In this tutorial I will explain how to configure Ansible for domain joined servers and workstations
First install fresh core centos 7 machine.
After you finish install it, lets disable the network manager by using this command.
[root@cetnos /]#systemctl disable NetworkManager
lets check our network interfaces by using the command:
[root@cetnos /]# ip addr
We can see that we get IP address 192.168.10.6 on interface ens33
So lets change this from DHCP to static IP and add the DNS servers, we do it by changing the interface config file.
[root@cetnos /]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
Please add the Marked lines to your network interface config file.
Now save it by using this command :qw!
Please reboot the server for changes will take effect.
After the system has finish to reboot we need to change one last thing before we join this machine to the domain, please open resolve.conf file by using this command:
[root@cetnos /]# vi /etc/resolv.conf
Make sure that you add your Domain name here and you have the IP address of your DNS servers, don’t forget to save it by using this command :qw!
Test your network. Make sure you can resolve DNS correctly,to do that we need to Install BIND utilities for nslookup.
[root@ansible ~]# yum -y install bind-utils
nslookup (your windows server ip)
This command will query the AD server for without a fully qualified name and also reverse lookup on the IP address.
Configure the Ansible Environment
Install Prerequisite Packages
Use Yum to install the following packages.
- Install GCC required for Kerberos
[root@ansible ~]# sudo yum group install "Development Tools"
- Install requests_kerberos
[root@ansible ~]# pip install kerberos requests_kerberos
- Install Kerberos
[root@ansible ~]# pip install kerberos
- Install the Kerberos wrapper
[root@ansible ~]# pip install pywinrm[Kerberos]
- Install EPEL
[root@ansible ~]#yum -y install epel-release
- Install Ansible
[root@ansible ~]#yum -y install ansible
- Install Kerberos
[root@ansible ~]#yum -y install python-devel krb5-devel krb5-libs krb5-workstation
- Install Python PIP
[root@ansible ~]#yum -y install python-pip
- Bring all packages up to the latest version
[root@ansible ~]#yum -y update
Check that Ansible and Python is Installed
[root@ansible ~]#ansible --version [root@ansible ~]#python --version
Kerberos packages were installed previously which will have created /etc/krb5.conf
- Edit /etc/krb5.conf
Enter this command and put your password if you don’t have any error it mean that we good to go.
[root@ansible ~]#kinit email@example.com
You will be prompted for the administrator password
You should see a Kerberos KEYRING record by enter the command klist
The core configuration of Ansible resides at /etc/ansible
Update the Ansible Inventory file
Edit /etc/ansible/hosts file and add:
Update the Ansible Group Variables for Windows
Ansible Group Variables are variable settings for a specific inventory group. In this case, we will create the group variables for the “windows” servers created in the /etc/ansible/hosts file.
- Create /etc/ansible/group_vars/windows and add:
Make sure that your domain user is domain admin!
Configure Windows Servers to Manage
To configure the Windows 10 for remote management by Ansible requires a bit of work. Luckily the Ansible team has created a PowerShell script for this. Download this script from [here] to each Windows Machine to manage and run this script as Administrator.
Log into Win10 as Administrator, download ConfigureRemotingForAnsible.ps1 and run this PowerShell script without any parameters.
Once this command has been run on the Win10, return to the Ansible1 Controller host.
Test Connectivity to the Windows Server
If all has gone well, we should be able to perform an Ansible PING test command. This command will simply connect to the remote Win10 workstation and report success or failure.
ansible windows -m win_ping