9 Ansible Playbooks Eksempel for Windows-administrasjon

Jeg vil vise deg flere operasjoner som en administrator kan utføre på et eksternt Windows-system ved å bruke ansible-playbook.

Ansible er et av de mest brukte DevOps-verktøyene på markedet i dag. Den gir en haug med Windows-moduler som brukes til å konfigurere og administrere Windows-serveren. Jeg antar at du allerede har Ansible installert på Windows der du vil administrere Windows-serverne.

Følgende er noen av de vanligste oppgavene som utføres av Windows-administratorer på daglig basis. Du vil bli overrasket over å se hvor enkelt det administreres Windows ved hjelp av Ansible.

IP-adressen til Ansible Windows-kontrollermaskinen min er 192.168.0.106, og IP-adressen til det eksterne Windows-systemet mitt er 192.168.0.102. Før du starter, sørg for at du kjører en win_ping-modul for å sjekke om du er i stand til å koble til Windows ekstern server eller ikke.

[email protected] ~
$ ansible win -m win_ping
192.168.0.102 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Min tilkobling til en ekstern vert er vellykket.

Så la oss komme i gang med Ansible Playbooks…

Kopiere filer

win_copy er en mulig modul som kopierer en fil fra den lokale serveren til en ekstern Windows-vert. Jeg vil bruke denne modulen til å kopiere en enkelt PDF.

Bruk YAML-koden nedenfor, oppgi kilde- og destinasjonsbanene.

[email protected] ~
$ vi copy.yml
---

- hosts: win

  tasks:

  - name: Copy File

    win_copy:

      src: C:output.pdf

      dest: C:ansible_examples
     
      remote_src: yes

Kjør ansible-playbook for win_copy.

[email protected] ~
$ ansible-playbook copy.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Copy File] *****************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Filen har blitt kopiert til målstedet på et eksternt Windows-system.

Installer/avinstaller MSI

For å installere en applikasjon som bruker MSI-filen, må du bruke win_get_url for å nevne banen til MSI-filen som skal lastes ned, og deretter bruke win_package-modulen til å installere den. Tilstanden tilstede betyr at MSI-en vil bli installert på maskinen, og applikasjonen er i den nåværende tilstanden.

Her installerer jeg Apache.

YAML-kode som skal brukes:

[email protected] ~
$ vi msi.yml
---
- name: Installing Apache MSI 
  hosts: win 
 
  tasks:
    - name: Download the Apache installer
      win_get_url:
        url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
        dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi

    - name: Install MSI
      win_package: 
        path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
        state: present

Kjør ansible-playbook for å installere med MSI.

[email protected] ~
$ ansible-playbook msi.yml

PLAY [Installing Apache MSI] *****************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Download the Apache installer] *********************************************************************************************************
changed: [192.168.0.102]

TASK [Install MSI] ***************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=2 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Gå nå til Windows-systemet og sjekk om apache-applikasjonen ble installert.

C:Userstipsbilk.net>cd C:Program Files (x86)Apache Software FoundationApache2.2bin
C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v
Server version: Apache/2.2.25 (Win32)
Server built: Jul 10 2013 01:52:12

Du kan også installere applikasjoner ved å bruke MSI med argumenter. Nedenfor er det samme eksempelet som ovenfor, men i stedet for en tilstand, bruker vi et installeringsargument for å installere apache.

  Windows 11 tastatursnarveier som vil gjøre livet enklere

YAML-kode som skal brukes:

---

- name: Installing Apache MSI 

  hosts: win 

  tasks:

    - name: Download the Apache installer

      win_get_url:

        url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi

        dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi


    - name: Install MSI

      win_package: 

        path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi

        arguments:

          - /install

          - /passive

          - /norestart

For å avinstallere en applikasjon ved hjelp av MSI-filen, må du bruke win_package-modulen. Tilstanden fraværende betyr at applikasjonen vil bli avinstallert ved hjelp av MSI-filen.

Her avinstallerer jeg Apache.

[email protected] ~
$ vi uninstall_msi.yml

---

- name: UnInstalling Apache MSI 

  hosts: win 

  tasks:

    - name: UnInstall MSI

      win_package: 

        path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi

        state: absent

Kjør ansible-playbook for å avinstallere med MSI.

