Manage and Configure Windows Servers with Ansible Tower
Ansible Tower provides a really nice GUI interface to managing an Ansible deployment. Additionally, it provides the ability to create job templates, scheduling, and notifications which definitely add to the power of Ansible Tower in configuration management. Ansible Tower is a pay for product in enterprise trim, however, there is also a lighter version for free that can be used to manage 10 nodes. We have already covered how to install and configure Ansible Tower on an Ubuntu server. Let’s now look at how we can Manage and Configure Windows Servers with Ansible Tower much the same as we looked at managing Windows Servers simply from the Ansible command line.
Ansible Tower Licensing
First of all, to get your hands on the Ansible Tower Basic version (that does not expire) for up to 10 nodes, you can visit the following link:
The noted limitations include:
- No support
- No LDAP and Active Directory support
- No system tracking, audit trails and surveys.
You can also opt for a non-limited true trial that expires after 30-days that is the full Ansible Tower with all the limitations removed.
Importing Ansible Inventory into Tower
Below under the Inventories section, create a new Inventory name. This will basically create the inventory container that will be used to house our groups that we will import.
To proceed with this walkthrough of using Ansible Tower to manage and configure Windows servers, you can take a look at the preceding article which used the command line version of Ansible only. We will reference the directories created in that post to move forward with Ansible Tower. The first thing we need to do is copy our working directory from using the Ansible command line and place the files inside the working directory for Ansible Tower.
We can copy our working directory to this directory with the following:
cd /var/lib/awx/projects cp -R /<working directory> <project directory>
The working directory for Ansible Tower is found here:
/var/lib/awx/projects
We can import the inventory that we copied over into the inventory container created earlier with the command:
tower-manage inventory_import --source=./inventory.yml --inventory-name="CloudServers"
Ansible Tower Credentials
A quick note concerning Ansible Tower credentials. If you haven’t already, check out the post on configuring Ansible to use Kerberos authentication which steps you through configuring Kerberos in Ubuntu. The process to use Kerberos authentication is the same with Tower with just a slight twist. You need to have Ansible to prompt you for your credentials instead of using the kinit command that was discussed in the Kerberos post. The krb5.conf file is still important as this is what allows Ansible Tower to communicate with Active Directory. Ansible Tower uses a different cache location for credentials and deletes the cache as soon as the task is completed.
Click the settings cog in the upper right hand corner, and then select Credentials. Create a new credential configuration as shown below. Windows Machines need the Machine setting for Credential Type. You can save the password or select the checkbox to Prompt on launch.
When you select to run a job task, you will be prompted to enter your Kerberos credentials.
Manage and Configure Windows Servers with Ansible Tower
At this point we can create a Job Template which allows us to specify an inventory and playbook and marry those two things together. Additionally, Job Templates allow scheduling the job template so the tasks can be run at specified intervals.
The Job Window displays the output of the task just as you would see running the job from the command line.
Having notifications of job tasks is powerful and allows you to be proactive with both successful and unsuccessful job tasks. You can create a notification template with various types of notifications including:
- Slack
- Twilio
- Pagerduty
- Hipchat
Takeaways
It is both powerful and easy to Manage and Configure Windows Servers with Ansible Tower. Ansible Tower enables administrators to have a GUI interface as well as scheduling and notification capabilities. The Standard and Premium versions of Ansible Tower also allow integration with Active Directory for logins as well as great auditing capabilities to go along with the other functionality and features. As shown, it is quite easy to get up and running with Ansible Tower Manage and configure Windows servers and with the free 10 node license, you can run Ansible Tower indefinitely in a home lab or other dev/test environment to manage up to 10 nodes.