Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

psexec: new module to run commands on a remote Windows host without WinRM #36723

Merged
merged 8 commits into from Apr 24, 2018

Conversation

@jborean93
Copy link
Contributor

@jborean93 jborean93 commented Feb 26, 2018

SUMMARY

This is a new module that allows users to run a command on a remote Windows host without the requirement of WinRM. It can be used to run once off commands for a Windows host or even to bootstrap the WinRM listener so you can use the Ansible winrm connection plugin.

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

psexec

ANSIBLE VERSION
2.6
@ansibot
Copy link
Contributor

@ansibot ansibot commented Feb 26, 2018

The test ansible-test sanity --test yamllint [explain] failed with 2 errors:

test/integration/targets/psexec/tasks/main.yml:46:1: empty-lines too many blank lines (1 > 0)
test/integration/targets/psexec/tasks/tests.yml:231:1: empty-lines too many blank lines (1 > 0)

click here for bot help

@alikins alikins removed the needs_triage label Feb 26, 2018
@jborean93 jborean93 changed the title psexec: new module to run commands on a remote Windows host without WinRM [WIP] psexec: new module to run commands on a remote Windows host without WinRM Feb 26, 2018
@ansibot ansibot added the WIP label Feb 26, 2018
@jborean93 jborean93 changed the title [WIP] psexec: new module to run commands on a remote Windows host without WinRM psexec: new module to run commands on a remote Windows host without WinRM Mar 7, 2018
@ansibot ansibot added the stale_ci label Mar 20, 2018
Copy link
Member

@nitzmahone nitzmahone left a comment

A few little docs suggestions, a couple things to consider on arg naming/UX, and you could probably cut way back on the exception handling code, but overall looks nice and simple (on top of the horribly complex library you've built elsewhere ;) )

lib/ansible/modules/commands/psexec.py Outdated
description:
- Will run the command as a detached process and the module returns
immediately after starting the processs while the process continues to
run the background.

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

s/run the/run in the/

lib/ansible/modules/commands/psexec.py Outdated
- This requires the SMB 3 protocol which is only supported from Windows
Server 2012 or Windows 8, older versions like Windows 7 or Windows Server
2008 (R2) must set this to C(no) and use no encryption.
- When setting to C(no), the packets are in plaintext and can be seend by

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

s/seend/seen/

lib/ansible/modules/commands/psexec.py Outdated
- pypsexec
- smbprotocol[kerberos] for Kerberos authentication
notes:
- This module requires the Windows host to have SMB setup and the port 445

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

s/setup and the port/configured and enabled, and port/

lib/ansible/modules/commands/psexec.py Outdated
connection_timeout=dict(type='int', default=60),
executable=dict(type='str', required=True),
arguments=dict(type='str'),
working_directory=dict(type='str', default='C:\\Windows\\System32'),

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

r'C:\Windows\System32'

lib/ansible/modules/commands/psexec.py Outdated
- This can be set to run the process under an Interactive logon of the
specified account which bypasses limitations of a Network logon used when
this isn't specified.
- If ommited then the process is run under the same account as

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

s/ommited/omitted/

lib/ansible/modules/commands/psexec.py Outdated
priority=dict(type='str', default='normal',
choices=['above_normal', 'below_normal', 'high',
'idle', 'normal', 'realtime']),
show_ui_on_win_logon=dict(type='bool', default=False),

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

Feels like this could use a better name, but I'm not sure what... show_ui_on_secure_desktop? show_ui_on_logon_screen?

This comment has been minimized.

@jborean93

jborean93 Apr 23, 2018
Author Contributor

I think I like show_ui_on_logon_screen, people would understand it better.

lib/ansible/modules/commands/psexec.py Outdated
priority=priority, show_ui_on_win_logon=show_ui_on_win_logon,
timeout_seconds=process_timeout, stdin=b_stdin
)
if not module.check_mode:

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

should be superfluous unless you want to add a different command for check_mode support (since supports_check_mode is false)

This comment has been minimized.

@jborean93

jborean93 Apr 20, 2018
Author Contributor

Thanks for the pickup, was leftovers from the original code I had.

lib/ansible/modules/commands/psexec.py Outdated
if not module.check_mode:
try:
win_client.create_service()
except PDUException as exc:

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

Since the error handling is effectively the same beyond slight tweaks to the messaging, you could collapse all this with

except (SCMRException,PDUException,PypsexecException,SMBException) as exc:
...
lib/ansible/modules/commands/psexec.py Outdated
try:
proc_result = win_client.run_executable(**run_args)
except PAExecException as exc:
module.fail_json(msg='Received error when running remote process: '

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

same here with the collapse

lib/ansible/modules/commands/psexec.py Outdated
# close the SMB connection
try:
win_client.disconnect()
except SMBResponseException as exc:

This comment has been minimized.

@nitzmahone

nitzmahone Apr 19, 2018
Member

Same here with exception handling collapse. You could use something like type(exc).__name__ in the string if you don't want the whole stacktrace but still want to know what it was- I'm guessing that's not useful info to an end user, but might be for troubleshooting.

jborean93 added 6 commits Feb 26, 2018
…inRM
@jborean93 jborean93 force-pushed the jborean93:psexec-module branch to f9174a7 Apr 23, 2018
@ansibot ansibot removed the stale_ci label Apr 23, 2018
…tem account
@jborean93 jborean93 force-pushed the jborean93:psexec-module branch to fe6efe2 Apr 23, 2018
@jborean93 jborean93 merged commit 629efb6 into ansible:devel Apr 24, 2018
1 check passed
1 check passed
Shippable Run 62248 status is SUCCESS.
Details
@jborean93 jborean93 deleted the jborean93:psexec-module branch Apr 24, 2018
oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 12, 2018
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 14, 2018
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 14, 2018
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 15, 2018
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
oolongbrothers pushed a commit to oolongbrothers/ansible that referenced this pull request May 15, 2018
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
ilicmilan added a commit to ilicmilan/ansible that referenced this pull request Nov 7, 2018
…inRM (ansible#36723)

* psexec: new module to run commands on a remote Windows host without WinRM

* fix up sanity issue, create test firewall rule for SMB traffic

* Fixed up yaml linting issues, trying to fix on the fly firewall rule

* Added SMB exception to catch when cleaning up PAExec exe

* Don't load profile for Azure hosts when becoming another user

* Fixed up example to use correct option

* Reworded notes section of module docs

* Simplified module options around process integrity levels and the system account
@ansible ansible locked and limited conversation to collaborators Apr 27, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants