ansible.builtin.winrm – Run tasks over Microsoft’s WinRM

Note

This module is part of ansible-base and included in all Ansible installations. In most cases, you can use the short module name winrm even without specifying the collections: keyword. Despite that, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

New in version 2.0: of ansible.builtin

Synopsis

  • Run commands or put/fetch on a target via WinRM

  • This plugin allows extra arguments to be passed that are supported by the protocol but not explicitly defined here. They should take the form of variables declared with the following pattern ansible_winrm_<option>.

Requirements

The below requirements are needed on the local controller node that executes this connection.

  • pywinrm (python library)

Parameters

Parameter Choices/Defaults Configuration Comments
connection_timeout
integer
var: ansible_winrm_connection_timeout
Sets the operation and read timeout settings for the WinRM connection.
Corresponds to the operation_timeout_sec and read_timeout_sec args in pywinrm so avoid setting these vars with this one.
The default value is whatever is set in the installed version of pywinrm.
kerberos_command
string
Default:
"kinit"
var: ansible_winrm_kinit_cmd
kerberos command to use to request a authentication ticket
kerberos_mode
string
    Choices:
  • managed
  • manual
var: ansible_winrm_kinit_mode
kerberos usage mode.
The managed option means Ansible will obtain kerberos ticket.
While the manual one means a ticket must already have been obtained by the user.
If having issues with Ansible freezing when trying to obtain the Kerberos ticket, you can either set this to manual and obtain it outside Ansible or install pexpect through pip and try again.
kinit_args
string
added in 2.11 of ansible.builtin
var: ansible_winrm_kinit_args
Extra arguments to pass to kinit when getting the Kerberos authentication ticket.
By default no extra arguments are passed into kinit unless ansible_winrm_kerberos_delegation is also set. In that case -f is added to the kinit args so a forwardable ticket is retrieved.
If set, the args will overwrite any existing defaults for kinit, including -f for a delegated ticket.
path
string
Default:
"/wsman"
var: ansible_winrm_path
URI path to connect to
pipelining
boolean
    Choices:
  • no
  • yes
Default:
"ANSIBLE_PIPELINING"
ini entries:

[defaults]
pipelining = ANSIBLE_PIPELINING

env:ANSIBLE_PIPELINING
var: ansible_pipelining
Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers.
This can result in a very significant performance improvement when enabled.
However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default.
port
integer
Default:
5986
var: ansible_port
var: ansible_winrm_port
port for winrm to connect on remote target
The default is the https (5986) port, if using http it should be 5985
remote_addr
string
Default:
"inventory_hostname"
var: ansible_host
var: ansible_winrm_host
Address of the windows machine
remote_password
string
var: ansible_password
var: ansible_winrm_pass
var: ansible_winrm_password
Authentication password for the remote_user. Can be supplied as CLI option.

aliases: password
remote_user
string
var: ansible_user
var: ansible_winrm_user
The user to log in as to the Windows machine
scheme
string
    Choices:
  • http
  • https
var: ansible_winrm_scheme
URI scheme to use
If not set, then will default to https or http if port is 5985.
transport
list / elements=string
var: ansible_winrm_transport
List of winrm transports to attempt to use (ssl, plaintext, kerberos, etc)
If None (the default) the plugin will try to automatically guess the correct list
The choices available depend on your version of pywinrm

Authors

  • Ansible Core Team