在給國盛通上海測驗環境做Ansible管理Windows服務器的時候,遇到了一些坑,Google解決掉了,特此記錄,坑用紅色標記,
一、環境說明
1.Ansible管理主機
作業系統:CentOS 7.4
ip:172.50.1.119
2.Ansible客戶端主機
作業系統:Windows Server 2008 R2
ip:172.50.1.172
二、開始部署
1.Windows部分:
(1)升級PowerShell版本到4.0【Windows Server 2012的同學就不需要升級了,Server 2012的PowerShell默認版本就是4.0】
# 1.下載并安裝Microsoft .NET Framework 4.5 https://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_setup.exe # 2.下載并安裝PowerShell 4.0(Windows Management Framework 4.0 https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows6.1-KB2819745-x64-MultiPkg.msu # 3.重啟Windows Server之后,打開PowerShell,查看升級是否成功,如圖1所示, get-host
【圖1】
(2)Windows Server開啟winrm服務【這個服務 遠程管理作用】
以下都在PowerShell中進行
# 1.查看powershell執行策略
get-executionpolicy
# 2.更改powershell執行策略為remotesigned【輸入y確認】
set-executionpolicy remotesigned
# 3.配置winrm service并啟動服務
winrm quickconfig
# 4.修改winrm配置,啟用遠程連接認證【這里是PowerShell的命令,如果用cmd的話,@前面的' 和 末尾的' 要去掉的】【如圖2所示】
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
# 5.查看winrm service啟動監聽狀態【如果有應答,說明服務配置并啟動成功了】【如圖3所示】
winrm enumerate winrm/config/listener
【圖2】
【圖3】
(3)設定防火墻入站規則
允許5985埠入站通過,這個很簡單,略,
2.CentOS部分(Ansible管理主機)
重點:千萬不要yum安裝,選擇pip安裝,或者二進制包安裝,否則,即便安裝了pywinrm插件也無法管理Windows主機,報圖4錯誤,
"msg": "winrm or requests is not installed: No module named winrm"
【圖4】
(1)安裝pip命令【先安裝python3環境:https://www.cnblogs.com/herui1991/p/12305897.html】
# 1.從官網下載pip包到本地,官網鏈接:https://pypi.org/project/pip/#files [root@localhost ~]# wget https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f/pip-20.0.2.tar.gz # 2.解壓 [root@localhost ~]# tar -zxvf pip-20.0.2.tar.gz -C /usr/local # 3.安裝 [root@localhost ~]# cd /usr/local/pip-20.0.2 [root@localhost pip-20.0.2]# python3 setup.py install
(2)安裝pywinrm插件
[root@localhost ~]# pip install pywinrm Collecting pywinrm Using cached pywinrm-0.4.1.tar.gz (36 kB) Requirement already satisfied: xmltodict in /usr/local/lib/python3.7/site-packages (from pywinrm) (0.12.0) Requirement already satisfied: requests>=2.9.1 in /usr/local/lib/python3.7/site-packages (from pywinrm) (2.22.0) Requirement already satisfied: requests_ntlm>=0.3.0 in /usr/local/lib/python3.7/site-packages (from pywinrm) (1.1.0) Requirement already satisfied: six in /usr/local/lib/python3.7/site-packages (from pywinrm) (1.14.0) Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (3.0.4) Requirement already satisfied: idna<2.9,>=2.5 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (2.8) Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (1.25.8) Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (2019.11.28) Requirement already satisfied: cryptography>=1.3 in /usr/local/lib/python3.7/site-packages (from requests_ntlm>=0.3.0->pywinrm) (2.8) Requirement already satisfied: ntlm-auth>=1.0.2 in /usr/local/lib/python3.7/site-packages (from requests_ntlm>=0.3.0->pywinrm) (1.4.0) Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/local/lib/python3.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm) (1.14.0) Requirement already satisfied: pycparser in /usr/local/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm) (2.19) Installing collected packages: pywinrm Running setup.py install for pywinrm ... done Successfully installed pywinrm-0.4.1
(3)pip安裝ansible
[root@localhost ~]# pip install ansible
(4)組態檔
組態檔默認路徑:/etc/ansible/hosts,在此組態檔尾巴追加以下資訊,ansible_ssh_user是Windows Server的用戶名,ansible_ssh_pass是Windows Server的密碼
[windows] 172.50.1.172 ansible_ssh_user="Administrator" ansible_ssh_pass="Password" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore
(5)驗證通不通,顯示SUCCESS表示通了
# ping下通不通 [root@localhost ~]# ansible windows -m win_ping 172.50.1.172 | SUCCESS => { "changed": false, "ping": "pong" }
三、重點與說明
1.重點
(1)升級PowerShell到4.0要先升級.Net Franmwork;
(2)開啟winrm服務在CMD下、PowerShell下語法是不一樣的,本文是在PowerShell下進行的,有截圖為證;
(3)一定要安裝pywinrm插件,否則管理Windows Server的時候會報錯"msg": "winrm or requests is not installed: No module named winrm"
(4)如果安裝了pywinrm還是報這個錯,是因為yum安裝的ansible無法呼叫pip安裝的pywinrm插件,故而建議用pip安裝ansible或者用原始碼包安裝ansible,【這個坑埋得比較深,還是Google解決的,這里吐槽下Baidu搜不到】【用yum安裝ansible無法呼叫pip安裝的pywinrm插件,不確定是不是必現,但在我作業的測驗環境出現了】
2.說明
ansible詳解用法
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/4051.html
標籤:其他