine?
Hi Prateek, yes you can use an ssh key. Generate one as normal on the linux server and add the public key to the correct location for the admin user (I can't remember off the top of my head but it's not the same place as a standard user).
@@LondonIAC thank you
Hello. Great work. But i would liked to see an ssh connection with a key and without using the administrator credentials. But it's a good start to use ssh instead of winrm.
Ideally, you'd set up a domain certificate and start winrm over https with that cert. Then, using kerberos, you would just use kinit to provide the credentials on linux and ansible would connect with no ssh key required.
Unfortunately I don't have the setup to demo this in AWS yet (like I've done at work).
Great explained
Glad you liked it
Mechanical Keyboard - Corsair K70 as a Black Friday deal a few years ago.
Thanks! I'll look that up.
question for you or request for a piece of advice, I have to manage a very basic setup, 2x HOST HyperV Windows Server 2022 , approx 80 Windows VMs , I see Ansible as a great tool to Provision new VMs , manage Windows Updates and Software Updates, should i use WinRM or SSH
Thank you!
Thank you mate, video liked, subscribed and followed you on LinkedIn 😂😄
Awesome, thank you!
Hi Dennis, If I’ve got 10 windows hosts to manage, how do I put 10 different admin passwords in the [win:vars] file?
Do we need to install OpenSSH.server? Is openssh.client not enough? Thank you
This stackoverflow question looks like it should be what you need. You need to use host_vars to manage variables per server. Have a look, and hopefully, it will help you.
stackoverflow.com/questions/72026361/how-can-i-specify-multiple-users-and-passwords-in-ansible-vault-file
If you need a bit more help, let me know, and I'll do a video demo on it for you.
@@LondonIAC thank you Dennis, will give this a go.
Hello, I can not find the descriptions with all commands
Morning Michael. If you scroll down the description, and see this section at the top:
"* Issue - During the OpenSSH install, the original command was failing. I've added the updated command below so it the command fails, try the new command. - **"
- Please click the "show more" button and this will open up on the page and give you the commands you're looking for.
I hope this helps.
Hi
Could you please paste the ssh commands.
Hi Ganesh, I've added the windows commands to the description. Is that what you needed?
Great post I will test this out thanks for the video
No problem 👍 Let me know how it goes.
Getting this error: (ansible_env) ansible DEVME_WINDOWS -m ping
[WARNING]: No python interpreters found for host devops1 (tried ['/usr/bin/python', 'python3.9', 'python3.8', 'python3.7',
'python3.6', 'python3.5', 'python2.7', 'python2.6', '/usr/libexec/platform-python', '/usr/bin/python3', 'python'])
devops1 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Exception calling \"Create\" with \"1\" argument(s): \"At line:4 char:21
+ def _ansiballz_main():
+ ~
An expression was expected after '('.
At line:13 char:27
+ except (AttributeError, OSError):
+ ~
Missing argument in parameter list.
At line:15 char:29
+ excludes = set(('', '.', scriptdir))
+ ~
Ansible works for linux hosts
Hi,
When you connect to a windows server, you need to use the equivalent windows module. In this case, try "win_ping" instead of "ping". check 12:24 in the video.
I hope this resolves your issue.
@@dmccuk Thanks so much!, yup it works. Sorry I was impatient, was just trying without paying attention I think.
See Dennis McCarthy's reply.