Collections in the Ansible Namespace
+These are the collections documented here in the ansible namespace.
+ +' + + '' + + _("Hide Search Matches") + + "
" + ) + ); + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords: () => { + document + .querySelectorAll("#searchbox .highlight-link") + .forEach((el) => el.remove()); + document + .querySelectorAll("span.highlighted") + .forEach((el) => el.classList.remove("highlighted")); + localStorage.removeItem("sphinx_highlight_terms") + }, + + initEscapeListener: () => { + // only install a listener if it is really needed + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) return; + + document.addEventListener("keydown", (event) => { + // bail for input elements + if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return; + // bail with special keys + if (event.shiftKey || event.altKey || event.ctrlKey || event.metaKey) return; + if (DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS && (event.key === "Escape")) { + SphinxHighlight.hideSearchWords(); + event.preventDefault(); + } + }); + }, +}; + +_ready(() => { + /* Do not call highlightSearchWords() when we are on the search page. + * It will highlight words from the *previous* search query. + */ + if (typeof Search === "undefined") SphinxHighlight.highlightSearchWords(); + SphinxHighlight.initEscapeListener(); +}); diff --git a/tag/2.3.0/collections/ansible/index.html b/tag/2.3.0/collections/ansible/index.html new file mode 100644 index 00000000..e41c5815 --- /dev/null +++ b/tag/2.3.0/collections/ansible/index.html @@ -0,0 +1,166 @@ + + + + + + + +These are the collections documented here in the ansible namespace.
+ +Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.async_status
.
This module gets the status of an asynchronous task.
Parameter |
+Comments |
+
---|---|
+ | Job or task identifier + |
+
+ | If If Choices: +
|
+
See also
+The official documentation on the ansible.builtin.async_status module.
+- name: Asynchronous yum task
+ ansible.windows.win_command: my.exe
+ async: 1000
+ poll: 0
+ register: long_cmd
+
+- name: Wait for asynchronous job to end
+ ansible.builtin.async_status:
+ jid: '{{ long_cmd.ansible_job_id }}'
+ register: job_result
+ until: job_result.finished
+ retries: 100
+ delay: 10
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The asynchronous job id +Returned: success +Sample: |
+
+ | Path to erased job file +Returned: when file is erased + |
+
+ | Whether the asynchronous job has finished ( Returned: always +Sample: |
+
+ | Whether the asynchronous job has started ( Returned: always +Sample: |
+
+ | Any errors returned by async_wrapper +Returned: always + |
+
+ | Any output returned by async_wrapper +Returned: always + |
+
Collection version 2.3.0
+ +Ansible collection for core Windows plugins.
+Authors:
+Jordan Borean @jborean93
Matt Davis @nitzmahone
Supported ansible-core versions:
+2.14 or newer
Matrix room #windows:ansible.im
: General usage and support questions.
IRC channel #ansible-windows
(Libera network):
+General usage and support questions.
These are the plugins in the ansible.windows collection:
+async_status module – Obtain status of asynchronous task
setup module – Gathers facts about remote hosts
slurp module – Slurps a file from remote nodes
win_acl module – Set file/directory/registry/certificate permissions for a system user or group
win_acl_inheritance module – Change ACL inheritance
win_certificate_store module – Manages the certificate store
win_command module – Executes a command on a remote Windows node
win_copy module – Copies files to remote locations on windows hosts
win_dns_client module – Configures DNS lookup on Windows hosts
win_domain module – Ensures the existence of a Windows domain
win_domain_controller module – Manage domain controller/member server state for a Windows host
win_domain_membership module – Manage domain/workgroup membership for a Windows host
win_dsc module – Invokes a PowerShell DSC configuration
win_environment module – Modify environment variables on windows hosts
win_feature module – Installs and uninstalls Windows Features on Windows Server
win_file module – Creates, touches or removes files or directories
win_find module – Return a list of files based on specific criteria
win_get_url module – Downloads file from HTTP, HTTPS, or FTP to node
win_group module – Add and remove local groups
win_group_membership module – Manage Windows local group membership
win_hostname module – Manages local Windows computer name
win_optional_feature module – Manage optional Windows features
win_owner module – Set owner
win_package module – Installs/uninstalls an installable package
win_path module – Manage Windows path environment variables
win_ping module – A windows version of the classic ping module
win_powershell module – Run PowerShell scripts
win_reboot module – Reboot a windows machine
win_reg_stat module – Get information about Windows registry keys
win_regedit module – Add, change, or remove registry keys and values
win_service module – Manage and query Windows services
win_service_info module – Gather information about Windows services
win_share module – Manage Windows shares
win_shell module – Execute shell commands on target hosts
win_stat module – Get information about Windows files
win_tempfile module – Creates temporary files and directories
win_template module – Template a file out to a remote server
win_updates module – Download and install Windows updates
win_uri module – Interacts with webservices
win_user module – Manages local Windows user accounts
win_user_right module – Manage Windows User Rights
win_wait_for module – Waits for a condition before continuing
win_whoami module – Get information about the current user and process
quote filter – Quotes argument(s) for various Windows shells
See also
+List of collections with docs hosted here.
+Note
+This filter plugin is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.quote
.
Quotes argument(s) for the various Windows command line shells.
Defaults to escaping arguments based on the Win32 C argv parsing rules that ansible.windows.win_command uses.
Using shell=’cmd’ or shell=’powershell’ can be set to escape arguments for those respective shells.
Each value is escaped in a way to ensure the process gets the literal argument passed in and meta chars escaped.
This describes the input of the filter, the value before | ansible.windows.quote
.
Parameter |
+Comments |
+
---|---|
+ | The string, list, or dict of values to quote. +A string or list of strings will be quoted. +When using a dict as the input, the final form will be in |
+
This describes keyword parameters of the filter. These are the values key1=value1
, key2=value2
and so on in the following
+example: input | ansible.windows.quote(key1=value1, key2=value2, ...)
Parameter |
+Comments |
+
---|---|
+ | The shell to quote the arguments for. +By default no shell is used and the arguments are quoted with the Win32 C quoting rules. +Choices: +
|
+
See also
+Executes a command on a remote Windows node.
+Execute shell commands on target hosts.
+- name: Escape an argument for win_command
+ ansible.windows.win_command:
+ cmd: my.exe {{ argument1 | ansible.windows.quote }}
+
+- name: Escape an argument for PowerShell
+ ansible.windows.win_shell: |
+ $var = {{ argument1 | ansible.windows.quote(shell='powershell') }}
+ Write-Host $var
+
Key |
+Description |
+
---|---|
+ | The quoted input value(s) as a single space delimited string. +Returned: success + |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.setup
.
This module is automatically called by playbooks to gather useful variables about remote hosts that can be used in playbooks. It can also be executed directly by /usr/bin/ansible
to check what variables are available to a host. Ansible provides many facts about the system, automatically.
Parameter |
+Comments |
+
---|---|
+ | For internal use +Choices: +
|
+
+ | Path used for local ansible facts ( The returned fact will be named after the local file (without the extension suffix), e.g. |
+
+ | If supplied, restrict the additional facts collected to the given subset. +Can specify a list of values to specify a larger subset. +Values can also be used with an initial To avoid collecting even the min subset, specify To collect only specific facts, use Default: |
+
+ | Set the default timeout in seconds for individual fact gathering. +Default: |
+
Note
+More ansible facts will be added with successive releases. If facter is installed, variables from these programs will also be snapshotted into the JSON file for usage in templating. These variables are prefixed with facter_
so it’s easy to tell their source. All variables are bubbled up to the caller.
Some facts may be unavailable if running under a limited account.
For more information about delegated facts, please check https://docs.ansible.com/ansible/latest/user_guide/playbooks_delegation.html#delegating-facts.
See also
+The official documentation on the ansible.builtin.setup module.
+- name: run the setup facts
+ ansible.builtin.setup:
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.slurp
.
This module works like ansible.builtin.fetch. It is used for fetching a base64- encoded blob containing the data in a remote file.
Parameter |
+Comments |
+
---|---|
+ | The file on the remote system to fetch. This must be a file, not a directory. + |
+
Note
+This module returns an ‘in memory’ base64 encoded version of the file, take into account that this will require at least twice the RAM as the original file size.
See also
+The official documentation on the ansible.builtin.fetch module.
+The official documentation on the ansible.builtin.slurp module.
+- name: Retrieve remote ini file on a Windows host
+ ansible.builtin.slurp:
+ src: C:\Program Files\Program\program.ini
+ register: program_conf
+
+- name: Print returned information
+ ansible.builtin.debug:
+ msg: "{{ program_conf['content'] | b64decode }}"
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Encoded file content +Returned: success +Sample: |
+
+ | Type of encoding used for file +Returned: success +Sample: |
+
+ | Actual path of file slurped +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_acl_inheritance
.
Change ACL (Access Control List) inheritance and optionally copy inherited ACE’s (Access Control Entry) to dedicated ACE’s or vice versa.
Parameter |
+Comments |
+
---|---|
+ | Path to be used for changing inheritance +Support for registry keys have been added in |
+
+ | For For Choices: +
|
+
+ | Specify whether to enable present or disable absent ACL inheritance. +Choices: +
|
+
See also
+Set file/directory/registry/certificate permissions for a system user or group.
+Creates, touches or removes files or directories.
+Get information about Windows files.
+- name: Disable inherited ACE's
+ ansible.windows.win_acl_inheritance:
+ path: C:\apache
+ state: absent
+
+- name: Disable and copy inherited ACE's
+ ansible.windows.win_acl_inheritance:
+ path: C:\apache
+ state: absent
+ reorganize: true
+
+- name: Enable and remove dedicated ACE's
+ ansible.windows.win_acl_inheritance:
+ path: C:\apache
+ state: present
+ reorganize: true
+
+- name: Disable registry key inherited ACE's
+ ansible.windows.win_acl_inheritance:
+ path: HKLM:\SOFTWARE\Secrets
+ state: absent
+
+- name: Disable and copy registry key inherited ACE's
+ ansible.windows.win_acl_inheritance:
+ path: HKLM:\SOFTWARE\Secrets
+ state: absent
+ reorganize: true
+
+- name: Enable and remove registry key dedicated ACE's
+ ansible.windows.win_acl_inheritance:
+ path: HKLM:\SOFTWARE\Secrets
+ state: present
+ reorganize: true
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_acl
.
Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameter |
+Comments |
+
---|---|
+ | Follow the symlinks and junctions to apply the ACLs to the target instead of the link. +Choices: +
|
+
+ | Inherit flags on the ACL rules. +Can be specified as a comma separated list, e.g. For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. +Defaults to Choices: +
|
+
+ | The path to the file or directory. + |
+
+ | Propagation flag on the ACL rules. +For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. +Choices: +
|
+
+ | The rights/permissions that are to be allowed/denied for the specified user or group for the item at If If If path is a certificate key, rights can be |
+
+ | Specify whether to add Choices: +
|
+
+ | Specify whether to allow or deny the rights specified. +Choices: +
|
+
+ | User or Group to add specified rights to act on src file/folder or registry key. + |
+
Note
+If adding ACL’s for AppPool identities, the Windows Feature “Web-Scripting-Tools” must be enabled.
See also
+Change ACL inheritance.
+Creates, touches or removes files or directories.
+Set owner.
+Get information about Windows files.
+- name: Restrict write and execute access to User Fed-Phil
+ ansible.windows.win_acl:
+ user: Fed-Phil
+ path: C:\Important\Executable.exe
+ type: deny
+ rights: ExecuteFile,Write
+
+- name: Add IIS_IUSRS allow rights
+ ansible.windows.win_acl:
+ path: C:\inetpub\wwwroot\MySite
+ user: IIS_IUSRS
+ rights: FullControl
+ type: allow
+ state: present
+ inherit: ContainerInherit, ObjectInherit
+ propagation: 'None'
+
+- name: Set registry key right
+ ansible.windows.win_acl:
+ path: HKCU:\Bovine\Key
+ user: BUILTIN\Users
+ rights: EnumerateSubKeys
+ type: allow
+ state: present
+ inherit: ContainerInherit, ObjectInherit
+ propagation: 'None'
+
+- name: Remove FullControl AccessRule for IIS_IUSRS
+ ansible.windows.win_acl:
+ path: C:\inetpub\wwwroot\MySite
+ user: IIS_IUSRS
+ rights: FullControl
+ type: allow
+ state: absent
+ inherit: ContainerInherit, ObjectInherit
+ propagation: 'None'
+
+- name: Deny Intern
+ ansible.windows.win_acl:
+ path: C:\Administrator\Documents
+ user: Intern
+ rights: Read,Write,Modify,FullControl,Delete
+ type: deny
+ state: present
+
+- name: Set certificate private key FullControl to IIS_IUSRS
+ ansible.windows.win_acl:
+ path: Cert:\LocalMachine\My\168ba8c488463f88c6648466a22484b6189e165f
+ user: IIS_IUSRS
+ type: allow
+ state: present
+ rights: FullControl
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_certificate_store
.
Used to import/export and remove certificates and keys from the local certificate store.
This module is not used to create certificates and will only manage existing certs as a file or in the store.
It can be used to import PEM, DER, P7B, PKCS12 (PFX) certificates and export PEM, DER and PKCS12 certificates.
Parameter |
+Comments |
+
---|---|
+ | The file type to export the certificate as when
When Choices: +
|
+
+ | Whether to allow the private key to be exported. +If Used when Choices: +
|
+
+ | Specifies where Windows will store the private key when it is imported. +When set to When set to When set to Used when See https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509keystorageflags.aspx for more details. +Choices: +
|
+
+ | The password of the pkcs12 certificate key. +This is used when reading a pkcs12 certificate file or the password to set when If the pkcs12 file has no password set or no password should be set on the exported file, do not set this option. + |
+
+ | The path to a certificate file. +This is required when state is When state is |
+
+ | If If If When exporting a certificate, if path is a directory then the module will fail, otherwise the file will be replaced if needed. +Choices: +
|
+
+ | The store location to use when importing a certificate or searching for a certificate. +Can be set to Defaults to Must be set to any service name when Default: |
+
+ | The store name to use when importing a certificate or searching for a certificate. +
Default: |
+
+ | The store type to manage. +Use Use Choices: +
|
+
+ | The thumbprint as a hex string to either export or remove. +See the examples for how to specify the thumbprint. + |
+
Note
+Some actions on PKCS12 certificates and keys may fail with the error the specified network password is not correct
, either use CredSSP or Kerberos with credential delegation, or use become
to bypass these restrictions.
The certificates must be located on the Windows host to be set with path.
When importing a certificate for usage in IIS, it is generally required to use the machine
key_storage option, as both default
and user
will make the private key unreadable to IIS APPPOOL identities and prevent binding the certificate to the https endpoint.
- name: Import a certificate
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pem
+ state: present
+
+- name: Import pfx certificate that is password protected
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pfx
+ state: present
+ password: VeryStrongPasswordHere!
+ become: true
+ become_method: runas
+
+- name: Import pfx certificate without password and set private key as un-exportable
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pfx
+ state: present
+ key_exportable: false
+ # usually you don't set this here but it is for illustrative purposes
+ vars:
+ ansible_winrm_transport: credssp
+
+- name: Remove a certificate based on file thumbprint
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pem
+ state: absent
+
+- name: Remove a certificate based on thumbprint
+ ansible.windows.win_certificate_store:
+ thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
+ state: absent
+
+- name: Remove certificate based on thumbprint is CurrentUser/TrustedPublishers store
+ ansible.windows.win_certificate_store:
+ thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
+ state: absent
+ store_location: CurrentUser
+ store_name: TrustedPublisher
+
+- name: Export certificate as der encoded file
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.cer
+ state: exported
+ file_type: der
+
+- name: Export certificate and key as pfx encoded file
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pfx
+ state: exported
+ file_type: pkcs12
+ password: AnotherStrongPass!
+ become: true
+ become_method: runas
+ become_user: SYSTEM
+
+- name: Import certificate be used by IIS
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pfx
+ file_type: pkcs12
+ password: StrongPassword!
+ store_location: LocalMachine
+ key_storage: machine
+ state: present
+ become: true
+ become_method: runas
+ become_user: SYSTEM
+
+- name: Import certificate to be used for LDAPS
+ ansible.windows.win_certificate_store:
+ path: C:\Temp\cert.pfx
+ password: StrongPassword!
+ store_type: service
+ store_location: NTDS
+ key_exportable: false
+ key_storage: machine
+ state: present
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | A list of certificate thumbprints that were touched by the module. +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_command
.
The win_command
module takes the command name followed by a list of space-delimited arguments.
The given command will be executed on all selected nodes. It will not be processed through the shell, so variables like $env:HOME
and operations like "<"
, ">"
, "|"
, and ";"
will not work (use the ansible.windows.win_shell module if you need these features).
For non-Windows targets, use the ansible.builtin.command module instead.
Parameter |
+Comments |
+
---|---|
+ | The This is mutually exclusive with the There is no parameter actually named ‘_raw_params’. See the examples! + |
+
+ | A list that contains the executable and arguments to run. +The module will attempt to quote the arguments specified based on the Win32 C command-line argument rules. +Not all applications use the same quoting rules so the escaping may not work, for those scenarios use |
+
+ | Set the specified path as the current working directory before executing a command. + |
+
+ | The command and arguments to run. +This is mutually exclusive with the |
+
+ | A path or path filter pattern; when the referenced path exists on the target host, the task will be skipped. + |
+
+ | This option overrides the encoding of stdout/stderr output. +You can use this option when you need to run a command which ignore the console’s codepage. +You should only need to use this option in very rare circumstances. +This value can be any valid encoding |
+
+ | A path or path filter pattern; when the referenced path does not exist on the target host, the task will be skipped. + |
+
+ | Set the stdin of the command directly to the specified value. + |
+
Note
+If you want to run a command through a shell (say you are using <
, >
, |
, etc), you actually want the ansible.windows.win_shell module instead. The ansible.windows.win_command module is much more secure as it’s not affected by the user’s environment.
creates
, removes
, and chdir
can be specified after the command. For instance, if you only want to run a command if a certain file does not exist, use this.
