ansible / ansible.builtin / v2.9.13 / connection / psrp Run tasks over Microsoft PowerShell Remoting Protocol | "added in version" 2.7 of ansible.builtin" Authors: Ansible Core Teamansible.builtin.psrp (v2.9.13) — connection
pip
Install with pip install ansible==2.9.13
Run commands or put/fetch on a target via PSRP (WinRM plugin)
This is similar to the I(winrm) connection plugin which uses the same underlying transport but instead runs in a PowerShell interpreter.
auth: choices: - basic - certificate - negotiate - kerberos - ntlm - credssp default: negotiate description: - The authentication protocol to use when authenticating the remote user. - The default, C(negotiate), will attempt to use C(Kerberos) if it is available and fall back to C(NTLM) if it isn't. type: str vars: - name: ansible_psrp_auth path: default: wsman description: - The URI path to connect to. type: str vars: - name: ansible_psrp_path port: description: - The port for PSRP to connect on the remote target. - Default is C(5986) if I(protocol) is not defined or is C(https), otherwise the port is C(5985). type: int vars: - name: ansible_port - name: ansible_psrp_port proxy: description: - Set the proxy URL to use when connecting to the remote host. type: str vars: - name: ansible_psrp_proxy ca_cert: aliases: - cert_trust_path description: - The path to a PEM certificate chain to use when validating the server's certificate. - This value is ignored if I(cert_validation) is set to C(ignore). type: path vars: - name: ansible_psrp_cert_trust_path - name: ansible_psrp_ca_cert protocol: choices: - http - https description: - Set the protocol to use for the connection. - Default is C(https) if I(port) is not defined or I(port) is not C(5985). type: str vars: - name: ansible_psrp_protocol remote_addr: default: inventory_hostname description: - The hostname or IP address of the remote host. type: str vars: - name: ansible_host - name: ansible_psrp_host remote_user: description: - The user to log in as. type: str vars: - name: ansible_user - name: ansible_psrp_user ignore_proxy: default: 'no' description: - Will disable any environment proxy settings and connect directly to the remote host. - This option is ignored if C(proxy) is set. type: bool vars: - name: ansible_psrp_ignore_proxy read_timeout: default: 30 description: - The read timeout for receiving data from the remote host. - This value must always be greater than I(operation_timeout). - This option requires pypsrp >= 0.3. - This is measured in seconds. type: int vars: - name: ansible_psrp_read_timeout version_added: '2.8' version_added_collection: ansible.builtin cert_validation: choices: - validate - ignore default: validate description: - Whether to validate the remote server's certificate or not. - Set to C(ignore) to not validate any certificates. - I(ca_cert) can be set to the path of a PEM certificate chain to use in the validation. type: str vars: - name: ansible_psrp_cert_validation certificate_pem: description: - The local path to an X509 certificate to use with certificate auth. type: path vars: - name: ansible_psrp_certificate_pem remote_password: aliases: - password description: Authentication password for the C(remote_user). Can be supplied as CLI option. type: str vars: - name: ansible_password - name: ansible_winrm_pass - name: ansible_winrm_password max_envelope_size: default: 153600 description: - Sets the maximum size of each WSMan message sent to the remote host. - This is measured in bytes. - Defaults to C(150KiB) for compatibility with older hosts. type: int vars: - name: ansible_psrp_max_envelope_size negotiate_service: default: WSMAN description: - Override the service part of the SPN used during Kerberos authentication. - Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. - Ignored when NTLM was the negotiated auth. type: str vars: - name: ansible_psrp_negotiate_service operation_timeout: default: 20 description: - Sets the WSMan timeout for each operation. - This is measured in seconds. - This should not exceed the value for C(connection_timeout). type: int vars: - name: ansible_psrp_operation_timeout configuration_name: default: Microsoft.PowerShell description: - The name of the PowerShell configuration endpoint to connect to. type: str vars: - name: ansible_psrp_configuration_name connection_timeout: default: 30 description: - The connection timeout for making the request to the remote host. - This is measured in seconds. type: int vars: - name: ansible_psrp_connection_timeout message_encryption: choices: - auto - always - never default: auto description: - Controls the message encryption settings, this is different from TLS encryption when I(ansible_psrp_protocol) is C(https). - Only the auth protocols C(negotiate), C(kerberos), C(ntlm), and C(credssp) can do message encryption. The other authentication protocols only support encryption when C(protocol) is set to C(https). - C(auto) means means message encryption is only used when not using TLS/HTTPS. - C(always) is the same as C(auto) but message encryption is always used even when running over TLS/HTTPS. - C(never) disables any encryption checks that are in place when running over HTTP and disables any authentication encryption processes. type: str vars: - name: ansible_psrp_message_encryption negotiate_delegate: description: - Allow the remote user the ability to delegate it's credentials to another server, i.e. credential delegation. - Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. - Ignored when NTLM was the negotiated auth. type: bool vars: - name: ansible_psrp_negotiate_delegate negotiate_send_cbt: default: true description: - Send the Channel Binding Token (CBT) structure when authenticating. - CBT is used to provide extra protection against Man in the Middle C(MitM) attacks by binding the outer transport channel to the auth channel. - CBT is not used when using just C(HTTP), only C(HTTPS). type: bool vars: - name: ansible_psrp_negotiate_send_cbt certificate_key_pem: description: - The local path to an X509 certificate key to use with certificate auth. type: path vars: - name: ansible_psrp_certificate_key_pem reconnection_backoff: default: 2 description: - The backoff time to use in between reconnection attempts. (First sleeps X, then sleeps 2*X, then sleeps 4*X, ...) - This is measured in seconds. - The C(ansible_psrp_reconnection_backoff) variable was added in Ansible 2.9. type: int vars: - name: ansible_psrp_connection_backoff - name: ansible_psrp_reconnection_backoff version_added: '2.8' version_added_collection: ansible.builtin reconnection_retries: default: 0 description: - The number of retries on connection errors. type: int vars: - name: ansible_psrp_reconnection_retries version_added: '2.8' version_added_collection: ansible.builtin credssp_auth_mechanism: choices: - auto - kerberos - ntlm default: auto description: - The sub authentication mechanism to use with CredSSP auth. - When C(auto), both Kerberos and NTLM is attempted with kerberos being preferred. type: str vars: - name: ansible_psrp_credssp_auth_mechanism credssp_disable_tlsv1_2: default: false description: - Disables the use of TLSv1.2 on the CredSSP authentication channel. - This should not be set to C(yes) unless dealing with a host that does not have TLSv1.2. type: bool vars: - name: ansible_psrp_credssp_disable_tlsv1_2 credssp_minimum_version: default: 2 description: - The minimum CredSSP server authentication version that will be accepted. - Set to C(5) to ensure the server has been patched and is not vulnerable to CVE 2018-0886. type: int vars: - name: ansible_psrp_credssp_minimum_version negotiate_hostname_override: description: - Override the remote hostname when searching for the host in the Kerberos lookup. - This allows Ansible to connect over IP but authenticate with the remote server using it's DNS name. - Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. - Ignored when NTLM was the negotiated auth. type: str vars: - name: ansible_psrp_negotiate_hostname_override