{"id":74,"date":"2021-10-20T14:51:20","date_gmt":"2021-10-20T12:51:20","guid":{"rendered":"https:\/\/whoami.lausitz-event.info\/?p=74"},"modified":"2023-07-26T07:28:41","modified_gmt":"2023-07-26T05:28:41","slug":"vorbereitung-windows-server-clients-fuer-die-ansible-automation","status":"publish","type":"post","link":"https:\/\/whoami.lausitz-event.info\/?p=74","title":{"rendered":"Vorbereitung Windows Server\/Clients f\u00fcr die Ansible Automation"},"content":{"rendered":"\n\n

Damit Ansible Windows verwalten kann, muss auf dem Zielsystem WinRM(Windows Remote-Management) aktiviert werden. Dazu muss auf dem Zielsystem das PowerShellscript ConfigureRemotingForAnsible.ps1<\/a> in einer administrativen PowerShell gestartet werden. Bevor das Script ausgef\u00fchrt werden kann, muss die Ausf\u00fchrung von nich signierten Scripten konfiguriert werden. Dies geschieht in einer administrativen Powershell mit dem Aufruf Set-ExecutionPolicy Unrestricted<\/em>. Befindet sich zwischen Ansible Server und WinRM Client eine Firewall, so m\u00fcssen die Ports 5985\/tcp f\u00fcr HTTP und 5986\/tcp f\u00fcr HTTPS freigeschaltet werden.<\/p>\n\n\n\n\n\n

Die Dateistruktur auf unserem Ansible System sollte in etwa so aussehen:<\/p>\n\n\n\n\n\n

