Combine Windows and Linux inventory hosts on Ansible for Logging purposes

Lets assume you have configured ansible on multiple Windows hosts in order to massively perform patches installation or execute commands. As explained in detail on my previous articles in order to be successful the connection method must be set as winrm (see below)

 ansible_connection = winrm
 ansible_winrm_server_cert_validation = ignore
 ansible_user = administrator
 ansible_password = 
 ansible_become_user = administrator
 ansible_become_method = runas

However if you state this connection method, you cannot connect to linux machines and delegate tasks. One example of this scenario is a windows patching mechanism with wsus and ansible. You can deploy the patches using winrm method but you cannot log output on your localhost as the connection must be changed to ssh.

In order to bypass this problem I added a new group on my inventory for localhost entry for which I specify the connection method and user

localhost ansible_connection=ssh ansible_become_user=root ansible_become_method=sudo ansible_user=root

Then one will be able to perform a logging action with the below task.

 name: write output to file
   shell: echo "{{ result.stdout }}" >> /root/ansible/something.log
   delegate_to: localhost 

Result is the registered output of the patching procedure.

I am using shell command in order to append a new entry every time I have a result from my previous actions.

Ansible Privilege Escalation win_command – refresh Windows Update Service

When you have ansible deployed it is easy to perform massively actions on your inventory hosts. On a previous article I have explained in detail how you can easily manage Windows machines with Ansible.

In order to refresh Windows update service and make it connect to WSUS reporting console one should execute the below commands on a range of machines.

wuauclt /resetauthorization
wuauclt /reportnow
wuauclt /detectnow

In order to perform this task automated and avoid logging in on each machine, you can execute the below playbook.

- name: deploy commands on servers
 hosts: test
 become: true
 name: win_command resetauth
 win_command: wuauclt /resetauthorization
 name: win_command report
 win_command: wuauclt /reportnow
 name: win_command detect
 win_command: wuauclt /detectnow 

If you run this playbook without elevated privileges, it will fail. The necessary variables that must be included in your inventory or another appropriate location are listed below (folder variables, etc). The become keyword is a must but the escalation method must be changed instead of sudo as we handle windows machines.

 ansible_connection = winrm
 ansible_user = administrator

Ansible playbook – variable files must contain either a dictionary or a list

Recently I faced the below error when I tried to use some variables which I initialized on a ansible vault file.

My code is shown below. It just prints some values retrieved from a vault.

playbook code. using debug module values are printed.
ansible-playbook vault.yml --vault-password-file=vault_key

While deploying the playbook the below error appears:

ERROR! variable files must contain either a dictionary of variables, or a list of dictionaries. Got: user_password:password database_password:password ( <class ‘ansible.parsing.yaml.objects.AnsibleUnicode’>)

Dictionary file

ansible vault variables

In order to resolve issue, you should just leave a blank between dictionary key and value.

Deploy again your playbook and the result will be successful.