Connect to the Environment
Connect to the deployed Linux and Windows hosts environment using Ansible.
Ansible is an agentless configuration management tool. Instead of relying on an installed agent, it uses remote management protocols to communicate with remote hosts.
Ansible uses SSH to connect to Linux hosts and network devices, and WinRM to connect to Windows.
Host connection options
The following are options available to connect to Linux and Windows hosts:
Linux
SSH
keys over SSH(22)- Username & password over
SSH (22)
Windows
WinRM
over HTTPS (5986)WinRM
over HTTP (5985)
Windows authentication options
You can authenticate with Windows hosts using the following methods:
Option | Local Accounts | Active Directory Accounts | Credential Delegation | HTTP Encryption |
---|---|---|---|---|
Basic | Yes | No | No | No |
Certificate | Yes | No | No | No |
Kerberos | No | Yes | Yes | Yes |
NTLM | Yes | Yes | No | Yes |
CredSSP | Yes | Yes | Yes | Yes |
The table is taken from docs.ansible.com.
How you set up the remote management is dependent on the environment.
Connect to a Windows Host
Ansible uses PowerShell
remoting over WinRM
to connect to Windows hosts. Ansible will attempt to connect to a Windows host using WinRM
over HTTPS
on port 5986
. Windows Server does not have PowerShell
remoting via HTTPS
preconfigured.
We think it best to use Ansible
for all the configurations. Having to configure something before you can use Ansible
is a chicken and egg scenario. You can deal with this problem in one of three ways:
- Bootstrap the WinRM configuration;
AWS
andAzure
provide features that allow you to run scripts at startup.
- Embed the changes into an image;
- Build a custom image that has
WinRM
configured.
- Build a custom image that has
- Use WinRM over HTTP on port 5985;
Windows Server 2012r2
and later have PowerShell remoting configured on port5985
.
We solved this problem by executing the Ansible playbooks Create Windows Virtual Machine in Azure
and AWS
. Each of the playbooks contained a configuration for bootstrapping the WinRM
configuration with a PowerShell script, ConfigureRemotingForAnsible.ps1
.
The script generates self-signed certificates for using HTTPS and modifies the firewall rules to allow HTTPS traffic on port
5896
.
Let’s review the sections for bootstrapping in both AWS and Azure playbooks.
Azure
The azure_create_windows_vm.yaml
playbook uses a CustomScriptExtension to download and execute the PowerShell script, ConfigureRemotingForAnsible.ps1. Review Line 7 and 9 in the playbook below:
Get hands-on with 1200+ tech skills courses.