Hook for winrm remote execution using pywinrm.

View on GitHub

Last Updated: Dec. 21, 2022

Access Instructions

Install the WinRM provider package into your Airflow environment.

Import the module into your DAG file and instantiate it with your desired params.


ssh_conn_idconnection id from airflow Connections from where all the required parameters can be fetched like username and password, though priority is given to the params passed during init.
endpointWhen not set, endpoint will be constructed like this: ‘http://{remote_host}:{remote_port}/wsman’
remote_hostRemote host to connect to. Ignored if endpoint is set.
remote_portRemote port to connect to. Ignored if endpoint is set.
transporttransport type, one of ‘plaintext’ (default), ‘kerberos’, ‘ssl’, ‘ntlm’, ‘credssp’
usernameusername to connect to the remote_host
passwordpassword of the username to connect to the remote_host
servicethe service name, default is HTTP
keytabthe path to a keytab file if you are using one
ca_trust_pathCertification Authority trust path
cert_pemclient authentication certificate file path in PEM format
cert_key_pemclient authentication certificate key file path in PEM format
server_cert_validationwhether server certificate should be validated on Python versions that support it; one of ‘validate’ (default), ‘ignore’
kerberos_delegationif True, TGT is sent to target server to allow multiple hops
read_timeout_secmaximum seconds to wait before an HTTP connect/read times out (default 30). This value should be slightly higher than operation_timeout_sec, as the server can block at least that long.
operation_timeout_secmaximum allowed time in seconds for any single wsman HTTP operation (default 20). Note that operation timeouts while receiving output (the only wsman operation that should take any significant time, and where these timeouts are expected) will be silently retried indefinitely.
kerberos_hostname_overridethe hostname to use for the kerberos exchange (defaults to the hostname in the endpoint URL)
message_encryptionWill encrypt the WinRM messages if set and the transport auth supports message encryption. (Default ‘auto’)
credssp_disable_tlsv1_2Whether to disable TLSv1.2 support and work with older protocols like TLSv1.0, default is False
send_cbtWill send the channel bindings over a HTTPS channel (Default: True)


Hook for winrm remote execution using pywinrm.

Was this page helpful?