New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

psexec: new module to run commands on a remote Windows host without WinRM #36723

Merged
merged 8 commits into from Apr 24, 2018

Conversation

Projects
None yet
4 participants
@jborean93
Contributor

jborean93 commented Feb 26, 2018

SUMMARY

This is a new module that allows users to run a command on a remote Windows host without the requirement of WinRM. It can be used to run once off commands for a Windows host or even to bootstrap the WinRM listener so you can use the Ansible winrm connection plugin.

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

psexec

ANSIBLE VERSION
2.6
@ansibot

This comment has been minimized.

Contributor

ansibot commented Feb 26, 2018

The test ansible-test sanity --test yamllint [explain] failed with 2 errors:

test/integration/targets/psexec/tasks/main.yml:46:1: empty-lines too many blank lines (1 > 0)
test/integration/targets/psexec/tasks/tests.yml:231:1: empty-lines too many blank lines (1 > 0)

click here for bot help

@alikins alikins removed the needs_triage label Feb 26, 2018

@jborean93 jborean93 changed the title from psexec: new module to run commands on a remote Windows host without WinRM to [WIP] psexec: new module to run commands on a remote Windows host without WinRM Feb 26, 2018

@ansibot ansibot added the WIP label Feb 26, 2018

@jborean93 jborean93 changed the title from [WIP] psexec: new module to run commands on a remote Windows host without WinRM to psexec: new module to run commands on a remote Windows host without WinRM Mar 7, 2018

@ansibot ansibot added the stale_ci label Mar 20, 2018

@nitzmahone

A few little docs suggestions, a couple things to consider on arg naming/UX, and you could probably cut way back on the exception handling code, but overall looks nice and simple (on top of the horribly complex library you've built elsewhere ;) )

description:
- Will run the command as a detached process and the module returns
immediately after starting the processs while the process continues to
run the background.

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

s/run the/run in the/

- This requires the SMB 3 protocol which is only supported from Windows
Server 2012 or Windows 8, older versions like Windows 7 or Windows Server
2008 (R2) must set this to C(no) and use no encryption.
- When setting to C(no), the packets are in plaintext and can be seend by

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

s/seend/seen/

- pypsexec
- smbprotocol[kerberos] for Kerberos authentication
notes:
- This module requires the Windows host to have SMB setup and the port 445

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

s/setup and the port/configured and enabled, and port/

connection_timeout=dict(type='int', default=60),
executable=dict(type='str', required=True),
arguments=dict(type='str'),
working_directory=dict(type='str', default='C:\\Windows\\System32'),

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

r'C:\Windows\System32'

- This can be set to run the process under an Interactive logon of the
specified account which bypasses limitations of a Network logon used when
this isn't specified.
- If ommited then the process is run under the same account as

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

s/ommited/omitted/

priority=dict(type='str', default='normal',
choices=['above_normal', 'below_normal', 'high',
'idle', 'normal', 'realtime']),
show_ui_on_win_logon=dict(type='bool', default=False),

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

Feels like this could use a better name, but I'm not sure what... show_ui_on_secure_desktop? show_ui_on_logon_screen?

This comment has been minimized.

@jborean93

jborean93 Apr 23, 2018

Contributor

I think I like show_ui_on_logon_screen, people would understand it better.

priority=priority, show_ui_on_win_logon=show_ui_on_win_logon,
timeout_seconds=process_timeout, stdin=b_stdin
)
if not module.check_mode:

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

should be superfluous unless you want to add a different command for check_mode support (since supports_check_mode is false)

This comment has been minimized.

@jborean93

jborean93 Apr 20, 2018

Contributor

Thanks for the pickup, was leftovers from the original code I had.

if not module.check_mode:
try:
win_client.create_service()
except PDUException as exc:

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

Since the error handling is effectively the same beyond slight tweaks to the messaging, you could collapse all this with

except (SCMRException,PDUException,PypsexecException,SMBException) as exc:
...
try:
proc_result = win_client.run_executable(**run_args)
except PAExecException as exc:
module.fail_json(msg='Received error when running remote process: '

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

same here with the collapse

# close the SMB connection
try:
win_client.disconnect()
except SMBResponseException as exc:

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018

Member

Same here with exception handling collapse. You could use something like type(exc).__name__ in the string if you don't want the whole stacktrace but still want to know what it was- I'm guessing that's not useful info to an end user, but might be for troubleshooting.

jborean93 added some commits Feb 26, 2018

@jborean93 jborean93 force-pushed the jborean93:psexec-module branch from 424ed6c to f9174a7 Apr 23, 2018

@ansibot ansibot removed the stale_ci label Apr 23, 2018

@jborean93 jborean93 force-pushed the jborean93:psexec-module branch to fe6efe2 Apr 23, 2018

@jborean93 jborean93 merged commit 629efb6 into ansible:devel Apr 24, 2018

1 check passed

Shippable Run 62248 status is SUCCESS.
Details

@jborean93 jborean93 deleted the jborean93:psexec-module branch Apr 24, 2018

kbreit added a commit to kbreit/ansible that referenced this pull request May 5, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account

oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 12, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account

oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 14, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account

oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 14, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account

oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 15, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account

oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 15, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account

ilicmilan added a commit to ilicmilan/ansible that referenced this pull request Nov 7, 2018

psexec: new module to run commands on a remote Windows host without W…
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment