Mostrarei várias operações que um administrador pode executar em um sistema Windows remoto usando o ansible-playbook.
O Ansible é uma das ferramentas de DevOps mais utilizadas no mercado atualmente. Ele fornece vários módulos do Windows que são usados para configurar e gerenciar o servidor Windows. Suponho que você já tenha o Ansible instalado no Windows de onde deseja gerenciar os servidores Windows.
A seguir estão algumas das tarefas mais usadas executadas pelos administradores do Windows diariamente. Você ficará surpreso ao ver como é fácil administrar o Windows usando o Ansible.
O endereço IP da minha máquina do controlador Windows Ansible é 192.168.0.106 e o endereço IP do meu sistema Windows remoto é 192.168.0.102. Antes de começar, certifique-se de executar um módulo win_ping para verificar se você pode se conectar ao servidor remoto do Windows ou não.
[email protected] ~
$ ansible win -m win_ping
192.168.0.102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Minha conexão com um host remoto foi bem-sucedida.
Então, vamos começar com os Playbooks do Ansible…
últimas postagens
Copiando arquivos
win_copy é um módulo ansible que copia um arquivo do servidor local para um host Windows remoto. Vou usar este módulo para copiar um único PDF.
Use o código YAML abaixo, forneça os caminhos de origem e destino.
[email protected] ~
$ vi copy.yml
---
- hosts: win
tasks:
- name: Copy File
win_copy:
src: C:output.pdf
dest: C:ansible_examples
remote_src: yes
Execute o ansible-playbook para win_copy.
[email protected] ~ $ ansible-playbook copy.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Copy File] ***************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
O arquivo foi copiado com sucesso no local de destino em um sistema Windows remoto.
Instalar/Desinstalar MSI
Para instalar um aplicativo usando o arquivo MSI, você precisa usar win_get_url para mencionar o caminho do arquivo MSI para download e, em seguida, usar o módulo win_package para instalá-lo. O estado presente significa que o MSI será instalado na máquina e o aplicativo está no estado atual.
Aqui, estou instalando o Apache.
Código YAML a ser usado:
[email protected] ~
$ vi msi.yml
---
- name: Installing Apache MSI
hosts: win
tasks:
- name: Download the Apache installer
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Install MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: present
Execute o ansible-playbook para instalar usando o MSI.
[email protected] ~ $ ansible-playbook msi.yml PLAY [Installing Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Download the Apache installer] ********************************************************************************************************* changed: [192.168.0.102] TASK [Install MSI] *************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Agora, vá para o sistema Windows e verifique se o aplicativo apache foi instalado com sucesso.
C:Usersetechpt.com>cd C:Program Files (x86)Apache Software FoundationApache2.2bin C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v Server version: Apache/2.2.25 (Win32) Server built: Jul 10 2013 01:52:12
Você também pode instalar aplicativos usando MSI com argumentos. Abaixo está o mesmo exemplo acima, mas em vez de um estado, estamos usando um argumento de instalação para instalar o apache.
Código YAML a ser usado:
---
- name: Installing Apache MSI
hosts: win
tasks:
- name: Download the Apache installer
win_get_url:
url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
dest: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
- name: Install MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
arguments:
- /install
- /passive
- /norestart
Para desinstalar um aplicativo usando o arquivo MSI, você precisa usar o módulo win_package. O estado ausente significa que o aplicativo será desinstalado usando o arquivo MSI.
Aqui, estou desinstalando o Apache.
[email protected] ~
$ vi uninstall_msi.yml
---
- name: UnInstalling Apache MSI
hosts: win
tasks:
- name: UnInstall MSI
win_package:
path: C:ansible_exampleshttpd-2.2.25-win32-x86-no_ssl.msi
state: absent
Execute o ansible-playbook para desinstalar usando o MSI.
[email protected] ~ $ ansible-playbook uninstall_msi.yml PLAY [UnInstalling Apache MSI] ***************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [UnInstall MSI] ************************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Agora, se eu verificar a versão do apache, obterei a saída abaixo, pois o aplicativo foi desinstalado.
