run this powershell on windows machine with administrator privileges:

$H=hostname
set-service -name WinRM -StartupType Automatic
Start-Service -Name WinRM
$T=New-SelfSignedCertificate -DnsName $H -CertStoreLocation Cert:\LocalMachine\My |select Thumbprint
$T=$T.Thumbprint
$V="winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=""$H""; CertificateThumbprint=""$T""}'"
$V
invoke-expression $V

winrm e winrm/config/listener


$port=5986
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=$port


winrm configSDDL default

on the server:
/etc/ansible/hosts

add a host in hostfile to get it managed
filename: /etc/ansible/host

[group]
192.168.1.214 ansible_user=pi

test if it works:

ansible group -m ping 192.168.1.214

192.168.1.214 | SUCCESS => {
  "ansible_facts": {
      "discovered_interpreter_python": "/usr/bin/python"
  },
  "changed": false,
  "ping": "pong"
}

hostfile in yaml config - my preferred:

win:
  hosts:
    192.168.1.3:
      ansible_connection: winrm
      #ansible_winrm_cert_pem: /root/cert.pem
      #ansible_winrm_cert_key_pem: /root/cert_key.pem
      ansible_winrm_transport: ntlm
      ansible_user: user
      ansible_password: password
      ansible_winrm_server_cert_validation: ignore

test for windows host

root@u-studio:~# ansible 192.168.1.3 -m win_ping
192.168.1.3 | SUCCESS => {
  "changed": false,
  "ping": "pong"
}

example: myfirstWinPlaybook.yaml

- name: Network Getting Started First Playbook
  connection: ansible.netcommon.network_cli
  gather_facts: false
  hosts: all
  tasks:
      - name: Copy File or Dir
        win_copy:
          src: C:\temp\
          dest: C:\ansible_temp\
          remote_src: yes

create a secret:

ansible-vault create secret (filename secret)

after inserting the passphrase used to protect the file, we can include the password command

ansible_sudo_pass: password123

using a secret inside a playbook:

 hosts: linux
  vars_files:
    - secret
  tasks:
  - name: Upgrade all packages, excluding kernel & foo related packages
    yum:
      name: '*'
      state: latest
      exclude: kernel*,foo*
    become: yes

ansible-playbook –ask-vault-pass upgrade_centos.yml

to get access to vault file without pompting for the pasword: create a file containig the password and the set the following variable with the file's path:

ANSIBLE_VAULT_PASSWORD_FILE=/root/.vault_pass.txt

then issuing the command

ansible-vault view /home/davide/secret

it will show the unencrypted file content on screen.

and call the playbook with this command:

add user:

  - name: Create a login user
     user:
      name: fideloper
      password: '$6$F4NWXRFtSdCi8$DsB5vvMJYusQhSbvGXrYDXL6Xj37MUuqFCd4dGXdKd6NyxT3lpdELN07/Kpo7EjjWnm9zusFg/LLFv6oc.ynu/'
      groups: docker, sudo   # Empty by default.
      state: present
      shell: /bin/bash       # Defaults to /bin/bash
      system: no             # Defaults to no
      createhome: yes        # Defaults to yes
      home: /home/fideloper  # Defaults to /home/<username>

dove passwd è stata creata attraverso la funzione mkpasswd

 mkpasswd --method=sha-512

install firefox:

- hosts: win
  tasks:
  - name: win_package install firefox
    win_package:
      path: \\192.168.1.36\1T\Downloads\Firefox86.0.1.msi
      product_id: 'Mozilla Firefox'
      state: present