Jeg vil vise deg flere operasjoner som en administrator kan utføre på et eksternt Windows-system ved å bruke ansible-playbook.
Ansible er et av de mest brukte DevOps-verktøyene på markedet i dag. Den gir en haug med Windows-moduler som brukes til å konfigurere og administrere Windows-serveren. Jeg antar at du allerede har Ansible installert på Windows der du vil administrere Windows-serverne.
Følgende er noen av de vanligste oppgavene som utføres av Windows-administratorer på daglig basis. Du vil bli overrasket over å se hvor enkelt det administreres Windows ved hjelp av Ansible.
IP-adressen til Ansible Windows-kontrollermaskinen min er 192.168.0.106, og IP-adressen til det eksterne Windows-systemet mitt er 192.168.0.102. Før du starter, sørg for at du kjører en win_ping-modul for å sjekke om du er i stand til å koble til Windows ekstern server eller ikke.
[email protected] ~
$ ansible win -m win_ping
192.168.0.102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Min tilkobling til en ekstern vert er vellykket.
Så la oss komme i gang med Ansible Playbooks…
Innholdsfortegnelse
Kopiere filer
win_copy er en mulig modul som kopierer en fil fra den lokale serveren til en ekstern Windows-vert. Jeg vil bruke denne modulen til å kopiere en enkelt PDF.
Bruk YAML-koden nedenfor, oppgi kilde- og destinasjonsbanene.
[email protected] ~
$ vi copy.yml
---
- hosts: win
tasks:
- name: Copy File
win_copy:
src: C:output.pdf
dest: C:ansible_examples
remote_src: yes
Kjør ansible-playbook for win_copy.
[email protected] ~ $ ansible-playbook copy.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Copy File] ***************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Filen har blitt kopiert til målstedet på et eksternt Windows-system.
Installer/avinstaller MSI
For å installere en applikasjon som bruker MSI-filen, må du bruke win_get_url for å nevne banen til MSI-filen som skal lastes ned, og deretter bruke win_package-modulen til å installere den. Tilstanden tilstede betyr at MSI-en vil bli installert på maskinen, og applikasjonen er i den nåværende tilstanden.
Her installerer jeg Apache.
YAML-kode som skal brukes:
[email protected] ~
$ vi msi.yml
---
- name: Installing Apache MSI
hosts: win
tasks:
- name: Download the Apache installer
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Install MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: present
Kjør ansible-playbook for å installere med MSI.
[email protected] ~ $ ansible-playbook msi.yml PLAY [Installing Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Download the Apache installer] ********************************************************************************************************* changed: [192.168.0.102] TASK [Install MSI] *************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Gå nå til Windows-systemet og sjekk om apache-applikasjonen ble installert.
C:Userstipsbilk.net>cd C:Program Files (x86)Apache Software FoundationApache2.2bin C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v Server version: Apache/2.2.25 (Win32) Server built: Jul 10 2013 01:52:12
Du kan også installere applikasjoner ved å bruke MSI med argumenter. Nedenfor er det samme eksempelet som ovenfor, men i stedet for en tilstand, bruker vi et installeringsargument for å installere apache.
YAML-kode som skal brukes:
---
- name: Installing Apache MSI
hosts: win
tasks:
- name: Download the Apache installer
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Install MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
arguments:
- /install
- /passive
- /norestart
For å avinstallere en applikasjon ved hjelp av MSI-filen, må du bruke win_package-modulen. Tilstanden fraværende betyr at applikasjonen vil bli avinstallert ved hjelp av MSI-filen.
Her avinstallerer jeg Apache.
[email protected] ~
$ vi uninstall_msi.yml
---
- name: UnInstalling Apache MSI
hosts: win
tasks:
- name: UnInstall MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: absent
Kjør ansible-playbook for å avinstallere med MSI.