Do not try to use the older style free form format and the newer style cmd/argv format. See the examples for how both of these formats are defined.
See also
+The official documentation on the ansible.builtin.command module.
+The official documentation on the community.windows.psexec module.
+The official documentation on the ansible.builtin.raw module.
+The official documentation on the community.windows.win_psexec module.
+Execute shell commands on target hosts.
+# Older style using the free-form and args format. The command is on the same
+# line as the module and 'args' is used to define the options for win_command.
+- name: Save the result of 'whoami' in 'whoami_out'
+ ansible.windows.win_command: whoami
+ register: whoami_out
+
+- name: Run command that only runs if folder exists and runs from a specific folder
+ ansible.windows.win_command: wbadmin -backupTarget:C:\backup\
+ args:
+ chdir: C:\somedir\
+ creates: C:\backup\
+
+- name: Run an executable and send data to the stdin for the executable
+ ansible.windows.win_command: powershell.exe -
+ args:
+ stdin: Write-Host test
+
+# Newer style using module options. The command and other arguments are
+# defined as module options and are indended like another other module.
+- name: Run the 'whoami' executable with the '/all' argument
+ ansible.windows.win_command:
+ cmd: whoami.exe /all
+
+- name: Run executable in 'C:\Program Files' with a custom chdir
+ ansible.windows.win_command:
+ # When using cmd, the arguments need to be quoted manually
+ cmd: '"C:\Program Files\My Application\run.exe" "argument 1" -force'
+ chdir: C:\Windows\TEMP
+
+- name: Run executable using argv and have win_command escape the spaces as needed
+ ansible.windows.win_command:
+ # When using argv, each entry is quoted in the module
+ argv:
+ - C:\Program Files\My Application\run.exe
+ - argument 1
+ - -force
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The command executed by the task +Returned: always +Sample: |
+
+ | The command execution delta time +Returned: always +Sample: |
+
+ | The command execution end time +Returned: always +Sample: |
+
+ | changed +Returned: always +Sample: |
+
+ | The command return code (0 means success) +Returned: always +Sample: |
+
+ | The command execution start time +Returned: always +Sample: |
+
+ | The command standard error +Returned: always +Sample: |
+
+ | The command standard error split in lines +Returned: always +Sample: |
+
+ | The command standard output +Returned: always +Sample: |
+
+ | The command standard output split in lines +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_copy
.
The win_copy
module copies a file on the local box to remote windows locations.
For non-Windows targets, use the ansible.builtin.copy module instead.
Note
+This module has a corresponding action plugin.
+Parameter |
+Comments |
+
---|---|
+ | Determine whether a backup should be created. +When set to No backup is taken when Choices: +
|
+
+ | When used instead of This is for simple values, for anything complex or with formatting please switch to the ansible.windows.win_template module. + |
+
+ | This option controls the autodecryption of source files using vault. +Choices: +
|
+
+ | Remote absolute path where the file should be copied to. +If Use \ for path separators or \\ when in “double quotes”. +If If If |
+
+ | If set to If set to If set to Choices: +
|
+
+ | This flag indicates that filesystem links in the source tree, if they exist, should be followed. +Choices: +
|
+
+ | If If Choices: +
|
+
+ | Local path to a file to copy to the remote server; can be absolute or relative. +If path is a directory, it is copied (including the source folder name) recursively to If path is a directory and ends with “/”, only the inside contents of that directory are copied to the destination. Otherwise, if it does not end with “/”, the directory itself with all contents is copied. +If path is a file and dest ends with “\”, the file is copied to the folder with the same filename. +Required unless using |
+
Note
+Currently win_copy does not support copying symbolic links from both local to remote and remote to remote.
It is recommended that backslashes \
are used instead of /
when dealing with remote paths.
Because win_copy runs over WinRM, it is not a very efficient transfer mechanism. If sending large files consider hosting them on a web service and using ansible.windows.win_get_url instead.
When using become with a user that is not an Administrator, the remote temp directory must be set to one that is accessible to both the become and connection user with ansible_remote_tmp
. See the examples for more information.
See also
+The official documentation on the ansible.builtin.assemble module.
+The official documentation on the ansible.builtin.copy module.
+Downloads file from HTTP, HTTPS, or FTP to node.
+The official documentation on the community.windows.win_robocopy module.
+- name: Copy a single file
+ ansible.windows.win_copy:
+ src: /srv/myfiles/foo.conf
+ dest: C:\Temp\renamed-foo.conf
+
+- name: Copy a single file, but keep a backup
+ ansible.windows.win_copy:
+ src: /srv/myfiles/foo.conf
+ dest: C:\Temp\renamed-foo.conf
+ backup: yes
+
+- name: Copy a single file keeping the filename
+ ansible.windows.win_copy:
+ src: /src/myfiles/foo.conf
+ dest: C:\Temp\
+
+- name: Copy folder to C:\Temp (results in C:\Temp\temp_files)
+ ansible.windows.win_copy:
+ src: files/temp_files
+ dest: C:\Temp
+
+- name: Copy folder contents recursively
+ ansible.windows.win_copy:
+ src: files/temp_files/
+ dest: C:\Temp
+
+- name: Copy a single file where the source is on the remote host
+ ansible.windows.win_copy:
+ src: C:\Temp\foo.txt
+ dest: C:\ansible\foo.txt
+ remote_src: true
+
+- name: Copy a folder recursively where the source is on the remote host
+ ansible.windows.win_copy:
+ src: C:\Temp
+ dest: C:\ansible
+ remote_src: true
+
+- name: Set the contents of a file
+ ansible.windows.win_copy:
+ content: abc123
+ dest: C:\Temp\foo.txt
+
+- name: Copy a single file as another user
+ ansible.windows.win_copy:
+ src: NuGet.config
+ dest: '%AppData%\NuGet\NuGet.config'
+ vars:
+ ansible_become_user: user
+ ansible_become_password: pass
+ # The tmp dir must be set when using win_copy as another user
+ # This ensures the become user will have permissions for the operation
+ # Make sure to specify a folder both the ansible_user and the become_user have access to (i.e not %TEMP% which is user specific and requires Admin)
+ ansible_remote_tmp: 'c:\tmp'
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Name of the backup file that was created. +Returned: if backup=yes +Sample: |
+
+ | SHA1 checksum of the file after running copy. +Returned: success, src is a file +Sample: |
+
+ | Destination file/path. +Returned: changed +Sample: |
+
+ | Whether a single file copy took place or a folder copy. +Returned: success +Sample: |
+
+ | Basename of the copied file. +Returned: changed, src is a file +Sample: |
+
+ | Size of the target, after execution. +Returned: changed, src is a file +Sample: |
+
+ | Source file used for the copy on the target machine. +Returned: changed +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_dns_client
.
The ansible.windows.win_dns_client module configures the DNS client on Windows network adapters.
Parameter |
+Comments |
+
---|---|
+ | Adapter name or list of adapter names for which to manage DNS settings (’*’ is supported as a wildcard value). +The adapter name used is the connection caption in the Network Control Panel or the InterfaceAlias of |
+
+ | Single or ordered list of DNS servers (IPv4 and IPv6 addresses) to configure for lookup. +An empty list will configure the adapter to use the DHCP-assigned values on connections where DHCP is enabled, or disable DNS lookup on statically-configured connections. +IPv6 DNS servers can only be set on Windows Server 2012 or newer, older hosts can only set IPv4 addresses. + |
+
- name: Set a single address on the adapter named Ethernet
+ ansible.windows.win_dns_client:
+ adapter_names: Ethernet
+ dns_servers: 192.168.34.5
+
+- name: Set multiple lookup addresses on all visible adapters (usually physical adapters that are in the Up state), with debug logging to a file
+ ansible.windows.win_dns_client:
+ adapter_names: '*'
+ dns_servers:
+ - 192.168.34.5
+ - 192.168.34.6
+ log_path: C:\dns_log.txt
+
+- name: Set IPv6 DNS servers on the adapter named Ethernet
+ ansible.windows.win_dns_client:
+ adapter_names: Ethernet
+ dns_servers:
+ - '2001:db8::2'
+ - '2001:db8::3'
+
+- name: Configure all adapters whose names begin with Ethernet to use DHCP-assigned DNS values
+ ansible.windows.win_dns_client:
+ adapter_names: 'Ethernet*'
+ dns_servers: []
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_domain_controller
.
version 3.0.0
+This module has been moved into the microsoft.ad
collection.
Use the microsoft.ad.domain_controller module instead.
+Ensure that a Windows Server 2012+ host is configured as a domain controller or demoted to member server.
This module may require subsequent use of the ansible.windows.win_reboot action if changes are made.
Parameter |
+Comments |
+
---|---|
+ | The path to a directory on a fixed disk of the Windows host where the domain database will be created.. +If not set then the default path is |
+
+ | When |
+
+ | Password for the specified |
+
+ | Username of a domain admin for the target domain (necessary to promote or demote a domain controller). + |
+
+ | Specified the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that will contain the domain log files. + |
+
+ | Whether to install the DNS service when creating the domain controller. +If not specified then the Choices: +
|
+
+ | The path to a directory on a fixed disk of the Windows host where the Install From Media See the Install using IFM guide for more information. + |
+
+ | Password to be assigned to the local |
+
+ | The path to log any debug information when running the module. +This option is deprecated and should not be used, it will be removed on the major release after This does not relate to the |
+
+ | Whether to install the domain controller as a read only replica for an existing domain. +Choices: +
|
+
+ | Safe mode password for the domain controller (required when |
+
+ | Specifies the name of an existing site where you can place the new domain controller. +This option is required when read_only is |
+
+ | Whether the target host should be a domain controller or a member server. +Choices: +
|
+
+ | The path to a directory on a fixed disk of the Windows host where the Sysvol folder will be created. +If not set then the default path is |
+
See also
+Ensures the existence of a Windows domain.
+The official documentation on the community.windows.win_domain_computer module.
+The official documentation on the community.windows.win_domain_group module.
+Manage domain/workgroup membership for a Windows host.
+The official documentation on the community.windows.win_domain_user module.
+- name: Ensure a server is a domain controller
+ ansible.windows.win_domain_controller:
+ dns_domain_name: ansible.vagrant
+ domain_admin_user: testguy@ansible.vagrant
+ domain_admin_password: password123!
+ safe_mode_password: password123!
+ state: domain_controller
+
+# note that without an action wrapper, in the case where a DC is demoted,
+# the task will fail with a 401 Unauthorized, because the domain credential
+# becomes invalid to fetch the final output over WinRM. This requires win_async
+# with credential switching (or other clever credential-switching
+# mechanism to get the output and trigger the required reboot)
+- name: Ensure a server is not a domain controller
+ ansible.windows.win_domain_controller:
+ domain_admin_user: testguy@ansible.vagrant
+ domain_admin_password: password123!
+ local_admin_password: password123!
+ state: member_server
+
+- name: Promote server as a read only domain controller
+ ansible.windows.win_domain_controller:
+ dns_domain_name: ansible.vagrant
+ domain_admin_user: testguy@ansible.vagrant
+ domain_admin_password: password123!
+ safe_mode_password: password123!
+ state: domain_controller
+ read_only: true
+ site_name: London
+
+- name: Promote server with custom paths
+ ansible.windows.win_domain_controller:
+ dns_domain_name: ansible.vagrant
+ domain_admin_user: testguy@ansible.vagrant
+ domain_admin_password: password123!
+ safe_mode_password: password123!
+ state: domain_controller
+ sysvol_path: D:\SYSVOL
+ database_path: D:\NTDS
+ domain_log_path: D:\NTDS
+ register: dc_promotion
+
+- name: Reboot after promotion
+ ansible.windows.win_reboot:
+ when: dc_promotion.reboot_required
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | True if changes were made that require a reboot. +Returned: always +Sample: |
+
This module will be removed in version 3.0.0. +[deprecated]
For more information see DEPRECATED.
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_domain_membership
.
version 3.0.0
+This module has been moved into the microsoft.ad
collection.
Use the microsoft.ad.membership module instead.
+Manages domain membership or workgroup membership for a Windows host. Also supports hostname changes.
This module may require subsequent use of the ansible.windows.win_reboot action if changes are made.
Parameter |
+Comments |
+
---|---|
+ | When |
+
+ | Password for the specified |
+
+ | Username of a domain admin for the target domain (required to join or leave the domain). + |
+
+ | The desired OU path for adding the computer object. +This is only used when adding the target host to a domain, if it is already a member then it is ignored. + |
+
+ | The desired hostname for the Windows host. + |
+
+ | Whether the target host should be a member of a domain or workgroup. +Choices: +
|
+
+ | When |
+
See also
+Ensures the existence of a Windows domain.
+Manage domain controller/member server state for a Windows host.
+The official documentation on the community.windows.win_domain_computer module.
+The official documentation on the community.windows.win_domain_group module.
+The official documentation on the community.windows.win_domain_user module.
+Add and remove local groups.
+Manage Windows local group membership.
+Manages local Windows user accounts.
+# host should be a member of domain ansible.vagrant; module will ensure the hostname is mydomainclient
+# and will use the passed credentials to join domain if necessary.
+# Ansible connection should use local credentials if possible.
+# If a reboot is required, the second task will trigger one and wait until the host is available.
+- hosts: winclient
+ gather_facts: false
+ tasks:
+ - ansible.windows.win_domain_membership:
+ dns_domain_name: ansible.vagrant
+ hostname: mydomainclient
+ domain_admin_user: testguy@ansible.vagrant
+ domain_admin_password: password123!
+ domain_ou_path: "OU=Windows,OU=Servers,DC=ansible,DC=vagrant"
+ state: domain
+ register: domain_state
+
+ - ansible.windows.win_reboot:
+ when: domain_state.reboot_required
+
+
+
+# Host should be in workgroup mywg- module will use the passed credentials to clean-unjoin domain if possible.
+# Ansible connection should use local credentials if possible.
+# The domain admin credentials can be sourced from a vault-encrypted variable
+- hosts: winclient
+ gather_facts: false
+ tasks:
+ - ansible.windows.win_domain_membership:
+ workgroup_name: mywg
+ domain_admin_user: '{{ win_domain_admin_user }}'
+ domain_admin_password: '{{ win_domain_admin_password }}'
+ state: workgroup
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | True if changes were made that require a reboot. +Returned: always +Sample: |
+
This module will be removed in version 3.0.0. +[deprecated]
For more information see DEPRECATED.
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_domain
.
version 3.0.0
+This module has been moved into the microsoft.ad
collection.
Use the microsoft.ad.domain module instead.
+Ensure that the domain named by dns_domain_name
exists and is reachable.
If the domain is not reachable, the domain is created in a new forest on the target Windows Server 2012R2+ host.
This module may require subsequent use of the ansible.windows.win_reboot action if changes are made.
Parameter |
+Comments |
+
---|---|
+ | Whether to create a DNS delegation that references the new DNS server that you install along with the domain controller. +Valid for Active Directory-integrated DNS only. +The default is computed automatically based on the environment. +Choices: +
|
+
+ | The path to a directory on a fixed disk of the Windows host where the domain database will be created. +If not set then the default path is |
+
+ | The DNS name of the domain which should exist and be reachable or reside on the target Windows host. + |
+
+ | Specifies the domain functional level of the first domain in the creation of a new forest. +The domain functional level cannot be lower than the forest functional level, but it can be higher. +The default is automatically computed and set. +Choices: +
|
+
+ | The NetBIOS name for the root domain in the new forest. +For NetBIOS names to be valid for use with this parameter they must be single label names of 15 characters or less, if not it will fail. +If this parameter is not set, then the default is automatically computed from the value of the domain_name parameter. + |
+
+ | Specifies the forest functional level for the new forest. +The default forest functional level in Windows Server is typically the same as the version you are running. +Choices: +
|
+
+ | Whether to install the DNS service when creating the domain controller. +Choices: +
|
+
+ | Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the log file for this operation is written. +If not set then the default path is |
+
+ | Safe mode password for the domain controller. + |
+
+ | The path to a directory on a fixed disk of the Windows host where the Sysvol file will be created. +If not set then the default path is |
+
See also
+Manage domain controller/member server state for a Windows host.
+The official documentation on the community.windows.win_domain_computer module.
+The official documentation on the community.windows.win_domain_group module.
+Manage domain/workgroup membership for a Windows host.
+The official documentation on the community.windows.win_domain_user module.
+- name: Create new domain in a new forest on the target host
+ ansible.windows.win_domain:
+ dns_domain_name: ansible.vagrant
+ safe_mode_password: password123!
+
+- name: Create new Windows domain in a new forest with specific parameters
+ ansible.windows.win_domain:
+ create_dns_delegation: no
+ database_path: C:\Windows\NTDS
+ dns_domain_name: ansible.vagrant
+ domain_mode: Win2012R2
+ domain_netbios_name: ANSIBLE
+ forest_mode: Win2012R2
+ safe_mode_password: password123!
+ sysvol_path: C:\Windows\SYSVOL
+ register: domain_install
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | True if changes were made that require a reboot. +Returned: always +Sample: |
+
This module will be removed in version 3.0.0. +[deprecated]
For more information see DEPRECATED.
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_dsc
.
Configures a resource using PowerShell DSC.
Requires PowerShell version 5.0 or newer.
Most of the options for this module are dynamic and will vary depending on the DSC Resource specified in resource_name.
Parameter |
+Comments |
+
---|---|
+ | The ansible.windows.win_dsc module takes in multiple free form options based on the DSC resource being invoked by resource_name. +There is no option actually named This module will try and convert the option to the correct type required by the DSC resource and throw a warning if it fails. +If the type of the DSC resource option is a If the type of the DSC resource option is a If the type of the DSC resource option is an array, then a list should be provided but a comma separated string also work. Use a list where possible as no escaping is required and it works with more complex types list If the type of the DSC resource option is a |
+
+ | Can be used to configure the exact version of the DSC resource to be invoked. +Useful if the target node has multiple versions installed of the module containing the DSC resource. +If not specified, the module will follow standard PowerShell convention and use the highest version available. +Default: |
+
+ | The name of the DSC Resource to use. +Must be accessible to PowerShell using any of the default paths. + |
+
Note
+By default there are a few builtin resources that come with PowerShell 5.0, See https://docs.microsoft.com/en-us/powershell/scripting/dsc/resources/resources for more information on these resources.
