Skip to main content

Run PowerShell code with Ansible on a Windows Host

Ansible is one of the Configuration Manager kings in the game. With it's easy-to-understand syntax and even easier to use modules, Ansible is certainly a go-to when you're picking what Configuration Management you want to use for your organization. Your question may be "but Ansible is typically on Linux and what happens when I'm in a Windows environment?". Luckily I'm here to tell you that Ansible will still work! I was pleasantly surprised with how easy it is to use Ansible on Windows with a little WinRM magic. Let's get started.

Pre-requisites for this post:
1) WinRM set up to connect to your Windows host from Ansible
2) Ansible set up for Windows Remote Management
3) SSH access to the Ansible host
4) Proper firewall rules to allow WinRM (port 5985) access from your Ansible host to your Windows host
5) Hosts file set up in Ansible that has your IP or hostname of your Windows Server.
6) At least one Linux host running Ansible and one Windows Server host (I'm using Windows Server 2019 for this demonstration)

Let's first head over to /etc/ansible/hosts and confirm we have our setup in place. You may see some other commented out configs in there which are the typical defaults if you're using a new Ansible server.

[windows]                                                                                  winsrv29 ansible_host=YourWindowsServerIP


With our Ansible host up and our Windows Server allowing requests, let's do a quick confirmation that WinRM is doing it's job with a quick ping.

ansible windows -m win_ping

If you do not receive a successful ping, please confirm your firewall accepts ICMP requests (if you're in an organization there may be a reason why your org turned it off) and your Windows Server is accepting requests over port 5985.

Now that we have a successful connection, let's go ahead and run our first PowerShell cmdlet.

ansible windows -m win_shell -a "Get-Service -Name BITS"

Let's analyze the above. we're calling ansible then using windows to call the windows group in our hosts file. Then we use -m that calls a module name which in our case we're using the win_shell module. After that we use the -a to pass args which in our case is the Get-Service cmdlet.

After we run it we should get a response back if the service is running or not.

Running a PowerShell cmdlet is great but what if you have to run a script? Lucky for us we can do that too!

I've created a PowerShell script in /etc/ansible/scripts that simply gets the BITS service and turns it on.

Now let's go ahead and copy our script over to our server by using the win_copy module and running ansible windows -m win_copy -a "src=/etc/ansible/scripts/turnonbits.ps1 dest=C:\\" to copy our script to the C: drive.

Our script is copied over to our location and we're ready to run it!

ansible windows -m win_command -a "powershell.exe -File C:\turnonbits.ps1"

If we run our ansible windows -m win_shell -a "Get-Service -Name BITS" command again, we'll see that BITS is now started!


Post a Comment

Popular posts from this blog

DevOps tooling in the Microsoft realm

When I really started to dive into automation and practicing DevOps with specific tooling, there were a few key players. At the time Microsoft was not one of them. They were just starting to embrace the open source world, including the art and practice of DevOps. Since then Microsoft has went all in and the tech giant has made some incredible tooling. Recently I switched to a Microsoft-heavy environment and I love it. I went from AWS/Python/Ansible/Jenkins to Azure/PowerShell/ARM/Azure DevOps. My first programming language was PowerShell so being back in the saddle allowed me to do a full circle between all of the different types of tooling in both worlds. Today I want to share some of that tooling with you.

The first thing I want to talk about is ARM. What is ARM? ARM is a configuration management tool that allows you to perform software-defined-infrastructure. Much like Ansible and Terraform, ARM allows you to define what you want your environment to look like at scale. With ARM, yo…

Monitoring your containers in an AKS cluster with Prometheus

Monitoring and alerting is arguably one of the most important thing in Cloud Engineering and DevOps. It's the difference between your clients stack being up and a client being down. Most of us have SLA's to abide by (for good reason). Today we're going to learn how to spin up Prometheus in an AKS cluster to monitor our applications.

1. Intermediate knowledge of Kubernetes
2. An AKS cluster spun up in Azure

Recently AKS supports Prometheus via Helm, so we'll use that for an automated solution to spin this up. This installs kube-prometheus, which is a containerized version of the application. With raw Prometheus, there are a few things that are needed for the operator;

1. Prometheus: Defines a desired deployment.
2. ServiceMonitor: Specifies how groups of services should be monitored
3. Alertmanager: Defines the operator to ensure services and deployments are running by matching the resource

With kube-prometheus, it is all packaged for you. This means configuri…