Run Ansible on Windows

Posted by Blog - uTIcARdI on November 29, 2016

Background:

Here is a topology about the environment for a performance testing, let’s name the servers 1st:

  • 1 windows server for License/Workspace server
  • 5 windows servers for Network Server
  • 5 windows servers for Automation server
Topo
Topo

It really took us a lot of time to deploy the product and collect logs on all of these servers.

My colleague wrote a client-server application and do some of the tasks automatically. The application indeed works for log collection, but for product deployment, as the server end running as a service and fails to launch InstallShield wizard, it doesn’t support the product installation.

At the same time, I read an article about Deployment Management Tools comparison between Puppet, Chef, Ansible, and decided to try Ansible.

Note:

  • Ray Zhao shared with me his experience that how he used Puppet in OpenStack Lab.
  • Jin told me LinkedIn is using Ansible.
Deploy Ansible

Ansible’s document is very easy to read/understand.

Install Ansible with command (Python is required):

pip install ansible

For windows management, Pywinrm is required, but pay attention to pywinrm version, because I met the issue:https://github.com/ansible/ansible/issues/15973 Error Accessing Windows Machine: “ssl: ‘Session’ object has no attribute ‘merge_environment_settings’”

I installed pywinrm by the command:

pip install pywinrm==0.1.1

Note: Currently, Ansible doesn’t support Python3.

Windows System Prep

I chose win2012R2 to simple windows environment preparation. Just ran ansible’s power shell for winRm setup and make sure port : 5986 is open:

Topo
Topo

For the PowerShell security issue:

File ConfigureRemotingForAnsible.ps1 cannot be loaded because running scripts is disabled on this system. For more
information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
+ CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecord
Exception
+ FullyQualifiedErrorId : UnauthorizedAccess

This will allow running unsigned scripts that you write on your local computer and signed scripts from the Internet.

Ansible Inventory

On the linux server, create my hosts file by the command:

vi /etc/ansible/hosts

Here is a sample to add one server for testing:

[windows]
10.10.6.12 ansible_user="user_name" ansible_password="password" ansible_port="5986" ansible_connection="winrm"

configure username/password by group vars by the command:

vi /etc/ansible/group_vars/windows.yml

Here is the content:

ansible_user: user_name
ansible_password: password
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore

Note: Encrypting the yml file with ansible-vault is recommended:

ansible-vault edit group_vars/windows.yml
Testing
ansible windows -m win_ping
Playbook

Create a playbook by the command:

vi /etc/ansible/playbook.yml

Here is the content

- name: test raw module
hosts: windows
tasks:
- name: run ipconfig
# query session for RDP session
raw: CMD /C "PSExec.exe \\127.0.0.1 -u user_name -p password -d -i 1 c:\Automation\Install\InstallLatestBuildWith1WS_AllInOneClick.bat"
register: ipconfig
- debug: var=ipconfig

Without “PSExec.exe” in the raw command, ansible has the same behavior as my colleague’s application: InstallShield wizard windows does not pop up when I called it by ‘raw: CMD /C’ even it needs a process to run the command.

Refer to the articles:

PsExec should be the solution for both ansible and my colleague’s application which execute a command by a background service to call a GUI application.


  • Comment #1:

    I found that there is an option “Local System account -> Allow service to interact with desktop” in service property:

    Setting
    Setting

    It failed to launch windows RM service with this enabled this option:

    Prompt
    Prompt

Run Ansible on Windows


donation

Scan the QR code using WeChat

comments powered by Disqus