Manage Windows With Ansible

One of the best things about Ansible is that it supports Linux as well as Windows. Even though Ansible cannot be installed on a Windows machine, we can still manage Windows machines using Ansible installed on a Linux Operating System. This guide will work for all supported Ansible versions.

1: Creating an environment

The first step is to create an environment where a Linux machine and a Windows machine can ping one and the other.
In Linux we use SSH between machines to connect them to one and the other while in Windows we will be using a service called WinRM (Windows Remote Management) to create communication between our Linux & Windows Machines.

2: Upgrading PowerShell

The next step is to update the Powershell version on the Windows machine to at least 3.0. Use the menu to search for PowerShell, right click on it and start it as an administrator. Run the following command in your PowerShell prompt to check the current PowerShell version. If you are running Windows 10, then you will have Powershell 5.0 installed already.

ansible on windows

Use the above command to check your PowerShell version. In case your PowerShell version is less than 3.0, please follow the following steps on your Windows machine. Otherwise skip forward.
Upgrade-PowerShell.ps1 Open this link, copy the entire file and paste it as upgradepowershell.ps1. Preferably on your desktop so it can be easy to acccess.
The command to navigate to your Desktop would be:

 cd ..\..\Users\windowsnode\Desktop\
ansible on windows

After navigating to the Desktop, you need to execute the upgradepowershell.ps1 file using PowerShell.
You can do that through:

powershell.exe -ExecutionPolicy ByPass -File ./upgradepowershell.ps1
ansible on windows

3: Installing & Configuring WinRM

Now that we have upgraded PowerShell. We need to setup WinRM on our Windows node. We will use another PowerShell executable file to do so instead of doing it manually, configureremoteforansible.ps1 is the link. Follow this link and copy the content. Paste the content into a file and rename it as configureremoteforansible.ps1. Make sure that this file is on the desktop just like the previous file. Now you need to install this PowerShell executable file, use the same command we did for the previous file. Just make sure to change the filename.

powershell.exe -ExecutionPolicy ByPass -File ./configureremoteforansible.ps1

The above step is for the WinRM service to be configured so that Ansible can connect to it.
There are two main components of the WinRM service that governs how Ansible can interface with the Windows host: the listener and the service configuration settings. The configureremoteforansible.ps1 script will configure both, the HTTP & the HTTPS listeners with a self signed signature so we do not face any kind of authentication issues. We can confirm this by checking which listeners are currently running on the WinRM. To do that, we need to execute:

winrm enumerate winrm/config/Listener
ansible on windows

Running the above command should give you an output like this:

4: Preparing Ansible Controlnode

You can minimize your Windows machine now. The next step is to input our Windows machine data into our Ansible inventory file. Normally you would just need to input the IP address or the hostname of the remote machine in case of Linux but since we are connecting to a Windows remote machine so we need to input some more variables. These variables are:

  • A name for your Windows remote machine
  • IP address of the remote machine
  • Password for the remote machine
  • Connection method between local and remote machine
  • Port number for Ansible to use
  • User name of the remote machine
  • WinRM Server Certification Validation

I know it feels like a lot but this quite simple and easy to do. Just use the screenshot below for reference and you should be done in a matter of seconds.

ansible on windows

Note: Use the ipconfig command in Windows to check the IP address of the Windows remote machine.

5: Verifying Connection

The only thing left to do now is to see if Ansible is able to connect and communicate with our Windows remote machine. You must’ve used the ping module in a ad-hoc command in Ansible to verify this but since we are trying to ping a Windows and not a Linux machine, the module required for pinging changes.

ansible nameofyourmachine -m win_ping
ansible on windows

6: More Ansible Modules

If you have carefully followed the above steps, you should be able to get the below result.
If you’d like to see a list of all the Windows modules available in Ansible, check out: Windows Module List

More Knowledge

If you would like to gain more knowledge about Linux, I’d recommend going through the Official Linux Training. It is the most in-depth Linux Program in the world.
Confused about installing RHEL 8? Check out Installing RHEL 8
Grow your career with Openstack, Openshift, AWS and Devops.