python · windows

Try ansible on Windows


Here is the environment about NetBrain performance testing:

1 windows server for License/Workspace server

5 windows servers for Network Server

5 windows servers for Automation server


It really took us a lot of time to deploy our product/collect logs on theses servers.

My colleague wrote a client-server application and try to do the things by it automatically.The application indeed works for log collection, but for product deployment, as the server end running as a service and fails to launch InstallShield  wizard, it doesn’t support the product installation.

At the same time, I read an article about Deployment Management Tools comparison between Puppet, Chef, Ansible, So I determine to try Ansible.


Ray Zhao shared me his experience that how he used Puppet in OpenStack Lab.

Brian Jin told me Linked In using Ansible.

Deploy Ansible

Ansible’s document is very easy to read/understand.

1 Install Ansible on Ubuntu

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible

For windows management, Pywinrm is required, Offical instruction is:

pip install "pywinrm>=0.1.1"

Please pay attention about pywinrm version, because I met the issue:  Error Accessing Windows Machine: “ssl: ‘Session’ object has no attribute ‘merge_environment_settings'”

I installed pywinrm by the command:

pip install pywinrm==0.1.1

Note: Currently, ansible doesn’t support Python3.


Windows System Prep

I chose win2012R2 to simple windows environment preparation. Just ran  ansible’s power shell for winRm setup and make sure port : 5986 is open:



For powershell security issue:

File ConfigureRemotingForAnsible.ps1 cannot be loaded because running scripts is disabled on this system. For more
information, see about_Execution_Policies at
 + CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecord
 + FullyQualifiedErrorId : UnauthorizedAccess

Start Windows PowerShell with the “Run as Administrator” option. Only members of the Administrators group on the computer can change the execution policy.

Enable running unsigned scripts by entering:

set-executionpolicy remotesigned

This will allow running unsigned scripts that you write on your local computer and signed scripts from Internet.


Ansible Inventory

create my hosts file by command :

vi /etc/ansible/hosts

Refer samples to add one server for testing:

[windows] ansible_user="user_name" ansible_password="password" ansible_port="5986" ansible_connection="winrm"

Note: I also tried configure username/password by group vars by command:

vi /etc/ansible/group_vars/windows.yml
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml

ansible_user: user_name
ansible_password: password
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore


ansible windows -m win_ping 


create a playbook by the command:

vi /etc/ansible/playbook.yml

Enter the content

- name: test raw module
hosts: windows
- name: run ipconfig
# query session for RDP session
raw: CMD /C "PSExec.exe \\ -u user_name -p password -d -i 1 c:\Automation\Install\InstallLatestBuildWith1WS_AllInOneClick.bat"
register: ipconfig
- debug: var=ipconfig


Ansible has the same behavior as my colleague’s application,  InstallShield  wizard windows does not pop up when I called it by ‘raw: CMD /C’ even it newed a process to run the command.

Refer to the articles:

PowerShell – Using psexec to automate UI tasks on remote machines

PsExec2.11 // detail about PsExec parameters

Query Session //command to figure out the id of Remote Desktop session which referenced by PsExec parameter : -i

I update raw command and it works.


PsExec should be the solution for both ansible and my colleague’s application which execute a command by a background service to call a GUI application.


Add Comment #1:

I found that there is an option “Local System account -> Allow service to interact with desktop” in service property:


It failed to launch windows RM service with this enabled this option:




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s