Ansible |

March 28, 2017

Ansible - A dynamic inventory for AD

So far, I’ve been keeping separate inventories for different servers based on their role (Fileserver, apps server, etc.). But every time a server is added or changed, I have to manually edit the inventory files - That goes against the name of automation! To remedy this, I’ve written a simple python dynamic inventory script that searches AD for computers in a defined OU. And since all of my VMs are organised by role in separate OUs, I only have to update them in one place. ... Read more

March 20, 2017

Ansible + Windows - Beating the second hop with CredSSP

WinRM - Transport protocols As I alluded to in my previous post, there are a number of different transport protocols to use with winrm, and it was quite good fortune that the docs had caught up as I was playing with them all. The last one on my list was CredSSP, which is probably the best authentication method in my mind! CredSSP CredSSP is a transport protocol that allows us to overcome the ‘second hop’ problem of authenticating to a remote resource from the target server. ... Read more

February 10, 2017

Managing Windows hosts with Ansible - Authenticating

Backstory Managing a Windows environment at a relatively small scale usually means a lot of manually crafted virtual machines. It’s just the nature of the job. The infrastructure doesn’t frequently change, time is stretched and budgets moreso. When every change is manual and the VMs have been in production for a long time, it becomes extremely difficult to ascertain the ‘desired’ state of a server. So how do we know when configuration has drifted enough to cause an issue? ... Read more

© James Booth 2017