Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

user account not set correctly in created scheduled task when user is a domain user. #550

Open
youngturk2 opened this issue Jan 24, 2024 · 0 comments
Open

user account not set correctly in created scheduled task when user is a domain user. #550

youngturk2 opened this issue Jan 24, 2024 · 0 comments

Comments

@youngturk2
Copy link

SUMMARY

So, I have a playbook that is supposed to create a couple of scheduled tasks to run as a particular domain account using the community.windows.win_scheduled_task module. I run the playbook, and, while the playbook executes successfully, when I log into the remote host on which ansible created the schedule task to visually verify that the scheduled task was created correctly, the user account that the scheduled task is configured to run as is missing the domain. For example, consider this playbook:

---

- name: oseries
  hosts: all
  gather_facts: true
  vars:
    service_account: ONPVERTEXINC\oseries2
    service_password: Notreallyapassword
  
  tasks:

    - name: Create TJE scheduled task
      community.windows.win_scheduled_task:
        name: TJE Only
        actions:
          - path: c:\vertex\oseries\bin\runActivity.bat
            working_directory: c:\vertex\oseries\bin
        username: "{{ service_account }}"
        password: "{{ service_password }}"
        logon_type: password
        run_level: highest
        triggers:
          - type: daily
            start_boundary: "{{ ansible_date_time.iso8601.split('T')[0] }}T04:00:00"

When I run this playbook against my windows hosts, this is the scheduled task that gets created on the remote host:

image

As you can see, the account listed is completely missing the domain portion it should be configured with. Just to make sure, I went and configured the user to run as in the GUI, and this is what we see when the account is selected in the GUI:

image

So it is clear that the domain to which the user account belongs is available. It is also clear that account verification is taking place, as, while attempting to create this issue, attempting to supply an invalid password for the username resulted in an error indicating that the password was not valid for the supplied username. So, it is clear to me that the module is able to locate the account, but it is just not configuring the scheduled task correctly for some reason? Please let me know if there are any questions.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

win_scheduled_task

ANSIBLE VERSION
ansible [core 2.15.8]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
# /usr/lib/python3/dist-packages/ansible_collections
Collection        Version
----------------- -------
community.windows 1.13.0
CONFIGURATION
CONFIG_FILE() = /etc/ansible/ansible.cfg
DEFAULT_VAULT_PASSWORD_FILE(env: ANSIBLE_VAULT_PASSWORD_FILE) = /home/ubuntu/.vp
OS / ENVIRONMENT

Target OS version is Windows server 2019

STEPS TO REPRODUCE

Below is the playbook that I used, but the only parts that are relevant are likely the "username", "password", and "logon_type" properties:

---

- name: oseries
  hosts: all
  gather_facts: true
  vars:
    service_account: ONPVERTEXINC\oseries2
    service_password: Notreallyapassword
  
  tasks:

    - name: Create TJE scheduled task
      community.windows.win_scheduled_task:
        name: TJE Only
        actions:
          - path: c:\vertex\oseries\bin\runActivity.bat
            working_directory: c:\vertex\oseries\bin
        username: "{{ service_account }}"
        password: "{{ service_password }}"
        logon_type: password
        run_level: highest
        triggers:
          - type: daily
            start_boundary: "{{ ansible_date_time.iso8601.split('T')[0] }}T04:00:00"
  1. run the above playbook against domain-joined remote windows hosts. Make sure to change the username and password vars so that they reflect a valid domain user
  2. After the playbook executes successfully, visually verify the user the scheduled task is configured to run as on the windows remote hosts.
EXPECTED RESULTS

I would expect that the scheduled task would be configured to run as the domain user that is configured in the ansible playbook.

ACTUAL RESULTS

When a scheduled task is configured to run as a domain user using the community.windows.win_scheduled_task module, the scheduled task that is actually created is missing the domain.

ansible-playbook -vvv -i inventory/post-deploy.yml playbook/beep.yml
ansible-playbook [core 2.15.8]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /home/ubuntu/ansible/inventory/post-deploy.yml as it did not pass its verify_file() method
script declined parsing /home/ubuntu/ansible/inventory/post-deploy.yml as it did not pass its verify_file() method
Parsed /home/ubuntu/ansible/inventory/post-deploy.yml inventory source with yaml plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: beep.yml **************************************************************************************************************************************************************************************************************
1 plays in playbook/beep.yml

PLAY [oseries] ******************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************
task path: /home/ubuntu/ansible/playbook/beep.yml:3
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /home/ubuntu/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<10.30.107.181> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.181
Using module file /home/ubuntu/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<10.30.107.103> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.103
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
ok: [ouplift11a.onpvertexinc.com]
ok: [ouplift11b.onpvertexinc.com]

TASK [Create TJE scheduled task] ************************************************************************************************************************************************************************************************
task path: /home/ubuntu/ansible/playbook/beep.yml:18
Using module file /usr/lib/python3/dist-packages/ansible_collections/community/windows/plugins/modules/win_scheduled_task.ps1
Pipelining is enabled.
<10.30.107.181> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.181
Using module file /usr/lib/python3/dist-packages/ansible_collections/community/windows/plugins/modules/win_scheduled_task.ps1
Pipelining is enabled.
<10.30.107.103> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.103
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
changed: [ouplift11a.onpvertexinc.com] => {
    "changed": true
}
changed: [ouplift11b.onpvertexinc.com] => {
    "changed": true
}

PLAY RECAP **********************************************************************************************************************************************************************************************************************
ouplift11a.onpvertexinc.com : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
ouplift11b.onpvertexinc.com : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@youngturk2