1. 程式人生 > >Ansible配置管理Windows主機

Ansible配置管理Windows主機

img 都是 windows for chardet cte linux1 urllib all

在配置windows主機的網上查了很多的博客發現都不對,好多地方寫的不清不楚的,估計都是復制粘貼的吧。所以自己寫一篇比較詳細的操作步驟

[任務]

①.在ansible的Linux主控機上安裝控制Windows的組件:pywinrm 、kerbers。

②.配置windows主機:安裝Framework 4.5(最低3.0),修改註冊表,設置powershell本地運行權限為remotesigned,powershell升級到3.0,配置winrm

③.測試配置是否成功

1.用python的pip安裝pywinrm、kerberos(我這裏是沒有裝這個,但測試也能通過,可能後續其他操作會用到,自己掂量)

root@newings:~# pip install pywinrm
Collecting pywinrm
  Downloading https://files.pythonhosted.org/packages/0d/12/13a3117bbd2230043aa32dcfa2198c33269665eaa1a8fa26174ce49b338f/pywinrm-0.3.0-py2.py3-none-any.whl
Collecting xmltodict (from pywinrm)
  Downloading https://files.pythonhosted.org/packages/42/a9/7e99652c6bc619d19d58cdd8c47560730eb5825d43a7e25db2e1d776ceb7/xmltodict-0.11.0-py2.py3-none-any.whl
Collecting requests-ntlm>=0.3.0 (from pywinrm) Downloading https://files.pythonhosted.org/packages/03/4b/8b9a1afde8072c4d5710d9fa91433d504325821b038e00237dc8d6d833dc/requests_ntlm-1.1.0-py2.py3-none-any.whl Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from pywinrm) (1.10.0) Collecting requests
>=2.9.1 (from pywinrm) Downloading https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl (91kB) 100% |████████████████████████████████| 92kB 1.1MB/s Collecting ntlm-auth>=1.0.2 (from requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/8e/5b/4047779fb456b0de503c4acb7b166becf2567efb772abb53998440791d3c/ntlm_auth-1.2.0-py2.py3-none-any.whl Collecting cryptography>=1.3 (from requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/87/e6/915a482dbfef98bbdce6be1e31825f591fc67038d4ee09864c1d2c3db371/cryptography-2.3.1-cp27-cp27mu-manylinux1_x86_64.whl (2.1MB) 100% |████████████████████████████████| 2.1MB 1.5MB/s Collecting idna<2.8,>=2.5 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl (58kB) 100% |████████████████████████████████| 61kB 22.3MB/s Collecting urllib3<1.24,>=1.21.1 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl (133kB) 100% |████████████████████████████████| 143kB 16.0MB/s Collecting chardet<3.1.0,>=3.0.2 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB) 100% |████████████████████████████████| 143kB 11.2MB/s Collecting certifi>=2017.4.17 (from requests>=2.9.1->pywinrm) Downloading https://files.pythonhosted.org/packages/df/f7/04fee6ac349e915b82171f8e23cee63644d83663b34c539f7a09aed18f9e/certifi-2018.8.24-py2.py3-none-any.whl (147kB) 100% |████████████████████████████████| 153kB 12.1MB/s Requirement already satisfied: enum34; python_version < "3" in /usr/lib/python2.7/dist-packages (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) (1.1.2) Collecting cffi!=1.11.3,>=1.7 (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/14/dd/3e7a1e1280e7d767bd3fa15791759c91ec19058ebe31217fe66f3e9a8c49/cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB) 100% |████████████████████████████████| 409kB 7.0MB/s Collecting asn1crypto>=0.21.0 (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB) 100% |████████████████████████████████| 102kB 11.9MB/s Requirement already satisfied: ipaddress; python_version < "3" in /usr/lib/python2.7/dist-packages (from cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) (1.0.16) Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography>=1.3->requests-ntlm>=0.3.0->pywinrm) Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB) 100% |████████████████████████████████| 163kB 12.3MB/s Installing collected packages: xmltodict, ntlm-auth, idna, urllib3, chardet, certifi, requests, pycparser, cffi, asn1crypto, cryptography, requests-ntlm, pywinrm Found existing installation: idna 2.0 Uninstalling idna-2.0: Successfully uninstalled idna-2.0 Running setup.py install for pycparser ... done Found existing installation: cryptography 1.2.3 Uninstalling cryptography-1.2.3: Successfully uninstalled cryptography-1.2.3 Successfully installed asn1crypto-0.24.0 certifi-2018.8.24 cffi-1.11.5 chardet-3.0.4 cryptography-2.3.1 idna-2.7 ntlm-auth-1.2.0 pycparser-2.19 pywinrm-0.3.0 requests-2.19.1 requests-ntlm-1.1.0 urllib3-1.23 xmltodict-0.11.0

2.這個裝完之後就可以放下主控機這邊的工作,轉移到windows那邊去,先檢查windows電腦是否有安裝Framework組件,如沒有需要下載安裝,版本最低為3.0

Framework 4.5地址

http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe

3.修改註冊表,將powershell腳本本地運行權限設置為remotesigned,路徑如下

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics

如下所示

技術分享圖片

3.升級powershell到3.0版本,win7的系統需要先打補丁,不然腳本無法執行成功,腳本放文本裏面修改為.ps1即可

補丁地址:

https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.1-KB2506143-x64.msu

腳本地址:

https://github.com/cchurch/ansible/blob/devel/examples/scripts/upgrade_to_ps3.ps1

做完以上操作,需要重啟電腦,然後執行自動配置腳本,我執行了好像並什麽用

自動配置腳本:

https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

4.運行winrm服務,打開cmd命令輸入

winrm qc

如有一下錯誤提示,請將網絡設置為家庭網絡,並關掉所有虛擬網絡(VMware work/server)

技術分享圖片

網絡沒問題,執行winrm qc如下圖所示

技術分享圖片

開啟winrm服務後,檢查winrm配置是否正確

winrm get winrm/config

配置文件信息如下圖所示

技術分享圖片

將Auth中Basic設置為true,service中AllowUnencrypted設置為true,命令都在CMD窗口中執行

winrm set winrm/config/service @{AllowUnencrypted="true"}
winrm set winrm/config/service/auth @{Basic="true"}

剩下的就是配置ansible的Inventory文件,測試主控機和被控制主機通信是否正常,這些東西網上基本都有。

windows主機測試命令

ansible windows -m win_ping

其中windows為主機所在組名稱

註:windows主機端口分兩種:http=8985,https=8986

Ansible配置管理Windows主機