What you'll learn
- Ansible modules - win_command vs win_shell
- win_command vs win_shell
- win_command
- win_shell
- Links
- win_command code
- win_command execution
- win_shell code
- win_shell execution
- wrong module code
Ansible modules - win_command vs win_shell
How to automate the execution of PowerShell or cmd.exe code on windows target hosts using Ansible Playbook with win_command and win_shell modules.
What is the difference between win_command vs win_shell Ansible modules?
These two Ansible modules are confused one for another but they're fundamentally different.
Both modules allow you to execute win_command on a target host but in a slightly different way.
I'm Luca Berton and welcome to today's episode of Ansible Pilot.
win_command vs win_shell
- `win_command`
- Executes a command on a remote Windows node
- it bypasses the Windows shell
- always set changed to True
- `win_shell`
- Execute shell commands on Windows target hosts
- redirections and win_shell's inbuilt functionality
- always set changed to True
The `win_command` and `win_shell` Ansible modules execute win_commands on the Windows target node.
Generally speaking, is always better to use a specialized Ansible module to execute a task.
However, sometimes the only way is to execute a Windows PowerShell or cmd.exe via the `win_command` or `win_shell` module.
Let me reinforce again, you should avoid as much as possible the usage of `win_command`/`win_shell` instead of a better module.
Both modules execute PowerShell or cmd.exe commands on Windows target nodes but in a sensible different way.
The `win_command` modules execute win_commands on the target machine without using the target win_shell, it simply executes the win_command. The target `win_shell` is for example sending any PowerShell or cmd.exe. t will not be processed through the shell, so variables like `$env:HOME` and operations like `"<"`, `">"`, `"|"`, and `";"` are not available. On the other side, every command executed using the `win_shell` module has all PowerShell or cmd.exe features so it could be expanded in runtime. From the security point of view`win_command` module is more robust and has a more predictable outcome because it bypasses the shell.
Both modules returned **always** changed status because Ansible is not able to predict if the execution has or has not altered the target system.
For non-Windows targets, use the `ansible.builtin.command` and `ansible.builtin.shell` modules instead.
win_command
- Executes a command on a remote Windows node
The `win_command` module won't be impacted by local win_shell variables because it bypasses the win_shell. At the same time, it may not be able to run `win_shell` built-in features and redirections.
win_shell
- Execute shell commands on target hosts
The `win_shell` Ansible module is potentially more dangerous than the win_command module and should only be used when you actually really need the PowerShell or cmd.exe functionalities. So if you're not stringing two commands together o variables like `$env:HOME` and operations like `"<"`, `">"`, `"|"`, and `";"` you don't really need the win_shell module. Similarly, expanding shell variables requires the `win_shell` module. If