通过 Ansible 在 Windows 2022 上安装 IIS Web 服务器

拓扑结构

这是一个用于通过 Ansible 部署 IIS Web 服务器的实验室拓扑。

前提条件：

•  在被管理的节点上安装WinRm
•  准备一张自签名的证书
•  开放防火墙入站tcp 5985 5986端口

准备自签名证书 

PS C:\Users\azureuser> $cert = New-SelfSignedCertificate -DnsName "solarwinds" -CertStoreLocation Cert:\LocalMachine\My
PS C:\Users\azureuser> $cert.Thumbprint
625D9DA3410A9F3FC87D853EA9730B5A8935F150

 

注册https listener，并绑定证书 

PS C:\Users\azureuser> winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="solarwinds"; CertificateThumbprint="625D9DA3410A9F3FC87D853EA9730B5A8935F150"}'

 验证https listener

PS C:\Users\azureuser> WinRM e winrm/config/listener

 定义ansible inventory file 

[windows_servers]
solarwinds ansible_host=20.47.126.72 ansible_connection=winrm ansible_winrm_transport=ntlm ansible_user=azureuser ansible_password=<yourpassword> ansible_winrm_connection_timeout=60[windows_servers:vars]
ansible_winrm_port=5986

创建ansible playbook

---
- name: Windows Featurehosts: solarwindsgather_facts: truetasks:- name: Disable Windows Updates Servicewin_service:name: wuauservstate: stoppedstart_mode: disabled- name: Run ipconfig and return IP address information.raw: ipconfigregister: ipconfig- debug: var=ipconfig# Install and enable IIS on Windows server 2019- name: Install IISwin_feature:name: "Web-Server"state: presentrestart: yesinclude_sub_features: yesinclude_management_tools: yes
# Copy the index.html file and rename to ansible.html under C:\inetpub\wwwroot. Must use \\ instead of \ for accessing directory on Windows server.- name: Copy index text pagewin_copy:src: "files/index.html"dest: "C:\\inetpub\\wwwroot\\ansible.html"

创建index.html文件

<html>
<head><title>Rock Ansible</title> 
</head>
<body><h1 style="background-color:DodgerBlue;"> Use Ansible to install and configure IIS on WIndows 2022</h1> <h3 style="color:Tomato;"> Welcome to Rock's Ansbile Test Page</h3>
</body>
</html>

运行ansible 命令来验证到windows server的链接

(base) ninjamac@ninjamacdeMacBook-Air ansible % ansible -i host1 windows_servers -m win_ping solarwinds | UNREACHABLE! => {"changed": false,"msg": "ntlm: HTTPSConnectionPool(host='20.47.126.72', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))","unreachable": true
}

该错误是自签名证书无法被macos信任导致，可以通过加上参数ansible_winrm_server_cert_validation=ignore来解决。

ansible -i host1 windows_servers -m setup -e ansible_winrm_server_cert_validation=ignore 

 

运行ansible playbook

 

 访问服务器的主页