Running powershell script from ansible playbook

[skinnedknuckles]

Control node:

• CentOS 7
  
• Ansible 2.1
  

Remote node:

• Windows 7
  
• Powershell 3.0
  

I have a powershell script (warning.ps1) on my remote node that runs fine when I double click on it.  I also have a copy of the powershell script in my control node playbook directory.  As I understand, the following play ought to run the powershell script

---
- name: test warning
  hosts: windows
  tasks:
  - name: warning
    script: warning.ps1

Here's what I get when I run the playbook...

[ansmgr@dhcp1-60-20 playbooks]$ ansible-playbook warning_powershell.yml -vvvv
No config file found; using defaults
Loaded callback default of type stdout, v2.0

PLAYBOOK: warning_powershell.yml ***********************************************
1 plays in warning_powershell.yml

PLAY [test warning] ************************************************************

TASK [warning] *****************************************************************
task path: /etc/ansible/playbooks/warning_powershell.yml:6
<ADS-6999> ESTABLISH WINRM CONNECTION FOR USER: ansibleAdmin on PORT 5985 TO ADS-6999
<ADS-6999> EXEC Set-StrictMode -Version Latest
(New-Item -Type Directory -Path $env:temp -Name "ansible-tmp-1463494972.72-265383630304564").FullName | Write-Host -Separator '';
<ADS-6999> PUT "/etc/ansible/playbooks/warning.ps1" TO "C:\Users\ansibleAdmin\AppData\Local\Temp\ansible-tmp-1463494972.72-265383630304564\warning.ps1"
<ADS-6999> EXEC &  'C:\Users\ansibleAdmin\AppData\Local\Temp\ansible-tmp-1463494972.72-265383630304564\warning.ps1'
<ADS-6999> EXEC Set-StrictMode -Version Latest
Remove-Item "C:\Users\ansibleAdmin\AppData\Local\Temp\ansible-tmp-1463494972.72-265383630304564" -Force -Recurse;
changed: [ADS-6999] => {"changed": true, "invocation": {"module_args": {"_raw_params": "warning.ps1"}, "module_name": "script"}, "rc": 0, "stderr": "", "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************
ADS-6999                   : ok=1    changed=1    unreachable=0    failed=0  

It seems like the script is getting copied to a temporary directory but is not executing.  I have also tried using raw: but that doesn't work either and I'd prefer to use script:

[Matt Davis]

That all looks correct- I'm assuming your script has output that you're not seeing in stdout/stderr? What should it be doing?

[skinnedknuckles]

Warning.ps1 contains "Invoke-Item C:\Temp\warning.exe"  warning.exe is a .dot net console program that just displays a warning message on the screen of the computer for 15 seconds and then closes.

[Matt Davis]

WinRM runs in an isolated session- you won't generally be able to do things that display stuff to an interactive user. There are ways to hack around it, but it's not generally accepted and Microsoft makes it harder with each Windows release.

[skinnedknuckles]

Very interesting.  The process shows up in task manager for exactly 15 seconds just as it should but the console is nowhere to be found.  I'd like to know if anyone knows a way around this.

On Tuesday, May 17, 2016 at 9:57:06 AM UTC-5, skinnedknuckles wrote:

[Matt Davis]

Yeah- it's displaying on a headless winstation, not a user-interactive one (by Windows/WinRM design). There are various hacks to get around it, but none of them are foolproof (you can't make assumptions about which session is interactive, or which user might see it in the case of multiple). Microsoft will tell you "don't do it", especially for a service you don't own (eg, WinRM). More info at: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx - the stuff on WTSSendMessage() might be of interest to you as a workaround, though you still have to figure out which user(s)/sessions you want to notify...

[J Hawkesworth]

May be worth taking a step back and letting us know what you are trying to achieve?

If you are trying to alert users you might be able to do something like this:

ansible windowsboxes -m raw -a 'msg "*" /SERVER:LOCALHOST /W /TIME:2 "This is a test message, please ignore"'

Hope this helps,

Jon

[Jonathan Anderson]

Yes, that is exactly what I was looking for.  Just a way to inform the user that a new software deployment is about to begin.

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/3SnMdiTHp4U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d7949946-ebfd-4cb9-aca4-af71cb4ddc62%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[J Hawkesworth]

Glad that helps.

We've discovered recently that having users logged in during deployments sometimes causes failures due to file and process locking.

If anyone has a good way of kicking off interactive users (from windows hosts) via ansible please share it.

Jon

[Kai Stian Olstad]

On 18. mai 2016 17:08, 'J Hawkesworth' via Ansible Project wrote:
> We've discovered recently that having users logged in during deployments
> sometimes causes failures due to file and process locking.
>
> If anyone has a good way of kicking off interactive users (from windows
> hosts) via ansible please share it.

Maybe you can just do a shutdown?
"shutdown - Allows you to shut down or restart a local or remote
computer. Used without parameters, shutdown will logoff the current user."

You might have to use "shutdown -lf"


--
Kai Stian Olstad

[J Hawkesworth]

Thanks for this, I'll give it a try.

Jon