DevOps | 4 min read

How to run Ansible on Windows

ngworx Team
May 2020
written by Remi Locherer
Senior Network & Security Engineer

Ansible on Windows? You don’t think it is possible? Where there is a will, there is a way. Here you will learn on how to run Ansible on Windows.

I’m using Ansible every now and then for different tasks. Sometimes it’s just to check whether my login works on a given set of switches. According to the FAQ, it does not run on Windows. But since my work computer runs Windows, I need to make Ansible run there. Of course, there is the possibility to run it in a BSD or Linux VM or in WSL.

I went into a different direction and created an Ansible container. For this, I first need Docker Desktop and this is already the first challenge. Docker Desktop is using Hyper-V behind the scenes which can not run together with VirtualBox at the same time. I figured out that I don’t need to run VirtualBox all the time. With the following PowerShell command, I can define if Hyper-V will start during the next Windows boot or not.

# Disable Hyper-V for next boot
PS C:\WINDOWS\system32> .\bcdedit.exe /set hypervisorlaunchtype off
# Enable Hyper-V for next boot
PS C:\WINDOWS\system32> .\bcdedit.exe /set hypervisorlaunchtype auto
# Check Status
PS C:\WINDOWS\system32> bcdedit
hypervisorlaunchtype    Auto

The dependency on Hyper-V implies Windows 10 Pro. The Docker Desktop update from Mai 2020 defaults to WSL2 which makes it possible to run it on Windows 10 Home (starting with Windows 10 version 2004).

Once Docker Desktop is running, I need to configure that I want to share files from my PC with the containers. We need this in order to be able to load Ansible scripts into a container. This can be configured in the settings dialogue:

Now that Docker is up and running, I can start and define what should go into my Ansible container. Besides Ansible itself, I also want the JunOS roles from Juniper and JSNAPY to get all the functionality for Junos devices. In addition, the container should contain the ansible-netbox-inventory library. To keep the resulting image small, I based the container on the alpine image.

This is the resulting Dockerfile:

View dockerfile
# ngworx.ag Ansible toolbox
FROM alpine:3
RUN apk --no-cache add \
       build-base \
       git \
       openssh-client \
       py3-cryptography \
       py3-lxml \
       py3-netaddr \
       py3-paramiko \
       py3-py \
       py3-setuptools \
       python3 \
       python3-dev \
       sshpass \
       tmux \
    && pip3 --no-cache-dir install \
       ansible==2.9.6 \
       ansible-netbox-inventory \
       jsnapy \
       junos-eznc \
       jxmlease \
       ncclient \
       pyserial \
       scp \
    && ansible-galaxy install --roles-path /usr/share/ansible/roles Juniper.junos \
    && ln -s /usr/bin/python3 /usr/bin/python \
    && apk del -r --purge build-base python3-dev \
    && adduser -D ngworx
ENV ANSIBLE_CONFIG /play/ansible.cfg
USER ngworx
VOLUME /play /home/ngworx/.ssh
ENTRYPOINT [ "ansible-playbook" ]
CMD [ "--version" ]
Related Service See how we help businesses with our network engineering services:
Network Engineering We provide engineering services for over the whole lifecycle process. See more

Now, this can be copy-pasted into a file called “Dockerfile” in a new directory. With the command “docker build” in that same directory the image will be built.

mkdir ansible-container
cd ansible-container
notepad Dockerfile
move Dockerfile.txt Dockerfile
docker build -t myansible .
docker run myansible

The last command runs the container and prints the versions:

Since I don’t want to type “docker run myansible [ansible commands]” every time I’m running some scripts, I installed a few aliases for PowerShell. I got inspired for this from this page which contains many aliases that are useful for Docker.

To add my aliases permanently I run “notepad $profile” and add below functions to that file.

PowerShell Aliases
function Run-AnsiblePlaybook {
    docker run --rm -it -v ${PWD}:/play -v ${HOME}/.ssh:/home/ngworx/.ssh myansible $args
Set-Alias play Run-AnsiblePlaybook
function Run-AnsibleTmux {
    docker run --rm -it -v ${PWD}:/play -v ${HOME}/.ssh:/home/ngworx/.ssh --entrypoint tmux myansible
Set-Alias ansible Run-AnsibleTmux

To use this image, I navigate to a folder with Ansible playbooks and type “play name-of-playbook”. The current folder and my SSH keys are automatically mapped into the container which allows Ansible to work with the provided files.

With Docker on Windows, the mounted Ansible files will be world writeable inside the container. Ansible refuses to run when it detects this except if the environment points to the world-writable ansible.cfg file. The environment inside the container ensures that Ansible accepts the config file to be /play/ansible.cfg. That implies you need to provide an ansible.cfg in the top directory of your Ansible playbooks where you intend to run them.

Now, what is the benefit of running this setup compared to running Ansible in a virtual machine? It’s very easy to share the container image to ensure everyone in the team runs the same tested Ansible version. I also find it convenient that I don’t have to remember to first boot a VM, connect to it and somehow share the files or do an additional git checkout. I can just run it from within my Windows environment and it works.

If you have any questions on how to run Ansible on Windows, feel free to messages us.

ngworx Team
May 2020
written by Remi Locherer
Senior Network & Security Engineer

Most Popular

Network-Engineering | 8 min read

Junos upgrade – filesystem is full

Not enough storage during Junos upgrade (EX2300 and EX3400). An extension of Juniper's article…

Read more