From efc6baf596a96c5cc83e03edf13132dbc258e41d Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 13:01:18 +0100 Subject: [PATCH 01/11] Added windows agent --- misc/prepare-windows-agent | 11 +++++++++++ misc/windows-host | 9 +++++++++ training/windows.yml | 20 ++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 misc/prepare-windows-agent create mode 100644 misc/windows-host create mode 100644 training/windows.yml diff --git a/misc/prepare-windows-agent b/misc/prepare-windows-agent new file mode 100644 index 0000000..8644675 --- /dev/null +++ b/misc/prepare-windows-agent @@ -0,0 +1,11 @@ +Ansible WindowsResumen: +1) Poner el Windows de Red Publica a Privada +2) winrm quickconfig -force +3) winrm set winrm/config/service '@{AllowUnencrypted="true"}' +4) winrm set winrm/config/auth '@{Basic="true"}' +5) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true +6) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true +7) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow + + + diff --git a/misc/windows-host b/misc/windows-host new file mode 100644 index 0000000..4c433d0 --- /dev/null +++ b/misc/windows-host @@ -0,0 +1,9 @@ +[windows] +win101 ansible_host=192.168.1.175 + +[windows:vars] +ansible_user=AnsibleNode +ansible_password=ansible +ansible_port=5985 +ansible_connection=winrm +ansible_winrm_server_cert_validation=ignore \ No newline at end of file diff --git a/training/windows.yml b/training/windows.yml new file mode 100644 index 0000000..dae65ac --- /dev/null +++ b/training/windows.yml @@ -0,0 +1,20 @@ +--- +- name: Prueba de conexión a Windows + hosts: windows + tasks: + - name: Hacer ping a máquina + ansible.windows.win_ping: + + - name: run the setup facts + ansible.windows.setup: + + - name: Copy a single file + ansible.windows.win_copy: + src: prueba.txt + dest: C:\Users\vboxuser\Desktop\escritorio.txt + + - name: Copy a single file where the source is on the remote host + ansible.windows.win_copy: + src: C:\Users\vboxuser\Desktop\escritorio.txt + dest: C:\Users\vboxuser\Desktop\escritorioSegundo.txt + remote_src: true \ No newline at end of file From 49f79d0133947b61a1687cbbf2daab0ca3eda420 Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 13:08:58 +0100 Subject: [PATCH 02/11] Try new Basic Auth --- misc/prepare-windows-agent | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misc/prepare-windows-agent b/misc/prepare-windows-agent index 8644675..726f457 100644 --- a/misc/prepare-windows-agent +++ b/misc/prepare-windows-agent @@ -2,7 +2,8 @@ Ansible WindowsResumen: 1) Poner el Windows de Red Publica a Privada 2) winrm quickconfig -force 3) winrm set winrm/config/service '@{AllowUnencrypted="true"}' -4) winrm set winrm/config/auth '@{Basic="true"}' +4.1) winrm set winrm/config/auth '@{Basic="true"}' +4.2) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true 5) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true 6) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true 7) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow From e2e9899eb1262c02e7b29d38119604f1d667bfdc Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 13:11:07 +0100 Subject: [PATCH 03/11] Try new Basic Auth 2 --- misc/prepare-windows-agent | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/misc/prepare-windows-agent b/misc/prepare-windows-agent index 726f457..ace9ec4 100644 --- a/misc/prepare-windows-agent +++ b/misc/prepare-windows-agent @@ -2,8 +2,7 @@ Ansible WindowsResumen: 1) Poner el Windows de Red Publica a Privada 2) winrm quickconfig -force 3) winrm set winrm/config/service '@{AllowUnencrypted="true"}' -4.1) winrm set winrm/config/auth '@{Basic="true"}' -4.2) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true +4) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true 5) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true 6) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true 7) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow From 28e859485887e9db9bdeef9321108e2ee989d879 Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 13:11:37 +0100 Subject: [PATCH 04/11] Try new Basic Auth 3 --- misc/prepare-windows-agent | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/misc/prepare-windows-agent