Ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user, in an elevated mode?
running Ansible 2.4.2 in an offline environment, using kerberos to authenticate,
Via an ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user: DOMAIN\someuser, in an elevated mode?
By elevated mode I mean that in the Windows interface, I'd run the script by login in as DOMAIN\someuser , then by right clicking a cmd or powershell prompt shortcut, choosing "run as administrator". This of course does not mean I can run the script with the local user: "administrator".
What I want to run is:
powershell.exe -executionpolicy bypass -noninteractive -nologo -file "myscript.ps1"
What I tried in a become.yml:
- name: sigh
win_command: powershell.exe -executionpolicy bypass -noninteractive -nologo -file "myscript.ps1"
become: yes
become_user: DOMAIN\someuser
become_password: someuserpassword
become_method: runas
The script runs, with errors that relate to it not running in elevation. Tried the same with win_shell and raw. Tried without the become_user and become_password (the yml runs with the [email protected] user and password so I don't really know if it's required for become).
I'm dragging through this and finding no reference to a solution via become: http://docs.ansible.com/ansible/latest/become.html
Any ideas?
Answer
I did the following to get it working in my playbook:
- name: Run ps1 script in privileged mode
hosts: "{{ my_hosts }}"
become_method: runas
vars:
ansible_become_password: mysupersecretpasswrod
tasks:
- win_shell: '.\myscript.ps1'
become: yes
become_user: Administrator