\"\"<\/figure>\n\n\n\n\n\n

ansible.cfg<\/em><\/p>\n\n\n\n\n\n

[defaults]\nhost_key_checking = False\ninventory = inventory\nask_pass = False\ngathering = explicit\nstdout_callback = yaml\nbin_ansible_callbacks = True\n\n[persistent_connection]\ncommand_timeout = 180\nconnect_timeout = 100\nconnect_retry_timeout = 100<\/code><\/pre>\n\n\n\n\n\n
Auf dem Ansible System muss nun noch die winrm Unterst\u00fctzung installiert werden:<\/p>\n\n\n\n\n\n
pip install \"pywinrm>=0.2.2\"\ndnf install http:\/\/www6.atomicorp.com\/channels\/atomic\/centos\/7\/x86_64\/RPMS\/wmi-1.3.14-4.el7.art.x86_64.rpm<\/code><\/pre>\n\n\n\n\n\n
Die Zielsysteme und der notwendige administrative Account werden in der Datei inventory<\/em> auf dem Ansible Rechner eingetragen. <\/p>\n\n\n\n\n\n
Dieser Account muss auf dem Ansible Client angelegt und Mitglied der lokalen Admin Gruppe sein. Danach muss der Nutzer ansible<\/em> noch Read und Execute Rechte bekommen. Dazu den Befehl winrm configSDDL default<\/em> in einer administrativen PowerShell aufrufen und im folgenden Dialogfenster den Nutzer hinzuf\u00fcgen und die entsprechenden Rechte ausw\u00e4hlen.<\/p>\n\n\n\n\n\n
\"\"<\/figure>\n\n\n\n\n\n
F\u00fcr die WMI Abfrage mit Start -> Ausf\u00fchren -> mmc<\/em> die Managementconsole starten und das Snap-in WMI-Steuerung hinzuf\u00fcgen. \u00dcber das Kontextmen\u00fc Eigenschaften<\/em> den Eintrag Sicherheit<\/em> \u00f6ffnen und dort den Zweig Root -> CIMV2 ausw\u00e4hlen. \u00dcber den Button Sicherheit den Nutzer ansible hinzuf\u00fcgen und die Rechte Methoden ausf\u00fchren<\/em>, Konto aktivieren<\/em> und Remoteaktivierung<\/em> setzen.<\/p>\n\n\n\n\n\n
[win]\n192.168.110.82\n\n[win:vars]\nansible_user=ansible\nansible_password=SECURE\nansible_connection=winrm\nansible_winrm_server_cert_validation=ignore\nansible_python_interpreter=python2.7<\/code><\/pre>\n\n\n\n\n\n
In dem n\u00e4chsten Schritt werden die folgenden Aufgaben erledigt.<\/p>\n\n\n\n\n\n
    \n
  1. Anlegen eines Ordners f\u00fcr die Installationsdatei<\/li>\n\n\n\n
  2. Kopieren des NSClient auf das Zielsystem<\/li>\n\n\n\n
  3. Installation des Clients<\/li>\n\n\n\n
  4. Kopieren der nsclient.ini(Konfigurationsdatei) auf das Zielsystem<\/li>\n\n\n\n
  5. Kopieren zus\u00e4tzlicher Check-Scripte auf das Zielsystem<\/li>\n\n\n\n
  6. Neustart des NSClient<\/li>\n\n\n\n
  7. L\u00f6schen des Installationspfades<\/li>\n<\/ol>\n\n\n\n\n\n
    Dazu habe ich das Playbook install_monitoring.yml<\/em> erstellt.<\/p>\n\n\n\n\n\n
    install_nsclient.yml<\/p>\n\n\n\n\n\n
    ---\n- name: Configure Monitoring on Windows Host\n  hosts: win\n  gather_facts: no\n  become: yes\n  become_method: enable\n\n\n  tasks:\n  - name: Meldung fuer angemeldete Nutzer - Installation Monitoring Features\n    win_msg:\n      display_seconds: 60\n      msg: Im Hintergrund erfolgt die Installation und die Konfiguration des NSClient, SNMP und WMI.\n\n  - name: Configure User ansible for WMI\n    win_user:\n      name: ansible\n      groups:\n        - Distributed Com-Benutzer\n        - Ereignisprotokolleser\n        - Leistungsprotokollbenutzer\n        - Leistungs\u00fcberwachungsbenutzer\n      groups_action: add\n\n  - name: Verzeichnis anlegen\n    win_file:\n      path: C:\\_install\n      state: directory\n\n  - name: Start Copy NSClient Install-File\n    win_copy:\n      src: \/opt\/ansible_win\/software\/NSCP-0.5.2.35-x64.msi\n      dest: C:\\_install\\\n\n  - name: Install NSClient\n    win_package:\n      path: C:\\_install\\NSCP-0.5.2.35-x64.msi\n      state: present\n\n  - name: Start Copy nsclient.ini\n    win_copy:\n      src: \/opt\/ansible_win\/nsclient.ini\n      dest: C:\\Program Files\\NSClient++\\nsclient.ini\n      backup: yes\n\n  - name: Start Copy Check-Scripts\n    win_copy:\n      src: \/opt\/ansible_win\/scripts\/\n      dest: C:\\Program Files\\NSClient++\\scripts\\\n      backup: yes\n\n  - name: Restart NSClient\n    win_service:\n      name: nscp\n      state: restarted\n\n  - name: Loeschen des Installpfades\n    win_file:\n      path: C:\\_install\n      state: absent\n\n  - name: Windows SNMP Feature Installation\n    win_feature:\n      name: SNMP-Service\n      include_management_tools: yes\n      state: present\n      include_sub_features: yes\n\n  - name: Setting SNMP Community and Manager\n    win_snmp:\n      community_strings:\n        - Hosting\n      permitted_managers:\n        - 172.16.3.76\n      action: set\n\n  - name: Configure Windows Firewall\n    win_firewall_rule:\n      name: Icinga-Monitoring\n      protocol: any\n      remoteip: 172.16.3.76\n      direction: in\n      action: allow\n      state: present\n      enabled: yes\n<\/code><\/pre>\n\n\n\n\n\n
    Das Script wird mit folgendem Befehl aufgerufen:<\/p>\n\n\n\n\n\n
    ansible-playbook install_monitoring.yml<\/code><\/pre>\n\n\n\n\n\n
    <\/p>\n\n\n","protected":false},"excerpt":{"rendered":"
    Damit Ansible Windows verwalten kann, muss auf dem Zielsystem WinRM(Windows Remote-Management) aktiviert werden. Dazu muss auf dem Zielsystem das PowerShellscript ConfigureRemotingForAnsible.ps1 in einer administrativen PowerShell gestartet werden. Bevor das Script ausgef\u00fchrt werden kann, muss die Ausf\u00fchrung von nich signierten Scripten konfiguriert werden. Dies geschieht in einer administrativen Powershell mit dem Aufruf Set-ExecutionPolicy Unrestricted. Befindet sich […]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[8],"tags":[],"class_list":["post-74","post","type-post","status-publish","format-standard","hentry","category-windows"],"_links":{"self":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/74","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=74"}],"version-history":[{"count":26,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/74\/revisions"}],"predecessor-version":[{"id":392,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/74\/revisions\/392"}],"wp:attachment":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}