thanks much for the example.
Quick question on ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
-DisableBasicAuth, does this mean we can use any auth protocol as below
expect Basic(not secure), correct? I am more inclined toward kerberos auth.
* Basic
* Certificate (not the same as SSH keys)
* NTLM
* Kerberos
* CredSSP
On Thu, Mar 29, 2018 at 4:12 AM, 'J Hawkesworth' via Ansible Project <
ansible-project@googlegroups.com> wrote:
> vmware_guest module allows you to run scripts in 'runonce' section, so you
> can run the configure for remoting script as part of this, and any other
> steps you need.
>
> I use a playbook like the following to create vm from template. Before
> using you have to add a hostname to the 'domainmember' group and allocate
> it an ip address in your inventory, like this
>
> # ansible inventory
> [domainmember]
> testmachine01 ip=172.17.0.1
>
>
>
>
> ---
> # spin up a vm from a template
>
>
> - hosts: localhost
> gather_facts: true
>
>
> - hosts: domainmember
> gather_facts: false
> vars:
> template: Winserver-TEMPLATE
> vars_prompt:
> - name: 'vmware_user'
> prompt: 'Enter VMWare username'
> private: no
> - name: 'vmware_cred'
> prompt: 'Enter VMWare password'
> private: yes
> pre_tasks:
> - name: show what we are planning on doing
> debug:
> msg: "ensure vm with hostname {{inventory_hostname}} and ip
> {{hostvars[inventory_hostname]['ip']}} exists."
>
>
> - name: clone vmware template and customise so it is ready for use as
> domain member
> vmware_guest:
> annotation: "Ansible cloned from template '{{template}}' on
> {{hostvars['localhost']['ansible_date_time']['date']}} by {{vmware_user}}"
> cluster: Dev Cluster
> datacenter: Dev datacenter
> folder: /Development/
> hostname: vcenterhost
> name: "{{inventory_hostname}}"
> password: "{{ vmware_cred }}"
> resource_pool: Normal
> state: poweredon
> template: "{{template}}"
> username: '{{vmware_user}}'
> validate_certs: no
> hardware:
> memory_mb: 1024
> num_cpus: 1
> networks:
> - name: VM Network
> ip: "{{hostvars[inventory_hostname]['ip']}}"
> netmask: 255.255.128.0
> gateway: 172.x.x.1
> # deliberately not specifying a domain here domain:
> devdomain.local
> dns_servers:
> - 172.x.x.x
> - 172.x.x.x2
> # I had trouble using vmxnet3, it allways seems to want to be
> dhcp-configured.
> # may be worth retrying in future but ensuring static ip configured in
> template
> # devicetype: vmxnet3
> devicetype: e1000e
> type: static
> customization:
> autologon: yes
> autologoncount: 5
> hostname: "{{inventory_hostname}}"
> ip: "{{hostvars[inventory_hostname]['ip']}}"
> netmask: 255.255.128.0
> gateway: 172.x.x.x
> dns_servers:
> - 172.x.x.x
> - 172.x.x.x2
> # deliberately not specifying a domain here domain:
> devdomain.local
> password: "{{guest_administrator_pass}}"
> joindomain: devdomain.local
> domainadmin: "{{ win_dom_user }}"
> domainadminpassword: "{{ win_dom_cred }}"
> runonce:
> - powershell.exe -ExecutionPolicy Unrestricted -File C:\Users
> \Administrator\Downloads\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
> - C:\finishsetup.bat
> timezone: 85
> # set timezone correctly or domain trust relationship will be lost
> delegate_to: localhost
>
>
> - name: wait for connection to become reachable
> wait_for_connection:
> delay: 75
> sleep: 11
> timeout: 675
>
>
> # by this point host should be on the domain so you can start running
> roles to provision your windows host
>
>
>
>
>
> On Thursday, March 29, 2018 at 12:05:32 AM UTC+1, anil kumar wrote:
>>
>> do you have any ideas on configuring winrm in the template(vmware)?
>>
>> On Wed, Mar 28, 2018 at 11:58 AM, Anil <visit...@gmail.com> wrote:
>>
>>> Thanks for elaborate information on ansible with windows.
>>>
>>> Winrm is disabled by default. Not sure about the security constraints
>>> when we enable this service.
>>>
>>> I will do research on it.
>>>
>>> On Mar 27, 2018, at 9:32 PM, Jordan Borean <jbor...@gmail.com> wrote:
>>>
>>> You can currently only use the winrm connection plugin with Ansible to
>>> talk to Windows hosts. WinRM allows you to connect using both domain and
>>> local accounts and usually you need administrative rights on that host to
>>> both connect and manipulate group membership. WinRM allows you to
>>> authenticate using various protocol such as;
>>>
>>> * Basic
>>> * Certificate (not the same as SSH keys)
>>> * NTLM
>>> * Kerberos
>>> * CredSSP
>>>
>>> More details can be found here http://docs.ansible.com/ansibl
>>> e/latest/user_guide/windows.html.
>>>
>>> Thanks
>>>
>>> Jordan
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>>> pic/ansible-project/QDoRl0_KU-Y/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/ansible-project/444b5db2-68b0-4fbf-906d-07ec4303d11a%
>>> 40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/444b5db2-68b0-4fbf-906d-07ec4303d11a%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/ansible-project/QDoRl0_KU-Y/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/00d1e2b2-c215-43a9-8632-64b58a256426%40googlegroups.
> com
> <https://groups.google.com/d/msgid/ansible-project/00d1e2b2-c215-43a9-8632-64b58a256426%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAPaemEaQuiSYLFFgtpJWziPP_M%2ByeVJYseygS1e1kH-%3De-6sxg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
