Config Management for Windows with Ansible
2 min readJun 9, 2024
I’m sharing this note for future reference, and I hope it helps someone. Have suggestions? Leave a comment. If you found this helpful, please clap!
This brief article will explore how Ansible can be used to automate the configuration management of Windows servers. I’ve included several important links to help you dive deeper into the concepts and master them.
Control Node Minimum Requirements
- Operating System: Linux-based
- Ansible: Version 2.9 or higher
- Python: Python 3 with
pywinrminstalled - Installation Command:
pip3 install "pywinrm>=0.3.0"
Minimum Requirements for Windows Hosts
- PowerShell: Version 3.0 or newer, with at least .NET 4.0 installed
- WinRM Listener: Must be created and activated. For more details, see WinRM Listener.
- Supported Windows Versions: Ansible can generally manage Windows versions under current and extended support from Microsoft. This includes desktop OSs like Windows 10 and 11, and server OSs such as Windows Server 2016, 2019, and 2022.
- PowerShell and .NET for Management: PowerShell 5.1 or newer, with at least .NET 4.0, must be installed on the Windows host.
Setting up the Controller
# Check Ansible version
$ ansible --version
ansible 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Nov 22 2023, 10:22:35) [GCC 9.4.0]
# If you haven't installed Ansible or if the Ansible and Python versions do not meet the minimum requirements, install Ansible (Ref: https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html)
# This will make the default /usr/bin/ansible run with Python3
pip3 install ansible
ansible --version | grep "python version"
# Install pywinrm library (Ref: https://docs.ansible.com/ansible/latest/os_guide/windows_winrm.html)
pip install "pywinrm>=0.3.0"Setting up the Windows Host
Ref: https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html
- Create an Admin user to authenticate with Ansible
- Check and validate the versions (using PowerShell)
# check powershell version
$PSVersionTable
# check .NET version
Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version3. Check the status and port of WinRM service (using PowerShell)
# check if WinRM service is running
Get-Service -Name WinRM
# check WinRM Listener Configuration
winrm enumerate winrm/config/ListenerCreate and Run an Ansible Playbook
# create a temporory folder for inventory and playbook.yml
mkdir ansible_demo && cd ansible_demo
touch inventory playbook.yml
# inventory file content (*** hardcoding passwords in the inventory file is not recommended due to security concerns, Use Ansible Vault)
[win]
winhost1.example.com ansible_user=ansible-user ansible_password='ansible-user-password' ansible_port=5985 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_winrm_server_cert_calidation=ignore
# playbook.yml content
---
- name: Example Playbook
hosts: win
gather_facts: false
tasks:
- name: Touch a file (creates if not present, updates modification time if present)
ansible.windows.win_file:
path: C:\Users\Administrator.ALTERYX\Desktop\ansible-testfile.txt
state: touchInstall ansible.windows collection if it does not exist
ansible-galaxy collection install ansible.windowsTest the connectivity and run the example playbook
# Test connectivity
ansible -i inventory win -m win_ping
***
Example output:
winhost1.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
# Run playbook
ansible-playbook -i inventory playbook.ymlI’m sharing this note for future reference, and I hope it helps someone. Have suggestions? Leave a comment. If you found this helpful, please clap!
