ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-10-24 21:14:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #12363 from breathe/devel

Browse source 
allow ConfigureRemotingForAnsible.ps1 script from public zone
This commit is contained in:
Matt Davis 2016-02-29 22:28:53 +00:00
commit 840cda741d
2 changed files with 33 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docsite/rst/intro_windows.rst
View file

@ -205,8 +205,13 @@ In order for Ansible to manage your windows machines, you will have to enable Po
To automate setup of WinRM, you can run `this PowerShell script <https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1>`_ on the remote machine. To automate setup of WinRM, you can run `this PowerShell script <https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1>`_ on the remote machine.
Admins may wish to modify this setup slightly, for instance to increase the timeframe of The example script accepts a few arguments which Admins may choose to use to modify the default setup slightly, which might be appropriate in some cases.
the certificate.
Pass the -CertValidityDays option to customize the expiration date of the generated certificate.
powershell.exe -File ConfigureRemotingForAnsible.ps1 -CertValidityDays 100
Pass the -SkipNetworkProfileCheck switch to configure winrm to listen on PUBLIC zone interfaces. (Without this option, the script will fail if any network interface on device is in PUBLIC zone)
powershell.exe -File ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck
.. note:: .. note::
On Windows 7 and Server 2008 R2 machines, due to a bug in Windows On Windows 7 and Server 2008 R2 machines, due to a bug in Windows
@ -368,5 +373,3 @@ form of new modules, tweaks to existing modules, documentation, or something els
Questions? Help? Ideas? Stop by the list on Google Groups Questions? Help? Ideas? Stop by the list on Google Groups
`irc.freenode.net <http://irc.freenode.net>`_ `irc.freenode.net <http://irc.freenode.net>`_
#ansible IRC chat channel #ansible IRC chat channel

13
examples/scripts/ConfigureRemotingForAnsible.ps1
View file

@ -7,6 +7,10 @@
# #
# Set $VerbosePreference = "Continue" before running the script in order to # Set $VerbosePreference = "Continue" before running the script in order to
# see the output messages. # see the output messages.
# Set $SkipNetworkProfileCheck to skip the network profile check. Without
# specifying this the script will only run if the device's interfaces are in
# DOMAIN or PRIVATE zones. Provide this switch if you want to enable winrm on
# a device with an interface in PUBLIC zone.
# #
# Written by Trond Hindenes <trond@hindenes.com> # Written by Trond Hindenes <trond@hindenes.com>
# Updated by Chris Church <cchurch@ansible.com> # Updated by Chris Church <cchurch@ansible.com>
@ -19,6 +23,7 @@
Param ( Param (
[string]$SubjectName = $env:COMPUTERNAME, [string]$SubjectName = $env:COMPUTERNAME,
[int]$CertValidityDays = 365, [int]$CertValidityDays = 365,
[switch]$SkipNetworkProfileCheck,
$CreateSelfSignedCert = $true $CreateSelfSignedCert = $true
) )
@ -96,8 +101,14 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
# WinRM should be running; check that we have a PS session config. # WinRM should be running; check that we have a PS session config.
If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
{ {
Write-Verbose "Enabling PS Remoting." if ($SkipNetworkProfileCheck) {
Write-Verbose "Enabling PS Remoting without checking Network profile."
Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop
}
else {
Write-Verbose "Enabling PS Remoting"
Enable-PSRemoting -Force -ErrorAction Stop Enable-PSRemoting -Force -ErrorAction Stop
}
} }
Else Else
{ {