mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-27 07:01:22 -07:00
Merge pull request #12363 from breathe/devel
allow ConfigureRemotingForAnsible.ps1 script from public zone
This commit is contained in:
Matt Davis
commit
840cda741d
2 changed files with 33 additions and 19 deletions
|
|
@ -205,8 +205,13 @@ In order for Ansible to manage your windows machines, you will have to enable Po
|
|||
|
||||
To automate setup of WinRM, you can run `this PowerShell script <https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1>`_ on the remote machine.
|
||||
|
||||
Admins may wish to modify this setup slightly, for instance to increase the timeframe of
|
||||
the certificate.
|
||||
The example script accepts a few arguments which Admins may choose to use to modify the default setup slightly, which might be appropriate in some cases.
|
||||
|
||||
Pass the -CertValidityDays option to customize the expiration date of the generated certificate.
|
||||
powershell.exe -File ConfigureRemotingForAnsible.ps1 -CertValidityDays 100
|
||||
|
||||
Pass the -SkipNetworkProfileCheck switch to configure winrm to listen on PUBLIC zone interfaces. (Without this option, the script will fail if any network interface on device is in PUBLIC zone)
|
||||
powershell.exe -File ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck
|
||||
|
||||
.. note::
|
||||
On Windows 7 and Server 2008 R2 machines, due to a bug in Windows
|
||||
|
|
@ -368,5 +373,3 @@ form of new modules, tweaks to existing modules, documentation, or something els
|
|||
Questions? Help? Ideas? Stop by the list on Google Groups
|
||||
`irc.freenode.net <http://irc.freenode.net>`_
|
||||
#ansible IRC chat channel
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,10 @@
|
|||
#
|
||||
# Set $VerbosePreference = "Continue" before running the script in order to
|
||||
# see the output messages.
|
||||
# Set $SkipNetworkProfileCheck to skip the network profile check. Without
|
||||
# specifying this the script will only run if the device's interfaces are in
|
||||
# DOMAIN or PRIVATE zones. Provide this switch if you want to enable winrm on
|
||||
# a device with an interface in PUBLIC zone.
|
||||
#
|
||||
# Written by Trond Hindenes <trond@hindenes.com>
|
||||
# Updated by Chris Church <cchurch@ansible.com>
|
||||
|
|
@ -19,6 +23,7 @@
|
|||
Param (
|
||||
[string]$SubjectName = $env:COMPUTERNAME,
|
||||
[int]$CertValidityDays = 365,
|
||||
[switch]$SkipNetworkProfileCheck,
|
||||
$CreateSelfSignedCert = $true
|
||||
)
|
||||
|
||||
|
|
@ -96,9 +101,15 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
|
|||
# WinRM should be running; check that we have a PS session config.
|
||||
If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
|
||||
{
|
||||
Write-Verbose "Enabling PS Remoting."
|
||||
if ($SkipNetworkProfileCheck) {
|
||||
Write-Verbose "Enabling PS Remoting without checking Network profile."
|
||||
Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop
|
||||
}
|
||||
else {
|
||||
Write-Verbose "Enabling PS Remoting"
|
||||
Enable-PSRemoting -Force -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
Else
|
||||
{
|
||||
Write-Verbose "PS Remoting is already enabled."
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue