Enable and configure winrm in Windows
In general practice we easy configure and use all unix based systems remotely by ssh. But if we try to get access to windows system remotely, We have to enable and configure winrm service.
In this blog I will explain how to enable and configure
winrm in windows to access by ansible.
Enable Winrm service in windows
If you want to execute PowerShell commands / scripts remotely you need to enable
winrm by following these steps.
- Open PowerShell for admin user.
- Run command
Note This command starts the WinRM service, sets it to start automatically with your system, and creates a firewall rule
that allows incoming connections. The -Force part of the cmdlet tells PowerShell to perform these actions without
prompting you for each step. For more detail on enabling
winrm for PowerShell you can use this link.
Enable and configure winrm for Ansible
If we want to access windows machines through ansible, we need to follow these steps:
Here are the dependencies for ansible to communicate with windows servers.
- Ansible’s supported Windows versions generally match those under current and extended support from Microsoft. Supported desktop OSs include Windows 7, 8.1, and 10, and supported server OSs are Windows Server 2008, 2008 R2, 2012, 2012 R2, and 2016.
- Ansible requires PowerShell 3.0 or newer and at least .NET 4.0 to be installed on the Windows host.
- A WinRM listener should be created and activated. More details for this can be found below.
Upgrading PowerShell and .NET Framework
PowerShell 3.0 and
.NET Framework 4.0 or newer. The base image does not meet these requirements.
Hence you need to upgrade these things. For ease you can use PowerShell script.
Follow these steps to upgrade by PowerShell script you can run following script on powershell terminal.
$enpoint = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Upgrade-PowerShell.ps1" $script_name = "$env:temp\Upgrade-PowerShell.ps1" $username = "Administrator" $password = "Password for Administrator" (New-Object -TypeName System.Net.WebClient).DownloadFile($enpoint, $script_name) Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force # version can be 3.0, 4.0 or 5.1 &$file -Version 5.1 -Username $username -Password $password -Verbose
WinRM Memory Hotfix
When running on PowerShell v3.0, there is a bug with the WinRM service that limits the amount of memory available to WinRM. Without this hotfix installed, Ansible will fail to execute certain commands on the Windows host. You can run following script in PoweShell to apply this memory Hotfix.
$url = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1" $file = "$env:temp\Install-WMF3Hotfix.ps1" (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) powershell.exe -ExecutionPolicy ByPass -File $file -Verbose
Once Powershell has been upgraded to at least version 3.0, the final step is for the WinRM service to be configured so
that Ansible can connect to it. There are two main components of the WinRM service that governs how Ansible can interface
with the Windows host: the
listener and the
service configuration settings.
The script ConfigureRemotingForAnsible.ps1 can be used to set up the basics:
Run the following script in PoweShell:
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" $file = "$env:temp\ConfigureRemotingForAnsible.ps1" (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) powershell.exe -ExecutionPolicy ByPass -File $file
Setup WinRM Listener
There are three ways to configure Winrm Listener. You can read and get more details on the link.
You can follow these steps to enable and configure winrm to communicate with ansible. For more details on this follow The link.
Tags: winrm, Ansible-winrm, windows winrm