Due to the nature of Ansible when we work with Windows we no longer use SSH but instead WinRM. The default nature of Ansible is to use SSH, and to resolve this we need to specify the group of Windows servers to use WinRM instead of SSH.

Simple enough but we will need to automate this entire process. When we use CloudForms as a dynamic inventory in Ansible Tower, We can utilize the tags in CloudForms as the basis of groups. So we need to auto tag all the existing Windows servers and new servers that are provisioned with a Windows Tag, and then in Ansible Tower set the variables for WinRM to that group which will be the Tag name given.

First we want to create a tag category

Navigate to the top right drop down Configuration, -> Settings and select CFME Region: at the top of the accordion. then in the right pane select Company Name Categories.

Under Name Click on the first row and put in the following


I changed the Single Value as I may end up using this one later on to do some more specific tasks, so I can have multiple tags like Windows and Win2k16 or Win2k12R2 etc

I also enabled the capture C & U data by tag as I may use this later on also to start to collect specific information on OS versions.

Now Click on the next tab Company Name Tags, select the operating_systems from the Category Drop Down list and add in windows as the name and Windows as the Description, You can see from my example I have added more in for later on.


Now we have our tag we want to setup a Policy Profile to apply them go to Control and Explorer, Click on the Conditions accordion, All Conditions VM and Instance Conditions and from the configuration drop down select Add a New VM Condition

For the Description use Identify and Tag Windows Servers,

Click the pencil icon under Expression choose Tag then select VM and Instance.OS : Product Name, Then change the + in the drop down to Includes and add Windows into the text box then click the tick to save it and save


Screenshot from 2017-08-12 23-31-33.png

Click Add

Click on the Actions -> All Actions and then click on Configuration and Add a new Action For Description put in Tag Windows Servers, Action Type is Tag then expand operating_system and select windows


Click Add

Now Click on Policies -> All Policies -> Control Policies -> Vm Control Policies, Click on Configure and Add a New Vm and Instance Control Policy Set the Description as Auto Tag Windows Servers Policy, make sure the Active option is enabled and click add


Click Configure -> Edit the Policy’s event Assignments, scroll down and select VM Provision Complete and VM Analysis Complete click save


( What we have done here is said to perform this control point when either a VM provision is completed or when we complete an Analysis, I use the Analysis as a way to auto tag the existing boxes )

Next Click back to configuration and select Edit this Policy’s Condition assignments and move over the Identify and Tag Windows Servers from the Condition Selection to the Policy Condition and click save


Next under Identify and tag WIndows Servers you will now see the 2 event assignments we picked VM Analysis Complete and VM Provision Complete


Highlight VM Analysis Complete

Click on Configuration and select Edit Actions for the Policy Event

Under Order of Actions If ALL conditions are True move over Tag Windows Serversadd event.png

Click Save, Do the same for VM Provision Complete so it will end up looking like this

end result.png

Now goto the Policy Profiles

Move VM and Instance Control: Auto Tag Windows Servers Policy over to the Profile Polices side


We should check this does what we want before applying it. Go to an existing Windows VM and click on Policy and then Policy simulation at the top, select the Auto Tag Windows Servers policy and you should see that a green tick  gets displayed on the VM. ( This means this VM meets the conditions and would get tagged )


Now we want to make sure a non Windows VM wont get tagged So do the same but on a non windows box and you will see a red x gets displayed.


Finally we need to enforce this policy, You want to put this as high up as needed, if you have segregated Windows and Linux VM’s to hosts then just enforce it on the hosts that will have WIndows servers, or put it on a cluster or if there is no rule and windows and linux servers coexist, then apply it to the provider. I will put this on the provider as in my Lab I don’t separate them.

Go to Compute ->  Infrastructure -> Providers

Either select the provider or multiple providers and go up to Policy and select Manage Policies.


Select Auto Tag Windows Servers and click Save



To see it actually work now go back to a windows VM and at the bottom right of the page you will see Smart Management and if you haven’t done any tagging it will be empty


If I run a smartstate on this server configuration Perform SmartState Analysis, it will take about a minute to complete

refresh the page and you will see the server has now been tagged as operating_system: Windows


If you provision a new windows server in CloudForms it will also automatically grab this tag, so just set a smart state analysis on all your existing servers and they will be tagged. We now have all Windows servers tagged and we can use this tag for Ansible Tower. Which I will cover in the next part.