Automation

Bootstrap Windows Server Configuration with Ansible Playbooks

A closer look at how to Bootstrap Windows Server Configuration with Ansible Playbooks including the configuration of the working directories as well as the playbooks themselves and how these are split out.
Brandon LeeApril 11, 2018Last Updated: February 7, 2024
3 minutes read
Overview-of-Ansible-directory-structure
Overview-of-Ansible-directory-structure

In our previous Ansible post covering basic Windows Server automation with Ansible, we looked at how to get an ansible server up and running as well as how to get the Ansible server connected to a Windows Server that we want to automate using WinRM. We saw how to test the WinRM connection to the Windows Server and run a few basic “raw” commands as well. However, in this post let’s take this a few steps further with seeing how we can bootstrap Windows Server configuration with Ansible playbooks. This will include seeing how we can structure our Ansible working directory as well as creating a playbook that includes the commands we want to run on a fresh Windows Server installation to run some normal basic setup on our server.

Setting Up Ansible Directory Structure

One of the first quick things to cover is setting up our Ansible directory structure.ย  On my server in the root directory, I setup aย test folder to represent my working directory that I will be setting up files, folders and such to interact with Ansible.

Below is a high level view of the working directory that I have setup for working with Ansible bootstrapping a Windows server.ย  The folders you see below includingย common,ย database,ย andย testย are serverย roles.ย  Each role can/should have its own playbook, so you would have different configuration for each server role.

Also below, you will see theย ansible.cfg file.ย  In this file we can do little things that are useful such as hardcoding the location of ourย inventory file.ย  The inventory file is what tells Ansible whichย group orย role that a particular host resides in.ย  This way, we don’t have to specify the inventory file each time we run the Ansible executable.

Overview-of-Ansible-directory-structure
Overview of Ansible directory structure

In theย group_vars folder, theย test.yml file contains the following information for WinRM connectivity:

ansible_user: ansible
ansible_password: ansible
ansible_port: 5985
ansible_connection: winrm
ansible_winrm_transport: basic
ansible_winrm_cert_validation: ignore
Group-VARs-folder-for-Ansible-working-directory
Group VARs folder for Ansible working directory

Below we see theย test role folder that contains theย tasks andย templates folders.ย  Templates contains templates such as the .j2 formatted template file for use with setting up a new IIS site.

Directory-structure-for-server-role
Directory structure for server role

Under theย tasks folder, we have theย main.yml file where we can place our windows modules and command snippets.

The-main.yml-file-in-the-server-role
The main.yml file in the server role

In the parent .yml file that exists outside of our directories for the server roles, we can call the server roles specific playbooks for our inventory.ย  Below, the hosts are the section of the inventory file that we want to run.ย  The roles are the role playbooks that we want to run against those hosts in the inventory file that we have defined.

---

  - hosts: test
    roles:
      - test
      - common

Bootstrap Windows Server Configuration with Ansible Playbooks

There are many really nice basic Ansible code snippets that shortcut many of the basic Windows setup steps that most of us go through to stand up a fresh Windows server. There are many setup steps that most can think of including, running Windows updates, setting up local user accounts, DNS values, domain joins, etc. Let’s take a look at a few of these snippets that can be used for really quick provisioning of a Windows server with a hands off, automated approach.

Most of the Ansible Windows modules start with theย win_ prefix to the module for the specific functionality.ย  A full listing of the Windows modules available is found here:

Configuring DNS server values for a Windows server

- win_dns_client:
   adapter_names: '*'
   ipv4_addresses:
   - 8.8.8.8
   - 8.8.4.4

Windows Domain join

- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_membership:
      dns_domain_name: ansible.vagrant
      hostname: mydomainclient
      domain_admin_user: [email protected]
      domain_admin_password: password123!
      domain_ou_path: "OU=Windows,OU=Servers,DC=ansible,DC=vagrant"
      state: domain
    register: domain_state

  - win_reboot:
    when: domain_state.reboot_required

Install IIS Server and Set the Default template

win_feature:
   name: Web-Server
   state: present

- name: Deploy default iisstart.htm file
  template:
   src: iisstart.j2
   dest: c:inetpubwwwrootiisstart.htm

Create a Custom Directory Structure

- name: Create directory structure
  win_file:
   path: C:windowstools
   state: directory

Create a local user account:

 name: create local user
  win_user:
    name: '{{item.name}}'
    password: '{{item.password}}'
    groups: LocalGroup
    update_password: no
    password_never_expired: yes

As you can see this is only scratching the surface but allows performing very mundane labor intensive tasks very quickly and efficiently.

Takeaways

The process toย Bootstrap Windows Server Configuration with Ansible Playbooks is easily accomplished by just a few steps.ย  Laying out the directory structure so that you can organize server roles and tasks makes keeping things straight much easier.ย  The prebuilt windows modules for Ansible make things extremely easy so you don’t have to reinvent the wheel for Windows Server configuration.ย  More Ansible goodness to come.ย  Stay tuned.

Brandon LeeApril 11, 2018Last Updated: February 7, 2024
3 minutes read

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

PSWindowsUpdate Automated Windows Updates with PowerShell

PSWindowsupdate: Automated Windows Updates with PowerShell

June 1, 2023
Getting-the-download-link-for-downloading-the-latest-Hashicorp-Vault-installation-1

How To Install Hashicorp Vault on Ubuntu 20.04

January 8, 2021
Terraform-apply-successful-run-virtual-machine-is-created-and-customized

Basic Terraform Installation and VMware vSphere Automation

May 17, 2018
Getting-a-Kerberos-ticket-from-Active-Directory-in-Ubuntu-for-use-in-Ansible

Configure Ansible Windows Server Kerberos authentication in Ubuntu

April 30, 2018

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com