Patching set of Windows Hosts having different credentials

Archives AWX Project
1

Hello All,

I am doing patching activity for a set of windows hosts in my environment. The problem i am facing is all the hosts are having different passwords not the same.

So, when i am triggering a job it is taking only one machine credentials .Is there any way to patch all the windows machine through only one job template such that every host takes their own different passwords or is there a way to specify host with their particular password, as username is same ie Admin for every machine.

I am stuck here, Please help me if someone has any solution for the same or any method or any script.

Thanks in advance.

2

Yoy can use group vars and host vars in the as vaulted files in the project

3

Hello Wei-Yen,

Thanks for your reply, Can you please specify from where can i get an example for the same. Means how to do it, as i am completely blank on this.

Thanks again,

4

In your project you can create group_vars and host_vars variables that relate to your environment.

You can then add in variables for Ansible_user and ansible_password ( you have to check syntax) that is unique to that group or host.

Read this for group_vars or host vars example as well as connection examples. You can then use ansible vault to protect your credentials through strings or protecting the group_vars file

https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html.

https://docs.ansible.com/ansible/latest/user_guide/vault.html

Hope it helps

5

Hello,

First of all thanks for your reply. I am still little bit confused .I want to explain once more ,just tell me you understood the same.

So lets say my ansible group is windows like below

[windows]
abc@domain.com
abc1@domain.com
abc2@domain.com
abc3@domain.com
abc4@domain.com
abc5@domain.com

The username is: Administrator and password for respective system are like:

abc@domain.com-Password@123
abc1@domain.com-Something@123

abc2@domain.com-hdhdhjuu@123
abc3@domain.com- ldkjskdj@123
abc4@domain.com-jdoijdjs@123
abc5@domain.com- okoiejd@123

Now I want to patch these abc,abc1 and so on…So I created a group variable file named windows.yml inside group_variable directory with content like

ansible_user: ‘Administrator’
ansible_password: 'Password@1234
ansible_winrm_transport: kerberos
ansible_port: ‘5985’
ansible_connection: ‘winrm’
ansible_winrm_server_cert_validation: ignore
validate_certs: false

My playbook is: windowsUpdate.yml with content like belw:

  • hosts: windows
    tasks:
  • name: Search-only, return list of updates found (if any), log to c:\ansible_wu1.txt
    win_updates:
    category_names:
  • CriticalUpdates
  • SecurityUpdates
  • UpdateRollups
  • DefinitionUpdates
  • Updates
  • Silverlight
    state: installed
    log_path: c:\ansible_wu1.txt
    reboot: yes

So, my question is if i will run the playbook with: ansible-playbook windowsUpdate.yml it will pach all the systems in that windows group and

it will by default take only one password from group variables which is password@123

But my systems in that windows group is having different password not the same as above. So how do i accomplish this?

Hope You understood the same. Please give me any solution or a way.

Thanks in advance.