0x00 .为了自动化管理windows服务器,测试ansbile管理windows
测试工具、环境:ubuntu 14.04 LTS,windows 2008 sp2, python2.7 ,ipython, ansible1.7
0x01 .在windows服务器上面初始配置winrm
a.升级powershell
https://github.com/cchurch/ansible/blob/devel/examples/scripts/upgrade_to_ps3.ps1
b.配置winrm
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
在ansible主控机安装pywinrm
pip install http://github.com/diyan/pywinrm/archive/master.zip#egg=pywinrm
测试ansible模块
a.设置ansible 的host文件
cat /etc/ansible/hosts
[test-win]
test-win ansible_ssh_host=10.8.200.20 ansible_ssh_user=administrator ansible_ssh_pass="testwindows" ansible_ssh_port=5986 ansible_connection=winrm
b.测试win_ping模块
songtao@s-T40:~$ ansible test-win -m win_ping -vvvv <10.8.200.20> ESTABLISH WINRM CONNECTION FOR USER: administrator on PORT 5986 TO 10.8.200.20 <10.8.200.20> WINRM CONNECT: transport=plaintext endpoint=https://10.8.200.20:5986/wsman test-win | FAILED => Traceback (most recent call last): File "/usr/local/python/lib/python2.7/site-packages/ansible/runner/__init__.py", line 561, in _executor exec_rc = self._executor_internal(host, new_stdin) File "/usr/local/python/lib/python2.7/site-packages/ansible/runner/__init__.py", line 666, in _executor_internal return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args) File "/usr/local/python/lib/python2.7/site-packages/ansible/runner/__init__.py", line 837, in _executor_internal_inner conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file) File "/usr/local/python/lib/python2.7/site-packages/ansible/runner/connection.py", line 34, in connect self.active = conn.connect() File "/usr/local/python/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 132, in connect self.protocol = self._winrm_connect() File "/usr/local/python/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 90, in _winrm_connect err_msg = str(exc.args[0]) IndexError: tuple index out of range
c.测试pywinrm是否工作正常
In [1]: import winrm In [2]: s = winrm.Session('https://10.8.200.20:5986/wsman',auth=('administrator','testwindows')) In [3]: r = s.run_cmd('ipconfig') In [4]: r.std_out Out[4]: '\r\nWindows IP Configuration\r\n\r\n\r\nEthernet adapter \xb1\xbe\xb5\xd8\xc1\xac\xbd\xd3:\r\n\r\n Connection-specific DNS Suffix . : \r\n Link-local IPv6 Address . . . . . : fe80::3dcc:e005:1039:b1%10\r\n IPv4 Address. . . . . . . . . . . : 10.8.200.20\r\n Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n Default Gateway . . . . . . . . . : 10.8.200.254\r\n\r\nTunnel adapter \xb1\xbe\xb5\xd8\xc1\xac\xbd\xd3*:\r\n\r\n Media State . . . . . . . . . . . : Media disconnected\r\n Connection-specific DNS Suffix . : \r\n\r\nTunnel adapter \xb1\xbe\xb5\xd8\xc1\xac\xbd\xd3* 8:\r\n\r\n Media State . . . . . . . . . . . : Media disconnected\r\n Connection-specific DNS Suffix . : \r\n'
发现pywinrm正常工作,但是ansilbe 不能正常工作,有可能是pywinrm问题
sudo pip install https://github.com/diyan/pywinrm/archive/df049454a9309280866e0156805ccda12d71c93a.zip
再次测试