[email protected] ~ $ ansible-playbook uninstall_msi.yml PLAY [UnInstalling Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [UnInstall MSI] ************************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Nå, hvis jeg sjekker apache-versjonen, vil jeg få utdataene nedenfor når applikasjonen ble avinstallert.
C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v 'httpd' is not recognized as an internal or external command, operable program or batch file.
Avinstaller programvare (.EXE)
Du kan også avinstallere programvare med .exe-fil ved å bruke produkt-ID-en til den programvaren.
[email protected] ~
$ vi uninstall.yml
---
- hosts: win
tasks:
- name: Uninstall 7-Zip from the exe
win_package:
path: C:Program Files7-ZipUninstall.exe
product_id: 7-Zip
arguments: /S
state: absent
Kjør ansible-playbook for å avinstallere 7-Zip.
[email protected] ~ $ ansible-playbook uninstall.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Uninstall 7-Zip from the exe] *********************************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Stopp/start/start Windows-tjenester på nytt
win_service ansible-modulen brukes til å starte, stoppe eller starte en tjeneste på nytt. Her vil jeg vise deg hvordan du stopper tomcat-tjenesten.
Du må nevne tjenestenavnet i YAML-filen og angi at tilstanden skal stoppe.
[email protected] ~
$ vi service.yml
---
- hosts: win
tasks:
- name: Stop service Tomcat
win_service:
name: Tomcat8
state: stopped
Kjør ansible-playbook for å stoppe tomcat-tjenesten.
[email protected] ~ $ ansible-playbook service.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Stop service Tomcat] **************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hvis du sjekker tomcat-tjenesten på Windows-systemet, er den nå i stoppet status.
Du kan definere status til startet eller omstartet eller satt på pause for å endre statusen til tjenesten.
Innhenting av fakta
Ved å bruke win_disk_facts ansible modul kan du hente all diskinformasjonen til målverten.
[email protected] ~
$ vi disk.yml
---
- hosts: win
tasks:
- name: Get disk facts
win_disk_facts:
- name: Output first disk size
debug:
var: ansible_facts.disks[0].size
- name: Convert first system disk into various formats
debug:
msg: '{{ disksize_gib }} vs {{ disksize_gib_human }}'
vars:
# Get first system disk
disk: '{{ ansible_facts.disks|selectattr("system_disk")|first }}'
# Show disk size in Gibibytes
disksize_gib_human: '{{ disk.size|filesizeformat(true) }}'
disksize_gib: '{{ (disk.size/1024|pow(3))|round|int }} GiB'
Kjør ansible-playbook for å få diskinformasjonen.
[email protected] ~
$ ansible-playbook disk.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Get disk facts] ************************************************************************************************************************
ok: [192.168.0.102]
TASK [Output first disk size] ****************************************************************************************************************
ok: [192.168.0.102] => {
"ansible_facts.disks[0].size": "1000204886016"
}
TASK [Convert first system disk into various formats] ****************************************************************************************
ok: [192.168.0.102] => {
"msg": "932 GiB vs 931.5 GiB"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0
Ved å bruke win_command ansible-modulen kan du utføre kommandoer på den eksterne verten og få CPU-informasjon, enhetsdetaljer og mye mer.
wdzwd[email protected] ~
$ vi check.yml
---
- hosts: win
tasks:
- name: Get disk facts
win_command: wmic cpu get caption, deviceid, name, numberofcores, maxclockspeed, status
register: usage
- debug: msg="{{ usage.stdout }}"
Kjør ansible-playbook for å få ekstern systeminformasjon.
[email protected] ~
$ ansible-playbook check.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Get facts] ************************************************************************************************************************
changed: [192.168.0.102]
TASK [debug] *********************************************************************************************************************************
ok: [192.168.0.102] => {
"msg": "Caption DeviceID MaxClockSpeed
Name
NumberOfCores Status rrnIntel64 Family 6 Model 142 Stepping 9 CPU0 2712 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz 2 OK rrnrrn"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=1 unreachable=0 failed=0
skipped=0 rescued=0
ignored=0
Kjører kommandoer
Uansett hvilke kommandoer du kjører på et vindu, kan de kjøres gjennom den mulige win_command-modulen. Du trenger bare å spesifisere kommandoen i YAML-filen. Her lager jeg bare en katalog.
