Ansible 从1.7+版本开始支持Windows，实测Windows Server 2008 R2及以上版本系统经简单配置可正常与Ansible通信。但需要满足以下几点：

1、管理机必须是linux系统，且按装Python Winrm模块2、底层通信基于PowerShell，版本为3.0+，Management Framework版本为3.0+3、远程windows主机开启Winrm服务

• 被控制主机windows
  1. 安装Framework 3.0+
     下载链接为：

2.更改powershell策略为remotesigned

在命令行中输入 start powershell就可启动powershell通过Get-ExecutionPolicy查看脚本执行策略；通过Set-ExecutionPolicy UnRestricted更改脚本执行策略

3.升级PowerShell至3.0+

Window 7和Windows Server 2008 R2默认安装的有PowerShell，但版本号一般为2.0版本，所以我们需升级至3.0+，Windows PowerShell 3.0使用的是 .netframework 4.0

下载，右击使用powershell运行后重启系统

或者使用，脚本主要完成如下操作：

检查最后安装证书的指纹配置错误处理检测Power shell版本检查/启动WimRM服务确保WinRM运行之后，检查有PS会话配置确保有SSL监听检查基本鉴权配置防火墙允许WinRM HTTPS链接本地测试通过网络方式连接是否正常

注意：如果提示系统中禁止执行脚本，可以在Powershell 命令行界面输入 set-ExecutionPolicy RemoteSigned 然后输入Y，在执行脚本就不会报

4.设置Windows远端管理（WS-Management，WinRM）服务

注意以下操作在cmd中执行,而非powershell中，winrm 服务默认都是未启用的状态：winrm quickconfig查看winrm service listener：winrm e winrm/config/listener配置auth 为true(默认为false)：winrm set winrm/config/service/auth @{Basic="true"} 或者winrm set winrm/config/service/auth '@{Basic="true"} '配置允许非加密方式：winrm set winrm/config/service @{AllowUnencrypted="true"}

至此windows远端管理（WS-Management，WinRM）服务的环境配置完成!

• 控制主机linux：
  如果没有安装pip, 先安装对应于你的Python版本的pip:

  [root@Super svn]# easy_install pip    #wget https://bootstrap.pypa.io/get-pip.py;python get-pip.pyInstalled /usr/lib/python2.7/site-packages/pip-10.0.1-py2.7.eggProcessing dependencies for pipFinished processing dependencies for pip[root@Super svn]# [root@Super svn]# pip install paramiko PyYAML Jinja2 httplib2 six  #pip install pywinrm paramiko PyYAML Jinja2 httplib2 six[root@Super 118920]# tail -2 /etc/ansible/hosts [windows]10.15.97.100 ansible_ssh_user="administrator" ansible_ssh_pass="123123" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore[root@Super ~]#

防火墙需放行5989、5986

• 连通性
  win_ping：Windows系统下的ping模块，常用来测试主机是否存活。

[root@Super ~]# ansible 10.15.97.100 -m win_ping10.15.97.100 | SUCCESS => {    "changed": false,     "ping": "pong"}[root@Super ~]#

* 远程执行命令

远程执行命令分为远程执行windows 原生自有命令通过raw 模块,如:"ipconfig "

远程执行ansible的win_command模块也可以执行命令,即ansible的扩展命令如"whoami"默认是乱码,需要修改winrm模块文件

[root@Super ~]# cp /usr/lib/python2.7/site-packages/winrm/protocol.py{,.20180718bak}[root@Super ~]# sed -i "s#tdout_buffer.append(stdout)#tdout_buffer.append(stdout.decode('gbk').encode('utf-8'))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py[root@Super ~]# sed -i "s#stderr_buffer.append(stderr)#stderr_buffer.append(stderr.decode('gbk').encode('utf-8'))#g" /usr/lib/python2.7/site-packages/winrm/protocol.py[root@Super ~]#

• 获取ip地址

[root@Super ~]# ansible windows -m raw -a "ipconfig"10.15.97.100 | SUCCESS | rc=0 >>Windows IP ConfigurationEthernet adapter 本地连接:   Connection-specific DNS Suffix  . :    Link-local IPv6 Address . . . . . : fe80::e9ce:231:8bc6:45ea%11   IPv4 Address. . . . . . . . . . . : 10.15.97.100   Subnet Mask . . . . . . . . . . . : 255.255.255.0   Default Gateway . . . . . . . . . : 10.15.97.254Tunnel adapter isatap.{BB164424-6017-46EB-978A-5E7CFDF80A14}:   Media State . . . . . . . . . . . : Media disconnected   Connection-specific DNS Suffix  . : [root@Super ~]#

• 获取身份

[root@Super ~]# ansible windows -m win_command -a "whoami"10.15.97.100 | SUCCESS | rc=0 >>wthost\administrator[root@Super ~]#

