Ansible is a configuration management offering that runs on Linux but controls Windows systems with PowerShell. Find out how to get the tool running in your data center.
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
Step 2 of 2:
both platforms.
There are several tools designed for this purpose, but Ansible is making great strides to establish itself as the leader in this space. Ansible manages Linux and Windows systems. It has PowerShell support, so Windows admins can use their scripts once they learn Ansible's management structure. The Ansible stack needs to run on Red Hat, Debian, CentOS, macOS or a similarly architected OS server or virtual machine.
Ansible doesn't use the typical server/client architecture of other remote management tools, so the setup work might be foreign to some administrators. Ansible manages Windows systems via PowerShell remoting or Windows Remote Management (WinRM).
It only takes a few steps to set up the control machine, configure a Windows Server, execute individual commands on the configured machine and use custom scripts on Ansible for Windows management. Being able to copy and run your current PowerShell scripts is a quick way to get started with the Ansible console before learning how to dive deep into the Ansible playbook management approach.
Set up the control machine
To configure the Ansible control machine to manage hosts, enable PowerShell remoting on the host and give the appropriate credentials to Ansible for Windows administration, usually with a Secure Socket Shell key.
Make sure the Ansible control machine runs on a valid version of Python with an updated version of pip, then run the following command to install the pywinrm module:
$ pip install "pywinrm>=0.2.2"
Being able to copy and run your current PowerShell scripts is a quick way to get started with the Ansible console before learning how to dive deep into the Ansible playbook management approach.
Use the following code to add the Windows machine you want to control to the /etc/ansible/hosts file so Ansible registers the Windows machine:
[groupname] 192.168.1.1
Next, add the following configuration to Ansible in the /etc/ansible/group_vars/groupname.yaml file for basic authentication:
Be sure the Windows machine you want to manage is on a supported version of Windows -- version 7 or later for desktops and 2008 or later for Windows Server -- and PowerShell 3.0 or later.
Next, enable PSRemoting with this command:
Enable-PSRemoting -force
Then, set up the WinRM service -- required to use PowerShell remoting -- to start automatically.
Set-Service WinRM -StartMode Automatic
On the local machine, confirm you've started the WinRM service with the following cmdlet:
Test-WSMan
From a remote computer, add the -ComputerName parameter:
Test-WSMan -ComputerName "server123"
A primer on Windows management via Linux
Next, set up a WinRM Listener with the PowerShell script below from Ansible. It sets up an HTTP and HTTPS listener, as well as configure basic authentication on the host. It might require some adjustments to use in a production environment.
Lastly, complete the host configuration for Ansible by creating the WinRM listener.
winrm quickconfig
This Ansible for Windows tutorial is tailored for managing an individual server. To deploy this configuration on many machines, create a group policy and deploy that to the Windows servers. The group policy should set the WinRM service to start automatically, run the configuration script and configure the WinRM listeners.
How to work with Ansible for Windows machine management
After finalizing the configuration from the Ansible server to the remote managed machine, you can run tasks remotely from the Ansible server.
First, test connectivity with a ping from the Ansible host.
To run ad hoc commands on Windows from Ansible, you can easily create one-liners by calling the win_shell module. A simple example is stopping a service remotely for a group of machines from the Ansible console:
Ansible opens the door to advanced management capabilities
Ansible is worth learning due to its cross-platform capabilities that scale to manage a large number of devices. Once you've learned the basics, you can perform more in-depth tasks, such as using PowerShell Desired State Configuration with Ansible and working with custom modules.