Run Ansible on Windows

Posted on November 29, 2016


Here is a topology about the environment for performance testing, let’s name the servers 1st:

  • 1 windows server as the License/Workspace server
  • 5 windows servers as the Network Server
  • 5 windows servers as the Automation server

It took us a lot of time to deploy the product and collect logs on all of these servers.

My colleague wrote a client-server application and do some of the tasks automatically. The application indeed works for log collection, but for product deployment, as the server end running as a service and fails to launch the InstallShield wizard, it doesn’t support the product installation.

At the same time, I read an article about Deployment Management Tools comparison between Puppet, Chef, Ansible, and decided to try Ansible.


  • Ray Zhao shared with me his experience that how he used Puppet in OpenStack Lab.
  • Jin told me LinkedIn is using Ansible.
Deploy Ansible

Ansible’s document is very easy to read/understand.

Install Ansible with the command (Python is required):

pip install ansible

For windows management, Pywinrm is required, but pay attention to pywinrm version, because I met the issue: Error Accessing Windows Machine: “ssl: ‘Session’ object has no attribute ‘merge_environment_settings'”

I installed pywinrm by the command:

pip install pywinrm==0.1.1

Note: Currently, Ansible doesn’t support Python3.

Windows System Prep

I chose win2012R2 to simple windows environment preparation. Just ran ansible’s power shell for winRm setup and make sure port : 5986 is open:


For the PowerShell security issue:

File ConfigureRemotingForAnsible.ps1 cannot be loaded because running scripts is disabled on this system. For more
information, see about_Execution_Policies at
+ CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecord
+ FullyQualifiedErrorId : UnauthorizedAccess

This will allow running unsigned scripts that you write on your local computer and signed scripts from the Internet.

Ansible Inventory

On the Linux server, create the hosts file by the command:

vi /etc/ansible/hosts

Here is a sample to add one server for testing:

[windows] ansible_user="user_name" ansible_password="password" ansible_port="5986" ansible_connection="winrm"

configure username/password by group vars by the command:

vi /etc/ansible/group_vars/windows.yml

Here is the content:

ansible_user: user_name
ansible_password: password
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore

Note: Encrypting the yml file with ansible-vault is recommended:

ansible-vault edit group_vars/windows.yml
ansible windows -m win_ping

Create a playbook by the command:

vi /etc/ansible/playbook.yml

Here is the content

- name: test raw module
hosts: windows
- name: run ipconfig
# query session for RDP session
raw: CMD /C "PSExec.exe \\ -u user_name -p password -d -i 1 c:\Automation\Install\InstallLatestBuildWith1WS_AllInOneClick.bat"
register: ipconfig
- debug: var=ipconfig

Without “PSExec.exe” in the raw command, ansible has the same behavior as my colleague’s application: the InstallShield wizard window do not pop up when I called it by ‘raw: CMD /C’ even it needs a process to run the command.

Refer to the articles:

PsExec should be the solution for both ansible and my colleague’s application which execute a command by a background service to call a GUI application.

  • Comment #1:

    I found that there is an option “Local System account -> Allow service to interact with desktop” in service property:


    It failed to launch windows RM service with this enabled this option:


Run Ansible on Windows


Scan the QR code using WeChat

comments powered by Disqus