通过 Ansible 在 Windows 2022 上安装 IIS Web 服务器

拓扑结构

这是一个用于通过 Ansible 部署 IIS Web 服务器的实验室拓扑。

前提条件：

•  在被管理的节点上安装WinRm
•  准备一张自签名的证书
•  开放防火墙入站tcp 5985 5986端口

准备自签名证书 

PS C:\\Users\\azureuser> $cert = New-SelfSignedCertificate -DnsName "solarwinds" -CertStoreLocation Cert:\\LocalMachine\\My
PS C:\\Users\\azureuser> $cert.Thumbprint
625D9DA3410A9F3FC87D853EA9730B5A8935F150

注册https listener，并绑定证书 

PS C:\\Users\\azureuser> winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="solarwinds"; CertificateThumbprint="625D9DA3410A9F3FC87D853EA9730B5A8935F150"}'

 验证https listener

PS C:\\Users\\azureuser> WinRM e winrm/config/listener

 定义ansible inventory file 

[windows_servers]
solarwinds ansible_host=20.47.126.72 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=azureuser ansible_password=<yourpassword> ansible_winrm_connection_timeout=60

[windows_servers:vars]
ansible_winrm_port=5986

创建ansible playbook

—
– name: Windows Feature
hosts: solarwinds
gather_facts: true

tasks:
– name: Disable Windows Updates Service
win_service:
name: wuauserv
state: stopped
start_mode: disabled

– name: Run ipconfig and return IP address information.
raw: ipconfig
register: ipconfig
– debug: var=ipconfig

# Install and enable IIS on Windows server 2019
– name: Install IIS
win_feature:
name: "Web-Server"
state: present
restart: yes
include_sub_features: yes
include_management_tools: yes
# Copy the index.html file and rename to ansible.html under C:\\inetpub\\wwwroot. Must use \\\\ instead of \\ for accessing directory on Windows server.
– name: Copy index text page
win_copy:
src: "files/index.html"
dest: "C:\\\\inetpub\\\\wwwroot\\\\ansible.html"

创建index.html文件

<html>
<head>
<title>Rock Ansible</title>
</head>
<body>
<h1 style="background-color:DodgerBlue;"> Use Ansible to install and configure IIS on WIndows 2022</h1>
<h3 style="color:Tomato;"> Welcome to Rock's Ansbile Test Page</h3>
</body>
</html>

运行ansible 命令来验证到windows server的链接

(base) ninjamac@ninjamacdeMacBook-Air ansible % ansible -i host1 windows_servers -m win_ping

solarwinds | UNREACHABLE! => {
"changed": false,
"msg": "ntlm: HTTPSConnectionPool(host='20.47.126.72', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))",
"unreachable": true
}

该错误是自签名证书无法被macos信任导致，可以通过加上参数ansible_winrm_server_cert_validation=ignore来解决。

ansible -i host1 windows_servers -m setup -e ansible_winrm_server_cert_validation=ignore

运行ansible playbook

 访问服务器的主页