As I understand it, the win_psexec action connects to a Windows host via winrm and then uses that to run commands on a second Windows host via psexec?
My question is how to write a playbook such that the first (proxy) host is always constant, but the second hosts are the ones defined in the inventory and/or filtered on the command line (not listed in the playbook/role/variables).
i.e. I want to run a playbook against, say, 10 hosts. Each time the win_psexec action runs, I want it to connect to ‘proxyserver’ and use that to run remote commands on the 10 hosts, but without defining those hosts in the playbook as otherwise they’d keep needing to be changed.
(What I’m actually trying to do is to have a playbook to actually install powershell3+ and run a script to configure winrm access to allow direct ansible connection without having to go round and do that on every single server by hand, so if there’s another way to do that - or what I’m wanting to do simply can’t be done via win_psexec then would be grateful to hear that also!)
name: setup PS with psexec
win_psexec:
command: powershell.exe -File C:\temp\upgrade_script.ps1
hostnames: ‘{{groups[‘windows’]}}’ # may need to find a way to exclude the current host, would need to play around with this
username: username
password: password
priority: high
name: run Ansible on all hosts
hosts: windows
tasks:
name: wait for the WinRM connection to come online
wait_for_connection:
name: run whatever you want
win_ping:
`
I haven’t actually used this module before but I believe it is just a wrapper around the PSExec executable so it should work. Your upgrade script would need to handle the idempotency around skipping if PS is already v3.0 and also to setup the WinRM listeners. In the end if these are new servers you are provisioning this stuff should be done in the bootstrapping/imaging process but if they are existing servers then you don’t have too much choice.