Difference between revisions of "Ansible winrm"
Jump to navigation
Jump to search
(Created page with "# A way for ansible winrm even if not optimal way You will be better to use https instead of http. I would use ssh if 2019 and above or install openssh on host ``` sudo apt...") |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
You will be better to use https instead of http. I would use ssh if 2019 and above or install openssh on host | You will be better to use https instead of http. I would use ssh if 2019 and above or install openssh on host | ||
| + | |||
| + | https://adamtheautomator.com/ansible-winrm/ | ||
``` | ``` | ||
| − | sudo apt-get gcc libkrb5-dev | + | sudo apt-get install gcc libkrb5-dev krb5-user python3-dev python3-pip python3-venv |
``` | ``` | ||
| Line 15: | Line 17: | ||
| − | /etc/krb5.conf | + | /etc/krb5.conf - CAPS ARE IMPORTANT https://stackoverflow.com/questions/41922521/using-ansible-on-windows-with-domain-user |
``` | ``` | ||
[libdefaults] | [libdefaults] | ||
| − | default_realm = EXAMPLE.COM | + | default_realm = EXAMPLE.COM # domain must be captitalized |
# The following krb5.conf variables are only for MIT Kerberos. | # The following krb5.conf variables are only for MIT Kerberos. | ||
| Line 46: | Line 48: | ||
ansible_winrm_scheme: http | ansible_winrm_scheme: http | ||
ansible_port: 5985 | ansible_port: 5985 | ||
| + | # ansible_winrm_scheme: https | ||
| + | # ansible_port: 5986 | ||
# Insecure don't use | # Insecure don't use | ||
# ansible_winrm_message_encryption: never | # ansible_winrm_message_encryption: never | ||
Latest revision as of 17:16, 10 November 2021
A way for ansible winrm even if not optimal way
You will be better to use https instead of http. I would use ssh if 2019 and above or install openssh on host
https://adamtheautomator.com/ansible-winrm/
sudo apt-get install gcc libkrb5-dev krb5-user python3-dev python3-pip python3-venv
pythonn3 -m venv venv source venv/bin/activate pip3 install ansible kerberos pywinrm
/etc/krb5.conf - CAPS ARE IMPORTANT https://stackoverflow.com/questions/41922521/using-ansible-on-windows-with-domain-user
[libdefaults]
default_realm = EXAMPLE.COM # domain must be captitalized
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
hosts
all:
hosts:
host2
host3
children:
jtest:
hosts:
myhost.example.com:
vars:
ansible_user: myuser
ansible_password: xxxxxxxxxx
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_scheme: http
ansible_port: 5985
# ansible_winrm_scheme: https
# ansible_port: 5986
# Insecure don't use
# ansible_winrm_message_encryption: never
# ansible_winrm_server_cert_validation: ignore
testhosts:
hosts:
host1:
test ping
ansible jtest -i hosts -m win_ping
myhost.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}