Ansible is a powerful tool for automating tasks across various platforms, including Windows systems. While it’s widely known for managing Linux, Ansible’s support for Windows enables seamless cross-platform automation. This article explains how Ansible can manage Windows, the prerequisites, and use cases.
Can Ansible Manage Windows?
Yes, Ansible can manage Windows systems using WinRM (Windows Remote Management) or SSH. With its agentless architecture, Ansible performs tasks like software deployment, configuration management, and system updates on Windows nodes.
Prerequisites for Managing Windows with Ansible
1. Enable WinRM on Windows Hosts
WinRM allows Ansible to communicate with Windows machines remotely.
Steps to Enable WinRM:
- Open PowerShell as Administrator.
- Run the following commands:
winrm quickconfig
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
Set-Item wsman:\localhost\Client\TrustedHosts -Value "<Ansible_Control_Node_IP>"
2. Install pywinrm on the Ansible Control Node
Install the pywinrm library to enable WinRM communication:
pip install pywinrm
3. Configure Inventory for Windows
Define the Windows hosts in your inventory file:
[windows]
windows_host ansible_host=192.168.1.10 ansible_user=Administrator ansible_password=your_password ansible_connection=winrm
Ansible Modules for Windows Automation
Ansible provides several modules specifically for managing Windows systems. Here are some commonly used ones:
1. win_service:
Manage Windows services.
- name: Ensure IIS is running
win_service:
name: W3SVC
state: started
2. win_package:
Install or uninstall software.
- name: Install Google Chrome
win_package:
path: "https://dl.google.com/chrome/install/GoogleChromeStandaloneEnterprise.msi"
3. win_user:
Manage user accounts.
- name: Create a new user
win_user:
name: dev_user
password: StrongPassword123!
state: present
4. win_file:
Manage files and directories.
- name: Create a directory
win_file:
path: C:\Temp
state: directory
5. win_shell:
Execute PowerShell or command-line commands.
- name: Run a PowerShell command
win_shell: Get-Service
Use Cases for Ansible on Windows
Application Deployment: Automate the installation and configuration of software.
System Configuration: Apply consistent configurations across multiple Windows machines.
Service Management: Start, stop, or restart Windows services as needed.
File and Directory Management: Create, delete, or manage file permissions on Windows systems.
User Management: Add, update, or remove users and groups.
Running Playbooks on Windows
Once the inventory and playbook are set up, use the ansible-playbook command to run tasks on Windows systems:
ansible-playbook -i inventory.ini windows-playbook.yml
Example Playbook to Configure Windows
- hosts: windows
tasks:
- name: Install IIS
win_feature:
name: Web-Server
state: present
- name: Start IIS service
win_service:
name: W3SVC
state: started
Best Practices for Managing Windows with Ansible
Encrypt Credentials: Use Ansible Vault to secure sensitive data like passwords.
Test Playbooks: Validate configurations in a test environment before applying them to production.
Organize Tasks: Use roles and variables to simplify complex playbooks.
Conclusion
Ansible’s support for Windows makes it a versatile automation tool for hybrid environments. With modules tailored for Windows and its agentless architecture, Ansible simplifies the management of Windows systems alongside Linux and other platforms.
Learn More About Managing Windows with Ansible
Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.Academy
Explore practical Windows automation examples in Ansible by Examples.
Donate
Support this project by contributing today.