Getting Started with Ansible on Windows
Now that Microsoft embraces open source, you can use Ansible DevOps tools on Windows, if you know how.
One of the most popular configuration management and infrastructure automation products on the market is Ansible. Ansible, along with Chef, Puppet, and CFEngine, are a part of a class of software for DevOPS. Those tools will help you automate infrastructure provisioning, software deployments, and general configuration management.
Ansible is focused on Linux. However, with Microsoft’s new stance on open source, their community contributions and their adoption of a more agile, DevOps-minded software development approach, Windows support is slowly catching up. If you have ever heard of Ansible but have never really used it; do not worry, it is pretty straightforward to pick up. Even though Windows support still needs a little bit more configuration, it is not too bad after the initial setup is complete.
Let’s dive into Ansible and get it deploying simple changes to a Windows node.
Setting up the Linux VM with Vagrant
Ansible will run on a control server. Unlike other configuration management products, it has no agent and sends commands to the nodes under its control. Unfortunately for the people who use Windows, it needs to be run on Linux. If you do not have a spare Linux box laying around, you can bring one up. For this guide you will use Vagrant for the initial testings. It is the simplest way to quickly set up a VM with just about any flavor and get it running quickly.
# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure(2) do |config| config.vm.define "ansible" do |ctl| ctl.vm.box = "boxcutter/ubuntu1604" ctl.vm.hostname = "ansible" ctl.vm.network "private_network",ip: "192.168.2.5" ctl.vm.provider "virtualbox" do |vb| vb.memory = 2048 end endend
This VagrantFile will download an Ubuntu box on VirtualBox and call it ‘ansible’; assign a private IP and give it 2GB of RAM.
If you have that test box set up, you can now install Ansible. To do this, you will have to ssh into the Linux box. If you are using Vagrant, the VM can connect to it by typing ‘vagrant ssh’. Otherwise, you will probably have to download ‘Putty’ or some other Windows SSH client. After you are on the Linux server’s console, it is time to get used to the command line. Ansible will provide some setup instructions, however, from our experience, certain things were missed. Let’s cover the commands that were used to get ANsible up and running.
Note: All commands we will be running will be on Ubuntu 16.04. If running any other version of Ubuntu or distribution, your commands may be slightly different.
First of all, it is safer to make sure all packages are up to date before you start. To do this, you will need to use apt-get.
sudo apt-get update
Install Git to get the development branch of Ansible as it has some useful Ansible modules for us Windows guys like ‘win_command’ and ‘win_shell’.
Next, to prevent a trust warning about an SSL certificate, we recommend setting the ‘GIT_SSL_NO_VERIFY’ environment variable.
Then clone the Ansible Git repository and every child repository.
git clone git://github.com/ansible/ansible.git –recursive
Go to the Ansible directory which was made.
Ansible uses python, so you must now set up a Python environment with the source command.
Install Pip. Pip is the Python package management application which you can use to download and install a couple of other packages that you will need.
sudo easy_install pip
Download a couple of more packages that you need. The order is important here.
sudo pip install PyYAML Jinja2 httplib2 six sudo apt-get install libssl-dev sudo pip install paramiko
Setting up Ansible for Windows
Ansible should now be installed and prepared to go. Now the tutorial will focus on the Windows-specific tasks which will allow Ansible to manage Windows nodes. Ansible natively works over SSH, however, Windows has not got that luxury yet so you will have to give Ansible the ability to communicate with Windows nodes over WinRM. To do this, you will have to install the Python ‘pywinrm’ library.
sudo pip install "pywinrm>=0.1.1"
This should be it for software installs. You will have to tell Ansible not to use SSH and instead use WinRM for all communication. Due to Ansible’s extensible nature, there are lots of ways to make sure this happens. We chose to do this by creating a Windows inventory group inside of a file called ‘hosts’ in ‘./hosts’.
Note: Ensure Ansible knows where to find your inventory file. We’ve chosen to set this in the ‘ansible.cfg‘ file located in the Ansible folder I’m working in.
[defaults] inventory = /home/vagrant/ansibletesting/hosts
After you have made sure Ansible can find our inventory file, add your windows group in there.
At this point, you have to tell Ansible to use WinRM rather than SSH. You can set Ansible’s variables for inventory groups by creating a file named ‘windows.yml’ inside of the ‘group_vars’ directory.
Fill in the YAML file with the required variables. Note below that the tutorial is just using WinRM over HTTP and not HTTPS. Even though this is doable, it needs a little more configuration. Refer to this link if you would like to set up HTTPS.
ansible_user: administrator ansible_password: <password> ansible_port: 5985 ansible_connection: winrm ansible_winrm_scheme: http ansible_winrm_server_cert_validation: ignore
You will be using the local administrator account to connect to the windows nodes. Active Directory support is available but it is out of the scope of this guide.
At this point, you can run the built in Ansible module ‘win_ping’.
This module will go out and create a WinRM session to make sure it is established successfully. You will see below that this tutorial is telling Ansible to run the ‘win_ping’ module for all nodes inside of the windows inventory group.
ansible windows -m win_ping
Ansible to run the ‘win_ping’ module
If Ansible sees that the windows node that you have added to the windows group and returns a green success, you’re all done. You’ve installed and configured Ansible to work with your first Windows node.