bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-07-31 18:52:16 -06:00
parent 9611254dac
commit c52ae15e07
1 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md Normal file
View File

@ -0,0 +1,40 @@
**Purpose**: You will need to enable secure WinRM management of the Windows devices you are running playbooks against, as compared to the Linux devices. The following powershell script needs to be ran on every Windows device you intend to run Ansible playbooks on:
``` powershell
# Script to configure WinRM over HTTPS on the Hyper-V host
# Ensure WinRM is enabled
Write-Host "Enabling WinRM..."
winrm quickconfig -force
# Generate a self-signed certificate (Optional: Use your certificate if you have one)
$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "hyperv-host.local"
$certThumbprint = $cert.Thumbprint
# Delete existing HTTPS listener if it exists
Write-Host "Removing existing HTTPS listener if it exists..."
$existingListener = (winrm enumerate winrm/config/listener | Select-String -Pattern "Transport=HTTPS")
if ($existingListener) {
winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
}
# Create a new HTTPS listener
Write-Host "Creating a new HTTPS listener..."
$listenerCmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"hyperv-host.local`"; CertificateThumbprint=`"$certThumbprint`"}'"
Invoke-Expression $listenerCmd
# Set TrustedHosts to allow connections from the Ansible control node
# Replace "ansible_control_node_ip" with the IP address of your Ansible control node
$trustedHosts = "ansible_control_node_ip"
Write-Host "Setting TrustedHosts to $trustedHosts..."
winrm set winrm/config/client '@{TrustedHosts="' + $trustedHosts + '"}'
# Enable the firewall rule for WinRM over HTTPS
Write-Host "Enabling firewall rule for WinRM over HTTPS..."
$existingFirewallRule = Get-NetFirewallRule -DisplayName "WinRM HTTPS" -ErrorAction SilentlyContinue
if (-not $existingFirewallRule) {
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" -DisplayName "WinRM HTTPS" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5986 -RemoteAddress Any -Action Allow
}
Write-Host "Configuration complete. The Hyper-V host is ready for remote management over HTTPS."
```