C:Program Files (x86)Apache Software FoundationApache2.2bin>httpd -v 'httpd' is not recognized as an internal or external command, operable program or batch file.
Desinstalar software (.EXE)
Você também pode desinstalar o software com o arquivo .exe usando o ID do produto desse software.
[email protected] ~
$ vi uninstall.yml
---
- hosts: win
tasks:
- name: Uninstall 7-Zip from the exe
win_package:
path: C:Program Files7-ZipUninstall.exe
product_id: 7-Zip
arguments: /S
state: absent
Execute o ansible-playbook para desinstalar o 7-Zip.
[email protected] ~ $ ansible-playbook uninstall.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Uninstall 7-Zip from the exe] *********************************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Parar/Iniciar/Reiniciar Serviços do Windows
O módulo ansible win_service é usado para iniciar, parar ou reiniciar um serviço. Aqui, mostrarei como parar o serviço tomcat.
Você precisa mencionar o nome do serviço no arquivo YAML e definir o estado para parar.
[email protected] ~
$ vi service.yml
---
- hosts: win
tasks:
- name: Stop service Tomcat
win_service:
name: Tomcat8
state: stopped
Execute o ansible-playbook para interromper o serviço tomcat.
[email protected] ~ $ ansible-playbook service.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Stop service Tomcat] **************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Se você verificar o serviço tomcat no sistema Windows, ele agora está no status de parado.
Você pode definir o estado como iniciado ou reiniciado ou pausado para alterar o status do serviço.
Reunindo fatos
Usando o módulo ansible win_disk_facts, você pode recuperar todas as informações do disco do host de destino.
[email protected] ~
$ vi disk.yml
---
- hosts: win
tasks:
- name: Get disk facts
win_disk_facts:
- name: Output first disk size
debug:
var: ansible_facts.disks[0].size
- name: Convert first system disk into various formats
debug:
msg: '{{ disksize_gib }} vs {{ disksize_gib_human }}'
vars:
# Get first system disk
disk: '{{ ansible_facts.disks|selectattr("system_disk")|first }}'
# Show disk size in Gibibytes
disksize_gib_human: '{{ disk.size|filesizeformat(true) }}'
disksize_gib: '{{ (disk.size/1024|pow(3))|round|int }} GiB'
Execute o ansible-playbook para obter as informações do disco.
[email protected] ~
$ ansible-playbook disk.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Get disk facts] ************************************************************************************************************************
ok: [192.168.0.102]
TASK [Output first disk size] ****************************************************************************************************************
ok: [192.168.0.102] => {
"ansible_facts.disks[0].size": "1000204886016"
}
TASK [Convert first system disk into various formats] ****************************************************************************************
ok: [192.168.0.102] => {
"msg": "932 GiB vs 931.5 GiB"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0
Usando o módulo ansible win_command, você pode executar comandos no host remoto e obter informações da CPU, detalhes do dispositivo e muito mais.
[email protected] ~
$ vi check.yml
---
- hosts: win
tasks:
- name: Get disk facts
win_command: wmic cpu get caption, deviceid, name, numberofcores, maxclockspeed, status
register: usage
- debug: msg="{{ usage.stdout }}"
Execute o ansible-playbook para obter informações do sistema remoto.
[email protected] ~
$ ansible-playbook check.yml
PLAY [win] ***********************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]
TASK [Get facts] ************************************************************************************************************************
changed: [192.168.0.102]
TASK [debug] *********************************************************************************************************************************
ok: [192.168.0.102] => {
"msg": "Caption DeviceID MaxClockSpeed
Name
NumberOfCores Status rrnIntel64 Family 6 Model 142 Stepping 9 CPU0 2712 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz 2 OK rrnrrn"
}
PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=1 unreachable=0 failed=0
skipped=0 rescued=0
ignored=0
Comandos de execução
Quaisquer que sejam os comandos executados em uma janela, eles podem ser executados através do módulo ansible win_command. Você só precisa especificar o comando em seu arquivo YAML. Aqui, estou apenas criando um diretório.
[email protected] ~
$ vi commands.yml
---
- hosts: win
tasks:
- name: run an executable using win_command
win_command: whoami.exe
- name: run a cmd command
win_command: cmd.exe /c mkdir C:test
Execute o ansible-playbook para executar a operação win_command.
[email protected] ~ $ ansible-playbook commands.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [run an executable using win_command] *************************************************************************************************** changed: [192.168.0.102] TASK [run a cmd command] ********************************************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
variáveis ambientais
Um sistema Windows possui várias variáveis de ambiente, por exemplo, JAVA_HOME. Usando o módulo ansible win_environment, você pode adicionar ou modificar variáveis de ambiente em um sistema Windows. Neste exemplo, estou adicionando uma nova variável à lista de variáveis de ambiente do Windows.
[email protected] ~
$ vi env.yml
---
- hosts: win
tasks:
- name: Set an environment variable for all users
win_environment:
state: present
name: NewVariable
value: New Value
level: machine
Execute o ansible-playbook para adicionar a variável de ambiente em uma máquina Windows remota.
[email protected] ~ $ ansible-playbook env.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Set an environment variable for all users] ********************************************************************************************* changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Vá para a janela de variáveis de ambiente; você verá que a nova variável que você acabou de adicionar está presente aqui.
Adicionar/editar registro
O módulo ansible win_regedit é usado para adicionar ou editar detalhes do registro em uma máquina Windows remota. Você precisa fornecer o caminho do registro e o conteúdo a ser adicionado/atualizado. Aqui estou criando uma nova entrada de registro etechpt.com dentro do caminho HKLM:SOFTWARE e, em seguida, adicionando nome e dados a esse registro.
[email protected] ~
$ vi registry.yml
---
- hosts: win
tasks:
- name: Creating a registry
win_regedit:
path: HKLM:SOFTWAREetechpt.com
- name: Modifying a registry, adding name and data
win_regedit:
path: HKLM:SOFTWAREetechpt.com
name: Geek
data: Flare
Execute o ansible-playbook para adicionar o registro.
[email protected] ~ $ ansible-playbook registry.yml PLAY [win] *********************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************** ok: [192.168.0.102] TASK [Creating a registry] ******************************************************************************************************************* changed: [192.168.0.102] TASK [Modifying a registry, adding name and data] ******************************************************************************************** changed: [192.168.0.102] PLAY RECAP *********************************************************************************************************************************** 192.168.0.102 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Se você acessar o Editor do Registro no sistema remoto, poderá ver que esse registro foi adicionado com êxito com os parâmetros Nome e Dados.
Excluir registro
O módulo ansible win_eventlog é usado para adicionar, limpar ou remover logs de eventos do Windows do sistema Windows.
Vá para o Windows Powershell e liste os EventLogs presentes na máquina Windows remota.
PS C:Usersetechpt.com> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 20 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,828 System
15,360 0 OverwriteAsNeeded 3,662 Windows PowerShell
Agora, mostrarei como remover logs de todas as fontes do Internet Explorer.
[email protected] ~
$ vi log.yml
---
- hosts: win
tasks:
- name: Remove Internet Explorer Logs
win_eventlog:
name: Internet Explorer
state: absent
Execute o ansible-playbook para remover o Internet Explorer da máquina Windows remota.
[email protected] ~ $ ansible-playbook log.yml PLAY [win] ************************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************* ok: [192.168.0.102] TASK [Remove Internet Explorer Logs] ********************************************************************************************************************************************** changed: [192.168.0.102] PLAY RECAP ************************************************************************************************************************************************************************************* 192.168.0.102 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Agora, se você listar os EventLogs novamente, verá que os logs do Internet Explorer foram removidos.
PS C:Usersetechpt.com> Get-EventLog -List
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 33,549 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
20,480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 190 OAlerts
Security
20,480 0 OverwriteAsNeeded 44,835 System
15,360 0 OverwriteAsNeeded 56 Windows PowerShell
Então, isso era tudo sobre os playbooks do Ansible, que podem ser usados para administração remota do Windows. Vá em frente e experimente estes playbooks. Você também pode tentar outros Módulos Ansible do Windows acessível.