If you are running a script then I would say win_shell is easier but
neither are truly wrong.. Unfortunately error handling in PowerShell is a
bit of a mixed bag, by default it sets $ErrorActionPreference = 'Continue'
which can cause some errors to be "ignored" or at least not part of the
final error condition check. I would make sure that you have
$ErrorActionPreference = 'Stop' in your script to ensure that an error
actually stops your script and exits with a non-0 return code or at least
throw an exception in the cases where you want a failure to occur.
On Thursday, October 13, 2022 at 11:22:39 PM UTC+10 Husker79 wrote:
> Jordan,
>
> Truly appreciate the reply. I guess I overlooked the below note in the
> documentation:
>
> "...Use become with a password if the task needs to access network
> resources."
>
> I'm definitely not as experienced in Windows as Linux. WinRM and privilege
> escalation are as clear as mud.
>
> Two quick Ansible on Windows questions, if I may.
>
> - To run a PS script is it a better practice to use win_command with
> powershell.exe
> -ExecutionPolicy Bypass -File script.ps1 or win_shell as above?
> - Why did failure of the PS script not fail the win_shell task?
>
> Thank you and have a great day.
> On Wednesday, October 12, 2022 at 10:28:06 PM UTC-5 jbor...@gmail.com
> wrote:
>
>> To truly replicate the behaviour of running it interatively (or at least
>> as close as you can get) you need to specify a password for become.
>>
>> - win_shell: ...
>> become: true
>> become_method: runas
>> vars:
>> ansible_become_user: '{{ ansible_user }}'
>> ansible_become_pass: '{{ ansible_password }}'
>>
>> This will create an "interactive" token that can delegate it's
>> credentials to downstream servers as needed. If you don't specify a
>> password then it will essentially do a "batch" logon without a password
>> similar to running in a scheduled task but without saving the user's
>> credentials.
>>
>> Thanks
>>
>> Jordan
>>
>> On Thursday, October 13, 2022 at 10:19:03 AM UTC+10 Husker79 wrote:
>>
>>> Good day,
>>>
>>>
>>> I'm attempting to execute a PowerShell script on a Windows host to
>>> create a Windows Server Failover Cluster. Running the script on *node1*
>>> works
>>> without issue when logged in as a service account with appropriate AD
>>> permissions and using a PowerShell terminal ran as Administrator.
>>>
>>>
>>> Executing the same script via Ansible (using the service account
>>> mentioned above) results in an error stating I do not have permissions to
>>> edit *node1's *registry. Adding the "become" statements below get past
>>> this error, but then I receive an error that *node2* cannot be added to
>>> the cluster as I don't have permissions to its registry.
>>>
>>>
>>> - name: Execute configure_wsfc.ps1
>>> win_shell: .\configure_wsfc.ps1
>>> args:
>>> chdir: '{{ temp_dir }}'
>>> become: true
>>> become_method: runas
>>> become_user: '{{ service_account }}'
>>>
>>>
>>> configure_wsfc.ps1:
>>>
>>>
>>> New-Cluster -Name $WSFCClusterName -Node ("node1", "node2")
>>> -AdministrativeAccessPoint ActiveDirectoryAndDNS -StaticAddress
>>> ("192.168.0.1", "192.168.0.2" -NoStorage
>>>
>>>
>>> What am I missing?
>>>
>>>
>>> Thank you.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d1ffae3f-4ab7-427b-b386-9fdfb5662922n%40googlegroups.com.
