ansible在平时运维的时候,是有机会使用到的。
快速入门
安装
- ubuntu
1
| $ sudo pip install paramiko PyYAML Jinja2 httplib2 six
|
- 测试远程连击
1
2
| PS C:\Windows\system32> Enter-PSSession 127.0.0.1 -Credential xxx.com\xxx
[127.0.0.1]: PS C:\Users\xxx\Documents> exit
|
- pywinrm
1
2
3
4
5
6
7
| import winrm
s = winrm.Session('MACHINEHOST', auth=('username@domain', 'password'))
r = s.run_cmd('ipconfig', ['/all'])
print r.status_code
print r.std_out
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| root@xxxxx:/home/xxxxx# ansible 192.168.125.223 -m win_ping
192.168.125.223 | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
root@xxxxx:/home/xxxxx# vim /etc/ansible/hosts
root@xxxxx:/home/xxxxx# ansible 192.168.125.223 -m win_ping
[WARNING]: * Failed to parse /etc/ansible/hosts with yaml plugin: Syntax Error while loading YAML. did not find expected
<document start> The error appears to be in '/etc/ansible/hosts': line 46, column 1, but may be elsewhere in the file depending on
the exact syntax problem. The offending line appears to be: [windows] 192.168.125.223 ansible_ssh_user="admin"
ansible_ssh_pass="xxxxxx" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore ^ here
[WARNING]: * Failed to parse /etc/ansible/hosts with ini plugin: Invalid host pattern 'ansible_winrm_transport:' supplied, ending
in ':' is not allowed, this character is reserved to provide a port.
[WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
192.168.125.223 | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
|
快速配置的时候会出现这样的问题
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
| PS C:\Windows\system32> winrm quickconfig
已在此计算机上运行 WinRM 服务。
WSManFault
Message
ProviderFault
WSManFault
Message = 由于此计算机上的网络连接类型之一设置为公用,因此 WinRM 防火墙例外将不运行。 将网络连接类型更改为域或专用,然后再次尝试。
错误编号: -2144108183 0x80338169
由于此计算机上的网络连接类型之一设置为公用,因此 WinRM 防火墙例外将不运行。 将网络连接类型更改为域或专用,然后再次尝试。
PS C:\Windows\system32> Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.125.*
WinRM 安全配置。
此命令修改 WinRM 客户端的 TrustedHosts 列表。TrustedHosts
列表中的计算机可能不会经过身份验证。该客户端可能会向这些计算机发送凭据信息。是否确实要修改此列表?
[Y] 是(Y) [N] 否(N) [S] 暂停(S) [?] 帮助 (默认值为“Y”): y
通过命令查看当前情况:
[192.168.125.xxx]: PS C:\Users\HY\Documents> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
|
参考