Manage Windows machines with Ansible (winrm)

Ansible is a very powerful automation tool that is developed from RedHat. Many large organizations rely on Ansible to automate tasks and procedures. In this article I will explain how one can use ansible to manage windows clients and servers.

In order to manage windows hosts ansible winrm plugin should be used to communicate with the client/server machine.

The first step is to verify that ansible is installed.

Alongside with ansible, on the control node the pywinrm module should be also installed. By default this one is not installed and one should do it manually.

The managed Windows client/server machines should be configured to allow remote connections. A very useful power shell script is already developed from other users and it needs only to be executed on the managed host.

If your execution policy is prohibiting this script to be executed, you should set-execution policy to RemoteSigned as shown below and then execute the powershell.

Control node should have network connectivity with the managed hosts.

Some environmental variables should be used, so that ansible knows how the connection will be performed (winrm). I included those variables in my inventory file as I created this lab just for demonstration. My inventory file looks like below:

Lastly make sure that the user that is used for the connection has administrative rights on the managed windows hosts. Otherwise some error codes will be returned.

Lastly confirm ansible on managed host is working by using win_ping module.

Documentation:

https://www.ansible.com/blog/connecting-to-a-windows-host

Users with superuser privileges – sudo and su on RHEL 8

Sudo and su are two powerful utilities on linux operating system that enables one to manipulate who is performing actions on the filesystem and with which privileges .

The main difference between those two tools is that if administrator uses su - username then he should provide the user password in order to switch to the end user rights. On the other hand with sudo command the administrator should use its own password in order to validate with the system that he wants to run as a superuser the command su - .

As a result by using sudo su - x you dont have to specify the end user password but your own password.

Another way you can authorize your self as superuser is with sudo -i so you do not have to provide the password of root in the system.

The sudo command is very powerful and useful in the linux systems because for security purposes many times you could find root user deactivated and each user has its own credentials and rights. Also actions performed with sudo commands are logged in the operating system.

The most important prerequisite in order to use sudo command in Red Hat or Centos Linux is to be a member of the wheel group. You can give a specific user sudo rights with the following:

Create a new file under /etc/sudoers.d/USERNAME

touch /etc/sudoers.d/operator

and then vi the operator file and add the following line:

operator ALL=(ALL) ALL

using sudo with a user that does not have admin rights.
using sudo after creating the necessary file under sudoers.d