Ansible is a versatile automation tool capable of managing Windows systems, including the execution of PowerShell scripts. This article explains how Ansible can run PowerShell scripts, its requirements, and best practices for integrating PowerShell into your automation workflows.
Can Ansible Run PowerShell Scripts?
Yes, Ansible can run PowerShell scripts on Windows systems. Using the win_shell and win_command modules, you can execute inline PowerShell commands or external PowerShell script files on target Windows hosts.
Prerequisites for Running PowerShell Scripts with Ansible
1. Enable Windows Remote Management (WinRM)
WinRM allows Ansible to communicate with Windows hosts. To enable it:
- Open PowerShell as Administrator.
- Run the following commands:
winrm quickconfig winrm set winrm/config/service/auth '@{Basic="true"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' Set-Item wsman:\localhost\Client\TrustedHosts -Value "<Ansible_Control_Node_IP>"
2. Install pywinrm
Install the pywinrm Python library on the Ansible control node:
pip install pywinrm
3. Configure Ansible Inventory
Define your Windows hosts in the inventory file:
[windows]
windows_host ansible_host=192.168.1.10 ansible_user=Administrator ansible_password=your_password ansible_connection=winrm
Using Ansible to Run PowerShell Scripts
1. Run Inline PowerShell Commands
Use the win_shell module to execute PowerShell commands directly:
- name: Run an inline PowerShell command
hosts: windows
tasks:
- name: Get Windows services
win_shell: Get-Service | Select-Object -First 5
2. Execute PowerShell Scripts from a File
To run an external PowerShell script, use the win_shell module:
- name: Run a PowerShell script
hosts: windows
tasks:
- name: Execute a PowerShell script
win_shell: |
powershell.exe -ExecutionPolicy Bypass -File C:\Scripts\example.ps1
3. Transfer and Execute PowerShell Scripts
If the script is not present on the Windows host, use the copy module to transfer it first:
- name: Transfer and run a PowerShell script
hosts: windows
tasks:
- name: Copy the script to the host
copy:
src: ./example.ps1
dest: C:\Temp\example.ps1
- name: Execute the PowerShell script
win_shell: |
powershell.exe -ExecutionPolicy Bypass -File C:\Temp\example.ps1
4. Capture Command Output
You can store the output of a PowerShell script execution for further use:
- name: Capture PowerShell script output
hosts: windows
tasks:
- name: Run a script and save output
win_shell: |
powershell.exe -ExecutionPolicy Bypass -Command "Get-Process"
register: process_output
- name: Display output
debug:
var: process_output.stdout
Best Practices for Running PowerShell Scripts with Ansible
Use
-ExecutionPolicy Bypass: Ensure the PowerShell script runs without policy restrictions.Secure Credentials: Use Ansible Vault to encrypt sensitive information like passwords.
Test Scripts Locally: Validate PowerShell scripts independently before running them via Ansible.
Organize Scripts: Store scripts in a centralized
scripts/directory within your project for better management.Enable Logging: Add logging to your PowerShell scripts for debugging and auditing purposes.
Common Use Cases for Running PowerShell Scripts with Ansible
System Configuration: Automate tasks like enabling features, configuring firewalls, or setting registry keys.
Software Deployment: Install or update applications using PowerShell automation.
Service Management: Start, stop, or monitor Windows services.
Data Collection: Retrieve system information or logs for reporting.
Conclusion
Ansible’s ability to execute PowerShell scripts makes it a powerful tool for managing Windows hosts. By combining Ansible’s automation capabilities with PowerShell’s scripting power, you can achieve efficient and flexible workflows tailored to your needs.
Learn More About Running PowerShell with Ansible
Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.Academy
Explore practical examples of running PowerShell with Ansible in Ansible by Examples.
Donate
Support this project by contributing today.