I’m trying to rename a domain joined server via the following play…
hosts: server
tasks:
name: Rename server from server1 to server2
win_shell: |
$name = $env:COMPUTERNAME
if ($name -ne “server1”)
{
Rename-Computer -NewName “server2”
write-host “Server will need a restart…”
}
Ansible connects to the server via kerberos via a user account that has domain admin rights.
However I receive an access denied message when running the play in verbose.
Do I need to use become/run_as even though I’m connecting via a domain admin account?
When connecting over WinRM, your credentials are by default not available to the remote process to use. Things that need to authenticate with a further server, like fileshares or domain actions, will fail as they have no credentials to use. While there are other options available you are best to use one of the following with Ansible
Use become on the task, this works by creating a new logon with explicit credentials, similar to what happens when you log on locally
Use CredSSP or Kerberos (with credential delegation enabled) and the remote process will have access to the credentials
Also if you are on Ansible 2.6, there is now a win_hostname module to do this instead of using win_shell https://docs.ansible.com/ansible/devel/modules/win_hostname_module.html.
I added the kerberos delegation. I’m running Ansible 2.5 so will look into upgrading 2.6
I know that the server will need a restart after running that remote PS command - what is the standard practice to then use win_reboot based upon the result of a remote PS command? Do I just need to specify it in the play since I know that it is expected or is there a more programmatic way based upon a returned value for example?
ansible_reboot_pending is currently set to false.
Let me know if I should start a new thread for this…
Best way if you are using win_shell is to just base it on the stdout, the ansible_reboot_pending is a pretty useless fact that is gathered as part of setup and isn’t kept up to date during the task execution.
name: reboot if required
win_reboot:
when: hostname_result.stdout_lines[0] == “reboot_required”
`
I haven’t tested this but basically it will output the reboot_required text, the win_reboot task will only run if the first line of the output contains that line.