Yeah, docs forthcoming for this stuff, but you need to specify a couple
more things to make it work (since the global *nix defaults don't make
sense under Windows):
First and foremost, you never actually said you want to "become", just
"who" you want to become- you need to add "become: yes" (this is not
Windows-specific). Then you need to tell us which become method to use
(become_method: runas), as the default "sudo" isn't implemented on Windows.
You can set these at either the play or task level, as necessary, but
"become: yes" is the key to actually making a task run as someone else- the
rest is just "how". See below for a sample.
Also, there's a bug right now that's preventing become from working under
NTLM and Kerberos auth (fails with "Access is denied"), so you can only use
it with Basic, CredSSP, and Certificate auth (hoping to nail this one down
in the next few days).
Hope that helps...
-Matt
(ansible-dev) [mdavis@mdavis-t460p win2012r2-domain]$ cat become.yml
- hosts: member1
gather_facts: no
become_method: runas
tasks:
- name: as default user
win_shell: whoami
- name: as administrator
become: yes
become_user: administrator
win_shell: whoami
(ansible-dev) [mdavis@mdavis-t460p win2012r2-domain]$ ansible-playbook -i
hosts become.yml -vv -K
No config file found; using defaults
SUDO password:
PLAYBOOK: become.yml
*******************************************************************************
1 plays in become.yml
PLAY [member1]
*************************************************************************************
META: ran handlers
TASK [as default user]
*****************************************************************************
task path: /home/mdavis/vm/win2012r2-domain/become.yml:5
changed: [member1] => {"changed": true, "cmd": "whoami", "delta":
"0:00:00.156427", "end": "2017-03-02 11:29:12.986398", "rc": 0, "start":
"2017-03-02 11:29:12.829970", "stderr": "", "stderr_lines": [], "stdout":
"ansible\\testguy\r\n", "stdout_lines": ["ansible\\testguy"]}
TASK [as administrator]
****************************************************************************
task path: /home/mdavis/vm/win2012r2-domain/become.yml:8
changed: [member1] => {"changed": true, "cmd": "whoami", "delta":
"0:00:00.187422", "end": "2017-03-02 11:29:13.876657", "rc": 0, "start":
"2017-03-02 11:29:13.689234", "stderr": "", "stderr_lines": [], "stdout":
"ansible\\testguy\r\n", "stdout_lines": ["ansible\\testguy"]}
META: ran handlers
META: ran handlers
PLAY RECAP
*****************************************************************************************
member1 : ok=2 changed=2 unreachable=0 failed=0
On Wednesday, March 1, 2017 at 10:32:21 PM UTC-8, [email protected] wrote:
>
> Is there a way to "become_user" per task on a Windows?
>
> - name: Install programs (win_shell)
> win_shell: "{{ item.dest }}/{{ item.program }} {{ item.arguments }}"
> register: cmd
> when:
> - window_packages is defined
> with_items:
> - "{{ window_packages }}"
> become_user: bob
> tags: win_workstation2
>
> Running the command with -vvvv shows I'm still WINRM as the Administrator
>
> <PC130.corp.local> ESTABLISH WINRM CONNECTION FOR USER:
> [email protected] on PORT 5986 TO PC130.corp.local EXEC (via
> pipeline wrapper)
>
> Not sure how to check what user the task is running as but I don't find
> the stuff I'd expect in AppData\Local
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bad6e83e-066c-42d2-98eb-f79457920d62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
