Administrasjon av Windows-systemer med Ansible Playbooks
Jeg skal demonstrere forskjellige operasjoner en administrator kan utføre på et eksternt Windows-system ved hjelp av Ansible playbooks.
Ansible er et populært DevOps-verktøy som ofte brukes i dagens marked. Det tilbyr et bredt spekter av Windows-moduler for å konfigurere og administrere Windows-servere. Det forutsettes at Ansible allerede er installert på systemet der du vil administrere dine Windows-servere.
Her er noen av de vanligste oppgavene Windows-administratorer utfører daglig. Du vil oppdage hvor enkelt det er å administrere Windows ved hjelp av Ansible.
IP-adressen til min Ansible Windows-kontrollmaskin er 192.168.0.106, og IP-adressen til det eksterne Windows-systemet er 192.168.0.102. Før du begynner, er det viktig å kjøre en win_ping-modul for å sjekke om det er mulig å koble til den eksterne Windows-serveren.
[email protected] ~
$ ansible win -m win_ping
192.168.0.102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Koblingen til den eksterne verten er vellykket.
La oss starte med Ansible Playbooks…
Filkopiering
Modulen win_copy brukes til å kopiere en fil fra den lokale serveren til en ekstern Windows-vert. I dette tilfellet skal vi kopiere en PDF-fil.
Bruk YAML-koden nedenfor, og spesifiser kilde- og destinasjonsstiene.
[email protected] ~
$ vi copy.yml
---
- hosts: win
tasks:
- name: Kopier fil
win_copy:
src: C:output.pdf
dest: C:ansible_examples
remote_src: yes
Kjør Ansible playbook for å utføre win_copy.
[email protected] ~ $ ansible-playbook copy.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Kopier fil] ***************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Filen er nå kopiert til angitt destinasjon på det eksterne Windows-systemet.
Installasjon og avinstallasjon av MSI
For å installere en applikasjon med en MSI-fil, må du først bruke win_get_url for å laste ned MSI-filen, og deretter win_package for å installere den. Tilstanden «present» indikerer at MSI-en vil bli installert, og applikasjonen vil være i den tilstanden.
I dette eksemplet installerer vi Apache.
YAML-koden som brukes er:
[email protected] ~
$ vi msi.yml
---
- name: Installerer Apache MSI
hosts: win
tasks:
- name: Last ned Apache-installasjonsprogrammet
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Installer MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: present
Kjør ansible-playbook for å installere med MSI.
[email protected] ~ $ ansible-playbook msi.yml PLAY [Installerer Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Last ned Apache-installasjonsprogrammet] ********************************************************************************************************* changed: [192.168.0.102] TASK [Installer MSI] *************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Gå nå til Windows-systemet og bekreft at Apache er installert.
C:Userstipsbilk.net>cd C:Program Files (x86)Apache Software FoundationApache2.2bin C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v Server version: Apache/2.2.25 (Win32) Server built: Jul 10 2013 01:52:12
Du kan også installere applikasjoner med MSI og argumenter. Nedenfor er det samme eksempelet, men i stedet for en tilstand, brukes et installasjonsargument for å installere Apache.
YAML-koden er:
---
- name: Installerer Apache MSI
hosts: win
tasks:
- name: Last ned Apache-installasjonsprogrammet
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Installer MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
arguments:
- /install
- /passive
- /norestart
For å avinstallere en applikasjon ved hjelp av en MSI-fil, bruk win_package modulen. Tilstanden «absent» indikerer at applikasjonen vil bli avinstallert med MSI-filen.
Her avinstallerer vi Apache.
[email protected] ~
$ vi uninstall_msi.yml
---
- name: Avinstallerer Apache MSI
hosts: win
tasks:
- name: Avinstaller MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: absent
Kjør ansible-playbook for å avinstallere med MSI.
[email protected] ~ $ ansible-playbook uninstall_msi.yml PLAY [Avinstallerer Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Avinstaller MSI] ************************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hvis du nå sjekker Apache-versjonen, vil du få utdataene nedenfor, som indikerer at applikasjonen er avinstallert.
C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v 'httpd' is not recognized as an internal or external command, operable program or batch file.
Avinstaller programvare (.EXE)
Du kan også avinstallere programvare med en .exe-fil ved å bruke produkt-ID-en.
[email protected] ~
$ vi uninstall.yml
---
- hosts: win
tasks:
- name: Avinstaller 7-Zip fra exe-fil
win_package:
path: C:Program Files7-ZipUninstall.exe
product_id: 7-Zip
arguments: /S
state: absent
Kjør ansible-playbook for å avinstallere 7-Zip.
[email protected] ~ $ ansible-playbook uninstall.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Avinstaller 7-Zip fra exe-fil] *********************************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Stoppe, starte og omstarte Windows-tjenester
Ansible-modulen win_service brukes til å stoppe, starte eller omstarte en tjeneste. Her skal jeg demonstrere hvordan du stopper Tomcat-tjenesten.
Du må spesifisere tjenestenavnet i YAML-filen og angi statusen til å stoppe.
[email protected] ~
$ vi service.yml
---
- hosts: win
tasks:
- name: Stopp tjenesten Tomcat
win_service:
name: Tomcat8
state: stopped
Kjør ansible-playbook for å stoppe Tomcat-tjenesten.
[email protected] ~ $ ansible-playbook service.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Stopp tjenesten Tomcat] **************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hvis du kontrollerer Tomcat-tjenesten i Windows-systemet, vil du se at den har statusen «stoppet».
Du kan også endre statusen til tjenesten ved å sette den til «started», «restarted» eller «paused».
Hente disk informasjon
Ved å bruke win_disk_facts ansible-modulen kan du hente all diskinformasjon fra målverten.
[email protected] ~
$ vi disk.yml
---
- hosts: win
tasks:
- name: Hent disk info
win_disk_facts:
- name: Vis første disk størrelse
debug:
var: ansible_facts.disks[0].size
- name: Konverter første systemdisk til ulike formater
debug:
msg: '{{ disksize_gib }} vs {{ disksize_gib_human }}'
vars:
# Hent første systemdisk
disk: '{{ ansible_facts.disks|selectattr("system_disk")|first }}'
# Vis diskstørrelse i Gibibytes
disksize_gib_human: '{{ disk.size|filesizeformat(true) }}'
disksize_gib: '{{ (disk.size/1024|pow(3))|round|int }} GiB'
Kjør ansible-playbook for å hente diskinformasjonen.
[email protected] ~
$ ansible-playbook disk.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Hent disk info] ************************************************************************************************************************
ok: [192.168.0.102]
TASK [Vis første disk størrelse] ****************************************************************************************************************
ok: [192.168.0.102] => {
"ansible_facts.disks[0].size": "1000204886016"
}
TASK [Konverter første systemdisk til ulike formater] ****************************************************************************************
ok: [192.168.0.102] => {
"msg": "932 GiB vs 931.5 GiB"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0
Ved å bruke win_command ansible-modulen, kan du utføre kommandoer på den eksterne verten og hente CPU-informasjon, enhetsdetaljer og mye mer.
[email protected] ~
$ vi check.yml
---
- hosts: win
tasks:
- name: Hent disk info
win_command: wmic cpu get caption, deviceid, name, numberofcores, maxclockspeed, status
register: usage
- debug: msg="{{ usage.stdout }}"
Kjør ansible-playbook for å hente ekstern systeminformasjon.
[email protected] ~
$ ansible-playbook check.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Hent info] ************************************************************************************************************************
changed: [192.168.0.102]
TASK [debug] *********************************************************************************************************************************
ok: [192.168.0.102] => {
"msg": "Caption DeviceID MaxClockSpeed
Name
NumberOfCores Status rrnIntel64 Family 6 Model 142 Stepping 9 CPU0 2712 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz 2 OK rrnrrn"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=1 unreachable=0 failed=0
skipped=0 rescued=0
ignored=0
Kjøre kommandoer
Uansett hvilke kommandoer du ønsker å kjøre på Windows, kan du gjøre det med win_command-modulen. Du trenger bare å spesifisere kommandoen i YAML-filen. Her oppretter vi bare en ny katalog.
