通过 Ansible 在 Windows 2022 上安装 IIS Web 服务器

拓扑结构

这是一个用于通过 Ansible 部署 IIS Web 服务器的实验室拓扑。

前提条件:

  • 在被管理的节点上安装WinRm
  • 准备一张自签名的证书
  • 开放防火墙入站tcp 5985 5986端口

准备自签名证书

复制代码
PS C:\Users\azureuser> $cert = New-SelfSignedCertificate -DnsName "solarwinds" -CertStoreLocation Cert:\LocalMachine\My
PS C:\Users\azureuser> $cert.Thumbprint
625D9DA3410A9F3FC87D853EA9730B5A8935F150

注册https listener,并绑定证书

复制代码
PS C:\Users\azureuser> winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="solarwinds"; CertificateThumbprint="625D9DA3410A9F3FC87D853EA9730B5A8935F150"}'

验证https listener

复制代码
PS C:\Users\azureuser> WinRM e winrm/config/listener

定义ansible inventory file

复制代码
[windows_servers]
solarwinds ansible_host=20.47.126.72 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=azureuser ansible_password=<yourpassword> ansible_winrm_connection_timeout=60

[windows_servers:vars]
ansible_winrm_port=5986

创建ansible playbook

复制代码
---
- name: Windows Feature
  hosts: solarwinds
  gather_facts: true

  tasks:
    - name: Disable Windows Updates Service
      win_service:
        name: wuauserv
        state: stopped
        start_mode: disabled

    - name: Run ipconfig and return IP address information.
      raw: ipconfig
      register: ipconfig
    - debug: var=ipconfig


# Install and enable IIS on Windows server 2019
    - name: Install IIS
      win_feature:
        name: "Web-Server"
        state: present
        restart: yes
        include_sub_features: yes
        include_management_tools: yes
# Copy the index.html file and rename to ansible.html under C:\inetpub\wwwroot. Must use \\ instead of \ for accessing directory on Windows server.
    - name: Copy index text page
      win_copy:
        src: "files/index.html"
        dest: "C:\\inetpub\\wwwroot\\ansible.html"

创建index.html文件

复制代码
<html>
<head>
	<title>Rock Ansible</title> 
</head>
<body>
	<h1 style="background-color:DodgerBlue;"> Use Ansible to install and configure IIS on WIndows 2022</h1> 
	<h3 style="color:Tomato;"> Welcome to Rock's Ansbile Test Page</h3>
</body>
</html>

运行ansible 命令来验证到windows server的链接

复制代码
(base) ninjamac@ninjamacdeMacBook-Air ansible % ansible -i host1 windows_servers -m win_ping 

solarwinds | UNREACHABLE! => {
    "changed": false,
    "msg": "ntlm: HTTPSConnectionPool(host='20.47.126.72', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))",
    "unreachable": true
}

该错误是自签名证书无法被macos信任导致,可以通过加上参数ansible_winrm_server_cert_validation=ignore来解决。

复制代码
ansible -i host1 windows_servers -m setup -e ansible_winrm_server_cert_validation=ignore 

运行ansible playbook

访问服务器的主页

相关推荐
风清再凯3 天前
自动化工具ansible,以及playbook剧本
运维·自动化·ansible
IT乌鸦坐飞机3 天前
ansible部署数据库服务随机启动并创建用户和设置用户有完全权限
数据库·ansible·centos7
遇见火星16 天前
如何使用Ansible一键部署MinIO集群?
ansible
粥周粥16 天前
ANSIBLE
ansible
码农101号16 天前
Linux中ansible模块补充和playbook讲解
linux·运维·ansible
码农101号16 天前
Linux的Ansible软件基础使用讲解和ssh远程连接
ansible
烟雨书信18 天前
ANSIBLE运维自动化管理端部署
运维·自动化·ansible
碎碎-li18 天前
ANSIBLE(运维自动化)
运维·自动化·ansible
@donshu@21 天前
Linux运维-ansible-python开发-获取inventroy信息
linux·运维·ansible
Kendra91924 天前
Ansible
ansible