From a6f585eb6290c5b05666fd8798105a4fe132284a Mon Sep 17 00:00:00 2001 From: Alicia Cozine <879121+acozine@users.noreply.github.com> Date: Tue, 27 Aug 2019 17:05:12 -0500 Subject: [PATCH] remove the word "support" from Windows pages, add Windows Server 2019 (#61404) * remove support from Windows pages, add Windows Server 2019 * jborean feedback * Removed CBT info Removed the CBT note about what transports Ansible actually supports. We've worked with both NTLM and Kerberos for a while now. --- docs/docsite/rst/user_guide/windows_faq.rst | 23 +++++++++---------- docs/docsite/rst/user_guide/windows_setup.rst | 15 +++++------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/docs/docsite/rst/user_guide/windows_faq.rst b/docs/docsite/rst/user_guide/windows_faq.rst index b9cb2ca90ce..6f2b5112911 100644 --- a/docs/docsite/rst/user_guide/windows_faq.rst +++ b/docs/docsite/rst/user_guide/windows_faq.rst @@ -12,14 +12,14 @@ their answers. Does Ansible work with Windows XP or Server 2003? `````````````````````````````````````````````````` -Ansible does not support managing Windows XP or Server 2003 hosts. The -supported operating system versions are: +Ansible does not work with Windows XP or Server 2003 hosts. Ansible does work with these Windows operating system versions: * Windows Server 2008 * Windows Server 2008 R2 * Windows Server 2012 * Windows Server 2012 R2 * Windows Server 2016 +* Windows Server 2019 * Windows 7 * Windows 8.1 * Windows 10 @@ -29,7 +29,7 @@ Ansible also has minimum PowerShell version requirements - please see Can I manage Windows Nano Server with Ansible? `````````````````````````````````````````````` -Windows Nano Server is not currently supported by Ansible, since it does +Ansible does not currently work with Windows Nano Server, since it does not have access to the full .NET Framework that is used by the majority of the modules and internal components. @@ -64,16 +64,16 @@ installed version and then clone the git repo. Can I use SSH keys to authenticate to Windows hosts? ```````````````````````````````````````````````````` -SSH keys are not supported when using the WinRM or PSRP connection plugins. -These connection plugins support X509 certificates for authentication instead -of the SSH key pairs that SSH supports. +You cannot use SSH keys with the WinRM or PSRP connection plugins. +These connection plugins use X509 certificates for authentication instead +of the SSH key pairs that SSH uses. The way X509 certificates are generated and mapped to a user is different from the SSH implementation; consult the :ref:`windows_winrm` documentation for more information. -Ansible 2.8 has added experimental support for using the SSH connection plugin, -which supports authentication with SSH keys, to connect to Windows servers. See :ref:`this question ` +Ansible 2.8 has added an experimental option to use the SSH connection plugin, +which uses SSH keys for authentication, for Windows servers. See :ref:`this question ` for more information. .. _windows_faq_winrm: @@ -109,9 +109,8 @@ Some ways to bypass these restrictions are to: * Use ``win_psexec`` to run a command on the host. PSExec does not use WinRM and so will bypass any of the restrictions. -* To access network resources without any of these workarounds, an - authentication option that supports credential delegation can be used. Both - CredSSP and Kerberos with credential delegation enabled can support this. +* To access network resources without any of these workarounds, you can use + CredSSP or Kerberos with credential delegation enabled. See :ref:`become` more info on how to use become. The limitations section at :ref:`windows_winrm` has more details around WinRM limitations. @@ -165,7 +164,7 @@ and there is no equivalent Windows module available. Can I connect to Windows hosts over SSH? ```````````````````````````````````````` -Ansible 2.8 has added experimental support for using the SSH connection plugin +Ansible 2.8 has added an experimental option to use the SSH connection plugin to manage Windows hosts. To connect to Windows hosts over SSH, you must install and configure the `Win32-OpenSSH `_ fork that is in development with Microsoft on the Windows host(s). While most of the basics should work with SSH, diff --git a/docs/docsite/rst/user_guide/windows_setup.rst b/docs/docsite/rst/user_guide/windows_setup.rst index d2807d8f95a..2ac1833caef 100644 --- a/docs/docsite/rst/user_guide/windows_setup.rst +++ b/docs/docsite/rst/user_guide/windows_setup.rst @@ -12,9 +12,9 @@ Host Requirements For Ansible to communicate to a Windows host and use Windows modules, the Windows host must meet these requirements: -* Ansible's supported Windows versions generally match those under current - and extended support from Microsoft. Supported desktop OSs include - Windows 7, 8.1, and 10, and supported server OSs are Windows Server 2008, +* Ansible can generally manage Windows versions under current + and extended support from Microsoft. Ansible can manage desktop OSs including + Windows 7, 8.1, and 10, and server OSs including Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019. * Ansible requires PowerShell 3.0 or newer and at least .NET 4.0 to be @@ -302,7 +302,7 @@ options are: * ``Service\AllowUnencrypted``: This option defines whether WinRM will allow traffic that is run over HTTP without message encryption. Message level - encryption is only supported when ``ansible_winrm_transport`` is ``ntlm``, + encryption is only possible when ``ansible_winrm_transport`` is ``ntlm``, ``kerberos`` or ``credssp``. By default this is ``false`` and should only be set to ``true`` when debugging WinRM messages. @@ -313,9 +313,7 @@ options are: * ``Service\Auth\CbtHardeningLevel``: Specifies whether channel binding tokens are not verified (None), verified but not required (Relaxed), or verified and required (Strict). CBT is only used when connecting with NTLM or Kerberos - over HTTPS. The downstream libraries that Ansible currently uses only support - passing the CBT with NTLM authentication. Using Kerberos with - ``CbtHardeningLevel = Strict`` will result in a ``404`` error. + over HTTPS. * ``Service\CertificateThumbprint``: This is the thumbprint of the certificate used to encrypt the TLS channel used with CredSSP authentication. By default @@ -440,8 +438,7 @@ Windows host. Windows SSH Setup ````````````````` -Ansible 2.8 has added experimental support for using SSH to connect to a -Windows host. +Ansible 2.8 has added an experimental SSH connection for Windows managed nodes. .. warning:: Use this feature at your own risk!