【Absible學習】ansible管理windows系統
阿新 • • 發佈:2018-07-19
ora 3.0 original aaa allow sid disable balanced depend Ansible 從1.7+版本開始支持Windows,實測Windows 7 SP1和Windows Server 2008 R2及以上版本系統經簡單配置可正常與Ansible通信。但需要滿足以下幾點:
1、管理機必須是linux系統,且原裝Python Winrm模塊
2、底層通信基於PowerShell,版本為3.0+,Management Framework版本為3.0+
3、遠程windows主機開啟Winrm服務
winrm quickconfig
查看winrm service listener:winrm e winrm/config/listener
配置auth 為true(默認為false):winrm set winrm/config/service/auth @{Basic="true"}
配置允許非加密方式:winrm set winrm/config/service @{AllowUnencrypted="true"}
1、管理機必須是linux系統,且原裝Python Winrm模塊
2、底層通信基於PowerShell,版本為3.0+,Management Framework版本為3.0+
3、遠程windows主機開啟Winrm服務
- 被控制主機windows
- 安裝Framework 3.0+
下載鏈接為:http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe
- 安裝Framework 3.0+
2.更改powershell策略為remotesigned
在命令行中輸入 start powershell就可啟動powershell
通過Get-ExecutionPolicy查看腳本執行策略;通過Set-ExecutionPolicy UnRestricted更改腳本執行策略
3.升級PowerShell至3.0+
Window 7和Windows Server 2008 R2默認安裝的有PowerShell,但版本號一般為2.0版本,所以我們需升級至3.0+,Windows PowerShell 3.0使用的是 .netframework 4.0
下載upgrade_to_ps3.ps1,右擊使用powershell運行後重啟系統
或者使用Ansible 官方提供初始化腳本,腳本主要完成如下操作:
檢查最後安裝證書的指紋
配置錯誤處理
檢測Power shell版本
檢查/啟動WimRM服務
確保WinRM運行之後,檢查有PS會話配置
確保有SSL監聽
檢查基本鑒權
配置防火墻允許WinRM HTTPS鏈接
本地測試通過網絡方式連接是否正常
註意:如果提示系統中禁止執行腳本,可以在Powershell 命令行界面輸入 set-ExecutionPolicy RemoteSigned 然後輸入Y,在執行腳本就不會報
4.設置Windows遠端管理(WS-Management,WinRM)服務
註意以下操作在cmd中執行,而非powershell中
winrm quickconfig
查看winrm service listener:winrm e winrm/config/listener
配置auth 為true(默認為false):winrm set winrm/config/service/auth @{Basic="true"}
配置允許非加密方式:winrm set winrm/config/service @{AllowUnencrypted="true"}
至此windows遠端管理(WS-Management,WinRM)服務的環境配置完成!
-
控制主機linux:
如果沒有安裝pip, 先安裝對應於你的Python版本的pip:[root@Super svn]# easy_install pip #wget https://bootstrap.pypa.io/get-pip.py;python get-pip.py Installed /usr/lib/python2.7/site-packages/pip-10.0.1-py2.7.egg Processing dependencies for pip Finished processing dependencies for pip [root@Super svn]# [root@Super svn]# pip install paramiko PyYAML Jinja2 httplib2 six #pip install pywinrm paramiko PyYAML Jinja2 httplib2 six [root@Super 118920]# tail -2 /etc/ansible/hosts [windows] 10.15.97.100 ansible_ssh_user="administrator" ansible_ssh_pass="123123" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore [root@Super ~]# - 連通性
win_ping:Windows系統下的ping模塊,常用來測試主機是否存活。
[root@Super ~]# ansible 10.15.97.100 -m win_ping
10.15.97.100 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@Super ~]#* 遠程執行命令
遠程執行命令分為遠程執行windows 原生自有命令通過raw 模塊,如:"ipconfig "
遠程執行ansible的win_command模塊也可以執行命令,即ansible的擴展命令如"whoami"
默認是亂碼,需要修改winrm模塊文件
[root@Super ~]# cp /usr/lib/python2.7/site-packages/winrm/protocol.py{,.20180718bak}
[root@Super ~]# sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py
[root@Super ~]# sed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py
[root@Super ~]#
- 獲取ip地址
[root@Super ~]# ansible windows -m raw -a "ipconfig"
10.15.97.100 | SUCCESS | rc=0 >>
Windows IP Configuration
Ethernet adapter 本地連接:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e9ce:231:8bc6:45ea%11
IPv4 Address. . . . . . . . . . . : 10.15.97.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.15.97.254
Tunnel adapter isatap.{BB164424-6017-46EB-978A-5E7CFDF80A14}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
[root@Super ~]# - 獲取身份
[root@Super ~]# ansible windows -m win_command -a "whoami"
10.15.97.100 | SUCCESS | rc=0 >>
wthost\administrator
[root@Super ~]#
- 移動文件
[root@Super ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘"
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘
[root@Super ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\DBFPlus.exe‘"
10.15.97.100 | SUCCESS | rc=0 >>
1 file(s) moved.
