Ansible on mojave works A1. Winrm is enabled on the windows 10 home machine. I have setup a windows update play that reboots the machine. The problem is it reboots but then i have to login manually.
Maybe someone has an idea on how to automate that part ? is there a module that i could use ?
- name: Install windows updates
win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- UpdateRollups
reboot: yes
look at :
https://learn.microsoft.com/en-us/sysinternals/downloads/autologon
Its a bit of a hack, but it does permit a user to autologon, in unattended mode.
I usually simply copy the autologon exec to 'Program Files' (ansible module win_copy), and then run it with CLI params (using ansible-vault of course; the password is hashed in the win registry... not super secure, but for my use-case, it is sufficient):
- name: Sync the contents of autologon directory
win_robocopy:
src: "E:\\install_packages\\Autologon"
dest: "C:\\Program Files\\Autologon"
- name: Configure autologon
win_command: "C:\\Program Files\\Autologon.exe <username> <domain> <password>"
Related
I feel frustated to find out if ansible module vmware_vm_shell is possible to run powershell as administrator? because few command that need to run with powershell has to be elevated to administrator role.
Why i didn't use win_shell, or win_psexec? Because i want to try run the command in Windows VM Guest, without WinRM, so i don't need to access the VM using IPaddr, otherwise we can utilize vmtools as a connection in this case.
- name: Initiate New Disk
vmware_vm_shell:
hostname: "{{ lookup ('env', 'VMWARE_HOST' )}}"
username: "{{ lookup ('env', 'VMWARE_USER' )}}"
password: "{{ lookup ('env', 'VMWARE_PASSWORD' )}}"
vm_id: "{{ vmname }}"
vm_username: "administrator"
vm_password: "password123"
vm_shell: 'C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe'
vm_shell_args: '-ExecutionPolicy Bypass -command "Initialize-Disk -Number {{newdisk_osnum}}"'
vm_shell_cwd: 'C:\Users\administrator\Desktop'
wait_for_process: yes
validate_certs: no
delegate_to: localhost
register: initdisk_shell
Finally, after few days full of pain, I found the way out, in ansible tower has feature to Privilege Escalation option in the job template configuration. after I enabled this option, finally vmware_vm_shell is able to run powershell command as administrator. So, I don't need to run command using winRM which have to disable few option that cause few vulnerability
I am working on a simple playbook that will ultimately be able to start/stop/restart windows services and I ran into an issue:
fatal: [mspdbwn1w01]: FAILED! => {
"msg": "The powershell shell family is incompatible with the sudo become plugin"
}
Below is the playbook:
- name: Add Host
hosts: localhost
connection: local
strategy: linear
tasks:
- name: Add Temp Host
add_host:
name: "{{ win_client }}"
group: temp
- name: Target Server
connection: winrm
hosts: temp
tasks:
- name: Stop a service
win_service:
name: "{{ service }}"
state: stopped
Google hasn't been much help, and I've tried everything I could find, every variation of become*.
I don't know if it matters, but due to the nature of the environment I work in, I have 2 separate users to log into *nix hosts vs. windows hosts.
Any assistance or guideance would be greatly appreciated.
Your system seems to use sudo as the default become method, which is not compatible with PowerShell. For Windows (and PowerShell), you can use runas as the become method. Add:
become_method: runas
to your playbook or task. You can get a list of all available become methods with:
ansible-doc -t become -l
Example:
doas Do As user
dzdo Centrify's Direct Authorize
enable Switch to elevated permissions on a network device
ksu Kerberos substitute user
machinectl Systemd's machinectl privilege escalation
pbrun PowerBroker run
pfexec profile based execution
pmrun Privilege Manager run
runas Run As user
sesu CA Privileged Access Manager
su Substitute User
sudo Substitute User DO
You can view the documentation for a particular become method with:
ansible-doc -t become runas
If you still get erros, pay attention to the error message, as it most probably is a different one. Using privilege escalation requires the definition of a username and a password for this purpose, for example.
So, the scenario is:
I have a mini computer (running Ubuntu server 18.04) that is accessible using SSH from my local machine.
Attached to the mini computer is a sensor device that is connected via USB, but accessed from the mini computer using SSH with root#x.x.x.x (no password) and is running a stripped back form of Linux.
I need to copy a config file onto the device, (and am able to do this from the mini computer using SCP successfully), but want to be able to do this from my local machine using Ansible as there will be hundreds of these to setup, each with different configurations.
The Ansible role looks like this:
- name: "Copy config file to mini PC"
template:
src: config.json.j2
dest: "{{ pc_config_path}}"
- name: "Copy config file from mini PC to sensor
command: "scp {{ pc_config_path}} root#{{ device_ip_addr }}:{{ device_config_path }}"
become: yes
The first task executes successfully, but the second one just hangs.
I've tried shell and raw, and even creating a bash script and running that without success.
Not sure if this is a security limitation, but would like to find a solution. So any ideas would help.
Thanks.
Figured out the scp command was waiting for a response to add the device to the list of known_hosts
Updated the task to
- name: "Copy gnd.json from PC to v2x unit"
command: "scp -oStrictHostKeyChecking=no {{ pc_config_path }} root#{{ device_ip_addr }}:{{ device_config_path }}"
And everything worked
I am new to Ansible. Trying to copy some files to remote machine.
I am able to copy to remote server's tmp folder, but not able to copy to a particular users folder.
I think it is possible if we can switch to that particular user. But I am not able to do so using playbook.
Please help me on this.
Regards,
KP
This is a permission issue. The user which you use to connect to the host does not have permissions to write to that other users folder.
If you have access to that users account (e.g. your ssh key is accepted) you can simply define the user per task through remote_user:
- copy: src=...
dest=...
remote_user: <SET_OWNER_HERE>
If you do not have access, you can use the sudo flag to execute a task with root permissions. But make sure you set the permissions correctly or the user might not be able to read/write those files:
- copy: src=...
dest=...
owner=<SET_OWNER_HERE>
group=<SET_GROUP_HERE>
mode=0644
sudo: yes
Also, you can define the username as which the sudo command is executed with sudo_user:
- copy: src=...
dest=...
sudo: yes
sudo_user: <SET_OWNER_HERE>
If sudo requires a password from you, you have to provide it or the task will hang forever without any error message.
You can define this globally in the ansible.cfg:
ask_sudo_pass=True
Or pass the option when you call your playbook:
ansible-playbook ... --ask-sudo-pass
We want to deploy an application on a Windows Server 2012 with Ansible 1.8.2.
I have searched and found a list of modules for Windows. Is there a module to execute a .exe?
Did someone already launch a .exe on Windows with Ansible?
The raw module can work, as others have suggested. One challenge is that it won't "know" if the executable has already been run before. In combination with the win_stat module and the when conditional, you can build a script that detects if something has been installed and runs if not installed. For example, I wanted to install the MSBuild development tools:
- name: Check to see if MSBuild is installed
win_stat: path='C:\Program Files (x86)\MSBuild\12.0\Bin\MSBuild.exe'
register: msbuild_installed
- name: Download MS Build Tools 2013
win_get_url:
url: 'http://download.microsoft.com/download/9/B/B/9BB1309E-1A8F-4A47-72A3B3/BuildTools_Full.exe'
dest: 'c:\temp\BuildTools_Full.exe'
when: not msbuild_installed.stat.exists
- name: Install MS Build Tools 2013
raw: 'c:\temp\BuildTools_Full.exe /Quiet /NoRestart /Full'
when: not msbuild_installed.stat.exists
Note that I found the command line arguments for BuildTools_Full.exe by manually running
.\BuildTools_Full.exe /h
The documentation says 'Note there are a few other Ansible modules that don’t start with “win” that also function, including “slurp”, “raw”, and “setup” (which is how fact gathering works).' (http://docs.ansible.com/intro_windows.html), so I would assume that the 'raw' module (http://docs.ansible.com/raw_module.html) should work (I have no Windows VM currently available to play around):
So please try a playbook with:
- raw: <your .exe>
or an Ansible adhoc command:
ansible <your server> -m raw -a '<your .exe>'
There´s another way (and modules) which is not so obvious in the first place: the win_service module combined with the win_nssm module.
As sfuqua already mentioned, most of the time you want to know the "state" of your application - e.g. if it was already installed, is currently running, stopped and so on. Therefore the concept of a Windows service is a very good solution. And it´s very easy to get such a service through the usage of the Non-Sucking Service Manager (nssm).
With the Ansible win_nssm module that´s a cakewalk:
- name: Install & start application as Windows service (via nssm)
win_nssm:
name: "your_app_name"
application: "{{path_to_your_apps_exe}}"
state: restarted
Now we have a real Windows service and can manipulate the state with the help of the win_service module, just as we are used to from applications running on Linux:
- name: Control app Windows service
win_service:
name: "your_app_name"
state: stopped
This approach frees us of the need to use the raw module (which has some disadvantages, like disabling change handler support) and the troubles to write and maintain scripts for this simple task.
As mentioned here, you can use win_command. But if you need to run an interactive .exe, you may need to run it through PsExec. An example Playbook can then look like this:
- name: Test PsExec
hosts: windows
tasks:
- name: Copy PsExec
win_copy:
src: <WORKING_FOLDER>/PsExec.exe
dest: "{{ ansible_user_dir }}/Desktop/PsExec.exe"
force: no
- name: Run Windows Calculator
win_command: "{{ ansible_user_dir }}/Desktop/psexec.exe -accepteula -nobanner -i 1 -s calc.exe"
register: output
- debug: var=output
I have resolved the issue with psexec
In the Playbook
- name: test raw module
hosts: Windows
gather_facts: false
tasks:
- name: Stop process 01
script: startProcess.ps1
And startProcess.ps1
#Creating the credential for the invoke-command.
$strScriptUser = "COMPUTERNAME\USer"
$strPass = "PASSWORD"
$PSS = ConvertTo-SecureString $strPass -AsPlainText -Force
$cred = new-object system.management.automation.PSCredential $strScriptUser,$PSS
#Invoke-Command to call the psexec to start the application.
invoke-command -Computer "." -Scriptblock {
c:\AnsibleTest\ps\psexec.exe -accepteula -d -h -i 1 -u COMPUTERNAME\USER -p PASSWORD PATH_TO_THE_EXE\PROGRAM.EXE
} -Credential $cred
You need to install the psexec in the remote PC. Switches for the psexec