Hi, the blog is still accepting comments, I just need to approve them so it
doesn't get spammed.
As for your issue at hand.
1) to use Ansible to map this network drive automatically in all VMs for
> the domain user (mapped drive should be visible after VM reboots, during
> every RDP sessions using this credentials?
>
You should be using the win_mapped_drive to create the mapping for the
user you want. This should be as simple as
- win_mapped_drive:
name: Z
path: \\bellagio.infra.vegas.net\how\the\hell\to\solve\this\issue
state: present
become: yes
become_method: runas
vars:
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}'
Because you are using NTLM authentication, the task will not be able to
access the network path so become is being used to bypass that limitation.
If you are connecting with Ansible to one account but want the mapped drive
for another, change the become user/pass vars to the account in question.
What this task will do is create the mapped drive Z for the become user and
that drive will appear when they log on locally. When they try and access
it locally it will use their logon credentials to access the UNC path.
If you need to connect to the UNC path with custom credentials you can add
the following task *before* the win_mapped_drive one.
- win_credential:
name: bellagio.infra.vegas.net
type: domain_password
username: custom user
secret: password
state: present
become: yes
become_method: runas
vars:
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}'
This task creates a credential for that host in the become user's
credential manager and it is used for any outbound authentication attempts
on that particular host. This enables you to save a credential for a
network host and then use that credential for the mapped drive. Once again
become is important for this task to work as the credential manager can
only be accessed through become when using WinRM. The win_credential module
is pretty much a wrapper for the same functionality that cmdkey.exe offers
[1].
2) to use this mapped drive as a 'repo place' for future purposes - to copy
> scrips, apps from this drive to VMs using Ansible?
>
This is not possible, ultimately it is next to impossible to do. A network
logon like WinRM will not mount the network mounts for you so even with
become it won't appear in Ansible. Technically it is possible to create a
"global" mapped drive which always appears but credential management in
this scenario is not ideal. I would highly recommend you don't create a
global mount at all, the blog post does mention how it can be possible
though.
For your problem, you should always use the full UNC path in your Ansible
scripts. This is beneficial for a few reasons
1. You are not relying on the host to be setup in a particular method
for your Ansible scripts to work
2. The Ansible playbook is self documenting as to where it is
referencing a file rather than something trying to figure out 'M:\path'
refers to this network host
3. Mapped drives are a pain and are really only designed for interactive
setups, which Ansible is not
If you just don't want to type out the full path for each task, use an
Ansible fact/variable that references the UNC path for you. If you are
having trouble trying to connect to a UNC path that's probably due to the
double hop problem with WinRM. See our documentation for more info on how
to overcome the double hop problem [2].
[1] -
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmdkey
[2] -
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#limitations
Thanks
Jordan
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bffc2e28-919f-45c2-95b3-2df192450579%40googlegroups.com.
