So lets talk a bit about Linux.. And Windows.. And Ansible! Cause it is a perfect patch for sure!
No for real, I am not drunk it is actually quite cool
Ansible and linux is a thing that is true and tested, it works like a charm and of course allot of people use it. But Ansible and Windows has actually matured quite allot in the last couple of years. It is also seen in the amount of modules that are now available for windows and how easy it is to setup now.
Lets first talk about the basis.. Linux and Ansible
So if you want to use configuration as code (CAC) you have some options in tools wise. Salt. Puppet. Ansible. And I suspect quite allot more but beats the hell out of me which more there are. So as far as I notice Ansible is one of the most populare ones. You can configure almost everything or just get some roles from people to configure everything. It is flexible, has a ton of modules and roles and collections available to use. And if it is not developed yet you can develop it pretty easily as long as you understand YAML. Linux and ansible is a golden combo. Mostly thanks to all the modules that people have created and are using. Also it helps that allot of people are creating roles for ansible specificly working for linux servers to setup cool things like K3s clusters, database clusters, databases, zabbix installations. You name it and most likely there is a module or role for created.
Now what is then the deal with Windows and ansible?
Ansible and windows have gotten a long way since the early stages. Setting it up use to be a hassle but now, actually quite doable. Of course it depends on how difficult you want it and so on (If you want kerberos auth for example some extra steps are needed). But overall, pretty easy and doable.
Setup Windows so we can use ansible to configure it.
So I suspect that most interesting thing about this would be to understand how to setup windows so that we can configure it with ansible? Well it is a good start to see how far it has become so why not. So first we need to determine how exactly we want to have it setup, do we want kerberos auth or any other way? Lets keep it easy for us all and say you will use kerberos. All you need is to make sure the host where you run it from can use and authenticate and that way you can just authenticate further. Maybe will write a bit further up how to use krb5 and AWX but hey all nice future things.
What needs to be done on the windows host
Well what needs to be done? You need to enable winrm for it! How do you do that you ask? Well ask windows: MS Docs
Just test it afterwards out
1
Enter-PSSession -ComputerName BLabLa
Or if you wan to play the rebel just enable ssh on windows. Afterwards make sure you have the pip packages required installed: Some more docs from ansible There is quite allot more information then that I cover here so do check out the link above!
Now get the inventory file in order
So for your inventory file you need to specify some settings.
You can dynamicly do this if you use an inventory provider or just place all the windows hosts in a group and use group vars.
1
2
3
4
5
6
[windows:vars]
ansible_user= [email protected]
ansible_port= 5986
ansible_connection= winrm
ansible_winrm_transport= kerberos
ansible_winrm_server_cert_validation= ignore # your choice. If you have valid cert then it is no problem
So that is all that you need.. see pretty easy in total.
Now lets write a simple playbook!
So lets write something really quick and check if it is working correclty:
1
2
3
4
5
6
7
---
- hosts: all
gather_facts: false
tasks:
- name: lets ping it
ansible.builtin.win_ping:
Well damn that was difficult wasn’t it?
Of course run it and test it out to see if it works.
If there is an issue with auth then first check if you can get a krb5 ticket, if that is already not possible then it will be difficult.
Of course you can also try out ntlm but it is less secure so not 100% recommended.
There are a couple of more items you need to make sure
Now where to go to now?
Well the sky is the limit! So many windows moduleS!!
Any cool things that I can recommend?
Well yes actualy!
Why not create a playbook for a DC and DNS?
1
2
3
4
5
- name: Make sure the windows domain is there as stated
ansible.windows.win_domain:
dns_domain_name: ''
safe_mode_password: ''
create_dns_deligation: true
Or maybe try out the chocolatey modules to configure your own windows PC?
1
2
3
4
5
6
7
8
9
10
11
---
- hosts: localhost
gather_facts: false
tasks:
- name: install git
chocolatey.chocolatey.win_chocolatey:
name:
- git
- notepadplusplus
state: present
It is actually quite easy as you can see.
The conclusion
So as you might have noticed, I haven’t explained everything to the point since hey everything is changing all day every day.
Look into the docs and try to find some cool ideas.
I wrote this to just show that something that wasn’t working a while back can be working now, as is the case with windows and ansible.
I do notice and see allot of old skool cool windows admins just staying away from all the automation but just try to embrase it..
It will make your lif easier and it will make so that you will have more time to click next in a installer, all it takes is just a couple of yaml lines where you watch out for your tabs.
So I hope you enjoyed and if not then it also doesn’t matter since I just write these things for fun.
Just try out new stuff and keep on learning!
Next blog will go I think about kubernetes.. Need to do a bit more in regards to that matter so why the hell not!!