-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression in Calamari breaks Windows Service deploy with custom account password bound to empty string #8676
Comments
Hey @ArturDorochowicz, thanks for raising this with us. I've had a quick look and have tried this in Powershell, but it seems to be working as expected for me.
Are you able to provide any logs or any more details about the error you're seeing? Alternatively, it may be helpful to contact our support team as we are able to respond faster and may resolve your issue a lot quicker. (Support) |
Interesting. But it does break in the scenario that I described, i.e. a virtual account ( Here's a log fragment:
To reproduce outside of Octopus: sc.exe create "test-notepad" binPath= \"C:\Windows\notepad.exe\" depend= "/" start= "disabled"
$wmiService = Get-WmiObject win32_service -filter "name='$("test-notepad" -replace "'", "\'")'" -computer "."
$wmiService.change($null, $null, $null, $null, $null, $null, 'NT Service\test-notepad', '', $null, $null, $null) |
Release Note: Deploy Windows Services now bind empty account passwords correctly |
🎉 The fix for this issue has been released in:
|
Severity
No response
Version
2023.3
Latest Version
None
What happened?
I'm currently migrating from a very old Octopus version to a recent one. I've noticed that something in the deployment process that worked earlier doesn't work anymore.
We are deploying a Windows Service using Octopus's Deploy a Windows Service step. In general we use virtual service accounts (i.e.
NT Service\[service name]
, for which you don't specify a password). But in some environments we want to use regular user accounts with password. User name and password are set via Octopus variables. For the regular user account case - both are set and scoped to the relevant environment. For the virtual service account - the password variable is not defined. This works in the old Octopus, but in the new one binding a custom account password property which resolves to empty string fails during deployment.The issue was introduced in commit OctopusDeploy/Calamari@d2a83df in
source/Calamari/Scripts/Octopus.Features.WindowsService_BeforePostDeploy.ps1
Previous code did not attempt to set the password when it was empty:
OctopusDeploy/Calamari@d2a83df#diff-6e50016a01588ba50a2f8e14e65e2c7b20e84fff0aa04c829ec9973141287c50L107-L111
Current code has no such filtering and passes an empty password to the WMI call. Empty password here fails.
OctopusDeploy/Calamari@d2a83df#diff-6e50016a01588ba50a2f8e14e65e2c7b20e84fff0aa04c829ec9973141287c50R148-R151
As far as I see a solution is to coalesce empty string to null in the script. Passing
$null
there works correctly.Reproduction
See above.
Error and Stacktrace
No response
More Information
No response
Workaround
No response
The text was updated successfully, but these errors were encountered: