Manage and Configure Windows Servers with Ansible Tower

0

Ansible Tower provides a really nice GUI interface to managing an Ansible deployment.  Additionally, it provides the ability to create job templates, scheduling, and notifications which definitely add to the power of Ansible Tower in configuration management. Ansible Tower is a pay for product in enterprise trim, however, there is also a lighter version for free that can be used to manage 10 nodes.  We have already covered how to install and configure Ansible Tower on an Ubuntu server. Let’s now look at how we can Manage and Configure Windows Servers with Ansible Tower much the same as we looked at managing Windows Servers simply from the Ansible command line.

Ansible Tower Licensing

First of all, to get your hands on the Ansible Tower Basic version (that does not expire) for up to 10 nodes, you can visit the following link:

The noted limitations include:

  • No support
  • No LDAP and Active Directory support
  • No system tracking, audit trails and surveys.

You can also opt for a non-limited true trial that expires after 30-days that is the full Ansible Tower with all the limitations removed.

Ansible-Tower-Basic-Edition-allows-managing-10-nodes-for-free Manage and Configure Windows Servers with Ansible Tower

Ansible Tower Basic Edition allows managing 10 nodes for free

The-Paid-Ansible-Tower-versions-include-self-support-standard-and-premium Manage and Configure Windows Servers with Ansible Tower

The Paid Ansible Tower versions include self support standard and premium

Importing Ansible Inventory into Tower

Below under the Inventories section, create a new Inventory name.  This will basically create the inventory container that will be used to house our groups that we will import.

Creating-new-Inventory-in-Ansible-Tower Manage and Configure Windows Servers with Ansible Tower

Creating new Inventory in Ansible Tower

To proceed with this walkthrough of using Ansible Tower to manage and configure Windows servers, you can take a look at the preceding article which used the command line version of Ansible only.  We will reference the directories created in that post to move forward with Ansible Tower.  The first thing we need to do is copy our working directory from using the Ansible command line and place the files inside the working directory for Ansible Tower.

We can copy our working directory to this directory with the following:

Copying-a-project-folder-into-the-default-Ansible-Tower-Projects-folder Manage and Configure Windows Servers with Ansible Tower

Copying a project folder into the default Ansible Tower Projects folder

The working directory for Ansible Tower is found here:

We can import the inventory that we copied over into the inventory container created earlier with the command:

Importing-the-inventory-into-the-inventory-container-created-in-Ansible-Tower Manage and Configure Windows Servers with Ansible Tower

Importing the inventory into the inventory container created in Ansible Tower

When-the-import-of-the-inventory-runs-we-now-see-the-groups-populated-from-the-inventory-in-Ansible-Tower Manage and Configure Windows Servers with Ansible Tower

When the import of the inventory runs we now see the groups populated from the inventory in Ansible Tower

Ansible Tower Credentials

A quick note concerning Ansible Tower credentials.  If you haven’t already, check out the post on configuring Ansible to use Kerberos authentication which steps you through configuring Kerberos in Ubuntu.  The process to use Kerberos authentication is the same with Tower with just a slight twist.  You need to have Ansible to prompt you for your credentials instead of using the kinit command that was discussed in the Kerberos post.  The krb5.conf file is still important as this is what allows Ansible Tower to communicate with Active Directory.  Ansible Tower uses a different cache location for credentials and deletes the cache as soon as the task is completed.

Click the settings cog in the upper right hand corner, and then select Credentials.  Create a new credential configuration as shown below.  Windows Machines need the Machine setting for Credential Type.  You can save the password or select the checkbox to Prompt on launch.

Ansible-Tower-kerberos-credentials-for-managing-Windows-Servers Manage and Configure Windows Servers with Ansible Tower

Ansible Tower kerberos credentials for managing Windows Servers

When you select to run a job task, you will be prompted to enter your Kerberos credentials.

Entering-Kerberos-credential-password-on-Ansible-Tower-Job-Task-launch Manage and Configure Windows Servers with Ansible Tower

Entering Kerberos credential password on Ansible Tower Job Task launch

Manage and Configure Windows Servers with Ansible Tower

At this point we can create a Job Template which allows us to specify an inventory and playbook and marry those two things together.  Additionally, Job Templates allow scheduling the job template so the tasks can be run at specified intervals.

Creating-a-job-template-in-Ansible-Tower-to-Manage-Windows-Servers Manage and Configure Windows Servers with Ansible Tower

Creating a job template in Ansible Tower to Manage Windows Servers

Available-actions-on-a-Job-Template-in-Ansible-Tower Manage and Configure Windows Servers with Ansible Tower

Available actions on a Job Template in Ansible Tower

The Job Window displays the output of the task just as you would see running the job from the command line.

Running-an-Ansible-Tower-job-task-with-successes-and-failures Manage and Configure Windows Servers with Ansible Tower

Running an Ansible Tower job task with successes and failures

Creating-a-job-schedule-in-Ansible-Tower-to-run-a-specified-Job-Task Manage and Configure Windows Servers with Ansible Tower

Creating a job schedule in Ansible Tower to run a specified Job Task

Having notifications of job tasks is powerful and allows you to be proactive with both successful and unsuccessful job tasks.  You can create a notification template with various types of notifications including:

  • Email
  • Slack
  • Twilio
  • Pagerduty
  • Hipchat
Creating-notifications-for-Job-Tasks-in-Ansible-Tower Manage and Configure Windows Servers with Ansible Tower

Creating notifications for Job Tasks in Ansible Tower

Takeaways

It is both powerful and easy to Manage and Configure Windows Servers with Ansible Tower.  Ansible Tower enables administrators to have a GUI interface as well as scheduling and notification capabilities.  The Standard and Premium versions of Ansible Tower also allow integration with Active Directory for logins as well as great auditing capabilities to go along with the other functionality and features.  As shown, it is quite easy to get up and running with Ansible Tower Manage and configure Windows servers and with the free 10 node license, you can run Ansible Tower indefinitely in a home lab or other dev/test environment to manage up to 10 nodes.