Why is ConfigureRemotingForAnsible.ps1 not suitable for production?

21 views
Skip to first unread message

swini...@gmail.com

unread,
Sep 27, 2018, 8:26:10 AM9/27/18
to Ansible Project
The ConfigureRemotingForAnsible.ps1 file to setup Windows hosts for Ansible is not suitable for production according to the documentation. Why is it not suitable for production and what can I tweak in the file to make it suitable for production?

Jordan Borean

unread,
Sep 27, 2018, 3:35:16 PM9/27/18
to Ansible Project
Because it does a few things like enabling Basic auth and uses self signed certificates and usually globally allows WinRM traffic through. In a normal production environment you shouldn't be using Basic auth, using a CA signed certificate and only allow WinRM traffic on the network profile you want. Unfortunately some of these changes we cannot modify as a lot of people rely on this behaviour and just pull straight from GitHub so we just put up a warning saying don't use this directly in Production.

Thanks

Jordan
Reply all
Reply to author
Forward
0 new messages