--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/QDoRl0_KU-Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/444b5db2-68b0-4fbf-906d-07ec4303d11a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Thanks for elaborate information on ansible with windows.Winrm is disabled by default. Not sure about the security constraints when we enable this service.I will do research on it.
You can currently only use the winrm connection plugin with Ansible to talk to Windows hosts. WinRM allows you to connect using both domain and local accounts and usually you need administrative rights on that host to both connect and manipulate group membership. WinRM allows you to authenticate using various protocol such as;--
* Basic
* Certificate (not the same as SSH keys)
* NTLM
* Kerberos
* CredSSP
More details can be found here http://docs.ansible.com/ansible/latest/user_guide/windows.html.
Thanks
Jordan
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/QDoRl0_KU-Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
# ansible inventory
[domainmember]
testmachine01 ip=172.17.0.1
---
# spin up a vm from a template
- hosts: localhost
gather_facts: true
- hosts: domainmember
gather_facts: false
vars:
template: Winserver-TEMPLATE
vars_prompt:
- name: 'vmware_user'
prompt: 'Enter VMWare username'
private: no
- name: 'vmware_cred'
prompt: 'Enter VMWare password'
private: yes
pre_tasks:
- name: show what we are planning on doing
debug:
msg: "ensure vm with hostname {{inventory_hostname}} and ip {{hostvars[inventory_hostname]['ip']}} exists."
- name: clone vmware template and customise so it is ready for use as domain member
vmware_guest:
annotation: "Ansible cloned from template '{{template}}' on {{hostvars['localhost']['ansible_date_time']['date']}} by {{vmware_user}}"
cluster: Dev Cluster
datacenter: Dev datacenter
folder: /Development/
hostname: vcenterhost
name: "{{inventory_hostname}}"
password: "{{ vmware_cred }}"
resource_pool: Normal
state: poweredon
template: "{{template}}"
username: '{{vmware_user}}'
validate_certs: no
hardware:
memory_mb: 1024
num_cpus: 1
networks:
- name: VM Network
ip: "{{hostvars[inventory_hostname]['ip']}}"
netmask: 255.255.128.0
gateway: 172.x.x.1
# deliberately not specifying a domain here domain: devdomain.local
dns_servers:
- 172.x.x.x
- 172.x.x.x2
# I had trouble using vmxnet3, it allways seems to want to be dhcp-configured.
# may be worth retrying in future but ensuring static ip configured in template
# devicetype: vmxnet3
devicetype: e1000e
type: static
customization:
autologon: yes
autologoncount: 5
hostname: "{{inventory_hostname}}"
ip: "{{hostvars[inventory_hostname]['ip']}}"
netmask: 255.255.128.0
gateway: 172.x.x.x
dns_servers:
- 172.x.x.x
- 172.x.x.x2
# deliberately not specifying a domain here domain: devdomain.local
password: "{{guest_administrator_pass}}"
joindomain: devdomain.local
domainadmin: "{{ win_dom_user }}"
domainadminpassword: "{{ win_dom_cred }}"
runonce:
- powershell.exe -ExecutionPolicy Unrestricted -File C:\Users\Administrator\Downloads\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
- C:\finishsetup.bat
timezone: 85
# set timezone correctly or domain trust relationship will be lost
delegate_to: localhost
- name: wait for connection to become reachable
wait_for_connection:
delay: 75
sleep: 11
timeout: 675
# by this point host should be on the domain so you can start running roles to provision your windows host
do you have any ideas on configuring winrm in the template(vmware)?
On Wed, Mar 28, 2018 at 11:58 AM, Anil <visit...@gmail.com> wrote:
Thanks for elaborate information on ansible with windows.Winrm is disabled by default. Not sure about the security constraints when we enable this service.I will do research on it.
You can currently only use the winrm connection plugin with Ansible to talk to Windows hosts. WinRM allows you to connect using both domain and local accounts and usually you need administrative rights on that host to both connect and manipulate group membership. WinRM allows you to authenticate using various protocol such as;--
* Basic
* Certificate (not the same as SSH keys)
* NTLM
* Kerberos
* CredSSP
More details can be found here http://docs.ansible.com/ansible/latest/user_guide/windows.html.
Thanks
Jordan
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/QDoRl0_KU-Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
* Basic
* Certificate (not the same as SSH keys)
* NTLM
* Kerberos
* CredSSP
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/00d1e2b2-c215-43a9-8632-64b58a256426%40googlegroups.com.