proztec

Partners Staff Login Who We Serve Blog Forum

Home
About Us

Who We Are Why We Are Our Team

Who We Are
Proz Technologies (PROZTEC) is a 100!% Qatari company, founded in 2012. Its operation directed towards... View More

Align Your IT With Your Business
Proz Technologies (PROZTEC) is a Qatar based leading specialist in the world of Information and Communications Technology View More

Our Team
Proz Technologies (PROZTEC) is a Qatar based leading specialist in the world of Information and Communications Technology View More
Services

IT Consultancy Human Resource Outsourcing Technical Support Services Managed Services Implementation Services Corporate Training

IT Consultancy
We provide Information Technology (IT) consulting, advisory and process management services acro... View More

Human Resource Outsourcing
We help our clients by providing best skilled resources while remaining in their budget constrai... View More

Technical Support Services
PROZTEC is the leading technical and professional support services provider in the region. We ha... View More

Managed Services
Sometimes the core business values are different than what the organization are focusing on. IT ... View More

Implementation Services
To enable business systems integration with state of the art tools and technologies to enhance p... View More

Corporate Training
Training and educational programs help organization not only to retain their employee but also m... View More
Solutions

Patch Management Robotic Process Automation IT Operation & Management IT Workload Automation Business Process Management - BPM API Management Advance Analytics

Patch Management
Patch management is an essential element of any comprehensive, effective IT management strategy. But it is only a part of the set of challenges referred to as IT asset management (ITAM). Patch management addresses the need for software to receive timely updates as new protections are released in response to new threats. And patch management is certainly its own set of significant challenges. IT and cyber security leaders must keep track of update releases, and get timely access to them. And that’s just the beginning. Each update must then be tested to make sure installing it doesn’t break anything. If it does, that must be addressed before the update can be deployed in production. And of course, it’s also necessary to make sure the deployment can be rolled back as non-disruptively as possible, in case issues arise that testing didn’t discover. View More

Robotic Process Automation
Robotic process automation (RPA) is the term used for software tools that partially or fully automate human activities that are manual, rule-based, and repetitive. They work by replicating the actions of an actual human interacting with one or more software applications to perform tasks such as data entry, process standard transactions, or respond to simple customer service queries. Indeed, the “chat bot” that has started to become ubiquitous on websites is almost always a robotic process automation tool, not a human. It can handle the typical standard queries like “where is X on the website”, “how do I reset my password”, and the like. View More

IT Operation & Management
IT infrastructure and applications require continuous maintenance, monitoring and control, so there comes the need of IT operations management. The primary concern of IT operations management is the provision of uninterrupted services as per desired service level agreements. Thus IT operations and management is actually the monitoring and controlling of IT services and infrastructure. View More

IT Workload Automation
Rationalisation of business processes is vital to workload automation. Alongside its close cousin, job scheduling, both are software tools to schedule, start, and administer jobs related to business transactions and processes. Workload automation can support multiple business applications and workflows within an organisation. It is, in many ways, a successor to job scheduling as its tries to cover the automation of entire systems within heterogeneous server infrastructure. The components of a workload automation tool may comprise a scheduler, applications server, agents, database and a workload control centre. View More

Business Process Management - BPM
BPM is best thought of as a business practice, encompassing techniques and structured methods. It is not a technology, though there are technologies on the market that carry the descriptor because of what they enable: namely, identifying and modifying existing processes so they align with a desired, presumably improved, future state of affairs. It is about formalizing and institutionalizing better ways for work to get done. View More

API Management
Now a day, the customers use different kinds of portable devices instead of standard endpoint`s and channels to take the advantage of online services. To match such and many other kind of customer needs, very efficient agile development methods are required to be adopted. Application programming interface (API) make the basic foundation for such dynamic business needs. View More

Advance Analytics
Due to recent advancements in technology, the data is being generated at much faster pace than before, thus giving the opportunities as well as challenges in terms of big data and latest data analysis techniques. Researchers and experts in this specialized domain are continuously working to explore the potentials to value different kinds of businesses and services. View More
Events & Gallery
Careers

Culture At PROZTEC Current Opening's

Culture At PROZTEC
At Proztec, we aim to deliver value and innovation to our clients. Leveraging our strong technical expertise.. View More

Senior Wintel Architect
Employment Type: Full Time - Permanent View More
Contact Us

PROZTEC BLOG

Back to Blog Page

Ansible for the Windows Admin

Mar 06, 2019

source: https://goo.gl/ynATKz

Written By: Taz Brown (Red Hat), Feed Abner and Malivert Feed

We are searching for a champion, a Windows administrator willing to venture out into the world of Ansible automation. No, you will not need to know Bash scripting or how to navigate your way around a Linux terminal. All you need is the desire all admins share: to complete mundane tasks as quickly as possible.