[email protected] ~
$ ansible-playbook uninstall_msi.yml

PLAY [UnInstalling Apache MSI] *****************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [UnInstall MSI] *************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Nå, hvis jeg sjekker apache-versjonen, vil jeg få utdataene nedenfor når applikasjonen ble avinstallert.

C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v 'httpd' is not recognized as an internal or external command,
operable program or batch file.

Avinstaller programvare (.EXE)

Du kan også avinstallere programvare med .exe-fil ved å bruke produkt-ID-en til den programvaren.

[email protected] ~
$ vi uninstall.yml 
---

- hosts: win 

  tasks:

   - name: Uninstall 7-Zip from the exe

     win_package:

       path: C:Program Files7-ZipUninstall.exe

       product_id: 7-Zip

       arguments: /S

       state: absent

Kjør ansible-playbook for å avinstallere 7-Zip.

[email protected] ~
$ ansible-playbook uninstall.yml

PLAY [win] *************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************
ok: [192.168.0.102]

TASK [Uninstall 7-Zip from the exe] ***********************************************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP *************************************************************************************************************************************************************************************
192.168.0.102              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Stopp/start/start Windows-tjenester på nytt

win_service ansible-modulen brukes til å starte, stoppe eller starte en tjeneste på nytt. Her vil jeg vise deg hvordan du stopper tomcat-tjenesten.

Du må nevne tjenestenavnet i YAML-filen og angi at tilstanden skal stoppe.

[email protected] ~
$ vi service.yml
---
- hosts: win 

  tasks: 

   - name: Stop service Tomcat

     win_service:

       name: Tomcat8

       state: stopped

Kjør ansible-playbook for å stoppe tomcat-tjenesten.

[email protected] ~
$ ansible-playbook service.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Stop service Tomcat] ****************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Hvis du sjekker tomcat-tjenesten på Windows-systemet, er den nå i stoppet status.

Du kan definere status til startet eller omstartet eller satt på pause for å endre statusen til tjenesten.

Innhenting av fakta

Ved å bruke win_disk_facts ansible modul kan du hente all diskinformasjonen til målverten.

[email protected] ~
$ vi disk.yml
---
- hosts: win 
  tasks: 
  - name: Get disk facts
    win_disk_facts:

  - name: Output first disk size
    debug:
      var: ansible_facts.disks[0].size

  - name: Convert first system disk into various formats
    debug:
      msg: '{{ disksize_gib }} vs {{ disksize_gib_human }}'
    vars:
      # Get first system disk
      disk: '{{ ansible_facts.disks|selectattr("system_disk")|first }}'

      # Show disk size in Gibibytes
      disksize_gib_human: '{{ disk.size|filesizeformat(true) }}' 
      disksize_gib: '{{ (disk.size/1024|pow(3))|round|int }} GiB'

Kjør ansible-playbook for å få diskinformasjonen.

[email protected] ~
$ ansible-playbook disk.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Get disk facts] ************************************************************************************************************************
ok: [192.168.0.102]

TASK [Output first disk size] ****************************************************************************************************************
ok: [192.168.0.102] => {

"ansible_facts.disks[0].size": "1000204886016"
}

TASK [Convert first system disk into various formats] ****************************************************************************************
ok: [192.168.0.102] => {
"msg": "932 GiB vs 931.5 GiB"
}

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Ved å bruke win_command ansible-modulen kan du utføre kommandoer på den eksterne verten og få CPU-informasjon, enhetsdetaljer og mye mer.

wdzwd[email protected] ~
$ vi check.yml
---
- hosts: win 
  tasks:
   - name: Get disk facts
     win_command: wmic cpu get caption, deviceid, name, numberofcores, maxclockspeed, status
     register: usage

   - debug: msg="{{ usage.stdout }}"

Kjør ansible-playbook for å få ekstern systeminformasjon.

[email protected] ~
$ ansible-playbook check.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Get facts] ************************************************************************************************************************
changed: [192.168.0.102]

TASK [debug] *********************************************************************************************************************************
ok: [192.168.0.102] => {
"msg": "Caption DeviceID MaxClockSpeed
Name
NumberOfCores Status rrnIntel64 Family 6 Model 142 Stepping 9 CPU0 2712 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz 2 OK rrnrrn"
}

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=1 unreachable=0 failed=0
skipped=0 rescued=0
ignored=0

Kjører kommandoer

Uansett hvilke kommandoer du kjører på et vindu, kan de kjøres gjennom den mulige win_command-modulen. Du trenger bare å spesifisere kommandoen i YAML-filen. Her lager jeg bare en katalog.

