excelente tutorial! life saver for sure. i just want to share a quick observation: if anyone got errors like: "FAILED! => {"msg": "winrm or requests is not installed: No module named 'winrm'"}" verify if you installed the python module called pywinrm for user ansible: pip install --user ansible pywinrm
A huge helpful video for create the HTTPS listener! The only point to review maybe in the future is the authentication using other method distinct of Basic authentication (maybe kerberos or CredSSP). Thank you for sharing!
Is Ansible for Windows really viable for real world use in your opinion? Last time I looked, the official documentation seemed outdated/neglected, Windows modules development was frozen, and trying to do more serious tasks (installing Windows features, various software, etc) often failed. There also wasn’t good guidance for securing thing with SSH access, Kerberos authentication, domain signed certificates, what’s the relationship between Ansible and DSC, or whatever supersedes DSC, etc. What kind of production uses is Ansible good for that you’ve found? Thanks for your thoughts.
Good question. I've used Anisble with Linux for years, and it's probably the best automation product out there for that use case. I first got into using Ansible on Windows when I worked for Red Hat, Consulting for a bank. Back then, it was OK, but there were nowhere near as many modules as there are today. You can check them yourself here: docs.ansible.com/ansible/2.9/modules/list_of_windows_modules.html (I think this list is probably out of date!). This tutorial is really only for a lab environment. In production, I use Kerberos and a domain certificate for the winRM service and use Ansible to get my kerberos ticket from a password secret (using vault). I have roles to install all sorts of services across different Windows server versions. It's really speeded up this part of the server customization. I also collect about 28 data points from all linux and Windows servers in the various environments using ansible, and this gives us a unified view of our estate (in a spreadsheet!) That enables us to answer lots of questions about our servers very quickly. Handy for management. I wouldn't say Ansible is perfect for Windows, but it's definitely viable. One thing I've learned is create a .bat file for the install/ uninstall of your application. Using win_shell: When Windows commands have spaces and quotes can make it very hard to run an installation command with all the required options. Just something I've learned that makes life a lot easier. I have a video on here for setting up SSH on Windows servers and setting up the Administrator ssh key, which I think could be the way to go in the future. Many Windows servers live on the save vlan as Linux servers and SSH is probably already open so you don't need to open up 5986 and get FW rules added across your network. I hope that helps.
Thanks for your super useful tutorial, I really appreciate your video. I can't express how much I appreciate your channel. I just have a question about when we configure Firewall. In production, is it the best practice to do so? It doesn't seem the most secure like you said. If I want to do it the right way, what should I do?
I want to perform oracle db installs and update them when needed. Would any command on the script ran on powershell create any issues or conflicts with the database? Also it would really be great if you can start a series for Ansible on production servers, using Active directory authentication for performing windows updates etc etc. And yes, this video really helped me clear my doubts. Thanks a lot :)
this isn't tied to ansible in anyway right? after that I should PSSession into the windows server with powershell correct? I made a powershell script to restart a server but I guess I missed the Certification part, I could make it work without it.
I did the setup exactly the same for several servers, seems the "ping" only works on domain controllers not on domain servers, after some searching i found in the eventviewer that the logon attempt happens with the domain set to that of the local machine and not the actual domain which is why it only works on domain controllers apparently. How can i force ansible to authenticate with domain\ansible_usr instead of localserver\ansible_usr?
Hi, thanks for the video. i'm working with monitoring and need a tool to send/receive files and scripts over internet, because the hosts are spread across the country, is that possible with ansible ?
The ps1 from ansible documentation is now gone and I have been searching for some solution to get this to work. You instructions seems promising but your self signed cert code soesn't work for the IP is specific to your setup. I tried changing it to localhost but with no luck. Can you help with that for I'm really bad with dealing with certs.
Is there a way to configure wiinrm with ansible raw mode? So that we don't have to rdp to Windows server for running those ConfigureRemoting commands in powershell.
If you're still getting issues create a gist In github with your ansible code, inventory and the error when you run ansible and send the url to me. I may be able to see the issue. One other option is to run that error through Google. There may be a stackoverflow post with the fix or what to check/correct. Good luck.
Great walk-through. Very clear and concise. Thank you very much.
excelente tutorial! life saver for sure. i just want to share a quick observation: if anyone got errors like: "FAILED! => {"msg": "winrm or requests is not installed: No module named 'winrm'"}" verify if you installed the python module called pywinrm for user ansible:
pip install --user ansible pywinrm
last 3 days i was stuck in ansible windows installation. this video rescued me. please make series on ansible windows
No problem. I'm glad it helped! What topics would you like me to cover for Ansible & Windows?
Setup and manage iis, etc services
Build and manage dc, ca, dns, wsus etc
A huge helpful video for create the HTTPS listener!
The only point to review maybe in the future is the authentication using other method distinct of Basic authentication (maybe kerberos or CredSSP).
Thank you for sharing!
