Ansible 从1.7+版本开始支持Windows,实测Windows 7 SP1和Windows Server 2008 R2及以上版本系统经简单配置可正常与Ansible通信。但需要满足以下几点:
1、管理机必须是linux系统,且原装Python Winrm模块
2、底层通信基于PowerShell,版本为3.0+,Management Framework版本为3.0+
3、远程windows主机开启Winrm服务
- 被控制主机windows
2.更改powershell策略为remotesigned
在命令行中输入 start powershell就可启动powershell
通过Get-ExecutionPolicy查看脚本执行策略;通过Set-ExecutionPolicy UnRestricted更改脚本执行策略
3.升级PowerShell至3.0+
Window 7和Windows Server 2008 R2默认安装的有PowerShell,但版本号一般为2.0版本,所以我们需升级至3.0+,Windows PowerShell 3.0使用的是 .netframework 4.0
下载upgrade_to_ps3.ps1,右击使用powershell运行后重启系统
或者使用Ansible 官方提供初始化脚本,脚本主要完成如下操作:
检查最后安装证书的指纹
配置错误处理
检测Power shell版本
检查/启动WimRM服务
确保WinRM运行之后,检查有PS会话配置
确保有SSL监听
检查基本鉴权
配置防火墙允许WinRM HTTPS链接
本地测试通过网络方式连接是否正常
注意:如果提示系统中禁止执行脚本,可以在Powershell 命令行界面输入 set-ExecutionPolicy RemoteSigned 然后输入Y,在执行脚本就不会报
4.设置Windows远端管理(WS-Management,WinRM)服务
注意以下操作在cmd中执行,而非powershell中
winrm 服务默认都是未启用的状态
winrm quickconfig
查看winrm service listener:winrm e winrm/config/listener
配置auth 为true(默认为false):winrm set winrm/config/service/auth @{Basic="true"}
配置允许非加密方式:winrm set winrm/config/service @{AllowUnencrypted="true"}
至此windows远端管理(WS-Management,WinRM)服务的环境配置完成!
- 控制主机linux:
如果没有安装pip, 先安装对应于你的Python版本的pip:[[email protected] svn]# easy_install pip #wget https://bootstrap.pypa.io/get-pip.py;python get-pip.py Installed /usr/lib/python2.7/site-packages/pip-10.0.1-py2.7.egg Processing dependencies for pip Finished processing dependencies for pip [[email protected] svn]# [[email protected] svn]# pip install paramiko PyYAML Jinja2 httplib2 six #pip install pywinrm paramiko PyYAML Jinja2 httplib2 six [[email protected] 118920]# tail -2 /etc/ansible/hosts [windows] 10.15.97.100 ansible_ssh_user="administrator" ansible_ssh_pass="123123" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore [[email protected] ~]# - 连通性
win_ping:Windows系统下的ping模块,常用来测试主机是否存活。
[[email protected] ~]# ansible 10.15.97.100 -m win_ping
10.15.97.100 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[[email protected] ~]#* 远程执行命令
远程执行命令分为远程执行windows 原生自有命令通过raw 模块,如:"ipconfig "
远程执行ansible的win_command模块也可以执行命令,即ansible的扩展命令如"whoami"
默认是乱码,需要修改winrm模块文件
[[email protected] ~]# cp /usr/lib/python2.7/site-packages/winrm/protocol.py{,.20180718bak}
[[email protected] ~]# sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py
[[email protected] ~]# sed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode(‘gbk‘).encode(‘utf-8‘))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py
[[email protected] ~]#
- 获取ip地址
[[email protected] ~]# ansible windows -m raw -a "ipconfig"
10.15.97.100 | SUCCESS | rc=0 >>
Windows IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e9ce:231:8bc6:45ea%11
IPv4 Address. . . . . . . . . . . : 10.15.97.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.15.97.254
Tunnel adapter isatap.{BB164424-6017-46EB-978A-5E7CFDF80A14}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
[[email protected] ~]# - 获取身份
[[email protected] ~]# ansible windows -m win_command -a "whoami"
10.15.97.100 | SUCCESS | rc=0 >>
wthost\administrator
[[email protected] ~]#
- 移动文件
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘"
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\‘
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\DBFPlus.exe‘"
10.15.97.100 | SUCCESS | rc=0 >>
1 file(s) moved.
