Ansible/Windows: Difference between revisions

From Omnia
Jump to navigation Jump to search
(Created page with "== Ansible for Windows == https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1")
 
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Ansible for Windows ==
== Ansible for Windows ==
=== Enable WinRM with just HTTP/5985 ===
Quick Test (HTTP/5985)
winrm quickconfig
Test-WSMan
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in action=allow protocol=TCP localport=5985
Inventory for HTTP:
ansible_port=5985
ansible_winrm_scheme=http
ansible_winrm_transport=ntlm
If Connection refused on 5986 → Create HTTPS listener (better option anyways)
=== Enable WinRM with HTTPS/5986===
=== Option A - Official Script ===


  https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
  https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
<pre>
$url  = "https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy Bypass -File $file -SkipNetworkProfileCheck -Verbose
</pre>
=== Option B - Manual ===
NOTE: CHANGE TARGET_HOSTNAME
<pre>
$newCert = New-SelfSignedCertificate -DnsName "[TARGET_HOSTNAME]" -CertStoreLocation Cert:\LocalMachine\My
$thumb = $newCert.Thumbprint
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname="[TARGET_HOSTNAME]"; CertificateThumbprint="$thumb"}"
netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in action=allow protocol=TCP localport=5986
Test-WSMan -ComputerName [TARGET_HOSTNAME] -UseSSL
</pre>
== Test Connection ==
inventory/hosts
[windows]
server ansible_host=10.0.0.100 ansible_user="MYPC\user1" ansible_password="YourPassword" ansible_connection=winrm ansible_port=5986 ansible_winrm_scheme=https ansible_winrm_transport=ntlm ansible_winrm_server_cert_validation=ignore
Check inventory:
ansible-inventory -i ~/inventory/hosts --graph
ansible -i ~/inventory/hosts windows -m win_ping
# SUCCESS => { "changed": false, "ping": "pong" }
== keywords ==

Latest revision as of 23:32, 29 December 2025

Ansible for Windows

Enable WinRM with just HTTP/5985

Quick Test (HTTP/5985) 

winrm quickconfig
Test-WSMan
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in action=allow protocol=TCP localport=5985

Inventory for HTTP: 

ansible_port=5985
ansible_winrm_scheme=http
ansible_winrm_transport=ntlm

If Connection refused on 5986 → Create HTTPS listener (better option anyways)

Enable WinRM with HTTPS/5986

Option A - Official Script

https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

$url  = "https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy Bypass -File $file -SkipNetworkProfileCheck -Verbose

Option B - Manual

NOTE: CHANGE TARGET_HOSTNAME 

$newCert = New-SelfSignedCertificate -DnsName "[TARGET_HOSTNAME]" -CertStoreLocation Cert:\LocalMachine\My
$thumb = $newCert.Thumbprint
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname="[TARGET_HOSTNAME]"; CertificateThumbprint="$thumb"}"
netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in action=allow protocol=TCP localport=5986
Test-WSMan -ComputerName [TARGET_HOSTNAME] -UseSSL

Test Connection

inventory/hosts 

[windows]
server ansible_host=10.0.0.100 ansible_user="MYPC\user1" ansible_password="YourPassword" ansible_connection=winrm ansible_port=5986 ansible_winrm_scheme=https ansible_winrm_transport=ntlm ansible_winrm_server_cert_validation=ignore

Check inventory: 

ansible-inventory -i ~/inventory/hosts --graph

ansible -i ~/inventory/hosts windows -m win_ping
# SUCCESS => { "changed": false, "ping": "pong" }

keywords

Retrieved from "https://aznot.com/index.php?title=Ansible/Windows&oldid=9398"