Connect to the Environment

Connect to the deployed Linux and Windows hosts environment using Ansible.

We'll cover the following

Host connection options

Linux
Windows

Windows authentication options

Connect to a Windows Host

Azure
AWS

Test Windows Host Connectivity
Test Linux Host Connectivity
Troubleshooting tips

Ansible is an agentless configuration management tool. Instead of relying on an installed agent, it uses remote management protocols to communicate with remote hosts.

Ansible uses SSH to connect to Linux hosts and network devices, and WinRM to connect to Windows.

Host connection options

The following are options available to connect to Linux and Windows hosts:

Linux

SSH keys over SSH(22)
Username & password over SSH (22)

Windows

WinRM over HTTPS (5986)
WinRM over HTTP (5985)

Windows authentication options

You can authenticate with Windows hosts using the following methods:

Option	Local Accounts	Active Directory Accounts	Credential Delegation	HTTP Encryption
Basic	Yes	No	No	No
Certificate	Yes	No	No	No
Kerberos	No	Yes	Yes	Yes
NTLM	Yes	Yes	No	Yes
CredSSP	Yes	Yes	Yes	Yes

The table is taken from docs.ansible.com.

How you set up the remote management is dependent on the environment.

Connect to a Windows Host

Ansible uses PowerShell remoting over WinRM to connect to Windows hosts. Ansible will attempt to connect to a Windows host using WinRM over HTTPS on port 5986. Windows Server does not have PowerShell remoting via HTTPS preconfigured.

We think it best to use Ansible for all the configurations. Having to configure something before you can use Ansible is a chicken and egg scenario. You can deal with this problem in one of three ways:

Bootstrap the WinRM configuration;
- AWS and Azure provide features that allow you to run scripts at startup.
Embed the changes into an image;
- Build a custom image that has WinRM configured.
Use WinRM over HTTP on port 5985;
- Windows Server 2012r2 and later have PowerShell remoting configured on port 5985.

We solved this problem by executing the Ansible playbooks Create Windows Virtual Machine in Azure and AWS. Each of the playbooks contained a configuration for bootstrapping the WinRM configuration with a PowerShell script, ConfigureRemotingForAnsible.ps1.

The script generates self-signed certificates for using HTTPS and modifies the firewall rules to allow HTTPS traffic on port 5896.

Let’s review the sections for bootstrapping in both AWS and Azure playbooks.

Azure

The azure_create_windows_vm.yaml playbook uses a CustomScriptExtension to download and execute the PowerShell script, ConfigureRemotingForAnsible.ps1. Review Line 7 and 9 in the playbook below:

Get hands-on with 1200+ tech skills courses.

Getting Started

Ansible Development with Containers

Connect to the Cloud

Starting at the Source

Getting Started with Ad-Hoc Commands and Playbooks

Deploy an Ansible Development Environment

Putting the Ansible Environment to Work

Take Inventory of the Infrastructure

Build Reusable Configurations

Dynamic Inventories for Scaling

Build a CI \ CD pipeline for Ansible with Github Actions

Appendix