You might already knew that, Ansible can manage Windows servers as well. And this is a supporting article for Configure Your Windows Host to be Managed by Ansible.
Ansible is using WinRM (Windows Remote Management) to connect to the Windows machines. You need to configure listener and the service on the Windows machine as part of WinRM setup and this is clearly explained in this document.
See other articles to learn how to manage windows using Ansible
- Configure Your Windows Host to be Managed by Ansible
- How to open WinRM ports in the Windows firewall
- Ansible Windows Management using HTTPS and SSL
Ensure WinRM Ports are Open
Next, we need to make sure, ports 5985 and 5986 (HTTPS) are open in firewall (both OS as well as network side).
Open Windows Firewall from Start -> Run -> Type wf.msc.
(Or Open Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules.)
Right-click the Inbound Rules node and choose New Rule.
Select the predefined rule “Windows Remote Management” from the dropdown option
Select Rules as needed
Select Allow the connections
Verify the same in console
Verify WinRM Configurations
Note: If you have already executed the ConfigureRemotingForAnsible.ps1 successfully, you can directly try the connection from an Ansible machine. Below step is to ensure that WinRM is working from same managed node.
Open a command prompt or powershell and execute winrm e winrm/config/listener.
C:\Users\Administrator>winrm e winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 10.0.2.15, 127.0.0.1, 192.168.99.103, ::1, fe80::5efe:10.0.2.15%3, fe80::5efe:192.168.99.103%13, fe80::785d:9659:c4d4:9b0f%16
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = WIN-CCUQI8Q4RMH
Enabled = true
URLPrefix = wsman
CertificateThumbprint = 64E69568BD75F3068BDCBF7ED819E4EA9ED1FDA3
ListeningOn = 10.0.2.15, 127.0.0.1, 192.168.99.103, ::1, fe80::5efe:10.0.2.15%3, fe80::5efe:192.168.99.103%13, fe80::785d:9659:c4d4:9b0f%16Check WinRM Configuration
C:\Users\Administrator>winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
C:\Users\Administrator>
Verify Port Connection
You can verify connectivity using any method but since I am using this for Ansible, I will check the port connection from my Ansible machine (Any linux machine)
$ nc -vz 192.168.99.103 5985
Connection to 192.168.99.103 port 5985 [tcp/wsman] succeeded !That’s it, now you can access your Windows machine over WinRM and Ansible will be able to execute playbook and tasks on your Windows machine.