What mic / audio setup are you using? Sounds great (which goes a long way making it easy to follow)
Extremely useful!
Is Ansible for Windows really viable for real world use in your opinion? Last time I looked, the official documentation seemed outdated/neglected, Windows modules development was frozen, and trying to do more serious tasks (installing Windows features, various software, etc) often failed. There also wasn’t good guidance for securing thing with SSH access, Kerberos authentication, domain signed certificates, what’s the relationship between Ansible and DSC, or whatever supersedes DSC, etc. What kind of production uses is Ansible good for that you’ve found? Thanks for your thoughts.
Good question. I've used Anisble with Linux for years, and it's probably the best automation product out there for that use case.
I first got into using Ansible on Windows when I worked for Red Hat, Consulting for a bank. Back then, it was OK, but there were nowhere near as many modules as there are today. You can check them yourself here: docs.ansible.com/ansible/2.9/modules/list_of_windows_modules.html
(I think this list is probably out of date!).
This tutorial is really only for a lab environment. In production, I use Kerberos and a domain certificate for the winRM service and use Ansible to get my kerberos ticket from a password secret (using vault). I have roles to install all sorts of services across different Windows server versions. It's really speeded up this part of the server customization. I also collect about 28 data points from all linux and Windows servers in the various environments using ansible, and this gives us a unified view of our estate (in a spreadsheet!) That enables us to answer lots of questions about our servers very quickly. Handy for management.
I wouldn't say Ansible is perfect for Windows, but it's definitely viable. One thing I've learned is create a .bat file for the install/ uninstall of your application. Using win_shell: When Windows commands have spaces and quotes can make it very hard to run an installation command with all the required options. Just something I've learned that makes life a lot easier.
I have a video on here for setting up SSH on Windows servers and setting up the Administrator ssh key, which I think could be the way to go in the future. Many Windows servers live on the save vlan as Linux servers and SSH is probably already open so you don't need to open up 5986 and get FW rules added across your network.
I hope that helps.
Very helpful. Thank you
Thanks for the video
Thanks for your super useful tutorial, I really appreciate your video. I can't express how much I appreciate your channel.
I just have a question about when we configure Firewall. In production, is it the best practice to do so? It doesn't seem the most secure like you said. If I want to do it the right way, what should I do?
Thankyou so much !!!
You're welcome!
Gracias
I want to perform oracle db installs and update them when needed. Would any command on the script ran on powershell create any issues or conflicts with the database?
Also it would really be great if you can start a series for Ansible on production servers, using Active directory authentication for performing windows updates etc etc.
And yes, this video really helped me clear my doubts. Thanks a lot :)
this isn't tied to ansible in anyway right?
after that I should PSSession into the windows server with powershell correct?
I made a powershell script to restart a server but I guess I missed the Certification part, I could make it work without it.
Very helpful
thank you!!!!!!
Hi. I have like 3 powershell script i want to run using ansible . How can i go about this. Thanks
I did the setup exactly the same for several servers, seems the "ping" only works on domain controllers not on domain servers, after some searching i found in the eventviewer that the logon attempt happens with the domain set to that of the local machine and not the actual domain which is why it only works on domain controllers apparently. How can i force ansible to authenticate with domain\ansible_usr instead of localserver\ansible_usr?
Hi, thanks for the video.
i'm working with monitoring and need a tool to send/receive files and scripts over internet, because the hosts are spread across the country, is that possible with ansible ?
The ps1 from ansible documentation is now gone and I have been searching for some solution to get this to work. You instructions seems promising but your self signed cert code soesn't work for the IP is specific to your setup. I tried changing it to localhost but with no luck. Can you help with that for I'm really bad with dealing with certs.
Same issue here. Where that IP address is coming from? Is it the local address or an external source?
Is there a way to configure wiinrm with ansible raw mode? So that we don't have to rdp to Windows server for running those ConfigureRemoting commands in powershell.
Waht if whe use a Domain Admin?
I've been trying to set the user connection with Domain admin user,sadly I cannot
hi sir dont we need service account for authentication windows and ansible?
can we use public ip address of win vm instead of private dns name in inventory file?
sorry but this is for AWS windows server, which isnt really what the tittle says...
sadly everyone uses script which is created for lab, not body is showing manul configuration for windows WINRM on windows server
I ran the ps1 script from ansible, and followed your instructions, but I'm getting this error "msg": "ssl: auth method ssl requires a password"
It sounds like the password is the issue. Can you remote desktop into the windows server using the password you have in the inventory file?
If you're still getting issues create a gist In github with your ansible code, inventory and the error when you run ansible and send the url to me. I may be able to see the issue.
One other option is to run that error through Google. There may be a stackoverflow post with the fix or what to check/correct.
Good luck.
@@LondonIAC hello, I got it to work. I had a typo in ansible_password on the host file. Thanks!
@@ada-j9s it's great you got it working!
@@LondonIAC Could you make a video on how to hide the password in the host file? Thanks in advance!