b/misc/prepare-windows-agent index ace9ec4..5b3e396 100644 --- a/misc/prepare-windows-agent +++ b/misc/prepare-windows-agent @@ -1,11 +1,6 @@ Ansible WindowsResumen: 1) Poner el Windows de Red Publica a Privada 2) winrm quickconfig -force -3) winrm set winrm/config/service '@{AllowUnencrypted="true"}' -4) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true -5) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true -6) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true -7) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow - - - +3) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true +4) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true +5) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow \ No newline at end of file From c9190694e3d67dd19214e5bc2c5ae9a0bf168fac Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 13:23:06 +0100 Subject: [PATCH 05/11] added netmasks --- misc/prepare-windows-agent | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/misc/prepare-windows-agent b/misc/prepare-windows-agent index 5b3e396..dcbdcc8 100644 --- a/misc/prepare-windows-agent +++ b/misc/prepare-windows-agent @@ -3,4 +3,12 @@ Ansible WindowsResumen: 2) winrm quickconfig -force 3) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true 4) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true -5) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow \ No newline at end of file +5) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow + + +Configuración estática de Red + +IP: 192.168.11.60 +Mascara: 255.255.255.0 +Puerta de enlace: 192.168.11.0 +DNS: 4.4.4.4 \ No newline at end of file From c6a0550a85ecc6123d282588b9ef6f9d5b553bd8 Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 14:03:04 +0100 Subject: [PATCH 06/11] added netmasks 2 --- training/prueba.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 training/prueba.txt diff --git a/training/prueba.txt b/training/prueba.txt new file mode 100644 index 0000000..869abf3 --- /dev/null +++ b/training/prueba.txt @@ -0,0 +1,9 @@ +Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris egestas interdum sapien, ut interdum enim auctor at. Nam justo nisi, mattis iaculis hendrerit eget, dignissim eget erat. Pellentesque ac cursus ipsum, non lobortis eros. Nam interdum metus in feugiat consequat. Nunc dictum arcu at purus luctus bibendum. Nulla facilisi. Quisque fringilla, odio in elementum imperdiet, magna nulla malesuada libero, et tempor orci lacus et nisi. In eu ex id est posuere tristique ut at eros. Mauris in ante a nisi malesuada sagittis suscipit non metus. + +Duis dignissim turpis ac ante pharetra, sit amet tempus massa mollis. Proin eros quam, efficitur nec semper at, condimentum id dui. Proin mattis arcu nibh, ut tristique risus tempor sed. Duis id est mattis, tristique enim non, feugiat nulla. In sollicitudin lacinia libero, quis vestibulum nulla tempor non. Mauris vitae quam neque. Cras dui felis, ullamcorper vitae ante semper, aliquam suscipit orci. Sed et ipsum purus. In eleifend arcu non diam scelerisque convallis. Ut rutrum felis et cursus viverra. Ut in ligula fermentum, tincidunt diam eget, dapibus leo. Proin purus nulla, tempus eu nulla vel, blandit consectetur tortor. Pellentesque pretium diam semper, maximus elit sit amet, egestas tortor. Ut vel condimentum sem. Suspendisse potenti. Sed augue neque, volutpat a feugiat eu, feugiat ut leo. + +Etiam tincidunt lectus ipsum, sed cursus eros elementum id. Aenean pellentesque finibus odio nec viverra. In efficitur erat nec varius semper. Vestibulum tortor orci, tempor quis pretium quis, rutrum et dolor. Ut ut ornare purus, sed accumsan est. Vivamus commodo, neque vitae venenatis lacinia, nisi libero viverra orci, vel ornare lectus urna quis nunc. Vestibulum sapien mauris, pellentesque at luctus quis, posuere a massa. Integer in enim id erat scelerisque venenatis. Sed odio diam, ullamcorper at urna a, accumsan laoreet nisi. Proin dictum dui augue, et ornare justo egestas sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras tempus accumsan massa, eu imperdiet eros faucibus fermentum. Sed auctor mauris imperdiet bibendum congue. Curabitur sollicitudin tincidunt sapien