具体操作命令如下
set-executionpolicy remotesigned
winrm quickconfig
#配置auth
winrm set winrm/config/service/auth '@{Basic="true"}'
#为winrm service 配置加密方式为允许非加密
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
在windows powershell中运行
管理终端必须为linux,且需要安装 Python的winrm模块
底层通讯基于 powershell,版本需要在4.0以上 $PSVersionTable.PSVersion获取版本号 或者 get-host | findstr version
远程windows机器开启winrm
安装配置ansible:
安装ansible:
yum -y install ansible
如果没有安装pip, 请先安装对应于你的Python版本的pip:
easy_install pip
以下的Python模块也需要安装:
pip install PyYAML
配置hosts文件:
cat /etc/ansible/hosts
[windows]
10.0.0.1 ansible_ssh_user="Administrator" ansible_ssh_pass="123456" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
10.0.0.1 是windows服务器的IP。
/etc/ansible/hosts 中看可添加多个windows服务器的信息 ,可集体一次性管理,分发任务。
至此,ansible服务端配置完毕。
设置windows远程管理【WS-Management,winrm】
winrm service 默认都是未启用的状态,先查看状态;如无返回信息,则是没有启动;
winrm enumerate winrm/config/listener
针对winrm service 进行配置
针对winrm service 进行配置
winrm winrm quickconfig
为 winrm 配置 auth
winrm set winrm/config/service/auth @{Basic="true"}
为winrm service 配置加密方式为允许非加密
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
关闭防火墙,并查看5985端口是否开启,并在监听中
netstat -ano | findstr 5985
windows下可用调试模块 win_ping
ansible -i hosts all -m win_ping
显示连接成功
SUCCESS => {
"changed": false,
"ping": "pong"
windows下可用传送文件模块 win_copy
ansible -i hosts all -m win_copy -a 'src=/etc/passwd dest=D:\passwd'
windows下 文件管理模块 win_file
删除D:\passwd
ansible -i hosts all -m win_file -a "path=D:\passwd state=absent"
获取ip地址
ansible -i hosts all -m raw -a "ipconfig"
获取window主机信息:
ansible -i hosts all -m setup
创建文件夹:
ansible -i hosts all -m raw -a 'md D:\dir'
移动文件:
ansible -i hosts all -m raw -a "cmd /c 'move /y D:\Software\wmi_export.exe D:\wmi_export.exe'"
参考 https://docs.ansible.com/ansible/2.9/modules/list_of_windows_modules.html
ansible中 windows 和 linux 机器模块大同小异,windows除了模块名字前面多个 “win_”,除去这个后完全可以用于linux。
一般用来测试windows机器是否可以用ansible管理,结果是 pong 则证明可以正常连接
# Test connectivity to a windows host
name: Example from an Ansible Playbook
win_ping:
name: Induce an exception to see what happens # 异常查看
win_ping:
data: crash
一般执行单个命令,不支持管道符,例如查看一个ip ansible winserver -m win_command -a "ipconfig"
- name: Save the result of 'whoami' in 'whoami_out'
win_command: whoami
register: whoami_out
name: Run command that only runs if folder exists and runs from a specific folder
win_command: wbadmin -backupTarget:C:\backup\
args:
chdir: C:\somedir\
creates: C:\backup\
name: Run an executable and send data to the stdin for the executable
win_command: powershell.exe
args:
stdin: Write-Host test
与 win_command 不同的是,支持管道符,用powershell和cmd可以执行的命令,均可以批量执行
eg: ansible winserver -m win_shell -a "ipconfig | findstr IPv4"
# Execute a command in the remote shell; stdout goes to the specified
name: Run multi-lined shell commands
win_shell: |
$value = Test-Path -Path C:\temp
if ($value) {
Remove-Item -Path C:\temp -Force
}
New-Item -Path C:\temp -ItemType Directory
name: Retrieve the input based on stdin
win_shell: '$string = [Console]::In.ReadToEnd(); Write-Output $string.Trim()'
args:
stdin: Input message
创建文件或者文件夹,与linux不同的是 touch 创建文件 , directory创建文件夹
- name: Touch a file (creates if not present, updates modification time if present)
win_file:
path: C:\Temp\foo.conf
state: touch
name: Remove a file, if present
win_file:
path: C:\Temp\foo.conf
state: absent
name: Create directory structure
win_file:
path: C:\Temp\folder\subfolder
state: directory
name: Remove directory structure
