ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-27 23:21:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #12363 from breathe/devel

Browse source 
allow ConfigureRemotingForAnsible.ps1 script from public zone
This commit is contained in:
Matt Davis 2016-02-29 22:28:53 +00:00
commit 840cda741d
2 changed files with 33 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

35
docsite/rst/intro_windows.rst
View file

@ -8,7 +8,7 @@ Windows Support
Windows: How Does It Work Windows: How Does It Work
````````````````````````` `````````````````````````
As you may have already read, Ansible manages Linux/Unix machines using SSH by default. As you may have already read, Ansible manages Linux/Unix machines using SSH by default.
Starting in version 1.7, Ansible also contains support for managing Windows machines. This uses Starting in version 1.7, Ansible also contains support for managing Windows machines. This uses
native PowerShell remoting, rather than SSH. native PowerShell remoting, rather than SSH.
@ -40,22 +40,22 @@ Installing python-kerberos dependencies
# Via Yum # Via Yum
yum -y install python-devel krb5-devel krb5-libs krb5-workstation yum -y install python-devel krb5-devel krb5-libs krb5-workstation
# Via Apt (Ubuntu) # Via Apt (Ubuntu)
sudo apt-get install python-dev libkrb5-dev sudo apt-get install python-dev libkrb5-dev
# Via Portage (Gentoo) # Via Portage (Gentoo)
emerge -av app-crypt/mit-krb5 emerge -av app-crypt/mit-krb5
emerge -av dev-python/setuptools emerge -av dev-python/setuptools
# Via pkg (FreeBSD) # Via pkg (FreeBSD)
sudo pkg install security/krb5 sudo pkg install security/krb5
# Via OpenCSW (Solaris) # Via OpenCSW (Solaris)
pkgadd -d http://get.opencsw.org/now pkgadd -d http://get.opencsw.org/now
/opt/csw/bin/pkgutil -U /opt/csw/bin/pkgutil -U
/opt/csw/bin/pkgutil -y -i libkrb5_3 /opt/csw/bin/pkgutil -y -i libkrb5_3
# Via Pacman (Arch Linux) # Via Pacman (Arch Linux)
pacman -S krb5 pacman -S krb5
@ -203,18 +203,23 @@ Windows System Prep
In order for Ansible to manage your windows machines, you will have to enable PowerShell remoting configured. In order for Ansible to manage your windows machines, you will have to enable PowerShell remoting configured.
To automate setup of WinRM, you can run `this PowerShell script <https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1>`_ on the remote machine. To automate setup of WinRM, you can run `this PowerShell script <https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1>`_ on the remote machine.
Admins may wish to modify this setup slightly, for instance to increase the timeframe of The example script accepts a few arguments which Admins may choose to use to modify the default setup slightly, which might be appropriate in some cases.
the certificate.
Pass the -CertValidityDays option to customize the expiration date of the generated certificate.
powershell.exe -File ConfigureRemotingForAnsible.ps1 -CertValidityDays 100
Pass the -SkipNetworkProfileCheck switch to configure winrm to listen on PUBLIC zone interfaces. (Without this option, the script will fail if any network interface on device is in PUBLIC zone)
powershell.exe -File ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck
.. note:: .. note::
On Windows 7 and Server 2008 R2 machines, due to a bug in Windows On Windows 7 and Server 2008 R2 machines, due to a bug in Windows
Management Framework 3.0, it may be necessary to install this Management Framework 3.0, it may be necessary to install this
hotfix http://support.microsoft.com/kb/2842230 to avoid receiving hotfix http://support.microsoft.com/kb/2842230 to avoid receiving
out of memory and stack overflow exceptions. Newly-installed Server 2008 out of memory and stack overflow exceptions. Newly-installed Server 2008
R2 systems which are not fully up to date with windows updates are known R2 systems which are not fully up to date with windows updates are known
to have this issue. to have this issue.
Windows 8.1 and Server 2012 R2 are not affected by this issue as they Windows 8.1 and Server 2012 R2 are not affected by this issue as they
come with Windows Management Framework 4.0. come with Windows Management Framework 4.0.
@ -233,8 +238,8 @@ Looking at an Ansible checkout, copy the `examples/scripts/upgrade_to_ps3.ps1 <h
What modules are available What modules are available
`````````````````````````` ``````````````````````````
Most of the Ansible modules in core Ansible are written for a combination of Linux/Unix machines and arbitrary web services, though there are various Most of the Ansible modules in core Ansible are written for a combination of Linux/Unix machines and arbitrary web services, though there are various
Windows modules as listed in the `"windows" subcategory of the Ansible module index <http://docs.ansible.com/list_of_windows_modules.html>`_. Windows modules as listed in the `"windows" subcategory of the Ansible module index <http://docs.ansible.com/list_of_windows_modules.html>`_.
Browse this index to see what is available. Browse this index to see what is available.
@ -368,5 +373,3 @@ form of new modules, tweaks to existing modules, documentation, or something els
Questions? Help? Ideas? Stop by the list on Google Groups Questions? Help? Ideas? Stop by the list on Google Groups
`irc.freenode.net <http://irc.freenode.net>`_ `irc.freenode.net <http://irc.freenode.net>`_
#ansible IRC chat channel #ansible IRC chat channel

17
examples/scripts/ConfigureRemotingForAnsible.ps1
View file

@ -4,9 +4,13 @@
# This script checks the current WinRM/PSRemoting configuration and makes the # This script checks the current WinRM/PSRemoting configuration and makes the
# necessary changes to allow Ansible to connect, authenticate and execute # necessary changes to allow Ansible to connect, authenticate and execute
# PowerShell commands. # PowerShell commands.
# #
# Set $VerbosePreference = "Continue" before running the script in order to # Set $VerbosePreference = "Continue" before running the script in order to
# see the output messages. # see the output messages.
# Set $SkipNetworkProfileCheck to skip the network profile check. Without
# specifying this the script will only run if the device's interfaces are in
# DOMAIN or PRIVATE zones. Provide this switch if you want to enable winrm on
# a device with an interface in PUBLIC zone.
# #
# Written by Trond Hindenes <trond@hindenes.com> # Written by Trond Hindenes <trond@hindenes.com>
# Updated by Chris Church <cchurch@ansible.com> # Updated by Chris Church <cchurch@ansible.com>
@ -19,6 +23,7 @@
Param ( Param (
[string]$SubjectName = $env:COMPUTERNAME, [string]$SubjectName = $env:COMPUTERNAME,
[int]$CertValidityDays = 365, [int]$CertValidityDays = 365,
[switch]$SkipNetworkProfileCheck,
$CreateSelfSignedCert = $true $CreateSelfSignedCert = $true
) )
@ -28,7 +33,7 @@ Function New-LegacySelfSignedCert
[string]$SubjectName, [string]$SubjectName,
[int]$ValidDays = 365 [int]$ValidDays = 365
) )
$name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1"
$name.Encode("CN=$SubjectName", 0) $name.Encode("CN=$SubjectName", 0)
@ -96,8 +101,14 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
# WinRM should be running; check that we have a PS session config. # WinRM should be running; check that we have a PS session config.
If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
{ {
Write-Verbose "Enabling PS Remoting." if ($SkipNetworkProfileCheck) {
Write-Verbose "Enabling PS Remoting without checking Network profile."
Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop
}
else {
Write-Verbose "Enabling PS Remoting"
Enable-PSRemoting -Force -ErrorAction Stop Enable-PSRemoting -Force -ErrorAction Stop
}
} }
Else Else
{ {