Replace WinRM with OpenSSH on Windows for use with Ansible on AWS

Server Fault Asked by Adam C on November 30, 2020

Currently when running extended builds (Packer/Ansible based) on Windows we have found that WinRM has errors so frequently as to be unusable and have had to fall back to running some large build jobs manually as a result. Using a host in AWS as the source of the builds (rather than remote) has helped somewhat, eliminating connectivity as one of the error causes, but the number of failures is excessive and costly, since the builds then restart from scratch even if they have been running for hours.

The Ansible documentation mentions that OpenSSH can be used (at your own risk since it is experimental) for configuring Windows hosts in lieu of WinRM. However, there is little guidance given in terms of how to set this up.

In addition to a suspicion that ssh might be more reliable than WinRM as a connection method for Ansible, using ssh on port 22 would simplify some of our security rules and bring Windows into line with our Linux build hosts from a connectivity perspective. The ideal would be to create a re-usable build job to allow us to create a base AMI (from the official Windows Server 2019 AMI) to act as a new base for our Packer/Ansible jobs. Having never used OpenSSH on Windows, nor attempted to use ssh to connect to Windows with Ansible, if anyone could share a working config or at least pointers that would be very much appreciated.

One Answer

This requires several steps, and you will generally want to update it every so often to get a more recent version of Windows.

Here is a repository on Github which will (in eu-west-1 by default) take the latest official Windows Server 2019 image and install OpenSSH, configure the server, copy keys such that the Administrator user is accessible over ssh, and finally create an AMI which will have ssh available on boot. This build will use WinRM to do the initial work, but once created ssh can be used instead.

Also included is an example of how to use that new base image in an Ansible run (to install some build tools) when connecting via ssh rather than WinRM.

Answered by Adam C on November 30, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP