Can I use Ansible playbooks to manage Windows servers?

In the dynamic landscape of IT infrastructure management, Ansible has emerged as a powerful automation tool, predominantly known for its prowess in handling Linux environments. However, a common query arises among IT professionals: "Can I use Ansible playbooks to manage Windows servers?" This article aims to provide a comprehensive answer to this question, delving into the compatibility, capabilities, and steps involved in leveraging Ansible for Windows server management.

Compatibility Check:

Before diving into the practical aspects, let's address the initial concern: Ansible's compatibility with Windows servers. Historically designed for Unix-like systems, Ansible has made significant strides to accommodate Windows environments. With the introduction of the Windows Subsystem for Linux (WSL) and Windows PowerShell support, Ansible is now equipped to seamlessly manage Windows servers.

Installing Ansible on Windows:
To embark on the journey of managing Windows servers with Ansible, start by installing Ansible on a machine that will serve as the control node. Windows users can use WSL or install Ansible directly on a Linux-based machine. The following commands showcase a simple installation on Ubuntu:
```
sudo apt update
sudo apt install ansible
```
Configuring Ansible for Windows:
After installation, configure Ansible to work with Windows machines. Update the Ansible configuration file (ansible.cfg) to include necessary settings such as the inventory file and remote user. A snippet of the configuration might look like this:
```
[defaults]
inventory = /path/to/your/inventory
remote_user = your_windows_username
```
Creating an Inventory File:
The inventory file is crucial for Ansible to know which servers it should manage. Specify the IP addresses or hostnames of your Windows servers in this file. Here's a minimal example:
```
[windows_servers]
192.168.1.100
192.168.1.101
```
Ensure that these servers are reachable and that WinRM (Windows Remote Management) is properly configured on them.
Using WinRM for Communication:
Ansible communicates with Windows servers via WinRM. Ensure that WinRM is enabled and properly configured on your Windows servers. Use the following PowerShell commands to enable WinRM:
```
Enable-PSRemoting -Force
```
Additionally, allow basic authentication for WinRM:
```
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true
```

Step-by-Step Instructions:

Write Your First Ansible Playbook for Windows:
Create a simple Ansible playbook to perform a basic task on Windows servers. For example, let's create a playbook to install a package using PowerShell:
```
---
- name: Install Notepad++
  hosts: windows_servers
  tasks:
    - name: Install Notepad++
      win_chocolatey:
        name: notepadplusplus
        state: present
```
Execute the playbook using the following command:
```
ansible-playbook your_playbook.yaml
```
Exploring Ansible Modules for Windows:
Ansible provides a rich set of modules for Windows automation. Explore modules such as win_command, win_shell, and win_file for executing commands, running PowerShell scripts, and managing files on Windows servers.
```
---
- name: Execute PowerShell Script
  hosts: windows_servers
  tasks:
    - name: Run PowerShell Script
      win_shell: |
        Write-Output "Hello from Ansible!"
```

More Examples:

Managing Windows Services:
Use Ansible to start, stop, or restart services on Windows servers.

---
- name: Manage Windows Services
  hosts: windows_servers
  tasks:
    - name: Restart Service
      win_service:
        name: your_service_name
        state: restarted

Configuring Windows Firewall:
Leverage Ansible to manage Windows Firewall settings.

---
- name: Configure Windows Firewall
  hosts: windows_servers
  tasks:
    - name: Allow Incoming Traffic on Port 80
      win_firewall_rule:
        name: Allow HTTP
        localport: 80
        action: allow