通过 Ansible 在 Windows 2022 上安装 IIS Web 服务器

拓扑结构

这是一个用于通过 Ansible 部署 IIS Web 服务器的实验室拓扑。

前提条件：

• 在被管理的节点上安装WinRm
• 准备一张自签名的证书
• 开放防火墙入站tcp 5985 5986端口

准备自签名证书

PS C:\Users\azureuser> $cert = New-SelfSignedCertificate -DnsName "solarwinds" -CertStoreLocation Cert:\LocalMachine\My
PS C:\Users\azureuser> $cert.Thumbprint
625D9DA3410A9F3FC87D853EA9730B5A8935F150

注册https listener，并绑定证书

PS C:\Users\azureuser> winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="solarwinds"; CertificateThumbprint="625D9DA3410A9F3FC87D853EA9730B5A8935F150"}'

验证https listener

PS C:\Users\azureuser> WinRM e winrm/config/listener

定义ansible inventory file

[windows_servers]
solarwinds ansible_host=20.47.126.72 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=azureuser ansible_password=<yourpassword> ansible_winrm_connection_timeout=60

[windows_servers:vars]
ansible_winrm_port=5986

创建ansible playbook

---
- name: Windows Feature
  hosts: solarwinds
  gather_facts: true

  tasks:
    - name: Disable Windows Updates Service
      win_service:
        name: wuauserv
        state: stopped
        start_mode: disabled

    - name: Run ipconfig and return IP address information.
      raw: ipconfig
      register: ipconfig
    - debug: var=ipconfig


# Install and enable IIS on Windows server 2019
    - name: Install IIS
      win_feature:
        name: "Web-Server"
        state: present
        restart: yes
        include_sub_features: yes
        include_management_tools: yes
# Copy the index.html file and rename to ansible.html under C:\inetpub\wwwroot. Must use \\ instead of \ for accessing directory on Windows server.
    - name: Copy index text page
      win_copy:
        src: "files/index.html"
        dest: "C:\\inetpub\\wwwroot\\ansible.html"

创建index.html文件

<html>
<head>
	<title>Rock Ansible</title> 
</head>
<body>
	<h1 style="background-color:DodgerBlue;"> Use Ansible to install and configure IIS on WIndows 2022</h1> 
	<h3 style="color:Tomato;"> Welcome to Rock's Ansbile Test Page</h3>
</body>
</html>

运行ansible 命令来验证到windows server的链接

(base) ninjamac@ninjamacdeMacBook-Air ansible % ansible -i host1 windows_servers -m win_ping 

solarwinds | UNREACHABLE! => {
    "changed": false,
    "msg": "ntlm: HTTPSConnectionPool(host='20.47.126.72', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))",
    "unreachable": true
}

该错误是自签名证书无法被macos信任导致，可以通过加上参数ansible_winrm_server_cert_validation=ignore来解决。

ansible -i host1 windows_servers -m setup -e ansible_winrm_server_cert_validation=ignore 

运行ansible playbook

访问服务器的主页