Install IIS Web server on Windows 2019 via Ansible

This is a lab topology that is used to deploy the IIS Web server via Ansible.

Configure WinRM service.

# Download a script to configure WinRM service on Windows Server 2019
# This script sets up both HTTP and HTTPS listeners with a self-signed certificate # and enables the Basic authentication option on the service # (https://docs.ansible.com/ansible/2.5/user_guide/windows_setup.html)
https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile ConfigureRemotingForAnsible.ps1
# Run the PS file.
powershell -ExecutionPolicy RemoteSigned .\ConfigureRemotingForAnsible.ps1
.\ConfigureRemotingForAnsible.ps1

Check WinRM service is running and WinRM port status is listening.

Get-nettcpconnection -state listen
get-service | where-object {$_.name -like "*WInRM*"}

Check Windows Firewall to make sure only allow WinRM over SSL on 5986 port, instead of using 5985 port.

Get-NetFirewallRule | where {$_.enabled -eq 'True' -and $_.Direction -eq 'Inbound' -and $_.DisplayName -like "*Allow  WinRM*"}

Add Windows Server 2019 IP address into /etc/ansible/hosts.

[Windows2019]
192.168.5.4

Create a new WIndows2019 file under the group_vars directory. Ansible connects to Windows Server 2019 via WinRM over TLS with the listening port is 5986. The file name should be Windows2019.

Create a sample index.html file to copy to the IIS server directory on WIndows server 2019.

<html>
<head>
	<title>Tung Ansible</title> 
</head>
<body>
	<h1 style="background-color:DodgerBlue;"> Use Ansible to install and configure IIS on WIndows 2019</h1> 
	<h3 style="color:Tomato;"> Welcome to Tung's Ansbile Test Page</h3>
	<img src="http://imagefromtheinternet.jpg">
</body>
</html>

Run ansible to check to access Windows server 2019 machine.

ansible Windows2019 -m win_ping
ansible Windows2019 -m setup
Now, we are ready to create an Ansible playbook for automatically installing and configuring the IIS Web server on Windows server 2019. Also, using ansible to retrieve IP address and disable Windows update service on Windows server machine. 
---
- name: Windows Feature
  hosts: Windows2019
  gather_facts: true
#  vars:
#    name:
#     - wuauserv

#  vars:
#    firstname: "ABC"
#    lastname: "XYZ"

  tasks:
    - name: Disable Windows Updates Service
      win_service:
        name: wuauserv
        state: stopped
        enabled: false

    - name: Run ipconfig and return IP address information.
      raw: ipconfig
      register: ipconfig
    - debug: var=ipconfig

#    - name: Reboot
#      win_reboot:
#      when: reboot.reboot_required

# Install and enable IIS on Windows server 2019
    - name: Install IIS
      win_feature:
        name: "Web-Server"
        state: present
        restart: yes
        include_sub_features: yes
        include_management_tools: yes
# Copy the index.html file and rename to ansible.html under C:\inetpub\wwwroot. Must use \\ instead of \ for accessing directory on Windows server.
    - name: Copy index text page
      win_copy:
        src: "files/index.html"
        dest: "C:\\inetpub\\wwwroot\\ansible.html"

Run ansible-playbook with Windows2019 Yaml file.

ansible-playbook Windows2019.yml

Access the website on Windows server 2019.

On Window server 2019.

Check connections on Windows server 2019.