Hi
My requirement is Provision a windows machine and run the playbooks without manual intervention. In this case, we cannot run the playbooks as windows is not configured for ansible. ie ConfigureRemotingForAnsible.ps1 is not executed on windows machine.
Is there a way to connect to windows machine from ansible control machine and run the powershell script, after that playbooks can be run.
Thanks
Hi,
You don’t mention which version(s) of windows you are using. I think Server 2012 R2 may actually be configured for WinRM connections by default, so you might be able to connect without first running ConfigureRemotingForAnsible.ps1
Also if you are using AWS see this https://www.ansible.com/blog/easily-provision-windows
I get round this by using a vmware template with a run once script which runs ConfigureRemotingForAnsible.ps1 when the virtual machine is first created from the template.
I believe you can also create an autorun xml file and add it to the root of the windows ISO which allows for a fully automated installation of windows from ISO but I have not tried this myself.
Hope this helps,
Jon
Hi
Thanks for your response. I am using Windows 2012 R2 standard edition. Without running the ConfigureRemotingForAnsible.ps1, I am not able to connect to windows machine from Ansible controller. We are provisioning machines on soft layer. Need to see whether an option/permission to create a template is available with us or not. So looking for some option to get the script run once the machine is provisioned. Tried using pywinrm , but that needs some winrm variables to set , so the connection happens through python.
On the SoftLayer there is an option for selecting a post provisioning script, where you can provide the set of WinRM commands to run after VM provisioned.
Hey Jon,
I am able to run script using run once from vmware custom spec, however it prompts for User Access Control(UAC), any ideas on how to get around this?
Neal
I’d imagine running as a local administrator would avoid this.
Are your Windows boxes domain joined? If so, you can specify applicable GPO (if required) or just auth to them via kerberos. I auth to our Windows servers via kerberos using an account that has local admin rights on every server - I don’t run any scripts or make any changes on the Windows hosts before initiating connections to them.