songtao@s-T40:~$ ansible test-win -m win_ping -vvvv --ask-vault-pass Vault password: <10.8.200.20> ESTABLISH WINRM CONNECTION FOR USER: administrator on PORT 5986 TO 10.8.200.20 <10.8.200.20> WINRM CONNECT: transport=plaintext endpoint=https://10.8.200.20:5986/wsman <10.8.200.20> REMOTE_MODULE win_ping <10.8.200.20> EXEC (New-Item -Type Directory -Path $env:temp -Name "ansible-tmp-1411890350.69-117079676086926").FullName | Write-Host -Separator ''; <10.8.200.20> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-EncodedCommand', 'KABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgB0AGUAbQBwACAALQBOAGEAbQBlACAAIgBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQAMQAxADgAOQAwADMANQAwAC4ANgA5AC0AMQAxADcAMAA3ADkANgA3ADYAMAA4ADYAOQAyADYAIgApAC4ARgB1AGwAbABOAGEAbQBlACAAfAAgAFcAcgBpAHQAZQAtAEgAbwBzAHQAIAAtAFMAZQBwAGEAcgBhAHQAbwByACAAJwAnADsA'] <10.8.200.20> WINRM RESULT<10.8.200.20> PUT /tmp/tmp6KqnKV TO C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\win_ping <10.8.200.20> WINRM PUT /tmp/tmp6KqnKV to C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\win_ping.ps1 (offset=0 size=2030) <10.8.200.20> WINRM PUT /tmp/tmp6KqnKV to C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\win_ping.ps1 (offset=2030 size=2030) <10.8.200.20> WINRM PUT /tmp/tmp6KqnKV to C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\win_ping.ps1 (offset=4060 size=1425) <10.8.200.20> PUT /tmp/tmpmctn8U TO C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\arguments <10.8.200.20> WINRM PUT /tmp/tmpmctn8U to C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\arguments (offset=0 size=2) <10.8.200.20> EXEC PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -File "C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\win_ping.ps1" "C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\\arguments"; Remove-Item "C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1411890350.69-117079676086926\" -Force -Recurse; <10.8.200.20> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-EncodedCommand', 'UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARgBpAGwAZQAgACIAQwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADEAMQA4ADkAMAAzADUAMAAuADYAOQAtADEAMQA3ADAANwA5ADYANwA2ADAAOAA2ADkAMgA2AFwAXAB3AGkAbgBfAHAAaQBuAGcALgBwAHMAMQAiACAAIgBDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQAMQAxADgAOQAwADMANQAwAC4ANgA5AC0AMQAxADcAMAA3ADkANgA3ADYAMAA4ADYAOQAyADYAXABcAGEAcgBnAHUAbQBlAG4AdABzACIAOwAgAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgACIAQwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADEAMQA4ADkAMAAzADUAMAAuADYAOQAtADEAMQA3ADAANwA5ADYANwA2ADAAOAA2ADkAMgA2AFwAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsA'] <10.8.200.20> WINRM RESULT test-win | success >> { "changed": false, "ping": "pong" }
测试pywinrm
In [1]: import winrm In [2]: s = winrm.Session('https://10.8.200.20:5986/wsman',auth=('administrator','testwindows')) In [3]: r = s.run_cmd('ipconfig') In [4]: r.std_out Out[4]: '\r\nWindows IP Configuration\r\n\r\n\r\nEthernet adapter \xb1\xbe\xb5\xd8\xc1\xac\xbd\xd3:\r\n\r\n Connection-specific DNS Suffix . : \r\n Link-local IPv6 Address . . . . . : fe80::3dcc:e005:1039:b1%10\r\n IPv4 Address. . . . . . . . . . . : 10.8.200.20\r\n Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n Default Gateway . . . . . . . . . : 10.8.200.254\r\n\r\nTunnel adapter \xb1\xbe\xb5\xd8\xc1\xac\xbd\xd3*:\r\n\r\n Media State . . . . . . . . . . . : Media disconnected\r\n Connection-specific DNS Suffix . : \r\n\r\nTunnel adapter \xb1\xbe\xb5\xd8\xc1\xac\xbd\xd3* 8:\r\n\r\n Media State . . . . . . . . . . . : Media disconnected\r\n Connection-specific DNS Suffix . : \r\n'
参考:
https://github.com/ansible/ansible/issues/8720