win_file:
path: C:\Temp
state: absent
# 将linux端的文件拷贝到win机器上,并修改文件名
product_id 产品id arguments:安装用到的命令 例:/s 静默安装 state="present" :安装 state="absent" 卸载
# 安装 VC
- name: Enable firewall for Domain, Public and Private profiles
win_firewall:
state: enabled
profiles:
- Domain
- Private
- Public
tags: enable_firewall
- name: Change the hostname to sample-hostname
win_hostname:
name: sample-hostname
register: res
name 必填项 字符串
path (必填项) 通往ExecAction的可执行文件的路径
description 任务的描述
triggers 触发条件
- name: Create a task that will be repeated every minute forever
win_scheduled_task:
name: keepalive
description: keep alive the windows.exe
actions:
- path: C:\crontab\crontab.ps1
triggers:
- type: registration
repetition:
interval: PT2M # 每两分钟执行一次
duration: PT5M # 持续五分钟
stop_at_duration_end: no # 任务的运行实例是否在重复模式结束时停止
username: "administrator" # 给指定用户创建定时任务
win_reg_stat 获取机器的key
- name: Obtain information about a registry key using short form
ansible.windows.win_reg_stat:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
register: current_version
name: Obtain information about a registry key property
ansible.windows.win_reg_stat:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
name: CommonFilesDir
register: common_files_dir
name: Obtain the registry key's (Default) property
ansible.windows.win_reg_stat:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
name: ''
register: current_version_default
# LimitBlankPasswordUse
# 0 = enable empty passwords on network
# 1 = disable empty passwords on network
- name: Modify the registry so that the specified user can log in with an empty password
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa
name: LimitBlankPasswordUse
data: 0
type: dword
- name: 创建指定用户
win_user:
name: zhoujt
password: B0bP4ssw0rd # 设置密码,不加此项的话默认为没有密码
password_never_expires: yes # 密码用不过期
state: present # 创建用户
groups: # 用户归属组
- Users # 默认组
- Administrators # 添加为管理员
# 创建Jinja2模板,并传输到服务器
注意:完成之后需要重启,环境变量的配置才可以生效。或者进入环境变量点击确定
- name: Set an environment variable for all users
win_environment:
state: present
name: TestVariable
value: Test value
level: machine
raw: echo $ENV:PATH
register: path_out
name: 为所有用户设置需要添加应用的环境变量
win_environment:
state: present
name: Path
value: "{{ path_out.stdout | regex_replace('[\r\n]*', '')}} + ;C:\\windows\\win64"
level: machine # 系统级别
name: Set several variables at once
win_environment:
level: machine
variables:
TestVariable: Test value
CUSTOM_APP_VAR: 'Very important value'
ANOTHER_VAR: '{{ my_ansible_var }}'
name: Set and remove multiple variables at once
win_environment:
level: user
variables:
TestVariable: Test value
CUSTOM_APP_VAR: 'Very important value'
ANOTHER_VAR: '{{ my_ansible_var }}'
UNWANTED_VAR: '' # < this will be removed
- name: Install the foo service
community.windows.win_nssm:
name: foo
application: C:\windows\foo.exe
name: Install the foo service, redirecting stdout and stderr to the same file
community.windows.win_nssm:
name: foo
application: C:\windows\foo.exe
stdout_file: C:\windows\foo.log
stderr_file: C:\windows\foo.log
name: Configure and start the foo service using win_service
ansible.windows.win_service:
name: foo
dependencies: [ adf, tcpip ]
username: foouser
password: secret
start_mode: manual
state: started
name: Install a script based service and define custom environment variables
community.windows.win_nssm:
name:
application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
arguments: