In this article, we will walk you through the process of creating a Windows Server inventory in Ansible. This inventory will then be leveraged in Playbooks to automate tasks such as installing software, configuring services, and performing system updates.
What is an Ansible Inventory?
In Ansible, an inventory is a file where you define the hosts and groups of hosts you wish to manage. For Windows servers, you will need to specify the hostnames or IP addresses of your Windows servers, along with their connection credentials. Ansible supports both static and dynamic inventories, but in most cases, a static inventory will be sufficient for smaller environments.
Steps to Create a Windows Server Inventory in Ansible
Here’s a step-by-step guide to creating a Windows Server inventory for Ansible:
1. Prepare the Hosts File
Ansible uses an inventory file, typically located at /etc/ansible/hosts, but you can also specify a custom inventory file. This file can be in either the INI or YAML format. For managing Windows servers, an INI format is commonly used.
Here is an example of an Ansible inventory file in INI format for Windows servers:
[windows]
windows-server-01 ansible_host=192.168.1.100
windows-server-02 ansible_host=192.168.1.101
windows-server-03 ansible_host=192.168.1.102
[windows:vars]
ansible_user=Administrator
ansible_password=YourPassword
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
In this file:
- [windows]: This is a group that contains all of your Windows servers. You can also organize servers by roles, such as web servers or database servers, by creating different groups.
- windows-server-01, windows-server-02: These are the hostnames or IP addresses of your Windows servers.
- ansible_host: The IP address or DNS name of each Windows server.
- ansible_user: The username you use to authenticate on the Windows server (e.g., “Administrator”).
- ansible_password: The password associated with the username.
- ansible_connection=winrm: Specifies that Ansible will use Windows Remote Management (WinRM) to connect to the Windows hosts.
- ansible_winrm_transport=ntlm: Specifies the transport protocol to use when connecting to Windows servers, NTLM is often used.
- ansible_winrm_server_cert_validation=ignore: Ignores certificate validation issues when connecting via WinRM (useful for self-signed certificates).
2. Verify the Connection
Before you use the inventory in a playbook, it’s important to ensure that Ansible can communicate with your Windows servers. To do this, run the following command:
ansible windows -m win_ping
This will send a ping command to each of your Windows servers in the windows group. If the connection is successful, you will see a response like:
windows-server-01 | SUCCESS | rc=0 >>
pong
If you encounter any issues, verify that WinRM is configured correctly on your Windows servers.
3. Using the Inventory in Ansible Playbooks
Once your inventory is set up, you can use it in your Ansible Playbooks to automate various tasks on your Windows servers. Here’s an example playbook that installs IIS on your Windows servers:
---
- name: Install IIS on Windows Servers
hosts: windows
gather_facts: yes
tasks:
- name: Ensure IIS is installed
win_feature:
name: Web-Server
state: present
In this example:
- The hosts: windows line tells Ansible to target all the servers in the
windowsgroup defined in your inventory. - The win_feature module is used to ensure that the IIS web server feature is installed on each Windows server.
You can run this playbook using the following command:
ansible-playbook -i /path/to/your/inventory.ini install_iis.yml
This will automate the installation of IIS on all the Windows servers listed in your inventory.
Best Practices for Windows Server Inventory in Ansible
Use Ansible Vault for Sensitive Data: Storing passwords in plaintext in your inventory file is not recommended. Instead, use Ansible Vault to encrypt sensitive data such as passwords. You can encrypt the password section of your inventory using the following command:
ansible-vault encrypt_string 'YourPassword' --name 'ansible_password'
- Use Groups for Different Roles: If you have different types of Windows servers (e.g., domain controllers, file servers, etc.), group them accordingly. For example:
[domain_controllers]
dc01 ansible_host=192.168.1.110
dc02 ansible_host=192.168.1.111
[file_servers]
file01 ansible_host=192.168.1.120
- Enable WinRM Properly on Windows Servers: Ensure that WinRM is enabled and properly configured on your Windows servers. You can enable WinRM with the following command on your Windows server:
winrm quickconfig- Use Ansible Dynamic Inventories for Larger Environments: If you have a large environment with frequently changing servers, consider using dynamic inventories. Ansible supports dynamic inventories through scripts or cloud provider plugins (AWS, Azure, etc.).
Creating a Windows Server inventory in Ansible is the first step to automating the management of your Windows servers. By organizing your Windows servers in an inventory file and specifying connection details, you can easily manage them with Ansible Playbooks. This setup allows you to automate tasks like software installation, configuration changes, and system monitoring across your entire Windows infrastructure.
