I am trying to run a Python script using Ansible on a Windows host, but the script is not executing as expected, even when using both win_command and win_shell. I would like to confirm if there’s a problem with how I’m running the script or if there are some issues with the way Ansible interacts with Python on Windows. Below are examples of my playbook:
---
- name: Execute Python script on Windows host
hosts: windows
tasks:
- name: Run Python script with win_command
win_command: python C:\path\to\script.py
- name: Run Python script with win_shell
win_shell: python C:\path\to\script.py
I’ve been trying for a long time, but I can only send the server to the Windows host, but I can never run the script
The first thing that comes to mind is that you might need to specify the full path to your Python instance since it might be mapped to your PATH environment variable, but the user running the Ansible script may not have it. Of course, Python needs to be installed on the remote systems in question, as it doesn’t natively exist on Windows systems. For these reasons, it’s often much better to run PowerShell scripts whenever possible — this is even what most Ansible modules run after connecting to the machine.
Lastly, I recommend avoiding running scripts as much as possible or limiting their use to single-purpose runs, as there are often existing Ansible modules that can perform the steps you need to do. If you can share your Python script, it would be easier to determine which functionality could be directly ported into Ansible and avoid the need for Python to be present.
I have already tried using PowerShell modules to execute the command I want, but PowerShell doesn’t execute the command as expected or clearly. I will provide the Python code I have created belo
import subprocess
# Comando PowerShell ajustado para remover todos os certificados
ps_command = """
$certs = Get-ChildItem -Path Cert:\\CurrentUser\\My
foreach ($cert in $certs) {
Try {
Remove-Item -Path $cert.PSPath -Force -ErrorAction SilentlyContinue
} Catch {
# Ignora erros e continua
}
}
"""
# Executa o comando PowerShell de forma totalmente silenciosa, sem abrir o CMD
subprocess.run(
["powershell", "-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", ps_command],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
creationflags=subprocess.CREATE_NO_WINDOW # Oculta completamente a janela
)
The Python script I’ve written is meant to delete digital certificates (I need to do this regularly, which is why I wanted to automate it with Ansible). My idea was to delete all certificates and then install only the necessary ones, but it’s not working as expected.
I would appreciate any suggestions on how to make this process work correctly.
You might have more success using the win_certificate_store module as it does similar things as your script and means you don’t have to code the solution from scratch.
I tried doing it through this module, but it still didn’t work. Sometimes it would change status, but it still didn’t function. There were times when it even skipped the certificate deletion step. I don’t know what is happening for it not to execute.
---
- name: Remover todos os certificados dos hosts Windows
hosts: windows
gather_facts: no
tasks:
- name: Obter lista de thumbprints dos certificados
win_shell: |
$certs = Get-ChildItem -Path Cert:\CurrentUser\My
$certs | Select-Object -ExpandProperty Thumbprint
register: cert_thumbprints
- name: Remover todos os certificados
win_certificate_store:
store_name: "My"
thumbprint: "{{ item }}"
state: "absent"
loop: "{{ cert_thumbprints.stdout_lines }}"
when: cert_thumbprints.stdout_lines | length > 0
Here’s an example of my code where it skipped the deletion step: