Ansible Certified Content Collection for Chocolatey

August 26, 2020 by Paul Broadwith

It’s a constant battle to keep your Windows estate updated and secure. Using Red Hat Ansible Automation Platform and Chocolatey, you can easily keep your software up-to-date and react quickly to bug fixes, security issues and 0-days on dozens, hundreds or thousands of nodes.

We’re going to take you through three simple steps to show you how simple it is to deploy and update software using Chocolatey and Ansible.

 

Before We Start: Windows Prerequisites

Ansible  uses Winrm by default to communicate with Windows machines. Therefore, we need to ensure we have that enabled by running `Enable-PSRemoting` on the remote Windows computer.

For production use, we recommend enabling HTTPS for WinRM

The code examples shown below are all using the user ‘ansible’ as the default. If you are using a different username, make sure you change it!

 

Step 1: Configure Ansible to use Chocolatey.

We need to install the Chocolatey module so that Ansible can use. The  Chocolatey Ansible Content Collection is called chocolatey:chocolatey and is maintained by the Chocolatey Team. To install the Collection, and therefore the win_chocolatey modules, on your Ansible server, run:

ansible-galaxy collection install chocolatey.chocolatey

That’s all there is to it! Ansible can now work with Chocolatey using the modules in the Collection.

 

Step 2: Install software on a remote computer

Now that we have the win_chocolatey module installed, we can go ahead and install or manage software on our remote computers.

Let’s create a file called `install_notepadplusplus.yml` with the following contents:

---
- hosts: all
  gather_facts: false
  
  vars_prompt:
    - name: password
      prompt: "Enter the password for the node"
  
  vars:
      ansible_user: ansible
      ansible_password: "{{ password }}"
      ansible_connection: winrm
      ansible_winrm_transport: ntlm
      ansible_winrm_server_cert_validation: ignore
  
  tasks:
      - name: Install Notepad++ version 7.8
        win_chocolatey:
          name: notepadplusplus
          version: ‘7.8’

Run `ansible-playbook install_notepadplusplus.yaml -i <ip address>,` (note the comma after the IP address) to install Notepad++ on your remote computer. Note that we are not installing the latest version in this example as we will update to that in the next step.

Once installed, open Notepad++ and press `F1` to ensure we have installed the requested version. 

 

Step 3: Update software on a remote computer

To ensure you always have the latest version of software installed on your computers, you can use Chocolatey to upgrade them. We’ll upgrade to the latest version of Notepad++.

Create a file called `upgrade_notepadplusplus.yml` with the following contents:

---
- hosts: all
  gather_facts: false
  
  vars_prompt:
    - name: password
      prompt: "Enter the password for the node"
  
  vars:
    ansible_user: ansible
    ansible_password: "{{ password }}"
    ansible_connection: winrm
    ansible_winrm_transport: ntlm
    ansible_winrm_server_cert_validation: ignore
  
  tasks:
    - name: Install latest Notepad++
      win_chocolatey:
        name: notepadplusplus
        state: latest

Run `ansible-playbook upgrade_notepadplusplus.yaml -i <ip address>,` (note the comma after the IP address) to update, or install, the latest Notepad++ on your remote computer. Once installed, open Notepad++ and press `F1` to ensure we have installed the latest version. 

 

Next Steps: 

While we have only worked with one remote computer in this blog post, Ansible allows you to replicate this across dozens, hundreds and thousands of remote computers.

Now that you have the Ansible Chocolatey modules installed, you can install, uninstall, update and manage packages on your computers. Other modules in the Chocolatey Ansible  Content Collection give you the ability to manage the configuration, features and sources for Chocolatey itself. You can find more information on the Ansible Galaxy Chocolatey collection page.

Chocolatey has a recommended architecture for organizations, which includes setting up an internal repository. To speed up that process, there is a Quick Deployment Environment that allows you to be up and running with an internal repository with useful packages already loaded, Jenkins for automation and Chocolatey Central Management for reporting in around two hours.

For package management on Windows, Chocolatey is the package manager of choice. Working in harmony with Ansible, you can use it to update and manage your Windows computers in a similar way as you would with Linux.

If you want to see Chocolatey live head over to the recording's from last year's AnsibleFest presentation: Simplify Windows Software packaging and Automation with Chocolatey. And if you want to learn more about the Red Hat Ansible Automation Platform, make sure to register for the upcoming AnsibleFest.

Share:

 

Paul Broadwith

Paul is a DevOps Engineer with a love of PowerShell, Automation, Chocolatey, Scottish single malt whisky and wireless earphones. He has given workshops and spoken at different events across the UK, Europe and the US and has a real passion for passing on knowledge and loves to talk with aspiring techies. His career has seen him work in many sectors for over 25 years. As somebody kindly put it, he's been about a bit. You can find him blogging at https://blog.pauby.com, tweeting at https://twitter.com/pauby and on GitHub at https://github.com/pauby.


rss-icon  RSS Feed

RH-ansible-automation-platform_trial-banner
AnsibleFest-2020-banner-A