[email protected] ~
$ vi commands.yml
---
- hosts: win
tasks:
- name: Kjør en eksekverbar fil med win_command
win_command: whoami.exe
- name: Kjør en cmd-kommando
win_command: cmd.exe /c mkdir C:test
Kjør ansible-playbook for å utføre win_command-operasjonen.
[email protected] ~ $ ansible-playbook commands.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Kjør en eksekverbar fil med win_command] *************************************************************************************************** changed: [192.168.0.102] TASK [Kjør en cmd-kommando] ********************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Miljøvariabler
Et Windows-system har flere miljøvariabler, som for eksempel JAVA_HOME. Med win_environment ansible-modulen kan du legge til eller endre miljøvariabler i Windows. I dette eksemplet legger vi til en ny variabel i listen over miljøvariabler i Windows.
[email protected] ~
$ vi env.yml
---
- hosts: win
tasks:
- name: Sett en miljøvariabel for alle brukere
win_environment:
state: present
name: NewVariable
value: New Value
level: machine
Kjør ansible-playbook for å legge til miljøvariabelen på en ekstern Windows-maskin.
[email protected] ~ $ ansible-playbook env.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Sett en miljøvariabel for alle brukere] ********************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Gå til vinduet for miljøvariabler; du vil se den nye variabelen som er lagt til her.
Legg til eller rediger register
win_regedit ansible-modulen brukes til å legge til eller redigere registerdetaljer på en ekstern Windows-maskin. Du må spesifisere registerstien og innholdet som skal legges til eller oppdateres. Her lager vi en ny registeroppføring tipsbilk.net i HKLM:SOFTWARE-banen og legger deretter til navn og data til dette registeret.
[email protected] ~
$ vi registry.yml
---
- hosts: win
tasks:
- name: Oppretter et register
win_regedit:
path: HKLM:SOFTWAREtipsbilk.net
- name: Modifiserer et register, legger til navn og data
win_regedit:
path: HKLM:SOFTWAREtipsbilk.net
name: Geek
data: Flare
Kjør ansible-playbook for å legge til registeret.
[email protected] ~ $ ansible-playbook registry.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Oppretter et register] ******************************************************************************************************************* changed: [192.168.0.102] TASK [Modifiserer et register, legger til navn og data] ******************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hvis du går til Registerredigering på det eksterne systemet, vil du se at registeret er lagt til med navnet og dataparametere.
Slett logger
win_eventlog ansible-modulen brukes til å legge til, slette eller fjerne Windows-hendelseslogger fra Windows-systemet.
Gå til Windows Powershell og list opp EventLogs som finnes på den eksterne Windows-maskinen.
PS C:Userstipsbilk.net> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 20 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,828 System
15,360 0 OverwriteAsNeeded 3,662 Windows PowerShell
Nå skal jeg vise hvordan du fjerner loggene fra alle kilder for Internet Explorer.
[email protected] ~
$ vi log.yml
---
- hosts: win
tasks:
- name: Fjern Internet Explorer Logger
win_eventlog:
name: Internet Explorer
state: absent
Kjør ansible-playbook for å fjerne Internet Explorer-logger fra den eksterne Windows-maskinen.
[email protected] ~ $ ansible-playbook log.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Fjern Internet Explorer Logger] ********************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hvis du viser hendelsesloggene igjen, vil du se at Internet Explorer-loggene er fjernet.
PS C:Userstipsbilk.net> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,835 System
15,360 0 OverwriteAsNeeded 56 Windows PowerShell
Dette var en demonstrasjon av Ansible playbooks som kan brukes for fjernadministrasjon av Windows. Du oppfordres til å prøve disse playbookene. Du kan også utforske andre Ansible Windows-moduler.