Custom DSC resources can be installed with community.windows.win_psmodule using the name option.
The DSC engine run’s each task as the SYSTEM account, any resources that need to be accessed with a different account need to have PsDscRunAsCredential
set.
To see the valid options for a DSC resource, run the module with -vvv
to show the possible module invocation. Default values are not shown in this output but are applied within the DSC engine.
The DSC engine requires the HTTP WSMan listener to be online and its port configured as the default listener for HTTP. This is set up by default but if a custom HTTP port is used or only a HTTPS listener is present then the module will fail. See the examples for a way to check this out in PowerShell.
The Local Configuration Manager LCM
on the targeted host in question should be disabled to avoid any conflicts with resources being applied by this module. See https://devblogs.microsoft.com/powershell/invoking-powershell-dsc-resources-directly/ for more information on hwo to disable LCM
.
- name: Verify the WSMan HTTP listener is active and configured correctly
+ ansible.windows.win_shell: |
+ $port = (Get-Item -LiteralPath WSMan:\localhost\Client\DefaultPorts\HTTP).Value
+ $onlinePorts = @(Get-ChildItem -LiteralPath WSMan:\localhost\Listener |
+ Where-Object { 'Transport=HTTP' -in $_.Keys } |
+ Get-ChildItem |
+ Where-Object Name -eq Port |
+ Select-Object -ExpandProperty Value)
+
+ if ($port -notin $onlinePorts) {
+ "The default client port $port is not set up as a WSMan HTTP listener, win_dsc will not work."
+ }
+
+- name: Extract zip file
+ ansible.windows.win_dsc:
+ resource_name: Archive
+ Ensure: Present
+ Path: C:\Temp\zipfile.zip
+ Destination: C:\Temp\Temp2
+
+- name: Install a Windows feature with the WindowsFeature resource
+ ansible.windows.win_dsc:
+ resource_name: WindowsFeature
+ Name: telnet-client
+
+- name: Edit HKCU reg key under specific user
+ ansible.windows.win_dsc:
+ resource_name: Registry
+ Ensure: Present
+ Key: HKEY_CURRENT_USER\ExampleKey
+ ValueName: TestValue
+ ValueData: TestData
+ PsDscRunAsCredential_username: '{{ansible_user}}'
+ PsDscRunAsCredential_password: '{{ansible_password}}'
+ no_log: true
+
+- name: Create file with multiple attributes
+ ansible.windows.win_dsc:
+ resource_name: File
+ DestinationPath: C:\ansible\dsc
+ Attributes: # can also be a comma separated string, e.g. 'Hidden, System'
+ - Hidden
+ - System
+ Ensure: Present
+ Type: Directory
+
+- name: Call DSC resource with DateTime option
+ ansible.windows.win_dsc:
+ resource_name: DateTimeResource
+ DateTimeOption: '2019-02-22T13:57:31.2311892+00:00'
+
+# more complex example using custom DSC resource and dict values
+- name: Setup the xWebAdministration module
+ ansible.windows.win_psmodule:
+ name: xWebAdministration
+ state: present
+
+- name: Create IIS Website with Binding and Authentication options
+ ansible.windows.win_dsc:
+ resource_name: xWebsite
+ Ensure: Present
+ Name: DSC Website
+ State: Started
+ PhysicalPath: C:\inetpub\wwwroot
+ BindingInfo: # Example of a CimInstance[] DSC parameter (list of dicts)
+ - Protocol: https
+ Port: 1234
+ CertificateStoreName: MY
+ CertificateThumbprint: C676A89018C4D5902353545343634F35E6B3A659
+ HostName: DSCTest
+ IPAddress: '*'
+ SSLFlags: '1'
+ - Protocol: http
+ Port: 4321
+ IPAddress: '*'
+ AuthenticationInfo: # Example of a CimInstance DSC parameter (dict)
+ Anonymous: no
+ Basic: true
+ Digest: false
+ Windows: yes
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The version of the dsc resource/module used. +Returned: always +Sample: |
+
+ | Flag returned from the DSC engine indicating whether or not the machine requires a reboot for the invoked changes to take effect. +Returned: always +Sample: |
+
+ | The verbose output as a list from executing the DSC Set method. +Returned: Ansible verbosity is -vvv or greater and a change occurred +Sample: |
+
+ | The verbose output as a list from executing the DSC test method. +Returned: Ansible verbosity is -vvv or greater +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_environment
.
Uses .net Environment to set or remove environment variables and can set at User, Machine or Process level.
User level environment variables will be set, but not available until the user has logged off and on again.
Parameter |
+Comments |
+
---|---|
+ | The level at which to set the environment variable. +Use Use Use Choices: +
|
+
+ | The name of the environment variable. Required when state=absent. + |
+
+ | Set to Set to When using variables, do not set this option. +Choices: +
|
+
+ | The value to store in the environment variable. +Must be set when state=present and cannot be an empty string. +Should be omitted for state=absent and variables. + |
+
+ | A dictionary where multiple environment variables can be defined at once. +Not valid when state is set. Variables with a value will be set ( level applies to all vars defined this way. + |
+
Note
+This module is best-suited for setting the entire value of an environment variable. For safe element-based management of path-like environment vars, use the ansible.windows.win_path module.
This module does not broadcast change events. This means that the minority of windows applications which can have their environment changed without restarting will not be notified and therefore will need restarting to pick up new environment settings. User level environment variables will require the user to log out and in again before they become available.
In the return, before_value
and value
will be set to the last values when using variables. It’s best to use values
in that case if you need to find a specific variable’s before and after values.
See also
+Manage Windows path environment variables.
+- name: Set an environment variable for all users
+ ansible.windows.win_environment:
+ state: present
+ name: TestVariable
+ value: Test value
+ level: machine
+
+- name: Remove an environment variable for the current user
+ ansible.windows.win_environment:
+ state: absent
+ name: TestVariable
+ level: user
+
+- name: Set several variables at once
+ ansible.windows.win_environment:
+ level: machine
+ variables:
+ TestVariable: Test value
+ CUSTOM_APP_VAR: 'Very important value'
+ ANOTHER_VAR: '{{ my_ansible_var }}'
+
+- name: Set and remove multiple variables at once
+ ansible.windows.win_environment:
+ level: user
+ variables:
+ TestVariable: Test value
+ CUSTOM_APP_VAR: 'Very important value'
+ ANOTHER_VAR: '{{ my_ansible_var }}'
+ UNWANTED_VAR: '' # < this will be removed
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | the value of the environment key before a change, this is null if it didn’t exist +Returned: always +Sample: |
+
+ | the value the environment key has been set to, this is null if removed +Returned: always +Sample: |
+
+ | dictionary of before and after values; each key is a variable name, each value is another dict with Returned: always + |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_feature
.
Installs or uninstalls Windows Roles or Features on Windows Server.
This module uses the Add/Remove-WindowsFeature Cmdlets on Windows 2008 R2 and Install/Uninstall-WindowsFeature Cmdlets on Windows 2012, which are not available on client os machines.
Parameter |
+Comments |
+
---|---|
+ | Adds the corresponding management tools to the specified feature. +Not supported in Windows 2008 R2 and will be ignored. +Choices: +
|
+
+ | Adds all subfeatures of the specified feature. +Choices: +
|
+
+ | Names of roles or features to install as a single feature or a comma-separated list of features. +To list all available features use the PowerShell command |
+
+ | Specify a source to install the feature from. +Not supported in Windows 2008 R2 and will be ignored. +Can either be |
+
+ | State of the features or roles on the system. +Choices: +
|
+
See also
+The official documentation on the chocolatey.chocolatey.win_chocolatey module.
+Installs/uninstalls an installable package.
+- name: Install IIS (Web-Server only)
+ ansible.windows.win_feature:
+ name: Web-Server
+ state: present
+
+- name: Install IIS (Web-Server and Web-Common-Http)
+ ansible.windows.win_feature:
+ name:
+ - Web-Server
+ - Web-Common-Http
+ state: present
+
+- name: Install NET-Framework-Core from file
+ ansible.windows.win_feature:
+ name: NET-Framework-Core
+ source: C:\Temp\iso\sources\sxs
+ state: present
+
+- name: Install IIS Web-Server with sub features and management tools
+ ansible.windows.win_feature:
+ name: Web-Server
+ state: present
+ include_sub_features: true
+ include_management_tools: true
+ register: win_feature
+
+- name: Reboot if installing Web-Server feature requires it
+ ansible.windows.win_reboot:
+ when: win_feature.reboot_required
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The stringified exit code from the feature installation/removal command. +Returned: always +Sample: |
+
+ | List of features that were installed or removed. +Returned: success + |
+
+ | Feature display name. +Returned: always +Sample: |
+
+ | A list of KB article IDs that apply to the update. +Returned: always +Sample: |
+
+ | Any messages returned from the feature subsystem that occurred during installation or removal of this feature. +Returned: always +Sample: |
+
+ | True when the target server requires a reboot as a result of installing or removing this feature. +Returned: always +Sample: |
+
+ | DEPRECATED in Ansible 2.4 (refer to Returned: always +Sample: |
+
+ | The reason a feature installation or removal was skipped. +Returned: always +Sample: |
+
+ | If the feature installation or removal was successful. +Returned: always +Sample: |
+
+ | True when the target server indicates a reboot is required (no further updates can be installed until after a reboot). +This my be true even if not change had occurred as the value is derived from the server state. +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_file
.
Creates (empty) files, updates file modification stamps of existing files, and can create or remove directories.
Unlike ansible.builtin.file, does not modify ownership, permissions or manipulate links.
For non-Windows targets, use the ansible.builtin.file module instead.
Parameter |
+Comments |
+
---|---|
+ | Path to the file being managed. + |
+
+ | If If If If Choices: +
|
+
See also
+The official documentation on the ansible.builtin.file module.
+Set file/directory/registry/certificate permissions for a system user or group.
+Change ACL inheritance.
+Set owner.
+Get information about Windows files.
+- name: Touch a file (creates if not present, updates modification time if present)
+ ansible.windows.win_file:
+ path: C:\Temp\foo.conf
+ state: touch
+
+- name: Remove a file, if present
+ ansible.windows.win_file:
+ path: C:\Temp\foo.conf
+ state: absent
+
+- name: Create directory structure
+ ansible.windows.win_file:
+ path: C:\Temp\folder\subfolder
+ state: directory
+
+- name: Remove directory structure
+ ansible.windows.win_file:
+ path: C:\Temp
+ state: absent
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_find
.
Return a list of files based on specified criteria.
Multiple criteria are AND’d together.
For non-Windows targets, use the ansible.builtin.find module instead.
Parameter |
+Comments |
+
---|---|
+ | Select files or folders whose age is equal to or greater than the specified time. +Use a negative age to find files equal to or less than the specified time. +You can choose seconds, minutes, hours, days or weeks by specifying the first letter of an of those words (e.g., “2s”, “10d”, 1w”). + |
+
+ | Choose the file property against which we compare The default attribute we compare with is the last modification time. +Choices: +
|
+
+ | Algorithm to determine the checksum of a file. +Will throw an error if the host is unable to use specified algorithm. +Choices: +
|
+
+ | Set the maximum number of levels to descend into. +Setting recurse to Default depth is unlimited. + |
+
+ | Type of file to search for. +Choices: +
|
+
+ | Set this to This needs to be used in conjunction with Choices: +
|
+
+ | Whether to return a checksum of the file in the return info (default sha1), use Choices: +
|
+
+ | +Set this to include hidden files or folders. +Choices: +
|
+
+ | List of paths of directories to search for files or folders in. +This can be supplied as a single path or a list of paths. + |
+
+ | One or more (powershell or regex) patterns to compare filenames with. +The type of pattern matching is controlled by The patterns restrict the list of files or folders to be returned based on the filenames. +For a file to be matched it only has to match with one pattern in a list provided. + |
+
+ | Will recursively descend into the directory looking for files or folders. +Choices: +
|
+
+ | Select files or folders whose size is equal to or greater than the specified size. +Use a negative value to find files equal to or less than the specified size. +You can specify the size with a suffix of the byte type i.e. kilo = k, mega = m… +Size is not evaluated for symbolic links. + |
+
+ | Will set patterns to run as a regex check if set to Choices: +
|
+
Note
+When scanning directories with a large number of files containing lots of data it is recommended to set get_checksum=false
. This will speed up the time it takes to scan the folders as getting a checksum needs to read the contents of every file it returns.
- name: Find files in path
+ ansible.windows.win_find:
+ paths: D:\Temp
+
+- name: Find hidden files in path
+ ansible.windows.win_find:
+ paths: D:\Temp
+ hidden: true
+
+- name: Find files in multiple paths
+ ansible.windows.win_find:
+ paths:
+ - C:\Temp
+ - D:\Temp
+
+- name: Find files in directory while searching recursively
+ ansible.windows.win_find:
+ paths: D:\Temp
+ recurse: true
+
+- name: Find files in directory while following symlinks
+ ansible.windows.win_find:
+ paths: D:\Temp
+ recurse: true
+ follow: true
+
+- name: Find files with .log and .out extension using powershell wildcards
+ ansible.windows.win_find:
+ paths: D:\Temp
+ patterns: [ '*.log', '*.out' ]
+
+- name: Find files in path based on regex pattern
+ ansible.windows.win_find:
+ paths: D:\Temp
+ patterns: out_\d{8}-\d{6}.log
+
+- name: Find files older than 1 day
+ ansible.windows.win_find:
+ paths: D:\Temp
+ age: 86400
+
+- name: Find files older than 1 day based on create time
+ ansible.windows.win_find:
+ paths: D:\Temp
+ age: 86400
+ age_stamp: ctime
+
+- name: Find files older than 1 day with unit syntax
+ ansible.windows.win_find:
+ paths: D:\Temp
+ age: 1d
+
+- name: Find files newer than 1 hour
+ ansible.windows.win_find:
+ paths: D:\Temp
+ age: -3600
+
+- name: Find files newer than 1 hour with unit syntax
+ ansible.windows.win_find:
+ paths: D:\Temp
+ age: -1h
+
+- name: Find files larger than 1MB
+ ansible.windows.win_find:
+ paths: D:\Temp
+ size: 1048576
+
+- name: Find files larger than 1GB with unit syntax
+ ansible.windows.win_find:
+ paths: D:\Temp
+ size: 1g
+
+- name: Find files smaller than 1MB
+ ansible.windows.win_find:
+ paths: D:\Temp
+ size: -1048576
+
+- name: Find files smaller than 1GB with unit syntax
+ ansible.windows.win_find:
+ paths: D:\Temp
+ size: -1g
+
+- name: Find folders/symlinks in multiple paths
+ ansible.windows.win_find:
+ paths:
+ - C:\Temp
+ - D:\Temp
+ file_type: directory
+
+- name: Find files and return SHA256 checksum of files found
+ ansible.windows.win_find:
+ paths: C:\Temp
+ get_checksum: true
+ checksum_algorithm: sha256
+
+- name: Find files and do not return the checksum
+ ansible.windows.win_find:
+ paths: C:\Temp
+ get_checksum: false
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The number of files/folders that was checked. +Returned: always +Sample: |
+
+ | Information on the files/folders that match the criteria returned as a list of dictionary elements for each file matched. The entries are sorted by the path value alphabetically. +Returned: success + |
+
+ | attributes of the file at path in raw form. +Returned: success, path exists +Sample: |
+
+ | The checksum of a file based on checksum_algorithm specified. +Returned: success, path exists, path is a file, get_checksum == True +Sample: |
+
+ | The create time of the file represented in seconds since epoch. +Returned: success, path exists +Sample: |
+
+ | Whether the file exists, will always be true for ansible.windows.win_find. +Returned: success, path exists +Sample: |
+
+ | The extension of the file at path. +Returned: success, path exists, path is a file +Sample: |
+
+ | The name of the file. +Returned: success, path exists +Sample: |
+
+ | List of other files pointing to the same file (hard links), excludes the current file. +Returned: success, path exists +Sample: |
+
+ | If the path is ready for archiving or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a directory or not. +Returned: success, path exists +Sample: |
+
+ | +If the path is hidden or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a junction point. +Returned: success, path exists +Sample: |
+
+ | If the path is a symbolic link. +Returned: success, path exists +Sample: |
+
+ | If the path is read only or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a regular file or not. +Returned: success, path exists +Sample: |
+
+ | +If the path is shared or not. +Returned: success, path exists +Sample: |
+
+ | The last access time of the file represented in seconds since epoch. +Returned: success, path exists +Sample: |
+
+ | The last modification time of the file represented in seconds since epoch. +Returned: success, path exists +Sample: |
+
+ | The target of the symlink normalized for the remote filesystem. +Returned: success, path exists, path is a symbolic link or junction point +Sample: |
+
+ | The target of the symlink. Note that relative paths remain relative, will return null if not a link. +Returned: success, path exists, path is a symbolic link or junction point +Sample: |
+
+ | Number of links to the file (hard links) +Returned: success, path exists +Sample: |
+
+ | The owner of the file. +Returned: success, path exists +Sample: |
+
+ | The full absolute path to the file. +Returned: success, path exists +Sample: |
+
+ | +The name of share if folder is shared. +Returned: success, path exists, path is a directory and isshared == True +Sample: |
+
+ | The size in bytes of the file. +Returned: success, path exists, path is a file +Sample: |
+
+ | The number of files/folders that match the criteria. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_get_url
.
Downloads files from HTTP, HTTPS, or FTP to the remote server.
The remote server must have direct access to the remote resource.
For non-Windows targets, use the ansible.builtin.get_url module instead.
