Fotolia
In today’s tech landscape, it’s common to find a blend of Windows and Linux servers within an organization. The challenge lies in finding the most effective method to manage both systems.
While Microsoft might advocate for its proprietary tools, such as System Center Operations Manager, to oversee Windows Server, it may be advantageous to leverage Linux-based solutions instead. This article explores how Ansible’s cross-platform capabilities and compatibility with Windows Server empower IT teams with comprehensive oversight of Windows Server setups. I will begin by highlighting the essential prerequisites, followed by the steps to install Ansible and configure a Windows server. Lastly, I will cover some fundamental playbooks and deployment strategies.
Ansible is an agentless, open-source configuration management tool that allows users to define configurations in YAML, which can then be executed on various remote hosts using the Ansible command line interface. For enterprise deployments, users can opt for the free AWX management platform or choose to invest in the Red Hat Ansible Automation Platform. The focus of the examples presented in this article will be on the command line tools.
The primary distinction of Ansible compared to other configuration management tools is that it does not rely on agents to manage hosts. Rather, Ansible establishes a remote connection to servers using SSH or WinRM from a machine that acts as the control node.
To configure a host, you utilize declarative syntax—specifying the desired state of the system and allowing it to determine how to achieve that state. Ansible employs playbooks, which are written in YAML, for system configuration.
Ansible playbooks incorporate collections that package various components—including plugins, roles, and modules—for implementing configuration changes.
You can establish the Ansible control node on almost any Unix-like operating system, including Red Hat, Ubuntu, or MacOS. Additionally, Windows users can leverage the Windows Subsystem for Linux. The sole software requirement is Python 3.9. If you’re looking to set up a development environment and are using Windows 10 or 11, opting for the Windows Subsystem for Linux is a straightforward solution. Red Hat advises using pipx to install Ansible.
You have the option to install either the complete or the minimal Ansible package. The complete version includes a selection of collections that have been curated by the community. If you are uncertain about which version to choose, it is recommended to go with the complete Ansible package.
To proceed with the installation of the complete Ansible package, execute the following command:
pipx install –include-deps ansible
If you prefer a minimal installation, you can use the following command:
pipx install –include-deps ansible-core
Verify that Ansible has been installed correctly by running the following command:
ansible –version
If you opted for the complete Ansible package, you can check the version of the curated collections by typing:
ansible-community --version
To effectively manage a Windows Server host with Ansible, it is essential to ensure that the following prerequisites are fulfilled:
If you are utilizing an earlier version of Windows Server that lacks Windows PowerShell 5.1 and .NET 4.6, such as Windows Server 2016, you can apply the following PowerShell script to automatically upgrade those systems to the required version.
The example below illustrates how to run the script on the target host using the installed version of PowerShell with administrative privileges:
If prompted, restart the system.
The Ansible control node requires WinRM to be activated in order to communicate with and manage the Windows host. While Ansible does provide support for SSH for Windows, it’s still in the experimental phase and is not advisable for use in production environments.
To set up WinRM on the host to utilize HTTP as the transport protocol, execute the following command:
winrm quickconfig
To configure your Windows host to utilize HTTPS, execute the following command:
winrm quickconfig -transport:https
For hosts within a domain environment, it is recommended to enable WinRM via group policy by referring to the Microsoft documentation. Setting up WinRM in your environment can present challenges. For additional guidance, check the Ansible guide that provides instructions on configuring a Windows host.
Within Ansible, a playbook consists of a series of tasks or configuration declarations that automate the management process. Below is an example showcasing some host variables included in the playbook:
The playbook demonstrated here is titled First Windows Playbook and is designed to operate on all hosts. This article does not delve into the processes of setting up and managing inventories within Ansible. Instead, a list of hosts will be provided at the time of executing the playbook.
Within the vars: segment of the example:
In cases where WinRM over HTTPS is configured, you can skip the ansible_port: configuration since it defaults to 5986.
Finally, in the tasks: section, the example initiates a task to Get product id and product key, which utilizes the community.windows.win_product_facts module. This module is part of the community.windows collection and retrieves details about the operating system version of the system.
The Display Windows edition task presents the details gathered from the prior step.
Store that code in a file named first-playbook.yaml on your control node and launch your preferred shell within that directory.
To execute the playbook, make sure to note the target Windows Server IP address, then run the following command:
ansible-playbook –ask-pass -i <ipaddress>, first-playbook.yaml
Analyzing the operations of the command:
The image illustrates the command executed on a Windows 10 Pro machine and showcases the status of each task outlined in the playbook along with any relevant output. In the case of the second task, Ansible successfully returned the variable as intended.
A significant portion of Ansible’s functionality pertains to servers, including the installation and configuration of Windows Server roles. The following Ansible illustration demonstrates how to install IIS on a server:
The win_feature module enables Ansible to specify a collection of features for installation using the name: parameter and operates with present in the state: parameter.
After a successful execution of the playbook, you will see the following output:
The output clearly indicates the host on which Ansible carried out the changes for each task.
These fundamental Ansible examples should provide insight into the administrative capabilities available within a mixed environment. By investing time in mastering playbooks to manage your infrastructure, your playbooks will evolve to become more advanced. As you incorporate more of your application and server configurations into Ansible, managing and documenting your infrastructure setup will become significantly simpler.
Anthony Howell is a strategic IT professional with a wealth of experience in infrastructure and automation technologies. His expertise encompasses PowerShell, DevOps, cloud computing, and proficiency in both Windows and Linux environments.
E-Handbook: Windows and Linux: What systems administrators need to know
Up Next
The distinctions between Windows Server and Linux are increasingly becoming less clear. Learn the essential information that Windows administrators require to familiarize themselves with these evolving Linux features.
The separation between Windows and Linux is diminishing in many organizations. Here’s what systems administrators should understand about operating within both Linux and Windows environments.
Command-line utilities in both Windows and Linux offer specialized features that are often overlooked by GUI tools, necessitating the creation of tailored workflows for IT professionals.
Originally designed for Linux environments, Ansible extends its capabilities to manage Windows systems as well, utilizing playbooks with a declarative syntax. Discover the steps to configure a control node and incorporate roles into Windows Server.