Ansible配置管理Windows主机

2021-07-09 19:04

阅读:361

标签:端口   mic   git   lib   auth   packages   权限设置   loading   tis   

在配置windows主机的网上查了很多的博客发现都不对,好多地方写的不清不楚的,估计都是复制粘贴的吧。所以自己写一篇比较详细的操作步骤

[任务]

①.在ansible的Linux主控机上安装控制Windows的组件:pywinrm 、kerbers。

②.配置windows主机:安装Framework 4.5(最低3.0),修改注册表,设置powershell本地运行权限为remotesigned,powershell升级到3.0,配置winrm

③.测试配置是否成功

1.用python的pip安装pywinrm、kerberos(我这里是没有装这个,但测试也能通过,可能后续其他操作会用到,自己掂量)

root@newings:~# pip install pywinrm
Collecting pywinrm
  Downloading https://files.pythonhosted.org/packages/0d/12/13a3117bbd2230043aa32dcfa2198c33269665eaa1a8fa26174ce49b338f/pywinrm-0.3.0-py2.py3-none-any.whl
Collecting xmltodict (from pywinrm)
  Downloading https://files.pythonhosted.org/packages/42/a9/7e99652c6bc619d19d58cdd8c47560730eb5825d43a7e25db2e1d776ceb7/xmltodict-0.11.0-py2.py3-none-any.whl
Collecting requests-ntlm>=0.3.0 (from pywinrm)
  Downloading https://files.pythonhosted.org/packages/03/4b/8b9a1afde8072c4d5710d9fa91433d504325821b038e00237dc8d6d833dc/requests_ntlm-1.1.0-py2.py3-none-any.whl
Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from pywinrm) (1.10.0)
Collecting requests>=2.9.1 (from pywinrm)
  Downloading https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl (91kB)
    100% |████████████████████████████████| 92kB 1.1MB/s 
Collecting ntlm-auth>=1.0.2 (from requests-ntlm>=0.3.0->pywinrm)
  Downloading https://files.pythonhosted.org/packages/8e/5b/4047779fb456b0de503c4acb7b166becf2567efb772abb53998440791d3c/ntlm_auth-1.2.0-py2.py3-none-any.whl
Collecting cryptography>=1.3 (from requests-ntlm>=0.3.0->pywinrm)
  Downloading https://files.pythonhosted.org/packages/87/e6/915a482dbfef98bbdce6be1e31825f591fc67038d4ee09864c1d2c3db371/cryptography-2.3.1-cp27-cp27mu-manylinux1_x86_64.whl (2.1MB)
    100% |████████████████████████████████| 2.1MB 1.5MB/s 
Collecting idna2.8,>=2.5 (from requests>=2.9.1->pywinrm)
  Downloading https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl (58kB)
    100% |████████████████████████████████| 61kB 22.3MB/s 
Collecting urllib31.24,>=1.21.1 (from requests>=2.9.1->pywinrm)
  Downloading https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl (133kB)
    100% |████████████████████████████████| 143kB 16.0MB/s 
Collecting chardet3.1.0,>=3.0.2 (from requests>=2.9.1->pywinrm)
  Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
    100% |████████████████████████████████| 143kB 11.2MB/s 
Collecting certifi>=2017.4.17 (from requests>=2.9.1->pywinrm)
  Downloading https://files.pythonhosted.org/packages/df/f7/04fee6ac349e915b82171f8e23cee63644d83663b34c539f7a09aed18f9e/certifi-2018.8.24-py2.py3-none-any.whl (147kB)
    100% |████████████████████████████████| 153kB 12.1MB/s 
Requirement already satisfied: enum34; python_version "3" in /usr/lib/python2.7/dist-packages (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) (1.1.2)
Collecting cffi!=1.11.3,>=1.7 (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm)
  Downloading https://files.pythonhosted.org/packages/14/dd/3e7a1e1280e7d767bd3fa15791759c91ec19058ebe31217fe66f3e9a8c49/cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB)
    100% |████████████████████████████████| 409kB 7.0MB/s 
Collecting asn1crypto>=0.21.0 (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm)
  Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)
    100% |████████████████████████████████| 102kB 11.9MB/s 
Requirement already satisfied: ipaddress; python_version "3" in /usr/lib/python2.7/dist-packages (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) (1.0.16)
Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm)
  Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)
    100% |████████████████████████████████| 163kB 12.3MB/s 
Installing collected packages: xmltodict, ntlm-auth, idna, urllib3, chardet, certifi, requests, pycparser, cffi, asn1crypto, cryptography, requests-ntlm, pywinrm
  Found existing installation: idna 2.0
    Uninstalling idna-2.0:
      Successfully uninstalled idna-2.0
  Running setup.py install for pycparser ... done
  Found existing installation: cryptography 1.2.3
    Uninstalling cryptography-1.2.3:
      Successfully uninstalled cryptography-1.2.3
Successfully installed asn1crypto-0.24.0 certifi-2018.8.24 cffi-1.11.5 chardet-3.0.4 cryptography-2.3.1 idna-2.7 ntlm-auth-1.2.0 pycparser-2.19 pywinrm-0.3.0 requests-2.19.1 requests-ntlm-1.1.0 urllib3-1.23 xmltodict-0.11.0

2.这个装完之后就可以放下主控机这边的工作,转移到windows那边去,先检查windows电脑是否有安装Framework组件,如没有需要下载安装,版本最低为3.0

Framework 4.5地址

http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe

3.修改注册表,将powershell脚本本地运行权限设置为remotesigned,路径如下

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics

如下所示

技术分享图片

 3.升级powershell到3.0版本,win7的系统需要先打补丁,不然脚本无法执行成功,脚本放文本里面修改为.ps1即可

补丁地址:

https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.1-KB2506143-x64.msu

脚本地址:

https://github.com/cchurch/ansible/blob/devel/examples/scripts/upgrade_to_ps3.ps1

做完以上操作,需要重启电脑,然后执行自动配置脚本,我执行了好像并什么用

自动配置脚本:

https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

4.运行winrm服务,打开cmd命令输入

winrm qc

如有一下错误提示,请将网络设置为家庭网络,并关掉所有虚拟网络(VMware work/server)

技术分享图片

网络没问题,执行winrm qc如下图所示

技术分享图片

 开启winrm服务后,检查winrm配置是否正确

winrm get winrm/config

配置文件信息如下图所示

技术分享图片

将Auth中Basic设置为true,service中AllowUnencrypted设置为true,命令都在CMD窗口中执行

winrm set winrm/config/service @{AllowUnencrypted="true"}
winrm set winrm/config/service/auth @{Basic="true"}

剩下的就是配置ansible的Inventory文件,测试主控机和被控制主机通信是否正常,这些东西网上基本都有。

windows主机测试命令

ansible windows -m win_ping

其中windows为主机所在组名称

注:windows主机端口分两种:http=8985,https=8986

Ansible配置管理Windows主机

标签:端口   mic   git   lib   auth   packages   权限设置   loading   tis   

原文地址:https://www.cnblogs.com/Roobbin/p/9701106.html


评论


亲,登录后才可以留言!