Work around for ansible v2.2 to manage windows 2003 with powershell 2.0

[Jayzzz]

Hi Everyone

My circumstance required me to be able to reboot windows 2003 servers via ansible and wait for them to come back and check availability. we do not need to properly configuration manage windows 2003 servers. Anyway we can achieve this on a windows 2003 server with powershell 2.0?

Any help or pointing me to useful resource are much appreciated

Regards

JZ 

[J Hawkesworth]

Hi,

I have a couple of ideas:

1/ There's a pull request to add a module that can run psexec, which might be something you could use, here: https://github.com/ansible/ansible/pull/20141  If you can give that a try and leave some feedback it would help get it added into forthcoming ansible 2.3.  There's some information here about testing ansible pull requests if that's not something you've done before: http://docs.ansible.com/ansible/dev_guide/developing_test_pr.html

Alternatively, I knocked up the following powershell script a long time ago as a proof of concept, but never made use of it (see below).  Passing the username and password required as parameters to the script probably isn't the most secure thing but that might not be your priority.

$ cat legacy_connect.ps1

# This example powershell script shows how you can run a remote command on a powershell 2.0 only host

#

# So you'd run ansible against a (windows) deployment server

# you'd probably have to use with_items to run it against multiple hosts (ugly but maybe better than doing it all manually)

#

# the script args are

#  ps2 host you want to connect to

#  domain that the ps2 host belongs to

#  domain user that the ps2 host can run as

#  password for domain user

#  So, an example (ansible) command line to run this script would be:

#  ansible all -i INVENTORY_FILE -v -m script -a "/etc/ansible/setup/legacy_connect.ps1 s2003machine YOURDOMAIN yourDomainUser superSekritPaswidGoesHere"

# to set up remoting on the legacy host you'll need

# 1/ to be running server 2003 sp2

# 2/ to install netFx20SP1_x86.exe and WindowsServer2003-KP968930-x86-ENG.exe (.net 2 and powershell 2)

# on the legacy host run (amazingly you don't seem to need to reboot after installing these).  YMMV

#  Enable-PSRemoting

# you might have to run:

#   set-Item wsman:\localhost\Client\TrustedHosts -Value *

#   winrm configSDDL default

# but I don't think either is actually needed.

# you can test that the remoting is set up by running Enter-PSSession <legacy host> from another machine on the same domain

# give args sensible names

$LegacyHost = $args[0]

$Domain = $args[1]

$DomUser = $args[2]

$RawString = $args[3]

# Set up credential object (this seems to be required to work around the second-hop issue).

# So this means that on the ansible host we are remoting to we have set up credentials to talk to the legacy host.

# without this, it doesn't seem to work.

$PWord = ConvertTo-SecureString -String $RawString -AsPlainText -Force

$User = $Domain + '\' + $DomUser

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord

# finally, using the credential object, start a session on the remote legacy host

Enter-PSSession $LegacyHost -Credential $Credential

# You are now doing stuff on the legacy host, up until you hit the exit command

# Not tested, but you should be able to map a drive like this (not sure if -Persist is supported on s2003 though)

#New-PSDrive -Name U -PSProvider FileSystem -Root \\domain\some\folder -Credential $Credential -Persist

# actually more likely like this (I think New-PSDrive wasn't in powershell 2):

# $net = new-object -ComObject WScript.Network

# $net.MapNetworkDrive("r:", "\\romeobox\files", $false, "domain\user", "password")

#dir c:\

Write-Host YouAreDoingStuffOnLegacyHost

# leave the legacy host

exit

# you can probably do stuff afterwards as well, not tested.

# Also you might want to use

#  Invoke-Command -ComputerName Server01 -Credential $Credential

# instead of Enter-PSSession

# end of legacy_connect.ps1 script

Hope this helps,

Jon