Ansible and Windows

How PowerShell enables a Linux configuration manager to work in a Windows world.

Paul Broadwith

Technical Engineering Manager at Chocolatey Software, Inc.

blog.pauby.com

@[email protected]

github.com/pauby

pau.by/linkedin

Agenda

The TL;DR History of Ansible.
Ansible infrastructure.
How Ansible works on Windows …. is it maybe … PowerShell?
DEMO: How a Windows Ansible Module is built.
Questions?

The TL;DR History of Ansible

February 2012
First Ansible code written by Michael DeHaan.
March 2013
AnsibleWorks, Inc. was born.
January 2014
AnsibleWorks, Inc. becomes Ansible, Inc.

August 2014
Ansible 1.7 released with Windows Beta support.
October 2015
Red Hat buys Ansible for $150M.
July 2019
IBM buys Red Hat for $34B.

By <http://www.fantasticfiction.co.uk/images/n5/n29016.jpg>, Fair use, <https://en.wikipedia.org/w/index.php?curid=8376317>

‘Ansible’

Was coined by Ursula K. Le Guin and used in her book ‘Rocannon’s World’ published in 1966.

It describes an ‘answerable device’ or ‘instantaneous communication systems’.

Ansible Infrastructure

%%{ init: { 'theme': 'dark', 'themeVariables': { 'fontSize': '25px', 'primaryColor': '#BB2528', 'primaryTextColor': 'white', 'primaryBorderColor': '#7C0000', 'lineColor': 'yellow' } } }%% flowchart LR collections(("Ansible Galaxy
Roles
Plugins
Modules
Collections")) -.-> config subgraph sgcomponents ["Ansible Control Node running on Linux"] components>Playbooks
Plugins
Modules
Roles
] -.-> config{"Ansible Config"} inventory>Inventory
Local, Cloud or CMDB] -.-> config end classDef green fill:#9f6,stroke:#333,stroke-width:2px; classDef orange fill:#f96,stroke:#333,stroke-width:4px; classDef blue fill:#9cbacc,stroke:#333,stroke-width:2px class dis blue

Ansible Control Node does not run on Windows, only on Linux.
Configuration is written in YAML.
Playbooks: The state the device should be in. This is the instructions you give to Ansible on what it is to do and call things like modules and roles, run them against hosts taken from an inventory.
Plugins extend Ansibles core functionality and execute on the control node.
Modules are a type of plugin and execute on the target host. They are standalone ‘scripts’ that can be used by the Ansible API, the ansible command the ansible-playbook command etc. Modules return JSON. Linux runs Python modules. Windows run PowerShell modules. There are attempts to make them run each others scripts, but they are not supported.
Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts and group them together to easily reuse them and share them with others. So you could have a Windows Baseline, or a Wev Server role for example, role that pulls together a lot of the other parts of a configuration definition.
Inventories are information about the target hosts in your infrastructure. You can have static or dynamic inventories. Dynamic could be from AWS, Azure, Active Directory etc., pull the informaiton in and put it into the correct inventory format. Using AWX or Ansible Automation Platform you can set that up to work automatically in the background.
Ansible Galaxy is like the PowerShell Gallery where you have scripts and modules. Share repository of code for Ansible. Collections are plugins, roles and modules all together in a collection.

%%{ init: { 'theme': 'dark', 'themeVariables': { 'fontSize': '25px', 'primaryColor': '#BB2528', 'primaryTextColor': 'white', 'primaryBorderColor': '#7C0000', 'lineColor': 'yellow' } } }%% flowchart LR subgraph sgcomponents ["Control Node"] config{"Ansible Config"} end sgcomponents -- "SSH" ----> linuxclients["Linux Hosts
(agentless)"] sgcomponents -- WinRM / OpenSSH ----> winclients["Windows Hosts
(agentless)"] sgcomponents -- SSH / API ----> networking["Networking
(agentless)"] sgcomponents -- API ----> cloud["Cloud Services"] classDef green fill:#9f6,stroke:#333,stroke-width:2px; classDef orange fill:#f96,stroke:#333,stroke-width:4px; classDef blue fill:#9cbacc,stroke:#333,stroke-width:2px class dis blue

How Does Ansible Work on Windows?

Ansible has the following minimum requirements for Windows hosts:

Windows Server 2016 / Windows 10
PowerShell 5.1
WinRM or OpenSSH configured and listening

Ansible Control node cannot run on a Windows host natively.

Options to run Ansible Control Node on Windows:

Windows Subsystem for Linux.
Linux Virtual Machine.
Docker container.
Cygwin (not officially supported).

Whatever you use:

Python 3.11 to 3.13 (for current ansible-core 2.18 version).
The pywinrm module if you are using WinRM.
The sshpass package is needed if you are using SSH password authentication (not recommended for production).

Writing Your First Windows Ansible Module

Best Practices

Code is in the PowerShell script, documentation in the Python script.
Don’t use Write-Host / Debug / Verbose / Error.
Exceptions / Errors can be returned back to Ansible.
Can specify minimum PowerShell or OS requirements.
Modules are run under StrictMode version 2.

DEMO

Writing a Windows Ansible Module

Summary

We know the TL;DR history of Ansible.
We understand Ansible infrastructure.
We know how Ansible works on Windows and how it does not run as a control node on Windows.
We know how Windows Ansible modules are structured.

THANK YOU

FEEDBACK IS A GIFT.

PLEASE REVIEW THIS SESSION.

pau.by/talks

Ansible and Windows

How PowerShell enables a Linux configuration manager to work in a Windows world.

Paul Broadwith

Agenda

The TL;DR History of Ansible

February 2012

March 2013

January 2014

August 2014

October 2015

July 2019

Ansible Infrastructure

How Does Ansible Work on Windows?

Writing Your First Windows Ansible Module

Best Practices

DEMO

Writing a Windows Ansible Module

Summary

THANK YOU

Resources

Resources

Resources