vel cursus. Suspendisse vitae interdum mauris. + +Proin eros eros, cursus quis vestibulum vulputate, malesuada vitae urna. Aliquam ullamcorper, sem quis pellentesque interdum, ipsum ligula posuere turpis, volutpat ornare est massa quis purus. Nulla a posuere risus. Nunc at turpis vel dui varius sollicitudin ac quis nisl. Vivamus id sodales sapien. Nullam turpis leo, suscipit in mi nec, faucibus consectetur erat. Praesent orci risus, sagittis a mollis in, consequat ac nisi. Nulla ac tellus id massa feugiat condimentum. Nullam auctor ipsum sollicitudin cursus vulputate. Donec at nibh non sem consectetur consectetur ac at ipsum. Cras viverra placerat consectetur. Suspendisse potenti. Donec tempor vel eros quis efficitur. + +Nam feugiat a mi vitae bibendum. Nam rhoncus, turpis ut tristique sodales, nibh risus fermentum erat, non iaculis libero nunc a dolor. Nullam porta nibh sed ligula porta imperdiet ac et augue. Integer consectetur purus at nisi efficitur, nec sodales massa pellentesque. Sed vehicula viverra lacus, ut interdum eros condimentum vel. Nullam feugiat nibh vitae rhoncus volutpat. Nullam risus dui, auctor sit amet sem sit amet, rhoncus lacinia sem. In scelerisque bibendum arcu, ut feugiat libero condimentum accumsan. Nunc porttitor felis at arcu convallis, et aliquet ipsum fermentum. Vestibulum fringilla est enim, a tincidunt enim mollis vitae. Praesent sodales, enim eget bibendum mollis, ligula sapien pretium ex, et suscipit magna nisi nec purus. Vivamus odio nibh, malesuada et efficitur vitae, sagittis sed tellus. \ No newline at end of file From 35147d887baa6a96abdda36e1ce3043693220685 Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 14:05:17 +0100 Subject: [PATCH 07/11] refactored folder --- training/windows.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/training/windows.yml b/training/windows.yml index dae65ac..58b9106 100644 --- a/training/windows.yml +++ b/training/windows.yml @@ -11,10 +11,10 @@ - name: Copy a single file ansible.windows.win_copy: src: prueba.txt - dest: C:\Users\vboxuser\Desktop\escritorio.txt + dest: C:\Users\AnsibleNode\Desktop\escritorio.txt - name: Copy a single file where the source is on the remote host ansible.windows.win_copy: - src: C:\Users\vboxuser\Desktop\escritorio.txt - dest: C:\Users\vboxuser\Desktop\escritorioSegundo.txt + src: C:\Users\AnsibleNode\Desktop\escritorio.txt + dest: C:\Users\AnsibleNode\Desktop\escritorioSegundo.txt remote_src: true \ No newline at end of file From ba66014376bb9eb68c271ab36e71a1a7042864ca Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 14:14:53 +0100 Subject: [PATCH 08/11] readme powershell --- misc/prepare-windows-agent | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 misc/prepare-windows-agent diff --git a/misc/prepare-windows-agent b/misc/prepare-windows-agent deleted file mode 100644 index dcbdcc8..0000000 --- a/misc/prepare-windows-agent +++ /dev/null @@ -1,14 +0,0 @@ -Ansible WindowsResumen: -1) Poner el Windows de Red Publica a Privada -2) winrm quickconfig -force -3) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true -4) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true -5) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow - - -Configuración estática de Red - -IP: 192.168.11.60 -Mascara: 255.255.255.0 -Puerta de enlace: 192.168.11.0 -DNS: 4.4.4.4 \ No newline at end of file From 3e1a363e4a4b722e8e9642104c57efcde31bb9be Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 14:15:34 +0100 Subject: [PATCH 09/11] Added all --- misc/prepare-windows-agent.README.md | 74 ++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 misc/prepare-windows-agent.README.md diff --git a/misc/prepare-windows-agent.README.md b/misc/prepare-windows-agent.README.md new file mode 100644 index 0000000..afce763 --- /dev/null +++ b/misc/prepare-windows-agent.README.md @@ -0,0 +1,74 @@ +# Preparación del Windows Agent para Ansible + +**Descripción**: Este fichero contiene los comandos necesarios para preparar un host Windows para ser gestionado por Ansible usando WinRM (HTTP no cifrado / Autenticación Basic). + +**Requisitos previos en el agent Windows**: +- Windows con PowerShell ejecutándose como administrador. +- Conexión