StackStorm and Ansible on Windows
StackStorm provides integrations with tools such as Docker, AWS, Ansible and many more. These integrations or integration packs allow StackStorm to interact with tools and platforms that are commonly used in IT environments. In this post we’re going to cover integrating StackStorm and a Windows server via Ansible as opposed to utilizing the experimental Windows runner.
Windows Configuration
We’ll start by configuring our Windows host to support the Ansible connection over WinRM.
Allow the execution of all PowerShell scripts by running the following command in a PowerShell prompt.
Set-ExecutionPolicy Unrestricted
Run the PowerShell script to configure the Windows host to allow Ansible connections. https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
.ConfigureRemotingForAnsible.ps1
Stackstorm Configuration
We need to install the community provided Ansible pack on an existing installation of StackStorm. StackStorm is configured by default to lookup packs from the community repo to retrieve integration packs.
The following commands need to be run from the command line of the StackStorm host.
Install Ansible StackStorm Pack
st2 run packs.install packs=ansible
Now that the Ansible pack has been installed we need to add the pywinrm pack to allow Ansible to utilize WinRM to communicate with our Windows host instead of SSH.
Install pywinrm
st2 run ansible.command_local args="pip install "pywinrm>=0.1.1""
Now that we’ve got Ansible and pywinrm installed on our Stackstorm instance we need to add our Windows host (IP Address or DNS Name) to the Ansible inventory file to communicate with it.
Add an entry to the inventory file for the Windows host
By default the inventory file is located at /etc/ansible/hosts.
[windows]
winserver1.example.com
We now need to add the credentials for the Windows host to Ansible in order to run commands via Ansible. Our configuration utilizes a non-domain joined Windows host.
We add the credentials to the /etc/ansible/group_vars/windows.yml variable file.
Add user credentials to the windows group variables file
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_user: Administrator
ansible_password: SecretPasswordGoesHere
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore
Now with all the configuration in place we can now run a command against our Windows host to test that Ansible is connecting to the host correctly.
Run the “win_ping” command from the command line to perform an ansible ping of the Windows host.
st2 run ansible.command module_name="win_ping" hosts="windows"
The command should display output similar to that below.
id: 57ed7b61dcf876397df17b8e
status: succeeded
parameters:
hosts: windows
module_name: win_ping
result:
failed: false
return_code: 0
stderr: ''
stdout: "192.168.1.138 | SUCCESS => {
"changed": false,
"ping": "pong"
}"
succeeded: true
References
Windows Ansible Configuration
http://docs.ansible.com/ansible/intro_windows.html
Ansible PowerShell Configuration Script
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1