Reference from: http://aodi.paic.com.cn/forum.php?mod=viewthread&tid=4306
In general, you can use ansible to remotely call windows, or you can use the pywinrm open source framework, both of which use the winrm service of windows, but the specific implementation details are still unknown!
1 Windows environment construction
1.1 The port 5986 needs to be opened (ansible uses the port 5986 to communicate with windows, and "telnet ip 5986" can be normal in linux)
1.2 Windows server requires powershell version 3 or above, version check command: $PSVersionTable.PSVersion.Major. Set the powershell policy to remotesigned to view the current policy: get-executionpolicy Change the policy: set-executionpolicy remotesigned
1.3 Open the WRM (Windows Remote Management) service, you can run the ps script in the attached ConfigureRemotingForAnsible.zip (do not understand this script, copy it, it is recommended to execute it with administrator privileges) to configure. Then execute the following command:
The winrm service is not enabled by default, check the status first; if there is no return information, it is not started;
winrm enumerate winrm/config/listener
Basic configuration for winrm service:
winrm quickconfig
View winrm service listener:
winrm e winrm/config/listener
Configure auth for winrm service:
winrm set winrm/config/service/auth '@{Basic="true"}'
Configure the encryption method for winrm service to allow non-encryption: If this command is not implemented, put it aside for the time being, anyway, remote calls can be realized in the end
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
If the above operations are normal. Now it's finally time to test in Linux to judge. Use ansible windows -m win_ping in Linux If it is successful, it means that the windows environment has been configured.
2 linux needs to build ansible environment
At present, it is found that ansible2.2 is missing the winrm_shell module (so abandoned). Ansible2.4 can be achieved.
Install ansible:
The yum source has the python package six, which is used directly: yum -y install python-six
Some non-Python dependencies: yum -y install python-devel krb5-devel krb5-libs krb5-workstation
ansible package and its dependencies see attachment
After installing the dependencies, first check whether you can import winrm. If not, it means that the installation was not successful.
Ansible is installed, but an error is reported:
[root@SHB-L0088006 ansible]# ansible-playbook winrm.yml -i hosts ERROR! Unexpected Exception, this is probably a bug: 'module' object has no attribute 'HTTPSHandler'
So after further research, I finally located a problem:
后来才发现,安装Python(我用的是Python2.7.11)的时候,就已经提示了缺少_ssl模块,关于oracle linux安装Python的确网上会提示这个概念。现在import ssl就已经出错了,我估计是这个问题,后来网上各种搜也找不到解决办法!后来是找到另外一台Oracle Linux,它能import ssl ,于是把它的Python(2.7.9)安装目录打了个包,附件有,转移到该台环境,然后奇迹般的的实现了import ssl。至于为什么?能力有限,无法解释其原因!
安装好ansible后,需要编写hosts和yml文件:
[root@SZB-L0023010 ansible]# ls hosts winrm.yml
查看hosts和winrm.yml文件如下:
[root@SZB-L0023010 ansible]# cat hosts [windows] #30.4.91.100 10.25.80.196 [windows:vars] ansible_connection=winrm #ansible_user=SHB-W0066163\\[email protected] ansible_user=administrator ansible_ssh_pass=**** ansible_ssh_port=5986 ansible_winrm_server_cert_validation=ignore ansible_connection=winrm ansible_winrm_transport=ntlm [root@SZB-L0023010 ansible]# cat winrm.yml - name: save hosts: windows tasks: - name: run a shell #script: C:\Users\Administrator\Desktop\demo.bat #register: out win_command: C:\Users\Administrator\Desktop\demo.bat >> C:\Users\Administrator\Desktop\temp.sh register: whoami_out
其中为啥transport不是kerberos?
winrm文档显示kerberos的认证方式似乎需要client跟server在同一个域,果断用NTLM的方式。。
上述是抄自谭毅的。我也查过pywirnm开源软件中也提到这个概念,但是我觉得其根本原因还需要去追究源码!
执行命令:
[root@SZB-L0023010 ansible]# ansible-playbook winrm.yml -i hosts PLAY [save] ********************************************************************************************************************************************************************************* TASK [Gathering Facts] ********************************************************************************************************************************************************************** ok: [10.25.80.196] TASK [run a shell] ************************************************************************************************************************************************************************** changed: [10.25.80.196] PLAY RECAP ********************************************************************************************************************************************************************************** 10.25.80.196 : ok=2 changed=1 unreachable=0 failed=0
这个时候,会发现已经执行了windows中的bat脚本,并且其结果保存在temp.sh脚本中
3 由于测试环境是Oracle Linux,其在安装Python2.7的时候,会提示你的_ssl模块没有安装,可是在ansible中会用到urllib2这个模块,导致报错!这个问题,我始终没有解决掉!不过,后来发现pywinrm却可以实现(注意,它依赖windows端口5985,所以windows机器5985端口需要开启),后来深入两者比较发现,pywinrm利用的是requests这个模块,而ansible利用的是urllib2模块。至于差异,我不是很清楚。
pywinrm所依赖包如附件
代码如下:
[root@SHB-L0088006 dispatch]# cat demo.py
import winrm
s=winrm.Session('30.4.91.100', auth=('administrator','******'))
try:
r=s.run_cmd('Desktop\demo.bat')
except Exception,e:
print e
print r.std_out
[root@SHB-L0088006 dispatch]# python demo.py
C:\Users\Administrator>echo hello world
hello world
[root@SHB-L0088006 dispatch]#
附件如下: 这个博客有bug。
20180308121018777847.zip ConfigureRemotingForAnsible.zip
20180312351429935020.zip ansible.zip
20180313331426341682.zip pywinrm_dependencies.zip
20180314551315623670.gz Python_can_import_ssl.zip