ANSIBLE

CONFIGURATION

1
1. System Requirements
OS: Windows 10/11 as destination host.
Ubuntu 20.04 as ansible controller. [Internal PatchManager]

2. Internal PatchManager Configuration

S. No. Description Commands

2.1 Install ansible and other dependencies sudo apt install ansible sshpass vim -y
2.2 Go to host file in ansible vim /etc/ansible/hosts
2.3 [win]
0.0.0.0
2.4 Install pywinrm pip install pywinrm
2.5 Update the ansible configuration file vim /etc/ansible/ansible.cfg
2.6 ansible_shell_executable = C:\Windows\System32\WindowsPowerShell\v1.0\
powershell.exe

Note: The path in section 2.6 may vary. Kindly verify the powershell.exe path before adding it in
the configuration file.

2
3. Windows Configuration [Destination]
3.1. Upgrading PowerShell and .NET Framework
S. No. Description Commands
3.1.1 Set the TLS protocol to 1.2 [Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12
3.1.2 Define the script URL. $url =
"https://raw.githubusercontent.com/jborean93/ansi
ble-windows/master/scripts/Upgrade-
PowerShell.ps1"
3.1.3 Define the download path. $file = "$env:temp\Upgrade-PowerShell.ps1"
3.1.4 Specify the username and $username = "Administrator"
password for authentication. $password = "Password"
(modify these with actual
credentials)
3.1.5 Download the script from (New-Object -TypeName
the URL to the specified file System.Net.WebClient).DownloadFile($url, $file)
path.
3.1.6 Set the execution policy to Set-ExecutionPolicy -ExecutionPolicy Unrestricted -
Unrestricted. Force
3.1.7 Run the downloaded script &$file -Version 5.1 -Username $username -Password
with the specified $password -Verbose
parameters.

3.2. WinRM Memory Hotfix

S. No. Description Commands
3.2.1 Set the security [Net.ServicePointManager]::SecurityProtocol =
protocol to TLS 1.2 [Net.SecurityProtocolType]::Tls12
3.2.2 Download the Install- $url =
WMF3Hotfix.ps1 "https://raw.githubusercontent.com/jborean93/ansible-
script windows/master/scripts/Install-WMF3Hotfix.ps1"
$file = "$env:temp\Install-WMF3Hotfix.ps1"

(New-Object -TypeName
System.Net.WebClient).DownloadFile($url, $file)
3.2.3 Execute the script powershell.exe -ExecutionPolicy ByPass -File $file -Verbose

3.3. WinRM Configuration and Check

3
S. No. Description Commands
3.3.1 Check the net connection profile Get-NetConnectionProfile

3.3.2 Set the connection to private. Update Set-NetConnectionProfile -Name

the NetworkName. "NetworkName" -NetworkCategory Private
3.3.3 Set up a WinRM listener for HTTP winrm quickconfig
3.3.4 View the current listeners. winrm enumerate winrm/config/Listener

3.3.5 Check the current service winrm get winrm/config/Service

configuration options. winrm get winrm/config/Winrs

4. Connection Validation in PatchManager

4
 S. No. Description Commands
4.1 Append the hosts file. vim /etc/ansible/hosts
4.2 [win:vars]
ansible_winrm_transport= ntlm
ansible_connection= winrm
ansible_port= 5985
ansible_winrm_scheme= http
ansible_winrm_server_cert_validation= ignore
4.3 Test the connection. ansible <IP> -m win_ping -e "ansible_user=
<username> ansible_password=<password>"
4.4 Run the playbook. ansible-playbook <playbook-name> -e "host=<IP>
ansible_user=<username> ansible_password=<pwd>
app_name='<package-id>’"
4.5 Comment the lines in 4.2 after a successful ping.

Note: Kindly update the <IP>, <username> & <password> in section 4.3 and <playbook-
name> & <package-id> in section 4.4.

Warning Note: Always keep the configuration in section 4.2 commented, as failing to do so may
lead to interference with the playbook configuration and result in undesired outcomes. Use
these lines solely for verifying the connection.