While there have been strides in the integration of Windows and Ansible, please be aware that at this present time and as of the latest version of Ansible version, Linux is still required for Ansible to run and manage your remote Windows nodes. However, you should not fret, as currently, Windows has a Linux subsystem called WSL or Windows Subsystem for Linux. There are instructions to help you install WSL.

If you are a Windows admin with zero experience with Linux and Ansible, it is neither hard nor time-consuming to get started and run your first Ansible playbook. You can make a positive impact on your organization's infrastructure, increase its return on investment (ROI), and get more time to innovate by automating mundane tasks, such as deploying services or making user account changes, with Ansible playbooks.

Ansible can bring automation to a mixed operating system environment and provides an efficient way to get to an infrastructure-as-code (IaC) state without burdening your administrators. Ansible is not a replacement for System Center Configuration Manager (SCCM) or Chocolatey; it's a supplemental tool that allows you to automate the services your software provides.

Remoting into Windows servers or clients from the Ansible control machine requires Windows Remote Manager (WinRM) to be properly configured. Fortunately, the Ansible team wrote a PowerShell script, ConfigureRemotingForAnsible, that makes it easy to get started with Ansible for Windows in your development or testing environment. The script configures WinRM on any supported Windows server or client target.

Run the following on Windows PowerShell:

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
winrm enumerate winrm/config/Listener

Ansible can use multiple authentication transport schemes, including NTLM, Kerberos, and basic authentication. For this tutorial, we will use the Kerberos authentication method (assuming the Windows server is registered to a domain).

The ConfigureRemotingForAnsible script has basic auth enabled by default; to disable basic auth and enable Kerberos, run the following at the command prompt:

winrm set winrm/config/service/auth @{Basic="false"; Kerberos="true"}

Set up your control machine

Our control machine is running CentOS Linux release 7.5.1804(core); you could also use RHEL 7 or Fedora 19 or later releases. To install and configure the control machine to manage Windows target hosts:

On the control machine, install the ansible and python2-winrm packages with the following command:

yum install -y ansible python2-winrm

2. On the control machine, install Python Kerberos:

yum install -y python-requests-kerberos

3. Open the /etc/krb5.conf file and edit the following setting (using your own domain info):

[realms]
EXAMPLE.COM = {
kdc = ad.example.com
}

[domain!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_realm]
.example.com = EXAMPLE.COM

Set up your inventory

More on Ansible

· How Ansible works

· Free Ansible eBooks

· Ansible quick start video

· Download and install Ansible

· A quickstart guide to Ansible

Ansible's inventory consists of all the end nodes or target hosts that can be managed by the Ansible host, which is also known as the Ansible controller. You can configure inventory to be static or dynamic; in this tutorial, we will be configuring static inventory.

While you can configure static inventory in /etc/ansible/hosts, it's a best practice to create a different inventory file that can be edited as needed; e.g., if you need to change the static inventory to a dynamic inventory to accommodate infrastructure changes. The inventory will be configured by groupings. Groups start with square brackets ([ ]), and a collection of servers represents that group (e.g., [group]).

Ansible inventories can take many forms: static file formats, such as .ini, .yaml, and .toml, as well as dynamically generated inventories from scripts or plugins. The .ini format is appropriate for small, simple inventories, which can be as simple as a list of host names to run against.

Ansible allows you to set variables for each group in your Ansible hosts' file by inserting the name of the :vars* inside square brackets. The code below sets variables for WinRM on an Ansible control machine.

[linux-server]
linux-web.example.com
[linux-server:vars]
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_user=root
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_connection=ssh
[win-server]
windows-web
[windows:vars]
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_user=Administrator@example.com
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_connection=winrm
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_port=5986
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_winrm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_transport=kerberos
ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_winrm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_server!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_cert!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_validation=ignore

Ansible can check the ping status of all servers that are part of the groups linux-serveror win-server by running an ad-hoc command, such as:

ansible linux-server -i (some local path)/(inventory file) -m ping

ansible win-server -m win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_ping --ask-pass

Configure IIS & the Apache web application

Create Ansible playbooks

It can be tedious and time-consuming to use Ansible ad-hoc commands when you need to do a task more complex than just pinging a target host or getting the host's uptime information. Ansible playbooks are YAML-formatted files that contain a set of configurations and tasks that achieve an end state on an Ansible Windows or Linux target host. The ad-hoc command above could become:

- hosts: win-server
gather!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_facts: no
tasks:
- name: Checking connection to {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_ping:

To run an Ansible playbook, use the ansible-playbook command. The result displays all successful and failed tasks.

