1、ansible控制端配置:
pip安装pywinrm(用于Windows远程管理(WinRM)的Python库)
如果没有安装pip请参考:http://blog.chinaunix.net/uid-23123710-id-5758166.html
-
pip install pywinrm
-
pip list
-
hosts配置内容:
2、windows系统配置:
windows os : Microsoft Windows Server 2008 Enterprise with sp2 x64
-
安装Framework 3.0+
-
下载地址:
-
请将powershell版本升级至3.0+
-
更改powershell策略为remotesigned
-
PS C:\Users\Administrator> get-executionpolicy
-
Restricted
-
PS C:\Users\Administrator> set-executionpolicy remotesigned
-
-
执行策略更改
-
执行策略可帮助你防止执行不信任的脚本。更改执行策略可能会产生安全风险,如 中的 about_Execution_Policies 帮助主题所述。是否要更改执行策略?[Y] 是(Y) [N] 否(N) [S] 挂起(S) [?] 帮助 (默认值为“Y”): Y
-
PS C:\Users\Administrator> get-executionpolicy
-
RemoteSigned
-
-
PS C:\Users\Administrator> get-host
-
-
-
Name : ConsoleHost
-
Version : 3.0
-
InstanceId : 0a2c5eec-ea75-4a91-ad51-de7302284797
-
UI : System.Management.Automation.Internal.Host.InternalHostUserInterface
-
CurrentCulture : zh-CN
-
CurrentUICulture : zh-CN
-
PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
-
IsRunspacePushed : False
-
Runspace : System.Management.Automation.Runspaces.LocalRunspace
设置windows远端管理(WS-Management,WinRM)
-
查看状态,无返回信息,则没有启动;
-
PS C:\Users\Administrator> winrm enumerate winrm/config/listener
-
Listener
-
Address = *
-
Transport = HTTP
-
Port = 5985
-
Hostname
-
Enabled = true
-
URLPrefix = wsman
-
CertificateThumbprint
-
ListeningOn = 127.0.0.1, 192.168.3.73, ::1, fe80::100:7f:fffe%12, fe80::5efe:192.168.3.73%11, fe80::8cb4:1d6d:577c:5
-
5d4%10
-
-
Listener
-
Address = *
-
Transport = HTTPS
-
Port = 5986
-
Hostname = WIN-PRHX9BK7A3E
-
Enabled = true
-
URLPrefix = wsman
-
CertificateThumbprint = 1A74B363EAB1FA671E0DA02E8693952F5D96D841
-
ListeningOn = 127.0.0.1, 192.168.3.73, ::1, fe80::100:7f:fffe%12, fe80::5efe:192.168.3.73%11, fe80::8cb4:1d6d:577c:5
-
5d4%10
-
-
#对winrm service进行基础配置:
-
PS C:\Users\Administrator> winrm quickconfig
-
已在此计算机上运行 WinRM 服务。
-
在此计算机上设置了 WinRM 以进行远程管理。
-
-
查看winrm service listener:
-
PS C:\Users\Administrator> winrm e winrm/config/listener
-
Listener
-
Address = *
-
Transport = HTTP
-
Port = 5985
-
Hostname
-
Enabled = true
-
URLPrefix = wsman
-
CertificateThumbprint
-
ListeningOn = 127.0.0.1, 192.168.3.73, ::1, fe80::100:7f:fffe%12, fe80::5efe:192.168.3.73%11, fe80::8cb4:1d6d:577c:5
-
5d4%10
-
-
Listener
-
Address = *
-
Transport = HTTPS
-
Port = 5986
-
Hostname = WIN-PRHX9BK7A3E
-
Enabled = true
-
URLPrefix = wsman
-
CertificateThumbprint = 1A74B363EAB1FA671E0DA02E8693952F5D96D841
-
ListeningOn = 127.0.0.1, 192.168.3.73, ::1, fe80::100:7f:fffe%12, fe80::5efe:192.168.3.73%11, fe80::8cb4:1d6d:577c:5
-
5d4%10
-
-
winrm service配置auth:
-
PS C:\Users\Administrator> winrm set winrm/config/service/auth '@{Basic="true"}'
-
Auth
-
Basic = true
-
Kerberos = true
-
Negotiate = true
-
Certificate = false
-
CredSSP = false
-
CbtHardeningLevel = Relaxed
-
-
#winrm service配置加密方式为允许非加密:
-
PS C:\Users\Administrator> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-
Service
-
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
-
MaxConcurrentOperations = 4294967295
-
MaxConcurrentOperationsPerUser = 1500
-
EnumerationTimeoutms = 240000
-
MaxConnections = 300
-
MaxPacketRetrievalTimeSeconds = 120
-
AllowUnencrypted = true
-
Auth
-
Basic = true
-
Kerberos = true
-
Negotiate = true
-
Certificate = false
-
CredSSP = false
-
CbtHardeningLevel = Relaxed
-
DefaultPorts
-
HTTP = 5985
-
HTTPS = 5986
-
IPv4Filter = *
-
IPv6Filter = *
-
EnableCompatibilityHttpListener = false
-
EnableCompatibilityHttpsListener = false
-
CertificateThumbprint
-
AllowRemoteAccess = true
测试windows可用模块
执行powershell脚本:
乱码问题:
对命令输出的信息进行utf-8编码,修改winrm模块的protocol.py
-
sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode('gbk').encode('utf-8'))#g" /usr/lib/python2.6/site-packages/winrm/protocol.py
-
sed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode('gbk').encode('utf-8'))#g" /usr/lib/python2.6/site-packages/winrm/protocol.py
参考博文:
阅读(2433) | 评论(0) | 转发(0) |