[[email protected] ~]# 移动文件目标端也需要制定到文件,而不能只制定到所在目录位置
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘"
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back\‘
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product\ D:\Ansible\back‘"
10.15.97.100 | FAILED | rc=1 >>
The system cannot find the file specified.
non-zero return code
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘"
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c ‘move /y D:\Ansible\product D:\Ansible\back\‘
[[email protected] ~]# ansible windows -m raw -a "cmd /c ‘move /y D:\Ansible\product D:\Ansible\back‘"
10.15.97.100 | SUCCESS | rc=0 >>
1 dir(s) moved.
[[email protected] ~]#
移动文件夹源端和目标端目录都不能带反斜杠/。且将源的整个目录移到目的端目录里。
- 创建文件夹
[[email protected] ~]# ansible windows -m raw -a "md d:\Ansible\justin"
10.15.97.100 | SUCCESS | rc=0 >>
Directory: D:\Ansible
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 2018/7/18 20:13 justin
[[email protected] ~]# - 删除文件或目录
[[email protected] ~]# ansible windows -m win_file -a "path=d:\Ansible\justin state=absent"
10.15.97.100 | SUCCESS => {
"changed": true
}
[[email protected] ~]#
- 结束某程序
[[email protected] ~]# ansible windows -m raw -a "taskkill /F /IM snmp.exe /T"
10.15.97.100 | SUCCESS | rc=0 >>
SUCCESS: The process with PID 1412 (child process of PID 548) has been terminated.
[[email protected] ~]#
- 文件传输
[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\soft\‘
10.15.97.100 | SUCCESS => {
"changed": true,
"checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",
"dest": "‘D:\\soft\\zjcfg.zip‘",
"operation": "file_copy",
"original_basename": "zjcfg.zip",
"size": 131374,
"src": "/app/svn/127_Client/118919/zjcfg.zip"
}
[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\ansible\‘
10.15.97.100 | FAILED! => {
"changed": false,
"checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",
"dest": "‘D:\u0007nsible\\zjcfg.zip‘",
"msg": "Get-AnsibleParam: Parameter ‘dest‘ has an invalid path ‘D:\u0007nsible\\‘ specified.",
"operation": "file_copy",
"original_basename": "zjcfg.zip",
"size": 131374,
"src": "/app/svn/127_Client/118919/zjcfg.zip"
}
[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\‘
10.15.97.100 | SUCCESS => {
"changed": true,
"checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",
"dest": "‘D:\\zjcfg.zip‘",
"operation": "file_copy",
"original_basename": "zjcfg.zip",
"size": 131374,
"src": "/app/svn/127_Client/118919/zjcfg.zip"
}
[[email protected] ~]# ansible windows -m win_copy -a ‘src=/app/svn/127_Client/118919/ dest=D:\‘
10.15.97.100 | SUCCESS => {
"changed": true,
"dest": "D:\\",
"operation": "folder_copy",
"src": "/app/svn/127_Client/118919/"
}
[[email protected] ~]# 目标路径不能含关键词ansible,否则提示无效路径,源使用反斜杠结果将递归传输目录下所有文件,源不一反斜杠结尾将整个目录传输到目标目录下。
- 创建用户
[[email protected] ~]# ansible windows -m win_user -a "name=justin passwd=51cto groups=Administrators"
10.15.97.100 | SUCCESS => {
"account_disabled": false,
"account_locked": false,
"changed": true,
"description": "",
"fullname": "justin",
"groups": [
{
"name": "Administrators",
"path": "WinNT://WORKGROUP/WTHOST/Administrators"
}
],
"name": "justin",
"password_expired": true,
"password_never_expires": false,
"path": "WinNT://WORKGROUP/WTHOST/justin",
"sid": "S-1-5-21-4260034264-4268704002-684640490-1001",
"state": "present",
"user_cannot_change_password": false
}
[[email protected] ~]# - 执行windows下的bat
[[email protected] ~]# ansible windows -m win_command -a "chdir=D:\ .\xcopy.bat"
10.15.97.100 | SUCCESS | rc=0 >>
D:\>md d:\justin
[[email protected] ~]#先切换到bat所在目录,再执行bat
更多官方windows模块见:官网
原文地址:http://blog.51cto.com/ityunwei2017/2146957
时间: 2024-08-20 06:14:27