[email protected] ~
$ vi commands.yml
---
- hosts: win
tasks:
- name: run an executable using win_command
win_command: whoami.exe
- name: run a cmd command
win_command: cmd.exe /c mkdir C:test
Kjør ansible-playbook for å utføre win_command-operasjon.
[email protected] ~ $ ansible-playbook commands.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [run an executable using win_command] *************************************************************************************************** changed: [192.168.0.102] TASK [run a cmd command] ********************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Miljøvariabler
Et Windows-system har flere miljøvariabler, for eksempel JAVA_HOME. Ved å bruke win_environment ansible-modulen kan du legge til eller endre miljøvariabler på et Windows-system. I dette eksemplet legger jeg til en ny variabel i listen over miljøvariabler i Windows.
[email protected] ~
$ vi env.yml
---
- hosts: win
tasks:
- name: Set an environment variable for all users
win_environment:
state: present
name: NewVariable
value: New Value
level: machine
Kjør ansible-playbook for å legge til miljøvariabelen på en ekstern Windows-maskin.
[email protected] ~ $ ansible-playbook env.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Set an environment variable for all users] ********************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Gå til vinduet for miljøvariabler; du vil se den nye variabelen du nettopp la til er til stede her.
Legg til/rediger register
win_regedit ansible-modulen brukes til å legge til eller redigere registerdetaljer på en ekstern Windows-maskin. Du må angi banen til registeret og innholdet som skal legges til/oppdateres. Her lager jeg en ny registeroppføring tipsbilk.net i HKLM:SOFTWARE-banen og legger deretter til navn og data til dette registeret.
[email protected] ~
$ vi registry.yml
---
- hosts: win
tasks:
- name: Creating a registry
win_regedit:
path: HKLM:SOFTWAREtipsbilk.net
- name: Modifying a registry, adding name and data
win_regedit:
path: HKLM:SOFTWAREtipsbilk.net
name: Geek
data: Flare
Kjør ansible-playbook for å legge til registret.
[email protected] ~ $ ansible-playbook registry.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Creating a registry] ******************************************************************************************************************* changed: [192.168.0.102] TASK [Modifying a registry, adding name and data] ******************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Hvis du går til Registerredigering på det eksterne systemet, kan du se at dette registret har blitt lagt til med navn og dataparametere.
Slett logg
win_eventlog ansible-modulen brukes til å legge til, slette eller fjerne Windows-hendelseslogger fra Windows-systemet.
Gå til Windows Powershell, og liste opp EventLogs som finnes på den eksterne Windows-maskinen.
PS C:Userstipsbilk.net> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 20 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,828 System
15,360 0 OverwriteAsNeeded 3,662 Windows PowerShell
Nå skal jeg vise hvordan du fjerner logger fra alle kilder for Internet Explorer.
[email protected] ~
$ vi log.yml
---
- hosts: win
tasks:
- name: Remove Internet Explorer Logs
win_eventlog:
name: Internet Explorer
state: absent
Kjør ansible-playbook for å fjerne Internet Explorer fra den eksterne Windows-maskinen.
[email protected] ~ $ ansible-playbook log.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Remove Internet Explorer Logs] ********************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Nå, hvis du viser hendelsesloggene igjen, vil du se at Internet Explorer-loggene er fjernet.
PS C:Userstipsbilk.net> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,835 System
15,360 0 OverwriteAsNeeded 56 Windows PowerShell
Så det handlet om Ansible playbooks, som kan brukes til ekstern administrasjon av Windows. Gå videre og prøv disse lekebøkene. Du kan også prøve andre Ansible Windows-moduler tilgjengelig.