通过 Ansible 在 Windows 2022 上安装 IIS Web 服务器

拓扑结构

这是一个用于通过 Ansible 部署 IIS Web 服务器的实验室拓扑。

前提条件:

  • 在被管理的节点上安装WinRm
  • 准备一张自签名的证书
  • 开放防火墙入站tcp 5985 5986端口

准备自签名证书

复制代码
PS C:\Users\azureuser> $cert = New-SelfSignedCertificate -DnsName "solarwinds" -CertStoreLocation Cert:\LocalMachine\My
PS C:\Users\azureuser> $cert.Thumbprint
625D9DA3410A9F3FC87D853EA9730B5A8935F150

注册https listener,并绑定证书

复制代码
PS C:\Users\azureuser> winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="solarwinds"; CertificateThumbprint="625D9DA3410A9F3FC87D853EA9730B5A8935F150"}'

验证https listener

复制代码
PS C:\Users\azureuser> WinRM e winrm/config/listener

定义ansible inventory file

复制代码
[windows_servers]
solarwinds ansible_host=20.47.126.72 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=azureuser ansible_password=<yourpassword> ansible_winrm_connection_timeout=60

[windows_servers:vars]
ansible_winrm_port=5986

创建ansible playbook

复制代码
---
- name: Windows Feature
  hosts: solarwinds
  gather_facts: true

  tasks:
    - name: Disable Windows Updates Service
      win_service:
        name: wuauserv
        state: stopped
        start_mode: disabled

    - name: Run ipconfig and return IP address information.
      raw: ipconfig
      register: ipconfig
    - debug: var=ipconfig


# Install and enable IIS on Windows server 2019
    - name: Install IIS
      win_feature:
        name: "Web-Server"
        state: present
        restart: yes
        include_sub_features: yes
        include_management_tools: yes
# Copy the index.html file and rename to ansible.html under C:\inetpub\wwwroot. Must use \\ instead of \ for accessing directory on Windows server.
    - name: Copy index text page
      win_copy:
        src: "files/index.html"
        dest: "C:\\inetpub\\wwwroot\\ansible.html"

创建index.html文件

复制代码
<html>
<head>
	<title>Rock Ansible</title> 
</head>
<body>
	<h1 style="background-color:DodgerBlue;"> Use Ansible to install and configure IIS on WIndows 2022</h1> 
	<h3 style="color:Tomato;"> Welcome to Rock's Ansbile Test Page</h3>
</body>
</html>

运行ansible 命令来验证到windows server的链接

复制代码
(base) ninjamac@ninjamacdeMacBook-Air ansible % ansible -i host1 windows_servers -m win_ping 

solarwinds | UNREACHABLE! => {
    "changed": false,
    "msg": "ntlm: HTTPSConnectionPool(host='20.47.126.72', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))",
    "unreachable": true
}

该错误是自签名证书无法被macos信任导致,可以通过加上参数ansible_winrm_server_cert_validation=ignore来解决。

复制代码
ansible -i host1 windows_servers -m setup -e ansible_winrm_server_cert_validation=ignore 

运行ansible playbook

访问服务器的主页

相关推荐
有毒的教程2 小时前
Ansible批量操作自动化完整教程:批量部署服务、配置同步、软件更新实战
运维·自动化·ansible
Hy行者勇哥5 天前
用Cursor智能编写Ansible/Terraform脚本,打通CI/CD链路
ci/cd·ansible·terraform
芷栀夏7 天前
飞牛NAS怎么部署Immich?家庭照片自动备份与远程访问教程
服务器·nginx·ansible
悠然南风18 天前
Ansible常见模块总结及LDAP Role 编写与调试
ansible
祺风挽楠1 个月前
ansible编辑
网络·ansible
芳心粽伙饭1 个月前
Ansible课后作业
ansible
烁3471 个月前
Ansible初识
ansible
烁3471 个月前
Ansible安装部署调试
ansible
烁3471 个月前
Ansible命令
ansible
小义_1 个月前
【Ansible】(三)基础配置与连接设置
云原生·ansible