Ansible can execute commands in Linux hosts using ssh, powershell in Windows hosts and just plain bash commands when interacting with the localhost and don’t want to use a remote protocol.
We can define what protocol to use along some other options specific to the hosts in the inventory file, lets see an example
[linux_hosts]
nginx1 ansible_host=nginx1.example.com ansible_connection=ssh[windows_hosts]
db1 ansible_host=db1.example.com ansible_connection=winrm[local_machine]
ansible_master ansible_host=localhost ansible_connection=local
ansible_host must point to the real hostname or ip address of the host, also hosts can have an alias in order to avoid long or complicated hostnames, nginx1 is the alias for nginx1.example.com
ansible_connection defines the protocol to be used, winrm is for powershell commands
Other inventory parameters
ansible_port = ssh: 22/ wirm: 5986
ansible_user = root/administrator
ansible_ssh_pass if you dont want (or you cant) use an ssh key
ansible_password for winrm authentication
ansible_winrm_transport (basic, CredSSP, NTLM, Kerberos, Certificate)
Windows authentication protocols
Basic is an authentication protocol for local accounts only
ansible_user: LocalUsername
ansible_password: Password
ansible_connection: winrm
ansible_winrm_transport: basic
Certificate, also for local accounts, it need extra configuration
ansible_connection: winrm
ansible_winrm_cert_pem: /path/to/certificate/public/key.pem
ansible_winrm_cert_key_pem: /path/to/certificate/private/key.pem
ansible_winrm_transport: certificate
NTLM can be used for local and domain accounts, no extra configuration is needed
ansible_user: LocalUsername
ansible_password: Password
ansible_connection: winrm
ansible_winrm_transport: ntlm
Kerberos is a more modern way and better suited for domains, but it needs extra configuration
ansible_user: username@MY.DOMAIN.COM
ansible_password: Password
ansible_connection: winrm
ansible_winrm_transport: kerberos
CredSSP is a newer protocol both for local and domain accounts but it needs extra configuration
ansible_user: Username
ansible_password: Password
ansible_connection: winrm
ansible_winrm_transport: credssp
SSH fingerprint connection error
If you use SSH you might face a connection error in case that the hosts fingerprint have not be added to the known_hosts file of your ansible workstation, to tackle thise you can edit the ansible.cfg file and set host_key_checking to False
host_key_checking = False