While Ansible started life as a orchestration and configuration as code platform for Linux it's ability to manage Windows systems has been steadily increasing. Working with Ansible and developing playbooks has been somewhat challenging on the Windows platform which likely holds back it's use on that platform. For evidence of this look no farther than the lack of Windows playbooks on Ansible Galaxy. However with the introduction of Windows Subsystem for Linux and expanded Windows support in last year things have become much better. I work in a mixed Windows/Linux environment hosted on an internal VSphere environment (we can't all be cloud-native unicorns). To support that environment and move us to a more sensible 'infrastructure-as-code' configuration, I now do Ansible playbook development for Windows and Linux on an almost daily basis from my Windows 10 workstation.
This guide will get you up and running with Windows Subsystem for Linux, VSCode, Ansible, and Git to do development and testing of Ansible playbooks. Although the Windows Linux Subsystem (i.e. Bash on Windows) is not officially supported by either Microsoft or Ansible, I have used it pretty extensively with Ansible without any issues. The environment I work with daily runs a mixed Linux/Windows infrastructure on VMWare VSphere. So I will also be configuring additional items required to support Kerberos, WinRM, and VMWare for Ansible playbooks.
This guide assumes your workstation meets the following minimal standards:
- Windows 10 Version 1703
- 64-bit installation (can't run on 32-bit systems)
Once you verify your system is 64-bit and up to date, follow these steps to enable the 'Windows Subsystem for Linux':
- Open 'Settings' (the gear in the start menu)
- Click 'Update & Security', then click the 'For developers' option on the left.
- Toggle the 'Developer mode' option, and accept any warnings Windows pops up.
Wait for Windows to install a few things in the background (it will eventually let you know a restart may be required for changes to take effect—ignore that for now). Next, to install the actual Linux Subsystem, you have to jump over to 'Control Panel', and do the following:
- Click on 'Programs'
- Click on 'Turn Windows features on or off'
- Scroll down and check 'Windows Subsystem for Linux (Beta)', and then click OK.
The subsystem will be installed, then Windows will require a reboot. Reboot, then open up the start menu and enter 'bash' (to open up 'Bash' installation in a new command prompt). Answer the prompts to install Ubuntu into the WSL and create your user within WSL (this password does not sync with your Active Directory account, think of WSL as a separate virtual machine), and once that's all done (it takes a few minutes to install), you will finally have Ubuntu running on your Windows laptop, somewhat integrated with Windows.
Now, you may find that networking isn't working properly in WSL, particularly if your workstation uses a VPN for access to a corporate network. Ping a host on the internet to verify connectivity if it's not working see this quick fix.
Installing Ansible on Windows Subsystem for Linux
To begin exploring Ansible as a means of managing our various servers, we need to install the Ansible software in WSL.
The best way to get Ansible for Ubuntu is to add the project's PPA (personal package archive) to your system. We can add the Ansible PPA by typing the following command:
sudo apt-add-repository ppa:ansible/ansible
Press ENTER to accept the PPA addition.
Next, we need to refresh our system's package index so that it is aware of the packages available in the PPA. Then also update all the packages in our WSL to the latest version. Afterwards, we can install Ansible and all it's required supporting packages:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get install ansible
Answer Y when prompted to continue for both upgrades and installation of Ansible. The entire process will take several minutes. There will be some warnings during package upgrading, don't worry about it. In the end, you should see the following output indicating Ansible 2.4.0 or newer is installed.
Next, we're going to take care of getting Pip installed. Pip is a package management system used to install and manage software packages written in Python. Since Ansible is written in Python it makes use of a number of additional packages. Type the following into the command prompt:
sudo apt-get install python-pip
Answer Y when prompted to continue.
Ironically even though we just installed it, it's pretty likely that pip is out of date. So let's update it:
sudo -H pip install --upgrade pip
Then let's add one additional module needed for VMWare interactions:
sudo -H pip install --upgrade pyvmomi
Once that process completes we need to install some required packages for Kerberos.
sudo apt-get install libkrb5-dev
Answer Y when prompted to continue.
We will now use pip to install the python libraries we need for working with Windows servers:
sudo -H pip install pywinrm[kerberos]
Next, we'll install krb5-user to enable Kerberos under WSL:
sudo apt-get install krb5-user
Answer Y when prompted to continue.
WSL will automatically configure the Kerberos environment to use your domain as a realm. We can verify Kerberos is working by authenticating with Active Directory. (This assumes you are on a network with Active Directory).
Enter your password when prompted. Linux should return the command prompt without any output. To verify you have a Kerberos token enter the following command:
You should see output similar to this:
Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: kkolk@CONTOSO.COM Valid starting Expires Service principal 10/27/2017 04:24:38 10/27/2017 14:24:38 krbtgt/CONTOSO.COM@CONTOSO.COM renew until 10/28/2017 04:24:33
Next, we will setup CredSSP. CredSSP authentication can be used to authenticate to Windows with both domain and local accounts. It allows credential delegation to do second hop authentication on a remote host by sending an encrypted form of the credentials to the remote host using the CredSSP protocol. Enter the following command:
sudo -H pip install pywinrm[credssp]
We're done! At this point, we have a working Ansible environment that can interact with both Linux and Windows servers for management.
Setting up VSCode as an Ansible IDE
VS Code will leverage your machine's Git installation, so you need to install Git first before you can use it within VSCode. Make sure you install at least version 2.0.0. You can download Git here during setup do the following:
- Chose the option to use the Native Windows Secure Channel Library so that our AD certificates will work without warnings.
- Select Check-out AS IS, commit Unix style line endings during setup since we are working on a cross-platform (Windows/Linux) project.
- All other settings can remain on defaults.
Click here download VSCode. If that link no longer works visit https://code.visualstudio.com/ for the latest version. Install VSCode using the downloaded setup file, you can choose if you want to "Open with Code" actions to your context menu (I recommend it).
Once setup open VSCode. It should open to the Welcome screen.
VSCode can be customized in a number of ways, but for now, we'll concentrate on getting it setup for Ansible development. Click on Tools and Languages to get started. The Extensions marketplace will open on the left. The search box will automatically be populated with the following text:
Add ansible to the end of that text and install the Microsoft Ansible extension. This will get us some syntax highlighting.
Now we are going to reconfigure VSCode to use our Windows Subsystem for Linux as it's terminal so that we can easily test out Ansible playbooks in within our IDE.
In the settings search bar, type terminal.integrated.shell.windows (or whatever gets you far enough long)
Find the setting in the actual settings file, use Edit (mouse over the line, it will be on the left: on a touch screen without a mouse, you should be able to simply tap to the left of the line), and select Replace in Settings.
In the right pane, modify the entry created in the modified JSON file: replace the previous Powershell setting with:
Now there is one last adjustment to make, VSCode defaults its tab size to 4 and while YAML has no specific indentation requirements, Style-wise Ansible playbook universally seem to tab size of 2. So let's adjust that.
In the next line of our settings file add the following:
Close and save the settings.json with CTRL+F4 or clicking on the close tab.
Now press CTRL+` to open the terminal, you should now have a bash terminal as shown below.
You are all set and ready to get started working with VSCode as an IDE for developing playbooks for Ansible on Windows. Below is a test run showing Ansible running a simple playbook against a windows host from within VSCode.
You should be versioning everything including your Ansible playbooks. Get in the practice now while you are learning and the workflow will become second nature. For versioning and change tracking, you can use any source code management system (SCM), but I highly recommend Git to manage your infrastructure code. If you don't have a centralized SCM, that you at least get started with a local one which Git is a perfect choice for. There's a guide on Git with Visual Studio Code how to create a local repository on The Register, which also covers a variety of other possible providers.