I want to manage Windows servers with Ansible 1.9 running on a Linux server.
I’d prefer to use a local Windows account without installing Moba SSH. I found very little documentation on how to set up Ansible with Windows servers. I have a Linux server running Ansible. I am trying to configure Ansible to push files to a Windows server. I have a basic playbook. The /etc/ansible/hosts file has an entry for an IP address for the Windows server. The /etc/ansible/hosts file is configured to use a local user account on the Windows server. I am not using Kerberos. I am not trying to use Windows domain authentication. Do I need to use Kerberos or Windows domain authentication to have Ansible manage Windows servers?
When the /etc/ansible/hosts file has this entry (in the [windows:var] section):ansible_connection=winrm
I can run a playbook and get the following output:
The above playbook run corresponds with no event logging on the Windows server. The below output corresponds with Windows Server System Log events.
When the /etc/ansible/hosts file has this entry (in the [windows:var] section, and instead of the ansible_connection entry above):ansible_ssh_connection=winrm
and I run a playbook, I get this output:
ESTABLISH CONNECTION FOR USER… PasswordAuthentication=no … fatal: [x.x.x.x] => SSH Error: Connection timed out during banner exchange … unreachable = 1 …
I expect the Playbook to work. I don’t expect the PasswordAuthentication to be set to no. I’m not sure how SSH works with a Windows server. I want to use Ansible to manage a Windows server with local authentication.
with a windows group in your inventory and the group vars needed to connect to windows set up.
It looks at the moment like you are still missing a setting as it shouldn’t be attempting to connect via SSH, since windows only works with Winrm (at the moment).
If you are able to establish a WinRM connection but still receive 401 Unauthorized, check that the local user name exists on the Windows machine and you have supplied the correct password. Sometimes the windows event log (eventvwr) will give you a clue as well.
I tried using the wrong password on purpose. But that had no affect, and the problem was reproducible. I tried changing the port to 5984. This produced a different error. The time it takes before failing is longest when I use port 5986. So I think I should use port 5986.
Where do I create the directory groups_var? I want to put windows.yml in there. I have in my /etc/ansible/hosts file certain entries like ansible_ssh_user, ansible_ssh_password, etc. Ansible’s documentation recommends that these entries go into a windows.yml file in a groups_var directory. I don’t know how my playbooks or my inventory file (/etc/ansible/hosts) would refer to this windows.yml file. I wouldn’t expect it to be magically invoked when I run a playbook. I tried using Ansible’s recommended “field:” format. But this produced errors. I have better luck when I assign ansible_ssh_user, ansible_ssh_password etc. with “=” equals signs in my /etc/ansible/hosts file. The colon separator didn’t help me.
As Jon said, first port of call is to read the windows documentation. When I started I also read the best practise guide here - http://docs.ansible.com/ansible/playbooks_best_practices.html - This contains the recommended file structure of your ansible setup.
My group_vars is at the same level as the hosts file. So my hosts file is /etc/ansible/hosts and my groups_vars are all located in /etc/ansible/group_vars.
In 1.9 my windows creds are setup like below (with ansible_ssh_)