Hey here! If you prefer a video over text, we've got you covered!
During this section, you will be learning how to setup Ansible on a Linux control node and how to setup a proper connection to one (or multiple) host machines by creating a Host inventory. In our example, we will be setting up a connection to Windows hosts, which require a special communication protocol named WinRM.
We will be using Ubuntu LTS 20.04 as an example, which you can download from here if you want to follow along.
We are not going to explain how to install Ubuntu on your device (or virtual machine) since we assume that you know how to do that. if you need help with that, then Canonical (The creators of Ubuntu OS) has a nice walkthrough on how to do that on their website.
Once you have completed the installation, open the terminal to use
apt (the package manager of Ubuntu) to install Ansible.
To install the most recent version of Ansible we need to install the Ansible repository into
apt, we can do this with the
add-apt-repository command, which you can find in the
software-properties-common software package.
$ sudo apt update && sudo apt install software-properties-common
This package might already be installed. If that’s the case, just continue with the rest of the steps.
Now that we have a way of adding apt repositories, we can add the Ansible repository so that we can install the latest version of Ansible.
$ sudo add-apt-repository --yes --update ppa:ansible/ansible
After the repository has been added, installing Ansible is as easy as installing it with
$ sudo apt install ansible
After Ansible is done installing we need to install an extension to connect to Windows machines with Ansible. We need to use WinRM connections for this. Why WinRM and not SSH? That’s because as of the time of writing, the SSH module for Windows is in beta, while the WinRM module is not.
WinRM stands for Windows Remote Management, and is a protocol for managing Windows machines remotely. Similar to SSH.
Support for WinRM connections is not installed into Ansible by default. For that we need a Python package named
pywinrm. Which we need to install with the Python package manager pip.
First, let’s install
$ sudo apt install pip
And then install the pywinrm package.
$ pip install "pywinrm >= 0.2.2"
Everything is now installed to be able to connect to Windows machines.
Now that Ansible can use WinRM to connect to Windows machines, we need to configure the Windows machines to allow WinRM connections.
Before you take these steps, make sure your Powershell is at least version 3.0, and you have at least .net framework 4.0 (as of the time of writing, Windows 10 contains Powershell 5.0 and .net framework 4.8)
Open Powershell as administrator and use the following command:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" $file = "$env:temp\ConfigureRemotingForAnsible.ps1" (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) powershell.exe -ExecutionPolicy ByPass -File $file
This downloads a Powershell script that enables and configures WinRM for Ansible. Specifically it does the following steps:
- Enables WinRM services & firewall exceptions
- Allow remote login of local users
- Create HTTP & HTTPS listeners for WinRM
- Generate a self-signed certificate for the HTTPS connection
Warning: This script is going to set up self signed certificates to secure the connection. While this is fine for demo purposes, it’s not enough for production & professional use. If you do want to set up a secure winrm connection for your company. Consider getting a certificate from a Certificate Authority (CA) and setting up WinRM manually.
Ansible works with a file named “hosts” in
/etc/ansible. In this file you define what the ip’s are of the machines you want to configure automatically with Ansible.
While this is the easiest way to configure Ansible’s host file. It is not the only way. You can also create ansible.cfg files that point to a host file in a different location. You can read more about this on the documentation on their website.
You can group machines together in the host file. You can give these groups names that you can use when specifying which machines need to be configured by Ansible.
In the file you need to add the following to the end, change everything in capital letters to the values of the host you want to configure:
[GROUPNAME] # ip's of machines here [GROUPNAME:vars] ansible_user = WINDOWS_USER ansible_password = WINDOWS_PASSWORD ansible_connection = winrm # more variables can be put in here.
[GROUPNAME:vars] you specify the details of the machines you want to configure.
In this case we specify the user, the user password and the connection type when we want to connect to any of these machines in this group.
For our example we will be using the following settings.
[Windows] 192.168.178.201 [Windows:vars] ansible_user = Administrator ansible_password = root ansible_connection = winrm ansible_winrm_server_cert_validation = ignore
You might have noticed that we have disabled server certificate validation in our example above. Since we are using a self-signed certificate, we have disabled the certificate validation. If you do want to set up a connection with certificate validation, you will need to buy a certificate from a Certificate Authority. And set up WinRM to use this certificate.
Once you have configured your host file you can test if Ansible can reach your machines with the
$ ansible Windows -m win_ping
You can edit the
Windows argument to the Windows group name you have written in your host file. You can also use
all to target all groups.
In this post we have shown you how to install Ansible on a Ubuntu machine and how to configure Ansible & Windows so that Ansible can reach your Windows machine. In the next post we will be explaining What modules are, which kinds are available and how you can use them from the command line.
See you there!