Parameter |
+Comments |
+
---|---|
+ | If a checksum is passed to this parameter, the digest of the destination file will be calculated after it is downloaded to ensure its integrity and verify that the transfer completed successfully. +This option cannot be set with checksum_url. + |
+
+ | Specifies the hashing algorithm used when calculating the checksum of the remote and destination file. +Choices: +
|
+
+ | Specifies a URL that contains the checksum values for the resource at url. +Like This option cannot be set with checksum. + |
+
+ | The path to the client certificate (.pfx) that is used for X509 authentication. This path can either be the path to the The WinRM connection must be authenticated with Other authentication types can set client_cert_password when the cert is password protected. + |
+
+ | The password for client_cert if the cert is password protected. + |
+
+ | The location to save the file at the URL. +Be sure to include a filename and extension as appropriate. + |
+
+ | Whether or the module should follow redirects. +
When following a redirected URL, the Choices: +
|
+
+ | If This works by sending an http HEAD request to retrieve last modified time of the requested resource, so for this to work, the remote web server must support HEAD requests. +Choices: +
|
+
+ | By default the authentication header is only sent when a webservice responses to an initial request with a 401 status. Since some basic auth services do not properly send a 401, logins will fail. +This option forces the sending of the Basic authentication header upon the original request. +Choices: +
|
+
+ | Extra headers to set on the request. +This should be a dictionary where the key is the header name and the value is the value for that header. + |
+
+ | Header to identify as, generally appears in web server logs. +This is set to the Default: |
+
+ | Specify how many times the module will redirect a connection to an alternative URI before the connection fails. +If set to Default: |
+
+ | The password for proxy_username. + |
+
+ | An explicit proxy to use for the request. +By default, the request will use the IE defined proxy unless use_proxy is set to |
+
+ | Uses the current user’s credentials when authenticating with a proxy host protected with Proxies that use The module will only have access to the user’s credentials if using If not using Choices: +
|
+
+ | The username to use for proxy authentication. + |
+
+ | The full URL of a file to download. + |
+
+ | The HTTP Method of the request. + |
+
+ | The password for url_username. + |
+
+ | Specifies how long the request can be pending before it times out (in seconds). +Set to Default: |
+
+ | The username to use for authentication. + |
+
+ | Uses the current user’s credentials when authenticating with a server protected with Sites that use The module will only have access to the user’s credentials if using If not using Choices: +
|
+
+ | If Choices: +
|
+
+ | If This should only be used on personally controlled sites using self-signed certificates. +Choices: +
|
+
Note
+If your URL includes an escaped slash character (%2F) this module will convert it to a real slash. This is a result of the behaviour of the System.Uri class as described in the documentation.
See also
+The official documentation on the ansible.builtin.get_url module.
+The official documentation on the ansible.builtin.uri module.
+Interacts with webservices.
+The official documentation on the community.windows.win_inet_proxy module.
+- name: Download earthrise.jpg to specified path
+ ansible.windows.win_get_url:
+ url: http://www.example.com/earthrise.jpg
+ dest: C:\Users\RandomUser\earthrise.jpg
+
+- name: Download earthrise.jpg to specified path only if modified
+ ansible.windows.win_get_url:
+ url: http://www.example.com/earthrise.jpg
+ dest: C:\Users\RandomUser\earthrise.jpg
+ force: false
+
+- name: Download earthrise.jpg to specified path through a proxy server.
+ ansible.windows.win_get_url:
+ url: http://www.example.com/earthrise.jpg
+ dest: C:\Users\RandomUser\earthrise.jpg
+ proxy_url: http://10.0.0.1:8080
+ proxy_username: username
+ proxy_password: password
+
+- name: Download file from FTP with authentication
+ ansible.windows.win_get_url:
+ url: ftp://server/file.txt
+ dest: '%TEMP%\ftp-file.txt'
+ url_username: ftp-user
+ url_password: ftp-password
+
+- name: Download src with sha256 checksum url
+ ansible.windows.win_get_url:
+ url: http://www.example.com/earthrise.jpg
+ dest: C:\temp\earthrise.jpg
+ checksum_url: http://www.example.com/sha256sum.txt
+ checksum_algorithm: sha256
+ force: True
+
+- name: Download src with sha256 checksum url
+ ansible.windows.win_get_url:
+ url: http://www.example.com/earthrise.jpg
+ dest: C:\temp\earthrise.jpg
+ checksum: a97e6837f60cec6da4491bab387296bbcd72bdba
+ checksum_algorithm: sha1
+ force: True
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | <algorithm> checksum of the file after the download +Returned: success and dest has been downloaded +Sample: |
+
+ | <algorithm> checksum of the remote resource +Returned: force=true or dest did not exist +Sample: |
+
+ | destination file/path +Returned: always +Sample: |
+
+ | The elapsed seconds between the start of poll and the end of the module. +Returned: always +Sample: |
+
+ | Error message, or HTTP status message from web-server +Returned: always +Sample: |
+
+ | size of the dest file +Returned: success +Sample: |
+
+ | HTTP status code +Returned: always +Sample: |
+
+ | requested url +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_group_membership
.
Allows the addition and removal of local, service and domain users, and domain groups from a local group.
Parameter |
+Comments |
+
---|---|
+ | A list of members to ensure are present/absent from the group. +Accepts local users as .\username, and SERVERNAME\username. +Accepts domain users and groups as DOMAIN\username and username@DOMAIN. +Accepts service users as NT AUTHORITY\username. +Accepts all local, domain and service user types as username, favoring domain lookups when in a domain. + |
+
+ | Name of the local group to manage membership on. + |
+
+ | Desired state of the members in the group. +When Choices: +
|
+
See also
+The official documentation on the community.windows.win_domain_group module.
+Manage domain/workgroup membership for a Windows host.
+Add and remove local groups.
+- name: Add a local and domain user to a local group
+ ansible.windows.win_group_membership:
+ name: Remote Desktop Users
+ members:
+ - NewLocalAdmin
+ - DOMAIN\TestUser
+ state: present
+
+- name: Remove a domain group and service user from a local group
+ ansible.windows.win_group_membership:
+ name: Backup Operators
+ members:
+ - DOMAIN\TestGroup
+ - NT AUTHORITY\SYSTEM
+ state: absent
+
+- name: Ensure only a domain user exists in a local group
+ ansible.windows.win_group_membership:
+ name: Remote Desktop Users
+ members:
+ - DOMAIN\TestUser
+ state: pure
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | A list of members added when Returned: success and Sample: |
+
+ | A list of all local group members at completion; this is empty if the group contains no members. +Returned: success +Sample: |
+
+ | The name of the target local group. +Returned: always +Sample: |
+
+ | A list of members removed when Returned: success and Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_group
.
Add and remove local groups.
For non-Windows targets, please use the ansible.builtin.group module instead.
Parameter |
+Comments |
+
---|---|
+ | Description of the group. + |
+
+ | Name of the group. + |
+
+ | Create or remove the group. +Choices: +
|
+
See also
+The official documentation on the ansible.builtin.group module.
+The official documentation on the community.windows.win_domain_group module.
+Manage Windows local group membership.
+- name: Create a new group
+ ansible.windows.win_group:
+ name: deploy
+ description: Deploy Group
+ state: present
+
+- name: Remove a group
+ ansible.windows.win_group:
+ name: deploy
+ state: absent
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_hostname
.
Manages local Windows computer name.
A reboot is required for the computer name to take effect.
Parameter |
+Comments |
+
---|---|
+ | The hostname to set for the computer. + |
+
See also
+Configures DNS lookup on Windows hosts.
+- name: Change the hostname to sample-hostname
+ ansible.windows.win_hostname:
+ name: sample-hostname
+ register: res
+
+- name: Reboot
+ ansible.windows.win_reboot:
+ when: res.reboot_required
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The original hostname that was set before it was changed. +Returned: always +Sample: |
+
+ | Whether a reboot is required to complete the hostname change. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_optional_feature
.
Install or uninstall optional Windows features on non-Server Windows.
This module uses the Enable-WindowsOptionalFeature
and Disable-WindowsOptionalFeature
cmdlets.
Parameter |
+Comments |
+
---|---|
+ | Whether to enable the parent feature and the parent’s dependencies. +Choices: +
|
+
+ | The name(s) of the feature to install. +This relates to To list all available features use the PowerShell command |
+
+ | Specify a source to install the feature from. +Can either be |
+
+ | Whether to ensure the feature is absent or present on the system. +Choices: +
|
+
See also
+The official documentation on the chocolatey.chocolatey.win_chocolatey module.
+Installs and uninstalls Windows Features on Windows Server.
+Installs/uninstalls an installable package.
+- name: Install .Net 3.5
+ ansible.windows.win_optional_feature:
+ name: NetFx3
+ state: present
+
+- name: Install .Net 3.5 from source
+ ansible.windows.win_optional_feature:
+ name: NetFx3
+ source: \\share01\win10\sources\sxs
+ state: present
+
+- name: Install Microsoft Subsystem for Linux
+ ansible.windows.win_optional_feature:
+ name: Microsoft-Windows-Subsystem-Linux
+ state: present
+ register: wsl_status
+
+- name: Reboot if installing Linux Subsytem as feature requires it
+ ansible.windows.win_reboot:
+ when: wsl_status.reboot_required
+
+- name: Install multiple features in one task
+ ansible.windows.win_optional_feature:
+ name:
+ - NetFx3
+ - Microsoft-Windows-Subsystem-Linux
+ state: present
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | True when the target server requires a reboot to complete updates +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_owner
.
Set owner of files or directories.
Parameter |
+Comments |
+
---|---|
+ | Path to be used for changing owner. + |
+
+ | Indicates if the owner should be changed recursively. +Choices: +
|
+
+ | Name to be used for changing owner. + |
+
See also
+Set file/directory/registry/certificate permissions for a system user or group.
+Creates, touches or removes files or directories.
+Get information about Windows files.
+- name: Change owner of path
+ ansible.windows.win_owner:
+ path: C:\apache
+ user: apache
+ recurse: true
+
+- name: Set the owner of root directory
+ ansible.windows.win_owner:
+ path: C:\apache
+ user: SYSTEM
+ recurse: false
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_package
.
Installs or uninstalls software packages for Windows.
Supports .exe
, .msi
, .msp
, .appx
, .appxbundle
, .msix
, and .msixbundle
.
These packages can be sourced from the local file system, network file share or a url.
See provider for more info on each package type that is supported.
Parameter |
+Comments |
+
---|---|
+ | Any arguments the installer needs to either install or uninstall the package. +If the package is an MSI do not supply the This is only used for the Can be a list of arguments and the module will escape the arguments as necessary, it is recommended to use a string when dealing with MSI packages due to the unique escaping issues with msiexec. +When using a list of arguments each item in the list is considered to be a single argument. As such, if an argument in the list contains a space then Ansible will quote this to ensure that this is seen by Windows as a single argument. Should this behaviour not be what is required, the argument should be split into two separate list items. See the examples section for more detail. + |
+
+ | Set the specified path as the current working directory before installing or uninstalling a package. +This is only used for the |
+
+ | The path to the client certificate (.pfx) that is used for X509 authentication. This path can either be the path to the The WinRM connection must be authenticated with Other authentication types can set client_cert_password when the cert is password protected. + |
+
+ | The password for client_cert if the cert is password protected. + |
+
+ | Will check the existence of the path specified and use the result to determine whether the package is already installed. +You can use this in conjunction with |
+
+ | Will check the existing of the service specified and use the result to determine whether the package is already installed. +You can use this in conjunction with |
+
+ | Will check the file version property of the file at
You can use this in conjunction with |
+
+ | One or more return codes from the package installation that indicates success. +The return codes are read as a signed integer, any values greater than 2147483647 need to be represented as the signed equivalent, i.e. To convert a unsigned number to the signed equivalent you can run “[Int32](“0x{0:X}” -f ([UInt32]3221225477))”. +A return code of This is only used for the Default: |
+
+ | Whether or the module should follow redirects. +
When following a redirected URL, the Choices: +
|
+
+ | By default the authentication header is only sent when a webservice responses to an initial request with a 401 status. Since some basic auth services do not properly send a 401, logins will fail. +This option forces the sending of the Basic authentication header upon the original request. +Choices: +
|
+
+ | Extra headers to set on the request. +This should be a dictionary where the key is the header name and the value is the value for that header. + |
+
+ | Header to identify as, generally appears in web server logs. +This is set to the Default: |
+
+ | Specifies the path to a log file that is persisted after a package is installed or uninstalled. +This is only used for the When omitted, a temporary log file is used instead for those providers. +This is only valid for MSI files, use |
+
+ | Specify how many times the module will redirect a connection to an alternative URI before the connection fails. +If set to Default: |
+
+ | Location of the package to be installed or uninstalled. +This package can either be on the local file system, network share or a url. +When If If |
+
+ | The product id of the installed packaged. +This is used for checking whether the product is already installed and getting the uninstall information if For msi packages, this is the For msp packages, this is the For msix packages, this is the For registry (exe) packages, this is the registry key name under the registry paths specified in provider. +This value is ignored if This SHOULD be set when the package is an |
+
+ | Set the package provider to use when searching for a package. +The The The The The Choices: +
|
+
+ | The password for proxy_username. + |
+
+ | An explicit proxy to use for the request. +By default, the request will use the IE defined proxy unless use_proxy is set to |
+
+ | Uses the current user’s credentials when authenticating with a proxy host protected with Proxies that use The module will only have access to the user’s credentials if using If not using Choices: +
|
+
+ | The username to use for proxy authentication. + |
+
+ | Whether to install or uninstall the package. +The module uses product_id to determine whether the package is installed or not. +For all providers but Choices: +
|
+
+ | The HTTP Method of the request. + |
+
+ | The password for url_username. + |
+
+ | Specifies how long the request can be pending before it times out (in seconds). +Set to Default: |
+
+ | The username to use for authentication. + |
+
+ | Uses the current user’s credentials when authenticating with a server protected with Sites that use The module will only have access to the user’s credentials if using If not using Choices: +
|
+
+ | If Choices: +
|
+
+ | If This should only be used on personally controlled sites using self-signed certificates. +Choices: +
|
+
+ | The module will wait for the process it spawns to finish but any processes spawned in that child process as ignored. +Set to This is useful if the install/uninstaller is just a wrapper which then calls the actual installer as its own child process. When this option is This should not be required for most installers and setting to Requires Windows Server 2012 or Windows 8 or newer to use. +Choices: +
|
+
Note
+When state=absent
and the product is an exe, the path may be different from what was used to install the package originally. If path is not set then the path used will be what is set under QuietUninstallString
or UninstallString
in the registry for that product_id.
By default all msi installs and uninstalls will be run with the arguments /log, /qn, /norestart
.
All the installation checks under product_id
and creates_*
add together, if one fails then the program is considered to be absent.
See also
+The official documentation on the chocolatey.chocolatey.win_chocolatey module.
+The official documentation on the community.windows.win_hotfix module.
+Download and install Windows updates.
+The official documentation on the community.windows.win_inet_proxy module.
+- name: Install the Visual C thingy
+ ansible.windows.win_package:
+ path: http://download.microsoft.com/download/1/6/B/16B06F60-3B20-4FF2-B699-5E9B7962F9AE/VSU_4/vcredist_x64.exe
+ product_id: '{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}'
+ arguments: /install /passive /norestart
+
+- name: Install Visual C thingy with list of arguments instead of a string
+ ansible.windows.win_package:
+ path: http://download.microsoft.com/download/1/6/B/16B06F60-3B20-4FF2-B699-5E9B7962F9AE/VSU_4/vcredist_x64.exe
+ product_id: '{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}'
+ arguments:
+ - /install
+ - /passive
+ - /norestart
+
+- name: Install MSBuild thingy with arguments split to prevent quotes
+ ansible.windows.win_package:
+ path: https://download.visualstudio.microsoft.com/download/pr/9665567e-f580-4acd-85f2-bc94a1db745f/vs_BuildTools.exe
+ product_id: '{D1437F51-786A-4F57-A99C-F8E94FBA1BD8}'
+ arguments:
+ - --norestart
+ - --passive
+ - --wait
+ - --add
+ - Microsoft.Net.Component.4.6.1.TargetingPack
+ - --add
+ - Microsoft.Net.Component.4.6.TargetingPack
+
+- name: Install Remote Desktop Connection Manager from msi with a permanent log
+ ansible.windows.win_package:
+ path: https://download.microsoft.com/download/A/F/0/AF0071F3-B198-4A35-AA90-C68D103BDCCF/rdcman.msi
+ product_id: '{0240359E-6A4C-4884-9E94-B397A02D893C}'
+ state: present
+ log_path: D:\logs\vcredist_x64-exe-{{lookup('pipe', 'date +%Y%m%dT%H%M%S')}}.log
+
+- name: Install Application from msi with multiple properties for installer
+ ansible.windows.win_package:
+ path: C:\temp\Application.msi
+ state: present
+ arguments: >-
+ SERVICE=1
+ DBNAME=ApplicationDB
+ DBSERVER=.\SQLEXPRESS
+ INSTALLDIR="C:\Program Files (x86)\App lication\App Server"
+
+- name: Install Microsoft® SQL Server® 2019 Express (DPAPI example)
+ ansible.windows.win_package:
+ path: C:\temp\SQLEXPR_x64_ENU\SETUP.EXE
+ product_id: Microsoft SQL Server SQL2019
+ arguments:
+ - SAPWD=VeryHardPassword
+ - /ConfigurationFile=C:\temp\configuration.ini
+ become: true
+ vars:
+ ansible_become_method: runas
+ ansible_become_user: "{{ user }}"
+ ansible_become_pass: "{{ password }}"
+
+- name: Uninstall Remote Desktop Connection Manager
+ ansible.windows.win_package:
+ product_id: '{0240359E-6A4C-4884-9E94-B397A02D893C}'
+ state: absent
+
+- name: Install Remote Desktop Connection Manager locally omitting the product_id
+ ansible.windows.win_package:
+ path: C:\temp\rdcman.msi
+ state: present
+
+- name: Uninstall Remote Desktop Connection Manager from local MSI omitting the product_id
+ ansible.windows.win_package:
+ path: C:\temp\rdcman.msi
+ state: absent
+
+# 7-Zip exe doesn't use a guid for the Product ID
+- name: Install 7zip from a network share with specific credentials
+ ansible.windows.win_package:
+ path: \\domain\programs\7z.exe
+ product_id: 7-Zip
+ arguments: /S
+ state: present
+ become: true
+ become_method: runas
+ become_flags: logon_type=new_credential logon_flags=netcredentials_only
+ vars:
+ ansible_become_user: DOMAIN\User
+ ansible_become_password: Password
+
+- name: Install 7zip and use a file version for the installation check
+ ansible.windows.win_package:
+ path: C:\temp\7z.exe
+ creates_path: C:\Program Files\7-Zip\7z.exe
+ creates_version: 16.04
+ state: present
+
+- name: Uninstall 7zip from the exe
+ ansible.windows.win_package:
+ path: C:\Program Files\7-Zip\Uninstall.exe
+ product_id: 7-Zip
+ arguments: /S
+ state: absent
+
+- name: Uninstall 7zip without specifying the path
+ ansible.windows.win_package:
+ product_id: 7-Zip
+ arguments: /S
+ state: absent
+
+- name: Install application and override expected return codes
+ ansible.windows.win_package:
+ path: https://download.microsoft.com/download/1/6/7/167F0D79-9317-48AE-AEDB-17120579F8E2/NDP451-KB2858728-x86-x64-AllOS-ENU.exe
+ product_id: '{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}'
+ arguments: '/q /norestart'
+ state: present
+ expected_return_code: [0, 666, 3010]
+
+- name: Install a .msp patch
+ ansible.windows.win_package:
+ path: C:\Patches\Product.msp
+ state: present
+
+- name: Remove a .msp patch
+ ansible.windows.win_package:
+ product_id: '{AC76BA86-A440-FFFF-A440-0C13154E5D00}'
+ state: absent
+
+- name: Enable installation of 3rd party MSIX packages
+ ansible.windows.win_regedit:
+ path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
+ name: AllowAllTrustedApps
+ data: 1
+ type: dword
+ state: present
+
+- name: Install an MSIX package for the current user
+ ansible.windows.win_package:
+ path: C:\Installers\Calculator.msix # Can be .appx, .msixbundle, or .appxbundle
+ state: present
+
+- name: Uninstall an MSIX package using the product_id
+ ansible.windows.win_package:
+ product_id: InputApp
+ state: absent
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The contents of the MSI or MSP log. +Returned: installation/uninstallation failure for MSI or MSP packages +Sample: |
+
+ | The return code of the package process. +Returned: change occurred +Sample: |
+
+ | Whether a reboot is required to finalise package. This is set to true if the executable return code is 3010. +Returned: always +Sample: |
+
+ | The stderr stream of the package process. +Returned: failure during install or uninstall +Sample: |
+
+ | The stdout stream of the package process. +Returned: failure during install or uninstall +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_path
.
Allows element-based ordering, addition, and removal of Windows path environment variables.
Parameter |
+Comments |
+
---|---|
+ | A single path element, or a list of path elements (ie, directories) to add or remove. +When multiple elements are included in the list (and Variable expansions (eg, Any existing path elements not mentioned in New path elements are appended to the path, and existing path elements may be moved closer to the end to satisfy the requested ordering. +Paths are compared in a case-insensitive fashion, and trailing backslashes are ignored for comparison purposes. However, note that trailing backslashes in YAML require quotes. + |
+
+ | Target path environment variable name. +Default: |
+
+ | The level at which the environment variable specified by Choices: +
|
+
+ | Whether the path elements specified in Choices: +
|
+
Note
+This module is for modifying individual elements of path-like environment variables. For general-purpose management of other environment vars, use the ansible.windows.win_environment module.
This module does not broadcast change events. This means that the minority of windows applications which can have their environment changed without restarting will not be notified and therefore will need restarting to pick up new environment settings.
User level environment variables will require an interactive user to log out and in again before they become available.
See also
+Modify environment variables on windows hosts.
+- name: Ensure that system32 and Powershell are present on the global system path, and in the specified order
+ ansible.windows.win_path:
+ elements:
+ - '%SystemRoot%\system32'
+ - '%SystemRoot%\system32\WindowsPowerShell\v1.0'
+
+- name: Ensure that C:\Program Files\MyJavaThing is not on the current user's CLASSPATH
+ ansible.windows.win_path:
+ name: CLASSPATH
+ elements: C:\Program Files\MyJavaThing
+ scope: user
+ state: absent
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_ping
.
Checks management connectivity of a windows host.
This is NOT ICMP ping, this is just a trivial test module.
For non-Windows targets, use the ansible.builtin.ping module instead.
Parameter |
+Comments |
+
---|---|
+ | Alternate data to return instead of ‘pong’. +If this parameter is set to Default: |
+
See also
+The official documentation on the ansible.builtin.ping module.
+# Test connectivity to a windows host
+# ansible winserver -m ansible.windows.win_ping
+
+- name: Example from an Ansible Playbook
+ ansible.windows.win_ping:
+
+- name: Induce an exception to see what happens
+ ansible.windows.win_ping:
+ data: crash
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Value provided with the data parameter. +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_powershell
.
New in ansible.windows 1.5.0
+ +Runs a PowerShell script and outputs the data in a structured format.
Use ansible.windows.win_command or ansible.windows.win_shell to run a traditional PowerShell process with stdout, stderr, and rc results.
Parameter |
+Comments |
+
---|---|
+ | A list of arguments to pass to executable when running a script in another PowerShell process. +These are not arguments to pass to script, use parameters for that purpose. + |
+
+ | The PowerShell location to set when starting the script. +This can be a location in any of the PowerShell providers. +The default location is dependent on many factors, if relative paths are used then set this option. + |
+
+ | A path or path filter pattern; when the referenced path exists on the target host, the task will be skipped. + |
+
+ | How deep the return values are serialized for This also controls the depth of the diff output set by Setting this to a higher value can dramatically increase the amount of data that needs to be returned. +Default: |
+
+ | The
Choices: +
|
+
+ | A custom PowerShell executable to run the script in. +When not defined the script will run in the current module PowerShell interpreter. +Both the remote PowerShell and the one specified by executable must be running on PowerShell v5.1 or newer. +Setting this value may change the values returned in the |
+
+ | Parameters to pass into the script as key value pairs. +The key corresponds to the parameter name and the value is the value for that parameter. + |
+
+ | A path or path filter pattern; when the referenced path does not exist on the target host, the task will be skipped. + |
+
+ | The PowerShell script to run. + |
+
Note
+The module is set as failed when a terminating exception is throw, or error_action=stop
and a normal error record is raised.
The output values are processed using a custom filter and while it mostly matches the ConvertTo-Json
result the following value types are different.
DateTime
will be an ISO 8601 string in UTC, DateTimeOffset
will have the offset as specified by the value.
Enum
will contain a dictionary with Type
, String
, Value
being the type name, string representation and raw integer value respectively.
Type
will contain a dictionary with Name
, FullName
, AssemblyQualifiedName
, BaseType
being the type name, the type name including the namespace, the full assembly name the type was defined in and the base type it derives from.
The script has access to the $Ansible
variable where it can set Result
, Changed
, Failed
, Diff
, or access Tmpdir
.
$Ansible.Result
is a value that is returned back to the controller as is.
$Ansible.Diff
was added in the 1.12.0
release of ansible.windows
and is a dictionary that is set to the diff result that can be interepreted by Ansible.
$Ansible.Changed
can be set to true
or false
to reflect whether the module made a change or not. By default this is set to true
.
$Ansible.Failed
can be set to true
if the script wants to return the failure back to the controller.
$Ansible.Tmpdir
is the path to a temporary directory to use as a scratch location that is cleaned up after the module has finished.
$Ansible.Verbosity
reveals Ansible’s verbosity level for this play. Allows the script to set VerbosePreference/DebugPreference based on verbosity. Added in 1.9.0
.
Any host/console direct output like Write-Host
or [Console]::WriteLine
is not considered an output object, they are returned as a string in host_out and host_err.
Any output stream object is instead returned as a list in output. This is true not only for Write-Output
and its built-in alias echo
, but also for implicit output; i.e. Write-Output "foo"
and "foo"
give the same result.
The module will skip running the script when in check mode unless the script defines [CmdletBinding(SupportsShouldProcess
]).
See also
+Executes a command on a remote Windows node.
+Execute shell commands on target hosts.
+- name: Run basic PowerShell script
+ ansible.windows.win_powershell:
+ script: |
+ echo "Hello World"
+
+- name: Run PowerShell script with parameters
+ ansible.windows.win_powershell:
+ script: |
+ [CmdletBinding()]
+ param (
+ [String]
+ $Path,
+
+ [Switch]
+ $Force
+ )
+
+ New-Item -Path $Path -ItemType Directory -Force:$Force
+ parameters:
+ Path: C:\temp
+ Force: true
+
+- name: Run PowerShell script that modifies the module changed result
+ ansible.windows.win_powershell:
+ script: |
+ if (Get-Service -Name test -ErrorAction SilentlyContinue) {
+ Remove-Service -Name test
+ }
+ else {
+ $Ansible.Changed = $false
+ }
+
+- name: Run PowerShell script in PowerShell 7
+ ansible.windows.win_powershell:
+ script: |
+ $PSVersionTable.PSVersion.Major
+ executable: pwsh.exe
+ arguments:
+ - -ExecutionPolicy
+ - ByPass
+ register: pwsh_output
+ failed_when:
+ - pwsh_output.output[0] != 7
+
+- name: Run code in check mode
+ ansible.windows.win_powershell:
+ script: |
+ [CmdletBinding(SupportsShouldProcess)]
+ param ()
+
+ # Use $Ansible to detect check mode
+ if ($Ansible.CheckMode) {
+ echo 'running in check mode'
+ }
+ else {
+ echo 'running in normal mode'
+ }
+
+ # Use builtin ShouldProcess (-WhatIf)
+ if ($PSCmdlet.ShouldProcess('target')) {
+ echo 'also running in normal mode'
+ }
+ else {
+ echo 'also running in check mode'
+ }
+ check_mode: yes
+
+- name: Return a failure back to Ansible
+ ansible.windows.win_powershell:
+ script: |
+ if (Test-Path C:\bad.file) {
+ $Ansible.Failed = $true
+ }
+
+- name: Define when the script made a change or not
+ ansible.windows.win_powershell:
+ script: |
+ if ((Get-Item WSMan:\localhost\Service\Auth\Basic).Value -eq 'true') {
+ Set-Item WSMan:\localhost\Service\Auth\Basic -Value false
+ }
+ else {
+ $Ansible.Changed = $true
+ }
+
+- name: Define when to enable Verbose/Debug output
+ ansible.windows.win_powershell:
+ script: |
+ if ($Ansible.Verbosity -ge 3) {
+ $VerbosePreference = "Continue"
+ }
+ if ($Ansible.Verbosity -eq 5) {
+ $DebugPreference = "Continue"
+ }
+ Write-Output "Hello World!"
+ Write-Verbose "Hello World!"
+ Write-Debug "Hello World!"
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | A list of warning messages created by the script. +Debug messages only appear when Returned: always +Sample: |
+
+ | A list of error records created by the script. +Returned: always + |
+
+ | More information about the error record. +Returned: success + |
+
+ | Description of the operation which encountered the error. +Returned: always +Sample: |
+
+ | The category name of the error record. +Returned: always +Sample: |
+
+ | The integer representation of the category. +Returned: always +Sample: |
+
+ | Description of the error. +Returned: always +Sample: |
+
+ | Description of the target object. +Can be an empty string if no target was specified. +Returned: always +Sample: |
+
+ | Description of the type of the target object. +Can be an empty string if no target object was specified. +Returned: always +Sample: |
+
+ | Additional details about an ErrorRecord. +Can be null if there are not additional details. +Returned: success + |
+
+ | Message for the error record. +Returned: always +Sample: |
+
+ | Recommended action in the even that this error occurs. +This is empty unless the code which generates the error adds this explicitly. +Returned: always +Sample: |
+
+ | Details about the exception behind the error record. +Returned: success + |
+
+ | A link to the help details for the exception. +May not be set as it’s dependent on whether the .NET exception class provides this info. +Returned: always +Sample: |
+
+ | The signed integer assigned to this exception. +May not be set as it’s dependent on whether the .NET exception class provides this info. +Returned: always +Sample: |
+
+ | The inner exception details if there is one present. +The dict contains the same keys as a normal exception. +Returned: always + |
+
+ | The exception message. +Returned: always +Sample: |
+
+ | Name of the application or object that causes the error. +This may be an empty string as it’s dependent on the code that raises the exception. +Returned: always +Sample: |
+
+ | The full .NET type of the Exception class. +Returned: always +Sample: |
+
+ | The unique identifier for the error condition +May be null if no id was specified when the record was created. +Returned: always +Sample: |
+
+ | The formatted error record message as typically seen in a PowerShell console. +Returned: always +Sample: |
+
+ | The status of the pipeline when this record was created. +The values are 0 index based. +Each element entry represents the command index in a pipeline statement. +The value of each element represents the pipeline input idx in that command. +For Example Returned: always +Sample: |
+
+ | The script stack trace for the error record. +Returned: always +Sample: |
+
+ | The object which the error occured. +May be null if no object was specified when the record was created. +Type type of this object depends on the error record itself. +If the value is a complex type, it will follow the Returned: always +Sample: |
+
+ | The strings written to the host error output, typically the stderr. +This is not the same as objects sent to the error stream in PowerShell. +Returned: always +Sample: |
+
+ | The strings written to the host output, typically the stdout. +This is not the same as objects sent to the output stream in PowerShell. +Returned: always +Sample: |
+
+ | A list of information records created by the script. +The information stream was only added in PowerShell v5, older versions will always have an empty list as a value. +Returned: always + |
+
+ | Message data associated with the record. +The value here can be of any type. +Returned: always +Sample: |
+
+ | The source of the record. +Returned: always +Sample: |
+
+ | A list of tags associated with the record. +Returned: always +Sample: |
+
+ | The time the record was generated. +This is the time in UTC as an ISO 8601 formatted string. +Returned: always +Sample: |
+
+ | A list containing all the objects outputted by the script. +The list elements can be anything as it is based on what was ran. +Returned: always +Sample: |
+
+ | The values that were set by Defaults to an empty dict but can be set to anything by the script. +Returned: always +Sample: |
+
+ | A list of warning messages created by the script. +Verbose messages only appear when Returned: always +Sample: |
+
+ | A list of warning messages created by the script. +Warning messages only appear when Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_reboot
.
Unconditionally reboot a Windows machine, wait for it to go down, come back up, and respond to commands.
For non-Windows targets, use the ansible.builtin.reboot module instead.
Note
+This module has a corresponding action plugin.
+Parameter |
+Comments |
+
---|---|
+ | Command to run that returns a unique string indicating the last time the system was booted. +Setting this to a command that has different output each time it is run will cause the task to fail. +Default: |
+
+ | Maximum seconds to wait for a single successful TCP connection to the WinRM endpoint before trying again. +Default: |
+
+ | Message to display to users. +Default: |
+
+ | Seconds to wait after the reboot command was successful before attempting to validate the system rebooted successfully. +This is useful if you want wait for something to settle despite your connection already working. +Default: |
+
+ | Seconds to wait before reboot. Passed as a parameter to the reboot command. +The minimum version is Default: |
+
+ | Maximum seconds to wait for machine to re-appear on the network and respond to a test command. +This timeout is evaluated separately for both reboot verification and test command success so maximum clock time is actually twice this value. +Default: |
+
+ | Command to expect success for to determine the machine is ready for management. +By default this test command is a custom one to detect when the Windows Logon screen is up and ready to accept credentials. Using a custom command will replace this behaviour and just run the command specified. + |
+
Note
+If a shutdown was already scheduled on the system, ansible.windows.win_reboot will abort the scheduled shutdown and enforce its own shutdown.
Beware that when ansible.windows.win_reboot returns, the Windows system may not have settled yet and some base services could be in limbo. This can result in unexpected behavior. Check the examples for ways to mitigate this. This has been slightly mitigated in the 1.6.0
release of ansible.windows
but it is not guranteed to always wait until the logon prompt is shown.
The connection user must have the SeRemoteShutdownPrivilege
privilege enabled, see https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system for more information.
This module is equivalent to using the /f forced option for reboot on a windows host
See also
+The official documentation on the ansible.builtin.reboot module.
+- name: Reboot the machine with all defaults
+ ansible.windows.win_reboot:
+
+- name: Reboot a slow machine that might have lots of updates to apply
+ ansible.windows.win_reboot:
+ reboot_timeout: 3600
+
+# Install a Windows feature and reboot if necessary
+- name: Install IIS Web-Server
+ ansible.windows.win_feature:
+ name: Web-Server
+ register: iis_install
+
+- name: Reboot when Web-Server feature requires it
+ ansible.windows.win_reboot:
+ when: iis_install.reboot_required
+
+# One way to ensure the system is reliable, is to set WinRM to a delayed startup
+- name: Ensure WinRM starts when the system has settled and is ready to work reliably
+ ansible.windows.win_service:
+ name: WinRM
+ start_mode: delayed
+
+# Additionally, you can add a delay before running the next task
+- name: Reboot a machine that takes time to settle after being booted
+ ansible.windows.win_reboot:
+ post_reboot_delay: 120
+
+# Or you can make win_reboot validate exactly what you need to work before running the next task
+- name: Validate that the netlogon service has started, before running the next task
+ ansible.windows.win_reboot:
+ test_command: 'exit (Get-Service -Name Netlogon).Status -ne "Running"'
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The number of seconds that elapsed waiting for the system to be rebooted. +Returned: always +Sample: |
+
+ | True if the machine was rebooted. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_reg_stat
.
Like ansible.windows.win_file, ansible.windows.win_reg_stat will return whether the key/property exists.
It also returns the sub keys and properties of the key specified.
If specifying a property name through property, it will return the information specific for that property.
Parameter |
+Comments |
+
---|---|
+ | The registry property name to get information for, the return json will not include the sub_keys and properties entries for the key specified. +Set to an empty string to target the registry key’s |
+
+ | The full registry key path including the hive to search for. + |
+
Note
+The properties
return value will contain an empty string key ""
that refers to the key’s Default
value. If the value has not been set then this key is not returned.
See also
+Add, change, or remove registry keys and values.
