Join us at @LondonIAC in this hands-on (semi-realtime) tutorial where we dive straight into using Ansible with Windows Server 2022 over WinRM.
Please like and let me know it worked for you (or what issues you faced) in the comments!
For SSH (port :22) connectivity between Ansible and Windows follow my other tutorial here: • Use Ansible to Manage ...
We start by creating a Windows Server 2022 on AWS. Then, we configure WinRM on the server using a set of efficient commands. Next, we establish an Ansible-to-Windows connection via WinRM.
We verify the setup's success with the win_ping module to confirm connectivity and authentication. Finally, we execute a simple Ansible playbook to create a directory and file that includes an Ansible fact.
This tutorial is a straightforward guide to setting up and running Ansible for Windows Server 2022 via WinRM. Whether you're an experienced IT expert or a beginner, this tutorial provides a clear roadmap to get you started.
Please Subscribe to my channel: bit.ly/lon_sub
------------------------------------------------------------------------
PowerShell commands (AWS specific but you can adjust to your own requirements):
Enable PowerShell remoting
Enable-PSRemoting -Force
Set WinRM service startup type to automatic
Set-Service WinRM -StartupType 'Automatic'
Configure WinRM Service
Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true
Set-Item -Path 'WSMan:\localhost\Service\AllowUnencrypted' -Value $true
Set-Item -Path 'WSMan:\localhost\Service\Auth\Basic' -Value $true
Set-Item -Path 'WSMan:\localhost\Service\Auth\CredSSP' -Value $true
Create a self-signed certificate and set up an HTTPS listener
$cert = New-SelfSignedCertificate -DnsName $(Invoke-RestMethod -Uri 169.254.169.254/latest/meta-data/public-hostname) -CertStoreLocation "cert:\LocalMachine\My"
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"$(Invoke-RestMethod -Uri 169.254.169.254/latest/meta-data/public-hostname)`";CertificateThumbprint=`"$($cert.Thumbprint)`"}"
Create a firewall rule to allow WinRM HTTPS inbound
New-NetFirewallRule -DisplayName "Allow WinRM HTTPS" -Direction Inbound -LocalPort 5986 -Protocol TCP -Action Allow
Configure TrustedHosts
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
Set LocalAccountTokenFilterPolicy
New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -PropertyType DWord -Value 1 -Force
Set Execution Policy to Unrestricted
Set-ExecutionPolicy Unrestricted -Force
Restart the WinRM service
Restart-Service WinRM
List the WinRM listeners
winrm enumerate winrm/config/Listener
------------------------------------------------------------------------
#ansible #windows #winrm
Негізгі бет Step-by-Step Ansible Tutorial for Windows Server 2022: Optimizing WinRM
Пікірлер: 38