Ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user, in an elevated mode?

Nahshon paz picture Nahshon paz · Feb 7, 2018 · Viewed 25.7k times · Source

running Ansible 2.4.2 in an offline environment, using kerberos to authenticate,

Via an ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user: DOMAIN\someuser, in an elevated mode?

By elevated mode I mean that in the Windows interface, I'd run the script by login in as DOMAIN\someuser , then by right clicking a cmd or powershell prompt shortcut, choosing "run as administrator". This of course does not mean I can run the script with the local user: "administrator".

What I want to run is:

powershell.exe -executionpolicy bypass -noninteractive -nologo -file "myscript.ps1" 

What I tried in a become.yml:

- name: sigh
  win_command: powershell.exe -executionpolicy bypass -noninteractive -nologo -file "myscript.ps1" 
  become: yes
  become_user: DOMAIN\someuser
  become_password: someuserpassword
  become_method: runas

The script runs, with errors that relate to it not running in elevation. Tried the same with win_shell and raw. Tried without the become_user and become_password (the yml runs with the [email protected] user and password so I don't really know if it's required for become).

I'm dragging through this and finding no reference to a solution via become: http://docs.ansible.com/ansible/latest/become.html

Any ideas?

Answer

Christina A picture Christina A · Feb 8, 2018

I did the following to get it working in my playbook:

- name: Run ps1 script in privileged mode
  hosts: "{{ my_hosts }}"
  become_method: runas

  vars:
    ansible_become_password: mysupersecretpasswrod

  tasks:
    - win_shell: '.\myscript.ps1'
      become: yes
      become_user: Administrator