+The official documentation on the community.windows.win_regmerge module.
+- name: Obtain information about a registry key using short form
+ ansible.windows.win_reg_stat:
+ path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
+ register: current_version
+
+- name: Obtain information about a registry key property
+ ansible.windows.win_reg_stat:
+ path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
+ name: CommonFilesDir
+ register: common_files_dir
+
+- name: Obtain the registry key's (Default) property
+ ansible.windows.win_reg_stat:
+ path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
+ name: ''
+ register: current_version_default
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Whether anything was changed. +Returned: always +Sample: |
+
+ | States whether the registry key/property exists. +Returned: success and path/property exists +Sample: |
+
+ | A dictionary containing all the properties and their values in the registry key. +Returned: success, path exists and property not specified +Sample: |
+
+ | Returns the raw value of the registry property, REG_EXPAND_SZ has no string expansion, REG_BINARY or REG_NONE is in hex 0x format. REG_NONE, this value is a hex string in the 0x format. +Returned: success, path/property exists and property specified +Sample: |
+
+ | A list of all the sub keys of the key specified. +Returned: success, path exists and property not specified +Sample: |
+
+ | The property type. +Returned: success, path/property exists and property specified +Sample: |
+
+ | The value of the property. +Returned: success, path/property exists and property specified +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_regedit
.
Add, modify or remove registry keys and values.
More information about the windows registry from Wikipedia https://en.wikipedia.org/wiki/Windows_Registry.
Parameter |
+Comments |
+
---|---|
+ | Value of the registry entry If not specified then the value for the property will be null for the corresponding Binary and None data should be expressed in a yaml byte array or as comma separated hex values. +An easy way to generate this is to run In the exported file, binary value will look like DWORD and QWORD values should either be represented as a decimal number or a hex value. +Multistring values should be passed in as a list. +See the examples for more details on how to format this data. + |
+
+ | When If Choices: +
|
+
+ | A path to a hive key like C:\Users\Default\NTUSER.DAT to load in the registry. +This hive is loaded under the HKLM:\ANSIBLE key which can then be used in name like any other path. +This can be used to load the default user profile registry hive or any other hive saved as a file. +Using this function requires the user to have the |
+
+ | Name of the registry entry in the above If not provided, or empty then the ‘(Default)’ property for the key will be used. + |
+
+ | Name of the registry path. +Should be in one of the following registry hives: HKCC, HKCR, HKCU, HKLM, HKU. + |
+
+ | The state of the registry entry. +Choices: +
|
+
+ | The registry value data type. +Choices: +
|
+
Note
+Check-mode -C/--check
and diff output -D/--diff
are supported, so that you can test every change against the active configuration before applying changes.
Beware that some registry hives (HKEY_USERS
in particular) do not allow to create new registry paths in the root folder.
See also
+Get information about Windows registry keys.
+The official documentation on the community.windows.win_regmerge module.
+- name: Create registry path MyCompany
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+
+- name: Add or update registry path MyCompany, with entry 'hello', and containing 'world'
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: world
+
+- name: Add or update registry path MyCompany, with dword entry 'hello', and containing 1337 as the decimal value
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: 1337
+ type: dword
+
+- name: Add or update registry path MyCompany, with dword entry 'hello', and containing 0xff2500ae as the hex value
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: 0xff2500ae
+ type: dword
+
+- name: Add or update registry path MyCompany, with binary entry 'hello', and containing binary data in hex-string format
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: hex:be,ef,be,ef,be,ef,be,ef,be,ef
+ type: binary
+
+- name: Add or update registry path MyCompany, with binary entry 'hello', and containing binary data in yaml format
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: [0xbe,0xef,0xbe,0xef,0xbe,0xef,0xbe,0xef,0xbe,0xef]
+ type: binary
+
+- name: Add or update registry path MyCompany, with expand string entry 'hello'
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: '%appdata%\local'
+ type: expandstring
+
+- name: Add or update registry path MyCompany, with multi string entry 'hello'
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ data: ['hello', 'world']
+ type: multistring
+
+- name: Disable keyboard layout hotkey for all users (changes existing)
+ ansible.windows.win_regedit:
+ path: HKU:\.DEFAULT\Keyboard Layout\Toggle
+ name: Layout Hotkey
+ data: 3
+ type: dword
+
+- name: Disable language hotkey for current users (adds new)
+ ansible.windows.win_regedit:
+ path: HKCU:\Keyboard Layout\Toggle
+ name: Language Hotkey
+ data: 3
+ type: dword
+
+- name: Remove registry path MyCompany (including all entries it contains)
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ state: absent
+ delete_key: true
+
+- name: Clear the existing (Default) entry at path MyCompany
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ state: absent
+ delete_key: false
+
+- name: Remove entry 'hello' from registry path MyCompany
+ ansible.windows.win_regedit:
+ path: HKCU:\Software\MyCompany
+ name: hello
+ state: absent
+
+- name: Change default mouse trailing settings for new users
+ ansible.windows.win_regedit:
+ path: HKLM:\ANSIBLE\Control Panel\Mouse
+ name: MouseTrails
+ data: 10
+ type: string
+ state: present
+ hive: C:\Users\Default\NTUSER.dat
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Whether this invocation changed the data in the registry value. +Returned: success +Sample: |
+
+ | Whether this invocation changed the datatype of the registry value. +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_service_info
.
Gather information about all or a specific installed Windows service(s).
Parameter |
+Comments |
+
---|---|
+ | If specified, this is used to match the Can be a wildcard to match multiple services but the wildcard will only be matched on the If omitted then all services will returned. + |
+
See also
+Manage and query Windows services.
+- name: Get info for all installed services
+ ansible.windows.win_service_info:
+ register: service_info
+
+- name: Get info for a single service
+ ansible.windows.win_service_info:
+ name: WinRM
+ register: service_info
+
+- name: Get info for a service using its display name
+ ansible.windows.win_service_info:
+ name: Windows Remote Management (WS-Management)
+
+- name: Find all services that start with 'win'
+ ansible.windows.win_service_info:
+ name: win*
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Whether any services were found based on the criteria specified. +Returned: always +Sample: |
+
+ | A list of service(s) that were found based on the criteria. +Will be an empty list if no services were found. +Returned: always + |
+
+ | A check-point value that the service increments periodically to report its progress. +Returned: success +Sample: |
+
+ | A list of controls that the service can accept. +Common controls are Returned: success +Sample: |
+
+ | A list of services by their Returned: success +Sample: |
+
+ | A list of services by their Returned: success +Sample: |
+
+ | The description of the service. +Returned: success +Sample: |
+
+ | Whether the service can interact with the desktop, only valid for services running as Returned: success +Sample: |
+
+ | The display name to be used by SCM to identify the service. +Returned: success +Sample: |
+
+ | The action to take if a service fails to start. +Common values are Returned: success +Sample: |
+
+ | Controls when failure actions are fired based on how the service was stopped. +Returned: success +Sample: |
+
+ | A list of failure actions to run in the event of a failure. +Returned: success + |
+
+ | The time to wait, in milliseconds, before performing the specified action. +Returned: success +Sample: |
+
+ | The action that will be performed. +Common values are Returned: success +Sample: |
+
+ | The command line that will be run when a Returned: success +Sample: |
+
+ | The message to be broadcast to server users before rebooting when a Returned: success +Sample: |
+
+ | The time, in seconds, after which to reset the failure count to zero. +Returned: success +Sample: |
+
+ | The protection type of the service. +Common values are Returned: success +Sample: |
+
+ | The name of the load ordering group to which the service belongs. +Will be an empty string if it does not belong to any group. +Returned: success +Sample: |
+
+ | The name of the service. +Returned: success +Sample: |
+
+ | The path to the service binary and any arguments used when starting the service. +The binary part can be quoted to ensure any spaces in path are not treated as arguments. +Returned: success +Sample: |
+
+ | The preshutdown timeout out value in milliseconds. +Returned: success +Sample: |
+
+ | The node number for the preferred node. +This will be Returned: success +Sample: |
+
+ | The process identifier of the running service. +Returned: success +Sample: |
+
+ | A list of privileges that the service requires and will run with +Returned: success +Sample: |
+
+ | A service-specific error code that is set while the service is starting or stopping. +Returned: success +Sample: |
+
+ | Shows more information about the behaviour of a running service. +Currently the only flag that can be set is Returned: success +Sample: |
+
+ | The type of service. +Common types are Returned: success +Sample: |
+
+ | The behavior of how the service’s access token is generated and how to add the service SID to the token. +Common values are Returned: success +Sample: |
+
+ | When the service is set to start. +Common values are Returned: success +Sample: |
+
+ | The current running state of the service. +Common values are Returned: success +Sample: |
+
+ | A list of triggers defined for the service. +Returned: success + |
+
+ | The action to perform once triggered, can be Returned: success +Sample: |
+
+ | A list of trigger data items that contain trigger specific data. +A trigger can contain 0 or multiple data items. +Returned: success + |
+
+ | The trigger data item value. +Can be a string, list of string, int, or base64 string of binary data. +Returned: success +Sample: |
+
+ | The type of Common values are Returned: success +Sample: |
+
+ | The trigger event sub type that is specific to each Common values are Returned: success + |
+
+ | The guid which represents the trigger sub type. +Returned: success +Sample: |
+
+ | The trigger event type. +Common values are Returned: success +Sample: |
+
+ | The username used to run the service. +Can be null for user services and certain driver services. +Returned: success +Sample: |
+
+ | The estimated time in milliseconds required for a pending start, stop, pause,or continue operations. +Returned: success +Sample: |
+
+ | The error code returned from the service binary once it has stopped. +When set to Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_service
.
Manage and query Windows services.
For non-Windows targets, use the ansible.builtin.service module instead.
Parameter |
+Comments |
+
---|---|
+ | A list of service dependencies to set for this particular service. +This should be a list of service names and not the display name of the service. +This works by |
+
+ | Used in conjunction with Remove the dependencies to the existing dependencies. +Set the dependencies to only the values in the list replacing the existing dependencies. +Choices: +
|
+
+ | The description to set for the service. + |
+
+ | Whether to allow the service user to interact with the desktop. +This can only be set to This can only be set to Choices: +
|
+
+ | The display name to set for the service. + |
+
+ | The severity of the error and action token if the service fails to start. +A new service defaults to
Choices: +
|
+
+ | A list of failure actions the service controller should take on each failure of a service. +The service manager will run the actions from first to last defined until the service starts. If failure_reset_period_sec has been exceeded then the failure actions will restart from the beginning. +If all actions have been performed the the service manager will repeat the last service defined. +The existing actions will be replaced with the list defined in the task if there is a mismatch with any of them. +Set to an empty list to delete all failure actions on a service otherwise an omitted or null value preserves the existing actions on the service. + |
+
+ | The time to wait, in milliseconds, before performing the specified action. +Default: |
+
+ | The action to be performed. +
Choices: +
|
+
+ | Controls whether failure actions will be performed on non crash failures or not. +Choices: +
|
+
+ | The command to run for a Set to an empty string to remove the command. + |
+
+ | The message to be broadcast to users logged on the host for a Set to an empty string to remove the message. + |
+
+ | The time in seconds after which the failure action list resets back to the start of the list if there are no failures. +To set this value, failure_actions must have at least 1 action present. +Specify |
+
+ | If If Choices: +
|
+
+ | The name of the load ordering group of which this service is a member. +Specify an empty string to remove the existing load order group of a service. + |
+
+ | Name of the service. +If only the name parameter is specified, the module will report on whether the service exists or not without making any changes. + |
+
+ | The password to set the service to start as. +This and the If omitted then the password will continue to use the existing value password set. +If specifying |
+
+ | The path to the executable to set for the service. + |
+
+ | The time in which the service manager waits after sending a preshutdown notification to the service until it proceeds to continue with the other shutdown actions. + |
+
+ | A list of privileges the service must have when starting up. +When set the service will only have the privileges specified on its access token. +The username of the service must already have the privileges assigned. +The existing privileges will be replace with the list defined in the task if there is a mismatch with any of them. +Set to an empty list to remove all required privileges, otherwise an omitted or null value will keep the existing privileges. +See privilege text constants for a list of privilege constants that can be used. + |
+
+ | The type of service. +The default type of a new service is desktop_interact can only be set if the service type is Choices: +
|
+
+ | Used to define the behaviour of the service’s access token groups. +
Choices: +
|
+
+ | Set the startup type for the service. +A newly created service will default to Choices: +
|
+
+ | The desired state of the service. +
Only services that support the paused state can be paused, you can check the return value You can only pause a service that is already started. +A newly created service will default to Choices: +
|
+
+ | When set to Set to If username was specified and the service changed to that username then password will also be changed if specified. +The current default is Choices: +
|
+
+ | The username to set the service to start as. +Can also be set to A newly created service will default to If using a custom user account, it must have the Set to This can also be a gMSA in the form |
+
Note
+This module historically returning information about the service in its return values. These should be avoided in favour of the ansible.windows.win_service_info module.
Most of the options in this module are non-driver services that you can view in SCManager. While you can edit driver services, not all functionality may be available.
The user running the module must have the following access rights on the service to be able to use it with this module - SERVICE_CHANGE_CONFIG
, SERVICE_ENUMERATE_DEPENDENTS
, SERVICE_QUERY_CONFIG
, SERVICE_QUERY_STATUS
.
Changing the state or removing the service will also require futher rights depending on what needs to be done.
See also
+The official documentation on the ansible.builtin.service module.
+The official documentation on the community.windows.win_nssm module.
+Gather information about Windows services.
+Manage Windows User Rights.
+- name: Restart a service
+ ansible.windows.win_service:
+ name: spooler
+ state: restarted
+
+- name: Set service startup mode to auto and ensure it is started
+ ansible.windows.win_service:
+ name: spooler
+ start_mode: auto
+ state: started
+
+- name: Pause a service
+ ansible.windows.win_service:
+ name: Netlogon
+ state: paused
+
+- name: Ensure that WinRM is started when the system has settled
+ ansible.windows.win_service:
+ name: WinRM
+ start_mode: delayed
+
+# A new service will also default to the following values:
+# - username: LocalSystem
+# - state: stopped
+# - start_mode: auto
+- name: Create a new service
+ ansible.windows.win_service:
+ name: service name
+ path: C:\temp\test.exe
+
+- name: Create a new service with extra details
+ ansible.windows.win_service:
+ name: service name
+ path: C:\temp\test.exe
+ display_name: Service Name
+ description: A test service description
+
+- name: Remove a service
+ ansible.windows.win_service:
+ name: service name
+ state: absent
+
+# This is required to be set for non-service accounts that need to run as a service
+- name: Grant domain account the SeServiceLogonRight user right
+ ansible.windows.win_user_right:
+ name: SeServiceLogonRight
+ users:
+ - DOMAIN\User
+ action: add
+
+- name: Set the log on user to a domain account
+ ansible.windows.win_service:
+ name: service name
+ state: restarted
+ username: DOMAIN\User
+ password: Password
+
+- name: Set the log on user to a local account
+ ansible.windows.win_service:
+ name: service name
+ state: restarted
+ username: .\Administrator
+ password: Password
+
+- name: Set the log on user to Local System
+ ansible.windows.win_service:
+ name: service name
+ state: restarted
+ username: SYSTEM
+
+- name: Set the log on user to Local System and allow it to interact with the desktop
+ ansible.windows.win_service:
+ name: service name
+ state: restarted
+ username: SYSTEM
+ desktop_interact: true
+
+- name: Set the log on user to Network Service
+ ansible.windows.win_service:
+ name: service name
+ state: restarted
+ username: NT AUTHORITY\NetworkService
+
+- name: Set the log on user to Local Service
+ ansible.windows.win_service:
+ name: service name
+ state: restarted
+ username: NT AUTHORITY\LocalService
+
+- name: Set the log on user as the services' virtual account
+ ansible.windows.win_service:
+ name: service name
+ username: NT SERVICE\service name
+
+- name: Set the log on user as a gMSA
+ ansible.windows.win_service:
+ name: service name
+ username: DOMAIN\gMSA$ # The end $ is important and should be set for all gMSA
+
+- name: Set dependencies to ones only in the list
+ ansible.windows.win_service:
+ name: service name
+ dependencies: [ service1, service2 ]
+
+- name: Add dependencies to existing dependencies
+ ansible.windows.win_service:
+ name: service name
+ dependencies: [ service1, service2 ]
+ dependency_action: add
+
+- name: Remove dependencies from existing dependencies
+ ansible.windows.win_service:
+ name: service name
+ dependencies:
+ - service1
+ - service2
+ dependency_action: remove
+
+- name: Set required privileges for a service
+ ansible.windows.win_service:
+ name: service name
+ username: NT SERVICE\LocalService
+ required_privileges:
+ - SeBackupPrivilege
+ - SeRestorePrivilege
+
+- name: Remove all required privileges for a service
+ ansible.windows.win_service:
+ name: service name
+ username: NT SERVICE\LocalService
+ required_privileges: []
+
+- name: Set failure actions for a service with no reset period
+ ansible.windows.win_service:
+ name: service name
+ failure_actions:
+ - type: restart
+ - type: run_command
+ delay_ms: 1000
+ - type: restart
+ delay_ms: 5000
+ - type: reboot
+ failure_command: C:\Windows\System32\cmd.exe /c mkdir C:\temp
+ failure_reboot_msg: Restarting host because service name has failed
+ failure_reset_period_sec: '0xFFFFFFFF'
+
+- name: Set only 1 failure action without a repeat of the last action
+ ansible.windows.win_service:
+ name: service name
+ failure_actions:
+ - type: restart
+ delay_ms: 5000
+ - type: none
+
+- name: Remove failure action information
+ ansible.windows.win_service:
+ name: service name
+ failure_actions: []
+ failure_command: '' # removes the existing command
+ failure_reboot_msg: '' # removes the existing reboot msg
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Whether the service can be paused and unpaused. +Returned: success and service exists +Sample: |
+
+ | A list of services that depend on this service. +Returned: success and service exists +Sample: |
+
+ | A list of services that is depended by this service. +Returned: success and service exists +Sample: |
+
+ | The description of the service. +Returned: success and service exists +Sample: |
+
+ | Whether the current user is allowed to interact with the desktop. +Returned: success and service exists +Sample: |
+
+ | The display name of the installed service. +Returned: success and service exists +Sample: |
+
+ | Whether the service exists or not. +Returned: success +Sample: |
+
+ | The service name or id of the service. +Returned: success and service exists +Sample: |
+
+ | The path to the service executable. +Returned: success and service exists +Sample: |
+
+ | The startup type of the service. +Returned: success and service exists +Sample: |
+
+ | The current running status of the service. +Returned: success and service exists +Sample: |
+
+ | The username that runs the service. +Returned: success and service exists +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_shell
.