[root@Super ~]# 移動文件目標端也需要制定到文件,而不能只制定到所在目錄位置
[root@Super ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘"
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘
[root@Super ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back‘"
10.15.97.100 | FAILED | rc=1 >>
The system cannot find the file specified.
non-zero return code
[root@Super ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘"
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘
[root@Super ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back‘"
10.15.97.100 | SUCCESS | rc=0 >>
1 dir(s) moved.
[root@Super ~]#
移動文件夾源端和目標端目錄都不能帶反斜杠/。且將源的整個目錄移到目的端目錄裏。
- 創建文件夾
[root@Super ~]# ansible windows -m raw -a "md d:\Ansible\justin"
10.15.97.100 | SUCCESS | rc=0 >>
Directory: D:\Ansible
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 2018/7/18 20:13 justin
[root@Super ~]# - 刪除文件或目錄
[root@Super ~]# ansible windows -m win_file -a "path=d:\Ansible\justin state=absent"
10.15.97.100 | SUCCESS => {
"changed": true
}
[root@Super ~]#
- 結束某程序
[root@Super ~]# ansible windows -m raw -a "taskkill /F /IM snmp.exe /T"
10.15.97.100 | SUCCESS | rc=0 >>
SUCCESS: The process with PID 1412 (child process of PID 548) has been terminated.
[root@Super ~]#
- 文件傳輸
[root@Super ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\soft\‘
10.15.97.100 | SUCCESS => {
"changed": true,
"checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",
"dest": "‘D:\\soft\\zjcfg.zip‘",
"operation": "file_copy",
"original_basename": "zjcfg.zip",
"size": 131374,
"src": "/app/svn/127_Client/118919/zjcfg.zip"
}
[root@Super ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\ansible\‘
10.15.97.100 | FAILED! => {
"changed": false,
"checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",
"dest": "‘D:\u0007nsible\\zjcfg.zip‘",
"msg": "Get-AnsibleParam: Parameter ‘dest‘ has an invalid path ‘D:\u0007nsible\\‘ specified.",
"operation": "file_copy",
"original_basename": "zjcfg.zip",
"size": 131374,
"src": "/app/svn/127_Client/118919/zjcfg.zip"
}
[root@Super ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\‘
10.15.97.100 | SUCCESS => {
"changed": true,
"checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",
"dest": "‘D:\\zjcfg.zip‘",
"operation": "file_copy",
"original_basename": "zjcfg.zip",
"size": 131374,
"src": "/app/svn/127_Client/118919/zjcfg.zip"
}
[root@Super ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/ dest=D:\‘
10.15.97.100 | SUCCESS => {
"changed": true,
"dest": "D:\\",
"operation": "folder_copy",
"src": "/app/svn/127_Client/118919/"
}
[root@Super ~]# 目標路徑不能含關鍵詞ansible,否則提示無效路徑,源使用反斜杠結果將遞歸傳輸目錄下所有文件,源不一反斜杠結尾將整個目錄傳輸到目標目錄下。
- 創建用戶
[root@Super ~]# ansible windows -m win_user -a "name=justin passwd=51cto groups=Administrators"
10.15.97.100 | SUCCESS => {
"account_disabled": false,
"account_locked": false,
"changed": true,
"description": "",
"fullname": "justin",
"groups": [
{
"name": "Administrators",
"path": "WinNT://WORKGROUP/WTHOST/Administrators"
}
],
"name": "justin",
"password_expired": true,
"password_never_expires": false,
"path": "WinNT://WORKGROUP/WTHOST/justin",
"sid": "S-1-5-21-4260034264-4268704002-684640490-1001",
"state": "present",
"user_cannot_change_password": false
}
[root@Super ~]# - 執行windows下的bat
[root@Super ~]# ansible windows -m win_command -a "chdir=D:\ .\xcopy.bat"
10.15.97.100 | SUCCESS | rc=0 >>
D:\>md d:\justin
[root@Super ~]#先切換到bat所在目錄,再執行bat
更多官方windows模塊見:官網
【Absible學習】ansible管理windows系統