Using Ansible with Windows hosts - Ansible Tutorial

- [Instructor] Much of enterprise runs Windows as desktop clients. In fact, I'd say most of the enterprises I've worked with do. When thinking about mass management, things like Windows group policy often spring to mind, but Ansible can get in there and do a lot of management and configuration more easily than GP. I think most folks are using Ansible to operate against their Windows servers though. It's common to configure apps, manage updates, run commands, or even execute PowerShell scripts. Before I start running playbooks, I first want to review my inventory. There are a few changes I've made just for the purpose of connecting to Windows hosts. Take a look at the Windows group here. I don't really see anything unique about the host I've created here, and that's because I put everything in the Group vars section. I'm first setting the Ansible_connection to use Win RM, short for Windows Remote Management, instead of SSH. Supporting Windows for SSH is getting better, but right now, Win RM is more reliable for most Ansible modules. I'm then setting up the Win RM scheme. Here I'm setting it to HTTP rather than HTTPS, which is the easiest way to get up and running since I don't have to deal with certs. Next is the Win RM port, and last, the authentication method. Since this host isn't on a domain, I'll do NTLM authentication. If I need Ansible to join a host to a domain, I'll use NTLM to start, and once it's connected, I'll change authentication methods. Notice here that I also set the Become method to run-as, and a lot of Linux I'll use sudu, whereas in Windows, when I want to escalate privileges, I'll run as administrator. I'm going to start my demo by running Windows updates. Here at the top of my playbook, I have something new, a vars prompt section. I'm using this to prompt me from my Windows password, and making it private so that it won't be shown on screen. I'm going to shrink the terminal so I can see more of the playbook. I'm next using the win updates module to perform my updates. Here in my example, I'm just checking for critical updates, but I could easily uncommon any of the additional options for a myriad of different types. The next thing to notice is the state parameter. Here I have it set to search, which essentially just checks if any updates are available, much like running it in check mode. Other options would be downloaded, which pulls the updates but doesn't install. Last would be installed, which will ensure the updates are applied. Last here I'm going to print out what was found. Let me adjust the terminal back up so I can see more output. I'll run the playbook with Ansible-Playbook-i inventory Windows.yml. Now for my password, I will scroll up a little bit and take a look at the output, and I can see that it's showing some critical updates are available. It really is just that easy. I know sometimes it makes sense to run some arbitrary commands, or even a PowerShell script. I'll let it my playbook so that I can run a quick command. I'll start by commenting out the previous tasks, just let it runs a little bit faster. I'll now paste it in my script. This will run a quick command to clear out the logs on a remote Windows Server. All right, I'll save my playbook and give it a quick rerun. This should at least give you a little taste of automating Windows hosts.