Ansible playbook ping

To change the Ansible target hostname, first show the current Ansible target hostname:

ansible win-server -m setup --ask-pass | grep ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname

Add two tasks to the playbook to change the hostname to the one set in the inventory file and reboot the Ansible target host:

- hosts: win-server
gather!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_facts: yes
tasks:
- name: Change current hostname to {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname:
name: "{{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}"
register: winhostname

- name: Reboot {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_reboot:
when: winhostname.reboot!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_required

Windows: Configure an IIS website

To create an Internet Information Services (IIS) website:

· The IIS Windows feature must be installed and running

· IIS web page documents must be available to the IIS service

· Windows Firewall must be configured to allow incoming traffic from port 80

The Ansible playbook below produces a running and configured IIS web server on the Ansible target host using the Ansible Windows modules. It handles the following configurations and tasks:

1. hosts: Names the group of Ansible target hosts the playbook will be running against

2. gather!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_facts: Queries a list of the target systems' settings, such as hostname, IP address, MAC address, fully qualified domain name (FQDN), etc.

3. tasks: Executes a list of Ansible tasks in order:

a. Checks the connection between the Ansible control machine and the target host to ensure network connectivity

b. Changes the current hostname of the target host to the Ansible inventory hostname

c. Installs the IIS feature on the Ansible target host

d. Copies the web index file from the Ansible control machine to the IIS web home directory on the Ansible target host

e. Opens port 80 for incoming traffic on the target host firewall

f. Tests whether the IIS server on the target host is running and is properly configured

- hosts: win-server
gather!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_facts: yes
tasks:
- name: Install IIS feature on {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_feature:
name: Web-Server
state: present
restart: no
include!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_sub!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_features: yes
include!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_management!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_tools: no

- name: Move local web index file to {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_copy:
src: files/index.html
dest: 'C:\\inetpub\\wwwroot\\index.html'

- name: Open firewall port 80 for the IIS web server on {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_firewall!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_rule:
name: "{{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_80"
enable: yes
state: present
localport: 80
action: Allow
direction: In
protocol: Tcp

- name: Testing IIS is properly configured and running on {{ inventory!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_hostname }}
win!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_uri:
url: "http://{{ ansible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_fqdn }}"
return!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_content: yes
register: result
failed!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_when: "'Yay!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Simple Ansible deployed IIS server ...' not in result.content"

Linux: Configure an Apache web page

If you're asked to be a hybrid admin, you may assume that you'll only be responsible for handling Windows environments. But, with the admin role shifting to DevOps, you might be asked to touch a Linux server or two to support hosts running Apache. Here are some instructions to help you along.

To create an Apache web page:

1. Apache must be installed

2. Apache must be enabled and started; this can be done in RHEL using systemd:

a. systemctl enable httpd

b. systemctl start httpd

3. Make firewalld changes to make sure the HTTP/HTTPS ports are added to the firewall rules along with the ports:

a. command: firewalld-cmd --permanent -add-service={http,https}

b. command: firewall-cmd --permanent -add-port={80,443}

c. Run the Ansible playbook below to install and enable Apache without needing to execute single commands. It provides the configurations necessary to deploy an Apache web page in parallel, which means the tasks will run in sequence based on the way they are written. The tasks in order are:

1. Install the httpd service using the yum module

2. Create web content using the copy module

3. Ensure the firewall is enabled and running

4. Ensure the firewall permits the use of the httpd service

5. Make sure the httpd service is enabled and running

6. Test the connectivity webpage config

This Ansible playbook will deploy an Apache web server:

- hosts: webserver
become: true
gather!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_facts: no
tasks:
- name: install latest version of Apache
yum:
name: "(( item }}"
state: latest
with!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!_items:
- httpd
- httpd-tools

- name: create web content file
copy:
content: "Yay!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Simply deployed Apache webserver …"
dest: /var/www/html/index.html

- name: firewall enabled and running
service:
enabled: true
name: firewalld
state: started

- name: firewalld persists httpd service
firewalld:
immediate: yes
permanent: true
service: http
state: enabled

- name: httpd enabled and running
service:
name: httpd
state: started
enabled: true

Join the party

There are already about 90 modules available and more are in development. The Windows modules help with Chocolatey, and the majority of the Windows infrastructure can now be managed with Ansible. This allows Windows admins to use the same techniques and practices executed by Linux admins in the long-established Linux culture.

The Windows space is continuing to evolve, and by joining the Ansible community, you can join the biggest automation party around!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Write A Review

Name

Write Your Message