Ansible is an open source tool for automating tasks. It manages the configuration of your Linux and Windows servers. It works without an agent which means that Ansible uses SSH and current user SSH authorization.
You can use Ansible to automate three types of tasks:
- Provisioning: Set up several servers you need in your infrastructure.
- Configuration management: Change the configuration of an application, OS, or device; start and stop services; install or update applications; implement a security policy or perform a wide variety of other configuration tasks.
- Application deployment: Make DevOps easier by automating the deployment of internally developed applications to your production systems.
This article will guide you through the install and setup process for Ansible on CentOS 7, as well as the configuration for the administration of a machine that's running on a Windows Server.
Prerequisites
- A sudo user.
- A CentOS 7 server instance.
Installation
Add the EPEL Repository.
sudo yum install epel-release
Update packages.
sudo yum -y update
Once the packages have been updated, install Ansible with yum.
sudo yum -y install ansible
To administer your Windows servers, you will need to install the following packages:
python-pippippywinrm
Install the Python packages.
sudo yum -y install python-pip pip
Install WinRM (Windows Remote Management).
pip install pywinrm
Test the Ansible installation by retrieving its version using the following command.
ansible --version
ansible 2.5.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Configure Ansible for Windows Server Management
Go to the Ansible directory.
cd /etc/ansible
Edit the hosts file with your favorite text editor.
nano hosts
Add the following lines at the bottom of the windows group.
[windows]
server1.domain.local
server1.domain.local
It is necessary to create an encrypted vault containing the access identifiers for the Windows server. For that, we will create a new encrypted yml file. The file name must match the host group to which it will apply. In our case, the created group is called windows, so the file will be windows.yml.
mkdir group_vars
cd group_vars
ansible-vault create windows.yml
In your yml file, add the following parameters.
ansible_ssh_user: _your_ssh_user_
ansible_ssh_pass: _your_ssh_pass_
ansible_ssh_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Configure the Windows Server
A PowerShell script is available to automatically configure your machine. This script will automatically configure WinRM (Windows Remote Management) and open the firewall.
Download the PowerShell script from Github.
Modify the execution rules of the PowerShell scripts to allow the execution of the script.
Set-ExecutionPolicy RemoteSigned
Execute the script.
.\ConfigureRemotingForAnsible.ps1
Your Windows Server is now ready for remote management with Ansible.