The ansible.windows.win_shell module takes the command name followed by a list of space-delimited arguments. It is similar to the ansible.windows.win_command module, but runs the command via a shell (defaults to PowerShell) on the target host.
For non-Windows targets, use the ansible.builtin.shell module instead.
Parameter |
+Comments |
+
---|---|
+ | Set the specified path as the current working directory before executing a command + |
+
+ | A path or path filter pattern; when the referenced path exists on the target host, the task will be skipped. + |
+
+ | Change the shell used to execute the command (eg, The target shell must accept a |
+
+ | The ansible.windows.win_shell module takes a free form command to run. +There is no parameter actually named ‘free form’. See the examples! + |
+
+ | Do not load the user profile before running a command. This is only valid when using PowerShell as the executable. +Choices: +
|
+
+ | This option overrides the encoding of stdout/stderr output. +You can use this option when you need to run a command which ignore the console’s codepage. +You should only need to use this option in very rare circumstances. +This value can be any valid encoding |
+
+ | A path or path filter pattern; when the referenced path does not exist on the target host, the task will be skipped. + |
+
+ | Set the stdin of the command directly to the specified value. + |
+
Note
+If you want to run an executable securely and predictably, it may be better to use the ansible.windows.win_command module instead. Best practices when writing playbooks will follow the trend of using ansible.windows.win_command unless win_shell
is explicitly required. When running ad-hoc commands, use your best judgement.
WinRM will not return from a command execution until all child processes created have exited. Thus, it is not possible to use ansible.windows.win_shell to spawn long-running child or background processes. Consider creating a Windows service for managing background processes. - Consider using ansible.windows.win_powershell if you want to capture the output from the PowerShell script as structured objects.
See also
+The official documentation on the community.windows.psexec module.
+The official documentation on the ansible.builtin.raw module.
+The official documentation on the ansible.builtin.script module.
+The official documentation on the ansible.builtin.shell module.
+Executes a command on a remote Windows node.
+Run PowerShell scripts.
+The official documentation on the community.windows.win_psexec module.
+- name: Execute a command in the remote shell, stdout goes to the specified file on the remote
+ ansible.windows.win_shell: C:\somescript.ps1 >> C:\somelog.txt
+
+- name: Change the working directory to somedir/ before executing the command
+ ansible.windows.win_shell: C:\somescript.ps1 >> C:\somelog.txt
+ args:
+ chdir: C:\somedir
+
+- name: Run a command with an idempotent check on what it creates, will only run when somedir/somelog.txt does not exist
+ ansible.windows.win_shell: C:\somescript.ps1 >> C:\somelog.txt
+ args:
+ chdir: C:\somedir
+ creates: C:\somelog.txt
+
+- name: Run a command under a non-Powershell interpreter (cmd in this case)
+ ansible.windows.win_shell: echo %HOMEDIR%
+ args:
+ executable: cmd
+ register: homedir_out
+
+- name: Run multi-lined shell commands
+ ansible.windows.win_shell: |
+ $value = Test-Path -Path C:\temp
+ if ($value) {
+ Remove-Item -Path C:\temp -Force
+ }
+ New-Item -Path C:\temp -ItemType Directory
+
+- name: Retrieve the input based on stdin
+ ansible.windows.win_shell: '$string = [Console]::In.ReadToEnd(); Write-Output $string.Trim()'
+ args:
+ stdin: Input message
+
+- name: Run a PowerShell script with -NoProfile
+ ansible.windows.win_shell: C:\somescript.ps1
+ args:
+ no_profile: true
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The command executed by the task. +Returned: always +Sample: |
+
+ | The command execution delta time. +Returned: always +Sample: |
+
+ | The command execution end time. +Returned: always +Sample: |
+
+ | Changed. +Returned: always +Sample: |
+
+ | The command return code (0 means success). +Returned: always +Sample: |
+
+ | The command execution start time. +Returned: always +Sample: |
+
+ | The command standard error. +Returned: always +Sample: |
+
+ | The command standard output. +Returned: always +Sample: |
+
+ | The command standard output split in lines. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_stat
.
Returns information about a Windows file.
For non-Windows targets, use the ansible.builtin.stat module instead.
Parameter |
+Comments |
+
---|---|
+ | Algorithm to determine checksum of file. +Will throw an error if the host is unable to use specified algorithm. +Choices: +
|
+
+ | Whether to follow symlinks or junction points. +In the case of Choices: +
|
+
+ | Whether to return a checksum of the file (default sha1) +Choices: +
|
+
+ | Whether to return the size of a file or directory. +Choices: +
|
+
+ | The full path of the file/object to get the facts of; both forward and back slashes are accepted. + |
+
See also
+The official documentation on the ansible.builtin.stat module.
+Set file/directory/registry/certificate permissions for a system user or group.
+Creates, touches or removes files or directories.
+Set owner.
+- name: Obtain information about a file
+ ansible.windows.win_stat:
+ path: C:\foo.ini
+ register: file_info
+
+- name: Obtain information about a folder
+ ansible.windows.win_stat:
+ path: C:\bar
+ register: folder_info
+
+- name: Get MD5 checksum of a file
+ ansible.windows.win_stat:
+ path: C:\foo.ini
+ get_checksum: true
+ checksum_algorithm: md5
+ register: md5_checksum
+
+- debug:
+ var: md5_checksum.stat.checksum
+
+- name: Get SHA1 checksum of file
+ ansible.windows.win_stat:
+ path: C:\foo.ini
+ get_checksum: true
+ register: sha1_checksum
+
+- debug:
+ var: sha1_checksum.stat.checksum
+
+- name: Get SHA256 checksum of file
+ ansible.windows.win_stat:
+ path: C:\foo.ini
+ get_checksum: true
+ checksum_algorithm: sha256
+ register: sha256_checksum
+
+- debug:
+ var: sha256_checksum.stat.checksum
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Whether anything was changed +Returned: always +Sample: |
+
+ | dictionary containing all the stat data +Returned: success + |
+
+ | Attributes of the file at path in raw form. +Returned: success, path exists +Sample: |
+
+ | The checksum of a file based on checksum_algorithm specified. +Returned: success, path exist, path is a file, get_checksum == True checksum_algorithm specified is supported +Sample: |
+
+ | The create time of the file represented in seconds since epoch. +Returned: success, path exists +Sample: |
+
+ | If the path exists or not. +Returned: success +Sample: |
+
+ | The extension of the file at path. +Returned: success, path exists, path is a file +Sample: |
+
+ | The name of the file (without path). +Returned: success, path exists, path is a file +Sample: |
+
+ | List of other files pointing to the same file (hard links), excludes the current file. +Returned: success, path exists +Sample: |
+
+ | If the path is ready for archiving or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a directory or not. +Returned: success, path exists +Sample: |
+
+ | +If the path is hidden or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a junction point or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a symbolic link or not. +Returned: success, path exists +Sample: |
+
+ | If the path is read only or not. +Returned: success, path exists +Sample: |
+
+ | If the path is a regular file. +Returned: success, path exists +Sample: |
+
+ | +If the path is shared or not. +Returned: success, path exists +Sample: |
+
+ | The last access time of the file represented in seconds since epoch. +Returned: success, path exists +Sample: |
+
+ | The last modification time of the file represented in seconds since epoch. +Returned: success, path exists +Sample: |
+
+ | Target of the symlink normalized for the remote filesystem. +Returned: success, path exists and the path is a symbolic link or junction point +Sample: |
+
+ | Target of the symlink. Note that relative paths remain relative. +Returned: success, path exists and the path is a symbolic link or junction point +Sample: |
+
+ | Number of links to the file (hard links). +Returned: success, path exists +Sample: |
+
+ | The owner of the file. +Returned: success, path exists +Sample: |
+
+ | The full absolute path to the file. +Returned: success, path exists, file exists +Sample: |
+
+ | +The name of share if folder is shared. +Returned: success, path exists, file is a directory and isshared == True +Sample: |
+
+ | The size in bytes of a file or folder. +Returned: success, path exists, file is not a link, get_size == True +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_tempfile
.
Creates temporary files and directories.
For non-Windows targets, please use the ansible.builtin.tempfile module instead.
Parameter |
+Comments |
+
---|---|
+ | Location where temporary file or directory should be created. +If path is not specified default system temporary directory (%TEMP%) will be used. +Default: |
+
+ | Prefix of file/directory name created by module. +Default: |
+
+ | Whether to create file or directory. +Choices: +
|
+
+ | Suffix of file/directory name created by module. + |
+
See also
+The official documentation on the ansible.builtin.tempfile module.
+- name: Create temporary build directory
+ ansible.windows.win_tempfile:
+ state: directory
+ suffix: build
+
+- name: Create temporary file
+ ansible.windows.win_tempfile:
+ state: file
+ suffix: temp
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The absolute path to the created file or directory. +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_template
.
Templates are processed by the Jinja2 templating language.
Documentation on the template formatting can be found in the Template Designer Documentation.
Additional variables listed below can be used in templates.
ansible_managed
(configurable via the defaults
section of ansible.cfg
) contains a string which can be used to describe the template name, host, modification time of the template file and the owner uid.
template_host
contains the node name of the template’s machine.
template_uid
is the numeric user id of the owner.
template_path
is the path of the template.
template_fullpath
is the absolute path of the template.
template_destpath
is the path of the template on the remote system (added in 2.8).
template_run_date
is the date that the template was rendered.
Note
+This module has a corresponding action plugin.
+Parameter |
+Comments |
+
---|---|
+ | Determine whether a backup should be created. +When set to Choices: +
|
+
+ | The string marking the end of a block. +Default: |
+
+ | The string marking the beginning of a block. +Default: |
+
+ | Location to render the template to on the remote machine. + |
+
+ | Determine when the file is being transferred if the destination already exists. +When set to When set to Choices: +
|
+
+ | Determine when leading spaces and tabs should be stripped. +When set to This functionality requires Jinja 2.7 or newer. +Choices: +
|
+
+ | Specify the newline sequence to use for templating files. +Choices: +
|
+
+ | Overrides the encoding used to write the template file defined by It defaults to The source template file must always be encoded using Default: |
+
+ | Path of a Jinja2 formatted template on the Ansible controller. +This can be a relative or an absolute path. +The file must be encoded with |
+
+ | Determine when newlines should be removed from blocks. +When set to Choices: +
|
+
+ | The string marking the end of a print statement. +Default: |
+
+ | The string marking the beginning of a print statement. +Default: |
+
Note
+Including a string that uses a date in the template will result in the template being marked ‘changed’ each time.
Also, you can override jinja2 settings by adding a special header to template file. i.e. #jinja2:variable_start_string:'[%', variable_end_string:'%]', trim_blocks: False
which changes the variable interpolation markers to [% var %]
instead of {{ var }}
. This is the best way to prevent evaluation of things that look like, but should not be Jinja2.
Using raw/endraw in Jinja2 will not work as you expect because templates in Ansible are recursively evaluated.
To find Byte Order Marks in files, use Format-Hex <file> -Count 16
on Windows, and use od -a -t x1 -N 16 <file>
on Linux.
Beware fetching files from windows machines when creating templates because certain tools, such as Powershell ISE, and regedit’s export facility add a Byte Order Mark as the first character of the file, which can cause tracebacks.
You can use the ansible.windows.win_copy module with the content:
option if you prefer the template inline, as part of the playbook.
For Linux you can use ansible.builtin.template which uses ‘\\n’ as newline_sequence
by default.
See also
+Copies files to remote locations on windows hosts.
+The official documentation on the ansible.builtin.copy module.
+The official documentation on the ansible.builtin.template module.
+- name: Create a file from a Jinja2 template
+ ansible.windows.win_template:
+ src: /mytemplates/file.conf.j2
+ dest: C:\Temp\file.conf
+
+- name: Create a Unix-style file from a Jinja2 template
+ ansible.windows.win_template:
+ src: unix/config.conf.j2
+ dest: C:\share\unix\config.conf
+ newline_sequence: '\n'
+ backup: true
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Name of the backup file that was created. +Returned: if backup=true +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_updates
.
Searches, downloads, and installs Windows updates synchronously by automating the Windows Update client.
Note
+This module has a corresponding action plugin.
+Parameter |
+Comments |
+
---|---|
+ | Internal use only. +Choices: +
|
+
+ | Internal use only. + |
+
+ | A list of update titles or KB numbers that can be used to specify which updates are to be searched or installed. +If an available update does not match one of the entries, then it is skipped and not installed. +Each entry can either be the KB article or Update title as a regex according to the PowerShell regex rules. +The accept list is only validated on updates that were found based on category_names. It will not force the module to install an update if it was not in the category specified. + |
+
+ | A scalar or list of categories to install updates from. To get the list of categories, run the module with Some possible categories are Application, Connectors, Critical Updates, Definition Updates, Developer Kits, Feature Packs, Guidance, Security Updates, Service Packs, Tools, Update Rollups, Updates, and Upgrades. +Since Default: |
+
+ | If set, |
+
+ | Ansible will automatically reboot the remote host if it is required and continue to install updates after the reboot. +This can be used instead of using a ansible.windows.win_reboot task after this one and ensures all updates for that category is installed in one go. +Async does not work when Choices: +
|
+
+ | The time in seconds to wait until the host is back online from a reboot. +This is only used if Default: |
+
+ | A list of update titles or KB numbers that can be used to specify which updates are to be excluded from installation. +If an available update does match one of the entries, then it is skipped and not installed. +Each entry can either be the KB article or Update title as a regex according to the PowerShell regex rules. + |
+
+ | Defines the Windows Update source catalog. +
Choices: +
|
+
+ | Skip optional updates where the update has BrowseOnly set by Microsoft. +Microsoft documents show that BrowseOnly means that the update should not be installed automatically and appear as optional updates. +Choices: +
|
+
+ | Controls whether found updates are downloaded or installed or listed +This module also supports Ansible check mode, which has the same effect as setting state=searched +Choices: +
|
+
Note
+ansible.windows.win_updates must be run by a user with membership in the local Administrators group.
ansible.windows.win_updates will use the default update service configured for the machine (Windows Update, Microsoft Update, WSUS, etc).
By default ansible.windows.win_updates does not manage reboots, but will signal when a reboot is required with the reboot_required return value. reboot can be used to reboot the host if required in the one task.
ansible.windows.win_updates can take a significant amount of time to complete (hours, in some cases). Performance depends on many factors, including OS version, number of updates, system load, and update server load.
Beware that just after ansible.windows.win_updates reboots the system, the Windows system may not have settled yet and some base services could be in limbo. This can result in unexpected behavior. Check the examples for ways to mitigate this.
More information about PowerShell and how it handles RegEx strings can be found at https://technet.microsoft.com/en-us/library/2007.11.powershell.aspx.
The current module doesn’t support Systems Center Configuration Manager (SCCM). See https://github.com/ansible-collections/ansible.windows/issues/194
By default the ansible.builtin.ssh
connection plugin is configured to have no server timeout. As Windows Updates can restart the network adapter it is recommended to set -o ServerAliveInterval=30
and disable control master in ansible_ssh_args to ensure the client can handle a network reset. See the examples showing one way this can be set.
By default the module will start a background process using the Task Scheduler on Windows. If the Task Scheduler is unavailable, unreliable, or does not work, run the task with become.
See also
+The official documentation on the chocolatey.chocolatey.win_chocolatey module.
+Installs and uninstalls Windows Features on Windows Server.
+The official documentation on the community.windows.win_hotfix module.
+Installs/uninstalls an installable package.
+- name: Install all updates and reboot as many times as needed
+ ansible.windows.win_updates:
+ category_names: '*'
+ reboot: true
+
+- name: Set a server alive interval during update stage for the ssh connection plugin
+ ansible.windows.win_updates:
+ category_names: '*'
+ reboot: true
+ vars:
+ # This can be set in a few ways, see the ssh connection plugin for more
+ # information. ControlMaster should be disabled to ensure the new timeout
+ # value is applied for this connection instead of through the cached
+ # connection.
