Configure Ansible Windows Host

Tech Stack

  • Ansible

  • Windows Server

Common Problems

  • Max retries exceeded with url: /wsman (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED], Solution: Add ansible_winrm_server_cert_validation=ignore to host variable.

Setting WinRM

Download script for Powershell from https://github.com/AlbanAndrieu/ansible-windows/blob/master/files/ConfigureRemotingForAnsible.ps1

PS C:\Users\Administrator\Downloads> .\ConfigureRemotingForAnsible.ps1

Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
message. Do you want to run C:\Users\Administrator\Downloads\ConfigureRemotingForAnsible.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
Self-signed SSL certificate generated; thumbprint: A1C3695B41141B177513C4E1C14ED48C8529C927


wxf                 : http://schemas.xmlsoap.org/ws/2004/09/transfer
a                   : http://schemas.xmlsoap.org/ws/2004/08/addressing
w                   : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
lang                : en-US
Address             : http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
ReferenceParameters : ReferenceParameters

Ok.

Install Pywinrm

$ pip install pywinrm

Setting Inventory or Ansible Host

[win]
43.218.80.56

[win:vars]
ansible_user=Administrator
ansible_password=ciQUxLtb&%q5M7k(19Tp?.$CZ9BNIw2y
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore

Test Connection

$ ansible win -m win_ping
43.218.80.56 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}