Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it’s a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system.
- Install required repos for yum.
yum -y install https://repo.ius.io/ius-release-el7.rpm
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm
yum -y install epel-release
yum -y install yum-utils
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo- Install Terraform.
sudo yum -y install terraform- Install Ansible.
sudo yum -y install ansible- Install Kerberos.
yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation- Install pip.
sudo yum -y install python-pip
# You probably need the following packages if you are using VPN
pip install pysocks- Install pywinrm[kerberos].
pip install pywinrm[kerberos]- Configure /etc/krb5.conf.
The following are the required lines. Please make sure to change the domain name to yours. And it’s case-sensitive.
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
forward = true
forwardable = true
default_realm = ZHENGWU.ORG
[realms]
ZHENGWU.ORG = {
kdc = DC.ZHENGWU.ORG
admin_server = DC.ZHENGWU.ORG
}
[domain_realm]
.zhengwu.org = ZHENGWU.ORG
zhengwu.org = ZHENGWU.ORG- Create an Ansible inventory file.
[win] #Group name
dc.zhengwu.org #This is the target server list
[win:vars]
ansible_connection=winrm
ansible_user=administrator #It's better a domain admin account.
ansible_password=P@ssw0rd #Change this password
ansible_port=5985
ansible_winrm_transport=kerberos
ansible_winrm_server_cert_validation=ignore- Run Ansible win_ping test.
ansible <group in inventory file> -m win_ping -i <inventory file>