+ ansible_ssh_args: -o ControlMaster=no -o ServerAliveInterval=30
+
+- name: Install all security, critical, and rollup updates without a scheduled task
+ ansible.windows.win_updates:
+ category_names:
+ - SecurityUpdates
+ - CriticalUpdates
+ - UpdateRollups
+ become: true
+ become_method: runas
+ become_user: SYSTEM
+
+- name: Search-only, return list of found updates (if any), log to C:\ansible_wu.txt
+ ansible.windows.win_updates:
+ category_names: SecurityUpdates
+ state: searched
+ log_path: C:\ansible_wu.txt
+
+- name: Install all security updates with automatic reboots
+ ansible.windows.win_updates:
+ category_names:
+ - SecurityUpdates
+ reboot: true
+
+- name: Install only particular updates based on the KB numbers
+ ansible.windows.win_updates:
+ category_names:
+ - SecurityUpdates
+ accept_list:
+ - KB4056892
+ - KB4073117
+
+- name: Exclude updates based on the update title
+ ansible.windows.win_updates:
+ category_names:
+ - SecurityUpdates
+ - CriticalUpdates
+ reject_list:
+ - Windows Malicious Software Removal Tool for Windows
+ - \d{4}-\d{2} Cumulative Update for Windows Server 2016
+
+# Optionally, you can increase the reboot_timeout to survive long updates during reboot
+- name: Ensure we wait long enough for the updates to be applied during reboot
+ ansible.windows.win_updates:
+ reboot: true
+ reboot_timeout: 3600
+
+# Search and download Windows updates
+- name: Search and download Windows updates without installing them
+ ansible.windows.win_updates:
+ state: downloaded
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The number of updates that failed to install. +Returned: always +Sample: |
+
+ | Updates that were found but were filtered based on blacklist, whitelist or category_names. The return value is in the same form as updates, along with filtered_reason. +Returned: success +Sample: |
+
+ | The reason why this update was filtered. +This value has been deprecated since Returned: always +Sample: |
+
+ | A list of reasons why the update has been filtered. +Can be Returned: success +Sample: |
+
+ | The number of updates found needing to be applied. +Returned: success +Sample: |
+
+ | The number of updates successfully installed or downloaded. +Returned: success +Sample: |
+
+ | True when the target server requires a reboot to complete updates (no further updates can be installed until after a reboot). +Returned: success +Sample: |
+
+ | Set to Returned: success +Sample: |
+
+ | Updates that were found/installed. +The key for each update is the Returned: success + |
+
+ | A list of category strings for this update. +Returned: always +Sample: |
+
+ | Was the update downloaded. +Returned: always +Sample: |
+
+ | The HRESULT code from a failed update. +Returned: on install or download failure +Sample: |
+
+ | The error message with more details on the failure. +Returned: on install or download failure and not running with async +Sample: |
+
+ | Internal Windows Update GUID. +Returned: always +Sample: |
+
+ | Was the update successfully installed. +Returned: always +Sample: |
+
+ | A list of KB article IDs that apply to the update. +Returned: always +Sample: |
+
+ | Display name. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_uri
.
Interacts with FTP, HTTP and HTTPS web services.
Supports Digest, Basic and WSSE HTTP authentication mechanisms.
For non-Windows targets, use the ansible.builtin.uri module instead.
Parameter |
+Comments |
+
---|---|
+ | The body of the HTTP request/response to the web service. + |
+
+ | The path to the client certificate (.pfx) that is used for X509 authentication. This path can either be the path to the The WinRM connection must be authenticated with Other authentication types can set client_cert_password when the cert is password protected. + |
+
+ | The password for client_cert if the cert is password protected. + |
+
+ | Sets the “Content-Type” header. + |
+
+ | A filename, when it already exists, this step will be skipped. + |
+
+ | Output the response body to a file. + |
+
+ | Whether or the module should follow redirects. +
When following a redirected URL, the Choices: +
|
+
+ | By default the authentication header is only sent when a webservice responses to an initial request with a 401 status. Since some basic auth services do not properly send a 401, logins will fail. +This option forces the sending of the Basic authentication header upon the original request. +Choices: +
|
+
+ | Extra headers to set on the request. +This should be a dictionary where the key is the header name and the value is the value for that header. + |
+
+ | Header to identify as, generally appears in web server logs. +This is set to the Default: |
+
+ | Specify how many times the module will redirect a connection to an alternative URI before the connection fails. +If set to Default: |
+
+ | The password for proxy_username. + |
+
+ | An explicit proxy to use for the request. +By default, the request will use the IE defined proxy unless use_proxy is set to |
+
+ | Uses the current user’s credentials when authenticating with a proxy host protected with Proxies that use The module will only have access to the user’s credentials if using If not using Choices: +
|
+
+ | The username to use for proxy authentication. + |
+
+ | A filename, when it does not exist, this step will be skipped. + |
+
+ | Whether or not to return the body of the response as a “content” key in the dictionary result. If the reported Content-type is “application/json”, then the JSON is additionally loaded into a key called Choices: +
|
+
+ | A valid, numeric, HTTP status code that signifies success of the request. +Can also be comma separated list of status codes. +Default: |
+
+ | Supports FTP, HTTP or HTTPS URLs in the form of (ftp|http|https)://host.domain:port/path. + |
+
+ | The HTTP Method of the request. +Default: |
+
+ | The password for url_username. + |
+
+ | Specifies how long the request can be pending before it times out (in seconds). +Set to Default: |
+
+ | The username to use for authentication. + |
+
+ | Uses the current user’s credentials when authenticating with a server protected with Sites that use The module will only have access to the user’s credentials if using If not using Choices: +
|
+
+ | If Choices: +
|
+
+ | If This should only be used on personally controlled sites using self-signed certificates. +Choices: +
|
+
See also
+The official documentation on the ansible.builtin.uri module.
+Downloads file from HTTP, HTTPS, or FTP to node.
+The official documentation on the community.windows.win_inet_proxy module.
+- name: Perform a GET and Store Output
+ ansible.windows.win_uri:
+ url: http://example.com/endpoint
+ register: http_output
+
+# Set a HOST header to hit an internal webserver:
+- name: Hit a Specific Host on the Server
+ ansible.windows.win_uri:
+ url: http://example.com/
+ method: GET
+ headers:
+ host: www.somesite.com
+
+- name: Perform a HEAD on an Endpoint
+ ansible.windows.win_uri:
+ url: http://www.example.com/
+ method: HEAD
+
+- name: POST a Body to an Endpoint
+ ansible.windows.win_uri:
+ url: http://www.somesite.com/
+ method: POST
+ body: "{ 'some': 'json' }"
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The raw content of the HTTP response. +Returned: success and return_content is True +Sample: |
+
+ | The byte size of the response. +Returned: success +Sample: |
+
+ | The number of seconds that elapsed while performing the download. +Returned: always +Sample: |
+
+ | The json structure returned under content as a dictionary. +Returned: success and Content-Type is “application/json” or “application/javascript” and return_content is True +Sample: |
+
+ | The HTTP Status Code of the response. +Returned: success +Sample: |
+
+ | A summary of the status. +Returned: success +Sample: |
+
+ | The Target URL. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_user
.
Manages local Windows user accounts.
For non-Windows targets, use the ansible.builtin.user module instead.
Parameter |
+Comments |
+
---|---|
+ |
Choices: +
|
+
+ | Only Choices: +
|
+
+ | Description of the user. + |
+
+ | Full name of the user. + |
+
+ | Adds or removes the user from this comma-separated list of groups, depending on the value of groups_action. +When groups_action is Since |
+
+ | If If If Choices: +
|
+
+ | The designated home directory of the user. + |
+
+ | The login script of the user. + |
+
+ | Name of the user to create, remove or modify. + |
+
+ | Optionally set the user’s password to this (plain text) value. + |
+
+ |
Choices: +
|
+
+ |
Choices: +
|
+
+ | The profile path of the user. + |
+
+ | When When When Choices: +
|
+
+ |
Choices: +
|
+
+ |
Choices: +
|
+
Note
+The return values are based on the user object after the module options have been set. When running in check mode the values will still reflect the existing user settings and not what they would have been changed to.
See also
+The official documentation on the ansible.builtin.user module.
+Manage domain/workgroup membership for a Windows host.
+The official documentation on the community.windows.win_domain_user module.
+Add and remove local groups.
+Manage Windows local group membership.
+The official documentation on the community.windows.win_user_profile module.
+- name: Ensure user bob is present
+ ansible.windows.win_user:
+ name: bob
+ password: B0bP4ssw0rd
+ state: present
+ groups:
+ - Users
+
+- name: Ensure user bob is absent
+ ansible.windows.win_user:
+ name: bob
+ state: absent
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | Whether the user is disabled. +Returned: user exists +Sample: |
+
+ | Whether the user is locked. +Returned: user exists +Sample: |
+
+ | The description set for the user. +Returned: user exists +Sample: |
+
+ | The full name set for the user. +Returned: user exists +Sample: |
+
+ | A list of groups and their ADSI path the user is a member of. +Returned: user exists +Sample: |
+
+ | The name of the user +Returned: always +Sample: |
+
+ | Whether the password is expired. +Returned: user exists +Sample: |
+
+ | Whether the password is set to never expire. +Returned: user exists +Sample: |
+
+ | The ADSI path for the user. +Returned: user exists +Sample: |
+
+ | The SID for the user. +Returned: user exists +Sample: |
+
+ | Whether the user can change their own password. +Returned: user exists +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_user_right
.
Add, remove or set User Rights for a group or users or groups.
You can set user rights for both local and domain accounts.
Parameter |
+Comments |
+
---|---|
+ |
Choices: +
|
+
+ | The name of the User Right as shown by the The module will return an error if the right is invalid. + |
+
+ | A list of users or groups to add/remove on the User Right. +These can be in the form DOMAIN\user-group, user-group@DOMAIN.COM for domain users/groups. +For local users/groups it can be in the form user-group, .\user-group, SERVERNAME\user-group where SERVERNAME is the name of the remote server. +It is highly recommended to use the You can also add special local accounts like SYSTEM and others. +Can be set to an empty list with action=set to remove all accounts from the right. + |
+
Note
+If the server is domain joined this module can change a right but if a GPO governs this right then the changes won’t last.
See also
+Add and remove local groups.
+Manage Windows local group membership.
+Manages local Windows user accounts.
+---
+- name: Replace the entries of Deny log on locally
+ ansible.windows.win_user_right:
+ name: SeDenyInteractiveLogonRight
+ users:
+ - Guest
+ - Users
+ action: set
+
+- name: Add account to Log on as a service
+ ansible.windows.win_user_right:
+ name: SeServiceLogonRight
+ users:
+ - .\Administrator
+ - '{{ansible_hostname}}\local-user'
+ action: add
+
+- name: Remove accounts who can create Symbolic links
+ ansible.windows.win_user_right:
+ name: SeCreateSymbolicLinkPrivilege
+ users:
+ - SYSTEM
+ - Administrators
+ - DOMAIN\User
+ - group@DOMAIN.COM
+ action: remove
+
+- name: Remove all accounts who cannot log on remote interactively
+ ansible.windows.win_user_right:
+ name: SeDenyRemoteInteractiveLogonRight
+ users: []
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | A list of accounts that were added to the right, this is empty if no accounts were added. +Returned: success +Sample: |
+
+ | A list of accounts that were removed from the right, this is empty if no accounts were removed. +Returned: success +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_wait_for
.
You can wait for a set amount of time timeout
, this is the default if nothing is specified.
Waiting for a port to become available is useful for when services are not immediately available after their init scripts return which is true of certain Java application servers.
You can wait for a file to exist or not exist on the filesystem.
This module can also be used to wait for a regex match string to be present in a file.
You can wait for active connections to be closed before continuing on a local port.
Parameter |
+Comments |
+
---|---|
+ | The maximum number of seconds to wait for a connection to happen before closing and retrying. +Default: |
+
+ | The number of seconds to wait before starting to poll. + |
+
+ | The list of hosts or IPs to ignore when looking for active TCP connections when |
+
+ | A resolvable hostname or IP address to wait for. +If Default: |
+
+ | The path to a file on the filesystem to check. +If If |
+
+ | The port number to poll on |
+
+ | Can be used to match a string in a file. +If If Defaults to a multiline regex. + |
+
+ | Number of seconds to sleep between checks. +Default: |
+
+ | When checking a port, When checking for a file or a search string Choices: +
|
+
+ | The maximum number of seconds to wait for. +Default: |
+
See also
+The official documentation on the ansible.builtin.wait_for module.
+The official documentation on the community.windows.win_wait_for_process module.
+- name: Wait 300 seconds for port 8000 to become open on the host, don't start checking for 10 seconds
+ ansible.windows.win_wait_for:
+ port: 8000
+ delay: 10
+
+- name: Wait 150 seconds for port 8000 of any IP to close active connections
+ ansible.windows.win_wait_for:
+ host: 0.0.0.0
+ port: 8000
+ state: drained
+ timeout: 150
+
+- name: Wait for port 8000 of any IP to close active connection, ignoring certain hosts
+ ansible.windows.win_wait_for:
+ host: 0.0.0.0
+ port: 8000
+ state: drained
+ exclude_hosts: ['10.2.1.2', '10.2.1.3']
+
+- name: Wait for file C:\temp\log.txt to exist before continuing
+ ansible.windows.win_wait_for:
+ path: C:\temp\log.txt
+
+- name: Wait until process complete is in the file before continuing
+ ansible.windows.win_wait_for:
+ path: C:\temp\log.txt
+ regex: process complete
+
+- name: Wait until file is removed
+ ansible.windows.win_wait_for:
+ path: C:\temp\log.txt
+ state: absent
+
+- name: Wait until port 1234 is offline but try every 10 seconds
+ ansible.windows.win_wait_for:
+ port: 1234
+ state: absent
+ sleep: 10
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The elapsed seconds between the start of poll and the end of the module. This includes the delay if the option is set. +Returned: always +Sample: |
+
+ | The number of attempts to poll the file or port before module finishes. +Returned: always +Sample: |
+
Note
+This module is part of the ansible.windows collection (version 2.3.0).
+It is not included in ansible-core
.
+To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_whoami
.
Designed to return the same information as the whoami /all
command.
Also includes information missing from whoami
such as logon metadata like logon rights, id, type.
Note
+If running this module with a non admin user, the logon rights will be an empty list as Administrator rights are required to query LSA for the information.
See also
+The official documentation on the community.windows.win_credential module.
+Manage Windows local group membership.
+Manage Windows User Rights.
+- name: Get whoami information
+ ansible.windows.win_whoami:
+
Common return values are documented here, the following are the fields unique to this module:
+Key |
+Description |
+
---|---|
+ | The running account SID details. +Returned: success + |
+
+ | The account name of the account SID. +Returned: success +Sample: |
+
+ | The domain name of the account SID. +Returned: success +Sample: |
+
+ | The SID in string form. +Returned: success +Sample: |
+
+ | The type of SID. +Returned: success +Sample: |
+
+ | The name of the authentication package used to authenticate the user in the session. +Returned: success +Sample: |
+
+ | The DNS name of the logon session, this is an empty string if this is not set. +Returned: success +Sample: |
+
+ | A list of groups and attributes that the user is a member of. +Returned: success +Sample: |
+
+ | The impersonation level of the token, only valid if Returned: success +Sample: |
+
+ | The mandatory label set to the logon session. +Returned: success + |
+
+ | The account name of the label SID. +Returned: success +Sample: |
+
+ | The domain name of the label SID. +Returned: success +Sample: |
+
+ | The SID in string form. +Returned: success +Sample: |
+
+ | The type of SID. +Returned: success +Sample: |
+
+ | The name of the domain used to authenticate the owner of the session. +Returned: success +Sample: |
+
+ | The logon time in ISO 8601 format +Returned: success +Sample: |
+
+ | The unique identifier of the logon session. +Returned: success +Sample: |
+
+ | The name of the server used to authenticate the owner of the logon session. +Returned: success +Sample: |
+
+ | The logon type that identifies the logon method, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa380129.aspx. +Returned: success +Sample: |
+
+ | A dictionary of privileges and their state on the logon token. +Returned: success +Sample: |
+
+ | A list of logon rights assigned to the logon. +Returned: success and running user is a member of the local Administrators group +Sample: |
+
+ | The token type to indicate whether it is a primary or impersonation token. +Returned: success +Sample: |
+
+ | The user principal name of the current user. +Returned: success +Sample: |
+
+ | The user flags for the logon session, see UserFlags in https://msdn.microsoft.com/en-us/library/windows/desktop/aa380128. +Returned: success +Sample: |
+
The following index documents all environment variables declared by plugins in collections. +Environment variables used by the ansible-core configuration are documented in Ansible Configuration Settings.
+No environment variables have been defined.
+These are the collections documented here.
+ +ansible.windows.quote – Quotes argument(s) for various Windows shells
ansible.windows.async_status – Obtain status of asynchronous task
ansible.windows.setup – Gathers facts about remote hosts
ansible.windows.slurp – Slurps a file from remote nodes
ansible.windows.win_acl – Set file/directory/registry/certificate permissions for a system user or group
ansible.windows.win_acl_inheritance – Change ACL inheritance
ansible.windows.win_certificate_store – Manages the certificate store
ansible.windows.win_command – Executes a command on a remote Windows node
ansible.windows.win_copy – Copies files to remote locations on windows hosts
ansible.windows.win_dns_client – Configures DNS lookup on Windows hosts
ansible.windows.win_domain – Ensures the existence of a Windows domain
ansible.windows.win_domain_controller – Manage domain controller/member server state for a Windows host
ansible.windows.win_domain_membership – Manage domain/workgroup membership for a Windows host
ansible.windows.win_dsc – Invokes a PowerShell DSC configuration
ansible.windows.win_environment – Modify environment variables on windows hosts
ansible.windows.win_feature – Installs and uninstalls Windows Features on Windows Server
ansible.windows.win_file – Creates, touches or removes files or directories
ansible.windows.win_find – Return a list of files based on specific criteria
ansible.windows.win_get_url – Downloads file from HTTP, HTTPS, or FTP to node
ansible.windows.win_group – Add and remove local groups
ansible.windows.win_group_membership – Manage Windows local group membership
ansible.windows.win_hostname – Manages local Windows computer name
ansible.windows.win_optional_feature – Manage optional Windows features
ansible.windows.win_owner – Set owner
ansible.windows.win_package – Installs/uninstalls an installable package
ansible.windows.win_path – Manage Windows path environment variables
ansible.windows.win_ping – A windows version of the classic ping module
ansible.windows.win_powershell – Run PowerShell scripts
ansible.windows.win_reboot – Reboot a windows machine
ansible.windows.win_reg_stat – Get information about Windows registry keys
ansible.windows.win_regedit – Add, change, or remove registry keys and values
ansible.windows.win_service – Manage and query Windows services
ansible.windows.win_service_info – Gather information about Windows services
ansible.windows.win_share – Manage Windows shares
ansible.windows.win_shell – Execute shell commands on target hosts
ansible.windows.win_stat – Get information about Windows files
ansible.windows.win_tempfile – Creates temporary files and directories
ansible.windows.win_template – Template a file out to a remote server
ansible.windows.win_updates – Download and install Windows updates
ansible.windows.win_uri – Interacts with webservices
ansible.windows.win_user – Manages local Windows user accounts
ansible.windows.win_user_right – Manage Windows User Rights
ansible.windows.win_wait_for – Waits for a condition before continuing
ansible.windows.win_whoami – Get information about the current user and process
This docsite contains documentation of ansible.windows.
+