de red que permita acceso al puerto `5985` (WinRM HTTP) des del agente de Ansible. + +**Pasos**: +1. **Cambiar red a privada**: En la configuración de Red de Windows, establecer el perfil de red de "Pública" a "Privada". +2. **Habilitar WinRM**: Ejecutar en PowerShell elevado a nivel administrador: + +```powershell +winrm quickconfig -force +``` + +3. **Permitir autenticación Basic** (necesario si usarás credenciales básicas): + +```powershell +Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true +``` + +4. **Permitir tráfico no cifrado** (si no usas HTTPS/WinRM cifrado): + +```powershell +Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true +``` + +5. **Abrir puerto WinRM en el firewall**: + +```powershell +New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow +``` + +**Notas de seguridad**: +- Habilitar `AllowUnencrypted` y `Basic` significa que las credenciales viajan en claro si no usas túnel/capa adicional. Evítalo en entornos de producción. +- Para un entorno más seguro, configura WinRM sobre HTTPS (puerto 5986) y usa certificados, o usa un túnel VPN/SSH para proteger el tráfico. +- Asegúrate de limitar el acceso al puerto `5985` mediante reglas de firewall o controles de red (IP whitelist). + +**Comprobación**: +- Desde el controlador Ansible (Linux/macOS), prueba conectividad con `winrm` usando un módulo o una tarea `ping` de Ansible, o bien con `Test-NetConnection` desde otro host Windows: + +```powershell +Test-NetConnection -ComputerName -Port 5985 +``` + +**Deshacer/Restaurar**: +- Para deshabilitar Basic auth: + +```powershell +Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $false +``` + +- Para volver a bloquear tráfico no cifrado: + +```powershell +Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $false +``` + +- Para eliminar la regla de firewall creada: + +```powershell +Remove-NetFirewallRule -Name "WinRM HTTP" +``` + +**Comandos antiguos del tirón** +```powershell +Preparación del Windows Agent para Ansible: +1) Poner el Windows de Red Publica a Privada (En configuración de Red) +2) winrm quickconfig -force +3) Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true +4) Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true +5) New-NetFirewallRule -Name "WinRM HTTP" -DisplayName "WinRM HTTP" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow +``` \ No newline at end of file From 9077ce561b4eaa050fc1c87cbc22d8ad64c0fc0c Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 14:32:30 +0100 Subject: [PATCH 10/11] Added all files --- training/windows-delete-files.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 training/windows-delete-files.yml diff --git a/training/windows-delete-files.yml b/training/windows-delete-files.yml new file mode 100644 index 0000000..6b5343e --- /dev/null +++ b/training/windows-delete-files.yml @@ -0,0 +1,13 @@ +--- +- name: Prueba de conexión a Windows + hosts: windows + tasks: + - name: Borrar fichero escritorioSegundo en Windows + ansible.windows.win_file: + path: C:\Users\AnsibleNode\Desktop\escritorioSegundo.txt + state: absent + + - name: Borrar fichero escritorio en Windows + ansible.windows.win_file: + src: C:\Users\AnsibleNode\Desktop\escritorio.txt + state: absent \ No newline at end of file From 8d528d2f6e8fbc3a86f5498f6b34b96a64e1e288 Mon Sep 17 00:00:00 2001 From: Guillem Hernandez Sola Date: Thu, 20 Nov 2025 14:41:00 +0100 Subject: [PATCH 11/11] Added all files 2 --- training/windows-delete-files.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/training/windows-delete-files.yml b/training/windows-delete-files.yml index 6b5343e..8464f77 100644 --- a/training/windows-delete-files.yml +++ b/training/windows-delete-files.yml @@ -4,10 +4,10 @@ tasks: - name: Borrar fichero escritorioSegundo en Windows ansible.windows.win_file: - path: C:\Users\AnsibleNode\Desktop\escritorioSegundo.txt - state: absent + path: C:\Users\AnsibleNode\Desktop\escritorioSegundo.txt + state: absent - name: Borrar fichero escritorio en Windows ansible.windows.win_file: - src: C:\Users\AnsibleNode\Desktop\escritorio.txt - state: absent \ No newline at end of file + path: C:\Users\AnsibleNode\Desktop\escritorio.txt + state: absent \ No newline at end of file