Skip to main content

How to Run Ansible Playbooks from a Batch Script

Ansible is an IT automation engine that automates cloud provisioning, configuration management, application deployment, and intra-service orchestration. However, Ansible natively runs only on Unix-like operating systems (Linux/macOS) as the control node. To run Ansible playbooks from a Windows Batch script, you must bridge the execution through the Windows Subsystem for Linux (WSL).

In this guide, we will demonstrate how to automate Ansible playbooks directly from your Windows command line using WSL as the intermediary.

The Strategy: The WSL Bridge

  1. Enable and install a Linux distribution natively on Windows 10/11 using WSL (e.g., Ubuntu).
  2. Install Ansible inside that WSL instance (sudo apt install ansible).
  3. Store your Ansible playbooks and inventory files on the shared Windows/WSL file system.
  4. Invoke the native wsl.exe command inside your Batch script, passing the ansible-playbook Linux command as an argument.

Execution Requirements

Before the Batch script can work, you must be able to open a command prompt and type wsl ansible --version and receive a valid output without errors. Your WSL instance must also possess the SSH keys necessary to communicate with your target infrastructure.

Implementation Script

@echo off
setlocal enabledelayedexpansion

:: 1. Verify WSL is available
where wsl >nul 2>nul
if !errorlevel! neq 0 (
    echo [ERROR] WSL is not installed or not in PATH.
    pause
    exit /b 1
)

:: 2. Verify Ansible is installed inside WSL
wsl -e ansible --version >nul 2>nul
if !errorlevel! neq 0 (
    echo [ERROR] Ansible is not installed inside the WSL instance.
    echo Run: wsl sudo apt install ansible
    pause
    exit /b 1
)

:: 3. Define Paths
:: Remember: WSL mounts the C: drive as /mnt/c/
set "playbookPath=/mnt/c/Ansible/deploy_website.yml"
set "inventoryPath=/mnt/c/Ansible/hosts.ini"
set "extraVars=env=production branch=main"

echo Installing Web Application across production servers...
echo.

:: 4. Execute via the WSL Bridge
wsl -e ansible-playbook -i "%inventoryPath%" "%playbookPath%" --extra-vars "%extraVars%"

:: Capture the exit code immediately
set "ansibleResult=!errorlevel!"

if !ansibleResult! equ 0 (
    echo.
    echo ==========================================
    echo ANSIBLE DEPLOYMENT SUCCESSFUL
    echo ==========================================
) else (
    echo.
    echo [ERROR] Ansible playbook failed with exit code !ansibleResult!. Check the console output.
    pause
    exit /b 1
)

endlocal
pause
exit /b 0

Running Playbooks as Root inside WSL

Often, you must install dependencies inside WSL before running Ansible or require elevated privileges to access a strictly locked-down SSH key.

@echo off
setlocal enabledelayedexpansion

:: Verify WSL is available
where wsl >nul 2>nul
if !errorlevel! neq 0 (
    echo [ERROR] WSL is not installed or not in PATH.
    pause
    exit /b 1
)

set "playbook=/mnt/c/Scripts/Ansible/update.yml"

echo Executing privileged playbook...

:: The -u root flag executes the command as the root user inside WSL.
:: NOTE: If the WSL root account requires a password, this will prompt
:: interactively unless configured for NOPASSWD in /etc/sudoers.
wsl -u root ansible-playbook "%playbook%"

:: Capture the exit code immediately
set "ansibleResult=!errorlevel!"

if !ansibleResult! equ 0 (
    echo [SUCCESS] System update finished.
) else (
    echo [ERROR] Playbook failed with exit code !ansibleResult!.
    pause
    exit /b 1
)

endlocal
pause
exit /b 0

Why Trigger Ansible from Batch?

  1. Local Development Integration: A .bat file allows a developer to double-click a script that provisions their entire local Docker/Hyper-V testing environment without manually opening a Linux shell and typing out complex parameter strings.
  2. Hybrid Provisioning Pipelines: A single master script can use PowerShell to configure local Active Directory accounts, and then immediately call wsl ansible-playbook to push Linux application configurations, handling heterogeneous environments gracefully.
  3. Hiding Complexity: Empowering Junior SysAdmins to apply standard security patches across a Linux server cluster by running a simple "Patch_Servers.bat" file on their Windows Jump Box.

Important Considerations

  1. Pathing Translation: The Batch script resides on Windows (e.g., C:\Ansible\). The wsl executable cannot read Windows paths like C:\. It must be translated to the WSL mount point natively (/mnt/c/Ansible/).
  2. SSH Key Permissions: Ansible relies heavily on SSH keys. If your private key (id_rsa) is stored on the Windows file system (C:\...), WSL will see it as having permissions 0777 (world-readable) and Ansible will strictly reject it for being insecure. You must store your SSH key securely inside the Linux file system (~/.ssh/) instead of the mounted Windows drive.
  3. Color Output: Ansible's beautiful color-coded output (Green, Yellow, Red) natively supports the modern Windows Terminal but may render as garbled ANSI escape characters in the legacy cmd.exe console.

Conclusion

Running Ansible from a Windows Batch script requires embracing the Windows Subsystem for Linux (WSL) as an execution broker. By seamlessly translating file paths and passing the ansible-playbook command through the wsl.exe executable, you integrate the industry's most powerful configuration management engine directly into your Windows automation ecosystem.

Table of Contents