To truly replicate the behaviour of running it interatively (or at least as
close as you can get) you need to specify a password for become.
- win_shell: ...
become: true
become_method: runas
vars:
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}'
This will create an "interactive" token that can delegate it's credentials
to downstream servers as needed. If you don't specify a password then it
will essentially do a "batch" logon without a password similar to running
in a scheduled task but without saving the user's credentials.
Thanks
Jordan
On Thursday, October 13, 2022 at 10:19:03 AM UTC+10 Husker79 wrote:
> Good day,
>
>
> I'm attempting to execute a PowerShell script on a Windows host to create
> a Windows Server Failover Cluster. Running the script on *node1* works
> without issue when logged in as a service account with appropriate AD
> permissions and using a PowerShell terminal ran as Administrator.
>
>
> Executing the same script via Ansible (using the service account mentioned
> above) results in an error stating I do not have permissions to edit
> *node1's *registry. Adding the "become" statements below get past this
> error, but then I receive an error that *node2* cannot be added to the
> cluster as I don't have permissions to its registry.
>
>
> - name: Execute configure_wsfc.ps1
> win_shell: .\configure_wsfc.ps1
> args:
> chdir: '{{ temp_dir }}'
> become: true
> become_method: runas
> become_user: '{{ service_account }}'
>
>
> configure_wsfc.ps1:
>
>
> New-Cluster -Name $WSFCClusterName -Node ("node1", "node2")
> -AdministrativeAccessPoint ActiveDirectoryAndDNS -StaticAddress
> ("192.168.0.1", "192.168.0.2" -NoStorage
>
>
> What am I missing?
>
>
> Thank you.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e5d0759c-55b6-4c82-947f-d77d7dcff7acn%40googlegroups.com.
