Running powershell script from ansible playbook

3,488 views
Skip to first unread message

skinnedknuckles

unread,
May 17, 2016, 10:57:06 AM5/17/16
to Ansible Project
Control node:
  • CentOS 7
  • Ansible 2.1
Remote node:
  • Windows 7
  • Powershell 3.0

I have a powershell script (warning.ps1) on my remote node that runs fine when I double click on it.  I also have a copy of the powershell script in my control node playbook directory.  As I understand, the following play ought to run the powershell script

---
- name: test warning
  hosts: windows
  tasks:
  - name: warning
    script: warning.ps1


Here's what I get when I run the playbook...

[ansmgr@dhcp1-60-20 playbooks]$ ansible-playbook warning_powershell.yml -vvvv
No config file found; using defaults

Loaded callback default of type stdout, v2.0

PLAYBOOK: warning_powershell.yml ***********************************************
1 plays in warning_powershell.yml

PLAY [test warning] ************************************************************

TASK [warning] *****************************************************************

task path: /etc/ansible/playbooks/warning_powershell.yml:6
<ADS-6999> ESTABLISH WINRM CONNECTION FOR USER: ansibleAdmin on PORT 5985 TO ADS-6999
<ADS-6999> EXEC Set-StrictMode -Version Latest
(New-Item -Type Directory -Path $env:temp -Name "ansible-tmp-1463494972.72-265383630304564").FullName | Write-Host -Separator '';
<ADS-6999> PUT "/etc/ansible/playbooks/warning.ps1" TO "C:\Users\ansibleAdmin\AppData\Local\Temp\ansible-tmp-1463494972.72-265383630304564\warning.ps1"
<ADS-6999> EXEC &  'C:\Users\ansibleAdmin\AppData\Local\Temp\ansible-tmp-1463494972.72-265383630304564\warning.ps1'
<ADS-6999> EXEC Set-StrictMode -Version Latest
Remove-Item "C:\Users\ansibleAdmin\AppData\Local\Temp\ansible-tmp-1463494972.72-265383630304564" -Force -Recurse;

changed: [ADS-6999] => {"changed": true, "invocation": {"module_args": {"_raw_params": "warning.ps1"}, "module_name": "script"}, "rc": 0, "stderr": "", "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************
ADS-6999                   : ok=1    changed=1    unreachable=0    failed=0  


It seems like the script is getting copied to a temporary directory but is not executing.  I have also tried using raw: but that doesn't work either and I'd prefer to use script:

Matt Davis

unread,
May 17, 2016, 11:21:28 AM5/17/16
to Ansible Project
That all looks correct- I'm assuming your script has output that you're not seeing in stdout/stderr? What should it be doing?

skinnedknuckles

unread,
May 17, 2016, 11:25:45 AM5/17/16
to Ansible Project
Warning.ps1 contains "Invoke-Item C:\Temp\warning.exe"  warning.exe is a .dot net console program that just displays a warning message on the screen of the computer for 15 seconds and then closes.

Matt Davis

unread,
May 17, 2016, 12:22:14 PM5/17/16
to Ansible Project
WinRM runs in an isolated session- you won't generally be able to do things that display stuff to an interactive user. There are ways to hack around it, but it's not generally accepted and Microsoft makes it harder with each Windows release.

skinnedknuckles

unread,
May 17, 2016, 12:34:01 PM5/17/16
to Ansible Project
Very interesting.  The process shows up in task manager for exactly 15 seconds just as it should but the console is nowhere to be found.  I'd like to know if anyone knows a way around this.


On Tuesday, May 17, 2016 at 9:57:06 AM UTC-5, skinnedknuckles wrote:

Matt Davis

unread,
May 17, 2016, 3:02:04 PM5/17/16
to Ansible Project
Yeah- it's displaying on a headless winstation, not a user-interactive one (by Windows/WinRM design). There are various hacks to get around it, but none of them are foolproof (you can't make assumptions about which session is interactive, or which user might see it in the case of multiple). Microsoft will tell you "don't do it", especially for a service you don't own (eg, WinRM). More info at: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx - the stuff on WTSSendMessage() might be of interest to you as a workaround, though you still have to figure out which user(s)/sessions you want to notify...

J Hawkesworth

unread,
May 18, 2016, 5:22:23 AM5/18/16
to Ansible Project
May be worth taking a step back and letting us know what you are trying to achieve?

If you are trying to alert users you might be able to do something like this:

ansible windowsboxes -m raw -a 'msg "*" /SERVER:LOCALHOST /W /TIME:2 "This is a test message, please ignore"'

Hope this helps,

Jon

Jonathan Anderson

unread,
May 18, 2016, 10:58:57 AM5/18/16
to ansible...@googlegroups.com
Yes, that is exactly what I was looking for.  Just a way to inform the user that a new software deployment is about to begin.

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/3SnMdiTHp4U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d7949946-ebfd-4cb9-aca4-af71cb4ddc62%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

J Hawkesworth

unread,
May 18, 2016, 11:08:59 AM5/18/16
to Ansible Project
Glad that helps.

We've discovered recently that having users logged in during deployments sometimes causes failures due to file and process locking.

If anyone has a good way of kicking off interactive users (from windows hosts) via ansible please share it.

Jon

Kai Stian Olstad

unread,
May 18, 2016, 11:30:11 AM5/18/16
to ansible...@googlegroups.com
On 18. mai 2016 17:08, 'J Hawkesworth' via Ansible Project wrote:
> We've discovered recently that having users logged in during deployments
> sometimes causes failures due to file and process locking.
>
> If anyone has a good way of kicking off interactive users (from windows
> hosts) via ansible please share it.

Maybe you can just do a shutdown?
"shutdown - Allows you to shut down or restart a local or remote
computer. Used without parameters, shutdown will logoff the current user."

You might have to use "shutdown -lf"


--
Kai Stian Olstad

J Hawkesworth

unread,
May 19, 2016, 11:27:32 AM5/19/16
to Ansible Project, ansible-pr...@olstad.com
Thanks for this, I'll give it a try.
Jon
Reply all
Reply to author
Forward
0 new messages