Ansible Windows Become Confusion

Question

Good day,

I'm attempting to execute a PowerShell script on a Windows host to create a Windows Server Failover Cluster. Running the script on node1 works without issue when logged in as a service account with appropriate AD permissions and using a PowerShell terminal ran as Administrator.

Executing the same script via Ansible (using the service account mentioned above) results in an error stating I do not have permissions to edit the the node1's registry. Adding the "become" statements below get past this error, but then I receive an error that node2 cannot be added to the cluster as I don't have permissions to its registry.

- name: Execute configure_wsfc.ps1
  win_shell: .\configure_wsfc.ps1
  args:
    chdir: '{{ temp_dir }}'
  become: true
  become_method: runas
  become_user: '{{ service_account }}'

configure_wsfc.ps1:

New-Cluster -Name $WSFCClusterName -Node ("node1", "node2") -AdministrativeAccessPoint ActiveDirectoryAndDNS -StaticAddress ("192.168.0.1", "192.168.0.2" -NoStorage

What am I missing?

Thank you.

Answer 1

Per the below note in the Ansible documentation I needed to add become_password.

Because there are no guarantees an existing token will exist for a user when Ansible runs, there’s a high change the become process will only have access to local resources. Use become with a password if the task needs to access network resources

- name: Execute configure_wsfc.ps1
  ansible.windows.win_shell: .\configure_wsfc.ps1
  args:
    chdir: '{{ temp_dir }}'
  when: service_info.start_mode == 'disabled'
  vars:
    ansible_become: true
    ansible_become_method: runas
    ansible_become_user: '{{ service_account }}'
    ansible_become_password: '{{ service_account_password }}'