[email protected] ~
$ vi commands.yml
---

- hosts: win 

  tasks:

   - name: run an executable using win_command

     win_command: whoami.exe


   - name: run a cmd command

      win_command: cmd.exe /c mkdir C:test

Kjør ansible-playbook for å utføre win_command-operasjon.

[email protected] ~
$ ansible-playbook commands.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [run an executable using win_command] ***************************************************************************************************
changed: [192.168.0.102]

TASK [run a cmd command] *********************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=2 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Miljøvariabler

Et Windows-system har flere miljøvariabler, for eksempel JAVA_HOME. Ved å bruke win_environment ansible-modulen kan du legge til eller endre miljøvariabler på et Windows-system. I dette eksemplet legger jeg til en ny variabel i listen over miljøvariabler i Windows.

[email protected] ~
$ vi env.yml
---
- hosts: win 
  tasks:
   - name: Set an environment variable for all users
     win_environment:
       state: present
       name: NewVariable
       value: New Value
       level: machine

Kjør ansible-playbook for å legge til miljøvariabelen på en ekstern Windows-maskin.

[email protected] ~
$ ansible-playbook env.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Set an environment variable for all users] *********************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Gå til vinduet for miljøvariabler; du vil se den nye variabelen du nettopp la til er til stede her.

  Fiks Nvidia-brukerkonto låst i Windows 10

Legg til/rediger register

win_regedit ansible-modulen brukes til å legge til eller redigere registerdetaljer på en ekstern Windows-maskin. Du må angi banen til registeret og innholdet som skal legges til/oppdateres. Her lager jeg en ny registeroppføring tipsbilk.net i HKLM:SOFTWARE-banen og legger deretter til navn og data til dette registeret.

[email protected] ~
$ vi registry.yml
---

- hosts: win 

  tasks:

   - name: Creating a registry

     win_regedit:

      path: HKLM:SOFTWAREtipsbilk.net

   - name: Modifying a registry, adding name and data

     win_regedit:

      path: HKLM:SOFTWAREtipsbilk.net

      name: Geek

      data: Flare

Kjør ansible-playbook for å legge til registret.

[email protected] ~
$ ansible-playbook registry.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Creating a registry] *******************************************************************************************************************
changed: [192.168.0.102]

TASK [Modifying a registry, adding name and data] ********************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=2 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Hvis du går til Registerredigering på det eksterne systemet, kan du se at dette registret har blitt lagt til med navn og dataparametere.

  Fiks Nvidia-brukerkonto låst i Windows 10

Slett logg

win_eventlog ansible-modulen brukes til å legge til, slette eller fjerne Windows-hendelseslogger fra Windows-systemet.

Gå til Windows Powershell, og liste opp EventLogs som finnes på den eksterne Windows-maskinen.

PS C:Userstipsbilk.net> Get-EventLog -List                                                                                 
  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      33,549 Application
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder             20 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         190 OAlerts
                                              Security
  20,480      0 OverwriteAsNeeded      44,828 System
  15,360      0 OverwriteAsNeeded       3,662 Windows PowerShell

Nå skal jeg vise hvordan du fjerner logger fra alle kilder for Internet Explorer.

[email protected] ~
$ vi log.yml
---
- hosts: win 
  tasks:
   - name: Remove Internet Explorer Logs
     win_eventlog:
      name: Internet Explorer
      state: absent

Kjør ansible-playbook for å fjerne Internet Explorer fra den eksterne Windows-maskinen.

[email protected] ~
$ ansible-playbook log.yml

PLAY [win] *************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************
ok: [192.168.0.102]

TASK [Remove Internet Explorer Logs] **********************************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP *************************************************************************************************************************************************************************************
192.168.0.102              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Nå, hvis du viser hendelsesloggene igjen, vil du se at Internet Explorer-loggene er fjernet.

PS C:Userstipsbilk.net> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      33,549 Application
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         190 OAlerts
                                              Security
  20,480      0 OverwriteAsNeeded      44,835 System
  15,360      0 OverwriteAsNeeded          56 Windows PowerShell

Så det handlet om Ansible playbooks, som kan brukes til ekstern administrasjon av Windows. Gå videre og prøv disse lekebøkene. Du kan også prøve andre Ansible Windows-moduler tilgjengelig.

x