• 移动文件

[root@Super ~]# ansible windows -m raw -a "cmd /c 'move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\'"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c 'move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\'[root@Super ~]# ansible windows -m raw -a "cmd /c 'move /y D:\Ansible\product\DBFPlus.exe D:\Ansible\back\DBFPlus.exe'"10.15.97.100 | SUCCESS | rc=0 >>        1 file(s) moved.[root@Super ~]#

移动文件目标端也需要制定到文件，而不能只制定到所在目录位置

[root@Super ~]# ansible windows -m raw -a "cmd /c 'move /y D:\Ansible\product\ D:\Ansible\back\'"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c 'move /y D:\Ansible\product\ D:\Ansible\back\'[root@Super ~]# ansible windows -m raw -a "cmd /c 'move /y D:\Ansible\product\ D:\Ansible\back'"10.15.97.100 | FAILED | rc=1 >>The system cannot find the file specified.non-zero return code[root@Super ~]# ansible windows -m raw -a "cmd /c 'move /y D:\Ansible\product D:\Ansible\back\'"ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: cmd /c 'move /y D:\Ansible\product D:\Ansible\back\'[root@Super ~]# ansible windows -m raw -a "cmd /c 'move /y D:\Ansible\product D:\Ansible\back'"10.15.97.100 | SUCCESS | rc=0 >>        1 dir(s) moved.[root@Super ~]#

移动文件夹源端和目标端目录都不能带反斜杠/。且将源的整个目录移到目的端目录里。

• 创建文件夹

[root@Super ~]# ansible windows -m raw -a "md d:\Ansible\justin"10.15.97.100 | SUCCESS | rc=0 >>    Directory: D:\AnsibleMode                LastWriteTime     Length Name                              ----                -------------     ------ ----                              d----         2018/7/18     20:13            justin                            [root@Super ~]#

• 删除文件或目录

[root@Super ~]# ansible windows -m win_file -a "path=d:\Ansible\justin state=absent"10.15.97.100 | SUCCESS => {    "changed": true}[root@Super ~]#

• 结束某程序

[root@Super ~]# ansible windows -m raw -a "taskkill /F /IM snmp.exe /T"10.15.97.100 | SUCCESS | rc=0 >>SUCCESS: The process with PID 1412 (child process of PID 548) has been terminated.[root@Super ~]#

• 文件传输

[root@Super ~]# ansible windows -m win_copy -a 'src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\soft\'10.15.97.100 | SUCCESS => {    "changed": true,     "checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",     "dest": "'D:\\soft\\zjcfg.zip'",     "operation": "file_copy",     "original_basename": "zjcfg.zip",     "size": 131374,     "src": "/app/svn/127_Client/118919/zjcfg.zip"}[root@Super ~]# ansible windows -m win_copy -a 'src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\ansible\'10.15.97.100 | FAILED! => {    "changed": false,     "checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",     "dest": "'D:\u0007nsible\\zjcfg.zip'",     "msg": "Get-AnsibleParam: Parameter 'dest' has an invalid path 'D:\u0007nsible\\' specified.",     "operation": "file_copy",     "original_basename": "zjcfg.zip",     "size": 131374,     "src": "/app/svn/127_Client/118919/zjcfg.zip"}[root@Super ~]# ansible windows -m win_copy -a 'src=/app/svn/127_Client/118919/zjcfg.zip dest=D:\'10.15.97.100 | SUCCESS => {    "changed": true,     "checksum": "d797ae640e37a1de6bb02b1e7fb435d7919effec",     "dest": "'D:\\zjcfg.zip'",     "operation": "file_copy",     "original_basename": "zjcfg.zip",     "size": 131374,     "src": "/app/svn/127_Client/118919/zjcfg.zip"}[root@Super ~]# ansible windows -m win_copy -a 'src=/app/svn/127_Client/118919/ dest=D:\'10.15.97.100 | SUCCESS => {    "changed": true,     "dest": "D:\\",     "operation": "folder_copy",     "src": "/app/svn/127_Client/118919/"}[root@Super ~]#

目标路径不能含关键词ansible，否则提示无效路径，源使用反斜杠结果将递归传输目录下所有文件，源不一反斜杠结尾将整个目录传输到目标目录下。

• 创建用户

[root@Super ~]# ansible windows -m win_user -a "name=justin passwd=51cto groups=Administrators"10.15.97.100 | SUCCESS => {    "account_disabled": false,     "account_locked": false,     "changed": true,     "description": "",     "fullname": "justin",     "groups": [        {            "name": "Administrators",             "path": "WinNT://WORKGROUP/WTHOST/Administrators"        }    ],     "name": "justin",     "password_expired": true,     "password_never_expires": false,     "path": "WinNT://WORKGROUP/WTHOST/justin",     "sid": "S-1-5-21-4260034264-4268704002-684640490-1001",     "state": "present",     "user_cannot_change_password": false}[root@Super ~]#

• 执行windows下的bat

[root@Super ~]# ansible windows -m win_command -a "chdir=D:\ .\xcopy.bat"10.15.97.100 | SUCCESS | rc=0 >>D:\>md d:\justin [root@Super ~]#

先切换到bat所在目录，再执行bat

更多官方windows模块见：