Question:
I am working on a simple playbook that will ultimately be able to start/stop/restart windows services and I ran into an issue:
|
1 2 3 4 |
fatal: [mspdbwn1w01]: FAILED! => { "msg": "The powershell shell family is incompatible with the sudo become plugin" } |
Below is the playbook:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
- name: Add Host hosts: localhost connection: local strategy: linear tasks: - name: Add Temp Host add_host: name: "{{ win_client }}" group: temp - name: Target Server connection: winrm hosts: temp tasks: - name: Stop a service win_service: name: "{{ service }}" state: stopped |
Google hasn’t been much help, and I’ve tried everything I could find, every variation of become*.
I don’t know if it matters, but due to the nature of the environment I work in, I have 2 separate users to log into *nix hosts vs. windows hosts.
Any assistance or guideance would be greatly appreciated.
Answer:
Your system seems to use sudo as the default become method, which is not compatible with PowerShell. For Windows (and PowerShell), you can use runas as the become method. Add:
|
1 2 |
become_method: runas |
to your playbook or task. You can get a list of all available become methods with:
|
1 2 |
ansible-doc -t become -l |
Example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
doas Do As user dzdo Centrify's Direct Authorize enable Switch to elevated permissions on a network device ksu Kerberos substitute user machinectl Systemd's machinectl privilege escalation pbrun PowerBroker run pfexec profile based execution pmrun Privilege Manager run runas Run As user sesu CA Privileged Access Manager su Substitute User sudo Substitute User DO |
You can view the documentation for a particular become method with:
|
1 2 |
ansible-doc -t become runas |
If you still get erros, pay attention to the error message, as it most probably is a different one. Using privilege escalation requires the definition of a username and a password for this purpose, for example.