How to run an Ansible control node on Windows?

16 March 2025 | Eric

DISCLAIMER: This solution is NOT secured for anything else than running on your local machine.

Moving away from WSL

Recently I decided to get rid of my WSL setup. Not that I hated it, but I had way too many issues with it, most notably file access performance issues. Those issues are unrelated to Ansible, and had more to do with my IDE being slow when running AI coding agents and indexing big projects.

So I decided to switch back to Windows entirely.

Everything went smoothly, and nothing much changed, but one problem I ran into is running Ansible on Windows. If you go on RedHat documentation you’ll read this:

For your control node (the machine that runs Ansible), you can use nearly any UNIX-like machine with Python installed. This includes Red Hat, Debian, Ubuntu, macOS, BSDs, and Windows under a Windows Subsystem for Linux (WSL) distribution. Windows without WSL is not natively supported as a control node; see Matt Davis’ blog post for more information.

Obviously, I knew it, because one of the reason I was using WSL is to have that kind of tools run without some strange setup. Though, after digging a little bit I found out it is still possible to run Ansible on Windows, thanks to Docker.

Docker to the rescue

Basically, what I did is set up a Docker service in my existing docker-compose.yaml file with one of cytopia/ansible image. I give you the code below:

services:
  ansible:
    image: cytopia/ansible:latest-tools
    environment:
      ANSIBLE_HOST_KEY_CHECKING: false
      ANSIBLE_CONFIG: /data
    volumes:
      - ./ansible:/data
      - ~/.ssh/id_rsa:/root/.ssh/id_rsa
      - ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub
    stdin_open: true
    tty: true

A few things to note:

  1. My playbooks are in a ./ansible folder, which I copy to the container under /data.
  2. I also copy my id_rsa from my local Windows .ssh/ directory to the container.
  3. I run this on my local computer so ANSIBLE_HOST_KEY_CHECKING: false makes it easier, but this is a potential security risk.

A last thing to do before running anything is to set the permission of the .vault_pass and id_rsa files properly in the container:

docker compose run --rm chmod 600 /data/.vault_pass
docker compose run --rm chmod 600 /root/.ssh/id_rsa

And basically, that’s about it. Now I can run my local playbooks and vault commands directly in the container.

Running a playbook:

docker compose run --rm ansible ansible-playbook -i inventory/production.ini playbooks/deployment/docker/restart_service.yml

Running Ansible Vault:

docker compose run --rm ansible ansible-vault edit group_vars/all/secrets.yml

While the Docker-based Ansible solution provides excellent cross-platform compatibility, it does introduce some limitations compared to native execution, such as potential networking complexities when accessing local resources, the need to explicitly mount required volumes, and slightly slower execution due to the containerization layer.

But overall, this is running perfectly for my needs. Hopefully this works for you too!

Cheers! 👋