Ansible Windows Modules
Introduction
Ansible is a powerful open-source automation tool that can manage configurations, deploy applications, and orchestrate more complex IT tasks. While Ansible was originally designed for Linux/Unix systems, it has robust support for Windows automation through specialized Windows modules.
Windows modules in Ansible allow you to manage Windows servers just as effectively as Linux servers, all from a Linux control machine. These modules handle Windows-specific operations such as managing Windows features, services, registry settings, and more.
Prerequisites
Before working with Ansible Windows modules, you need:
- An Ansible control node (Linux/Unix)
- Windows target hosts with:
- PowerShell 3.0 or later
- .NET Framework 4.0 or later
- WinRM service configured for remote management
Setting Up WinRM
Windows Remote Management (WinRM) must be configured on Windows hosts. Here's a quick setup script you can run in PowerShell with administrator privileges:
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy Bypass -File $file
Configuring Ansible for Windows
Your Ansible inventory file should specify Windows hosts with connection variables:
[windows]
windows-server1.example.com
windows-server2.example.com
[windows:vars]
ansible_user=Administrator
ansible_password=SecurePassword
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
Core Windows Modules
win_feature - Managing Windows Features
The win_feature
module installs or uninstalls Windows features.
Example: Installing IIS
- name: Install IIS Web Server
win_feature:
name: Web-Server
state: present
include_management_tools: yes
register: iis_install
- name: Reboot if required
win_reboot:
when: iis_install.reboot_required
Output:
TASK [Install IIS Web Server] ************************************
ok: [windows-server1.example.com]
TASK [Reboot if required] ***************************************
skipping: [windows-server1.example.com]
win_service - Managing Windows Services
Control Windows services with the win_service
module.
Example: Configuring a Service
- name: Configure Windows Update service
win_service:
name: wuauserv
start_mode: manual
state: stopped
Output:
TASK [Configure Windows Update service] **************************
changed: [windows-server1.example.com]
win_package - Installing Software
Install MSI or EXE packages on Windows hosts.
Example: Installing 7-Zip
- name: Install 7-Zip
win_package:
path: https://www.7-zip.org/a/7z1900-x64.msi
state: present
product_id: '{23170F69-40C1-2702-1900-000001000000}'
Registry Management
win_regedit - Managing Registry Keys
Manage Windows registry settings.
Example: Setting Registry Values
- name: Configure RDP port
win_regedit:
path: HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
name: PortNumber
data: 3389
type: dword
File Management
win_file - Managing Files and Directories
Create, delete, or set attributes on files and directories.
Example: Creating a Directory
- name: Create application directory
win_file:
path: C:\App\Logs
state: directory
win_copy - Copying Files
Copy files to Windows hosts.
Example: Deploying a Configuration File
- name: Copy configuration file
win_copy:
src: ./files/app-config.xml
dest: C:\App\config.xml
Working with ACLs
win_acl - Managing File Permissions
Manage file and directory permissions.
Example: Setting Permissions
- name: Set permissions on a file
win_acl:
path: C:\App\sensitive-data.txt
user: domain\app_service
rights: ReadAndExecute
type: allow
state: present
Advanced Windows Modules
win_scheduled_task - Managing Scheduled Tasks
Create and manage Windows scheduled tasks.
Example: Creating a Daily Backup Task
- name: Create backup scheduled task
win_scheduled_task:
name: Daily Backup
description: Backup important files
actions:
- path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
arguments: -ExecutionPolicy Bypass -File C:\scripts\backup.ps1
triggers:
- type: daily
start_time: '23:00'
user: SYSTEM
state: present
win_updates - Managing Windows Updates
Install Windows updates.
Example: Installing Critical Updates
- name: Install critical Windows updates
win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
state: installed
register: update_result
- name: Reboot if required
win_reboot:
when: update_result.reboot_required
Practical Playbook Example
Let's create a complete playbook that sets up a web server on Windows:
---
- name: Configure Windows Web Server
hosts: windows
gather_facts: true
tasks:
- name: Install IIS Web Server
win_feature:
name: Web-Server
state: present
include_management_tools: yes
register: iis_install
- name: Install .NET Framework
win_feature:
name: NET-Framework-45-Core
state: present
register: dotnet_install
- name: Reboot if required
win_reboot:
when: iis_install.reboot_required or dotnet_install.reboot_required
- name: Create website directory
win_file:
path: C:\inetpub\wwwroot\myapp
state: directory
- name: Copy website files
win_copy:
src: ./website/
dest: C:\inetpub\wwwroot\myapp\
- name: Configure IIS website
win_iis_website:
name: My Application
state: started
port: 80
physical_path: C:\inetpub\wwwroot\myapp
application_pool: MyAppPool
- name: Allow HTTP through firewall
win_firewall_rule:
name: HTTP
localport: 80
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
Windows Module Workflow
Here's a visual representation of how Ansible interacts with Windows hosts:
Debugging Windows Modules
When troubleshooting Windows modules, you can increase verbosity:
ansible-playbook -i inventory.ini windows_playbook.yml -v
For more detailed output, use -vvv
:
ansible-playbook -i inventory.ini windows_playbook.yml -vvv
Best Practices
-
Idempotency: Always write playbooks that can be run multiple times without causing issues.
-
Credential Management: Use Ansible Vault to securely store Windows credentials.
-
Testing: Test playbooks on non-production systems before deploying to production.
-
Error Handling: Implement proper error handling and notifications.
-
Modular Playbooks: Break complex tasks into smaller, reusable roles.
Summary
Ansible Windows modules provide a powerful way to automate Windows server administration tasks from a Linux control node. By using these modules, you can:
- Install and configure Windows features and applications
- Manage Windows services, scheduled tasks, and updates
- Control file permissions and registry settings
- Deploy applications and configurations consistently
The key advantage is that you can manage both Linux and Windows environments using the same tools and methodologies, bringing the power of infrastructure as code to your entire IT environment.
Additional Resources
Exercises
- Create a playbook that installs SQL Server Express on a Windows server.
- Write a playbook that configures a Windows server as an IIS web server with .NET support.
- Develop a role to standardize your Windows server configurations.
- Create a playbook that performs a system inventory of Windows servers, collecting information about installed software, updates, and hardware.
If you spot any mistakes on this website, please let me know at feedback@compilenrun.com. I’d greatly appreciate your feedback! :)