psexec: new module to run commands on a remote Windows host without WinRM #36723
Conversation
The test
|
A few little docs suggestions, a couple things to consider on arg naming/UX, and you could probably cut way back on the exception handling code, but overall looks nice and simple (on top of the horribly complex library you've built elsewhere ;) ) |
description: | ||
- Will run the command as a detached process and the module returns | ||
immediately after starting the processs while the process continues to | ||
run the background. |
nitzmahone
Apr 19, 2018
Member
s/run the/run in the/
s/run the/run in the/
- This requires the SMB 3 protocol which is only supported from Windows | ||
Server 2012 or Windows 8, older versions like Windows 7 or Windows Server | ||
2008 (R2) must set this to C(no) and use no encryption. | ||
- When setting to C(no), the packets are in plaintext and can be seend by |
nitzmahone
Apr 19, 2018
Member
s/seend/seen/
s/seend/seen/
- pypsexec | ||
- smbprotocol[kerberos] for Kerberos authentication | ||
notes: | ||
- This module requires the Windows host to have SMB setup and the port 445 |
nitzmahone
Apr 19, 2018
Member
s/setup and the port/configured and enabled, and port/
s/setup and the port/configured and enabled, and port/
connection_timeout=dict(type='int', default=60), | ||
executable=dict(type='str', required=True), | ||
arguments=dict(type='str'), | ||
working_directory=dict(type='str', default='C:\\Windows\\System32'), |
nitzmahone
Apr 19, 2018
Member
r'C:\Windows\System32'
r'C:\Windows\System32'
- This can be set to run the process under an Interactive logon of the | ||
specified account which bypasses limitations of a Network logon used when | ||
this isn't specified. | ||
- If ommited then the process is run under the same account as |
nitzmahone
Apr 19, 2018
Member
s/ommited/omitted/
s/ommited/omitted/
priority=dict(type='str', default='normal', | ||
choices=['above_normal', 'below_normal', 'high', | ||
'idle', 'normal', 'realtime']), | ||
show_ui_on_win_logon=dict(type='bool', default=False), |
nitzmahone
Apr 19, 2018
Member
Feels like this could use a better name, but I'm not sure what... show_ui_on_secure_desktop
? show_ui_on_logon_screen
?
Feels like this could use a better name, but I'm not sure what... show_ui_on_secure_desktop
? show_ui_on_logon_screen
?
jborean93
Apr 23, 2018
Author
Contributor
I think I like show_ui_on_logon_screen
, people would understand it better.
I think I like show_ui_on_logon_screen
, people would understand it better.
priority=priority, show_ui_on_win_logon=show_ui_on_win_logon, | ||
timeout_seconds=process_timeout, stdin=b_stdin | ||
) | ||
if not module.check_mode: |
nitzmahone
Apr 19, 2018
Member
should be superfluous unless you want to add a different command for check_mode support (since supports_check_mode
is false)
should be superfluous unless you want to add a different command for check_mode support (since supports_check_mode
is false)
jborean93
Apr 20, 2018
Author
Contributor
Thanks for the pickup, was leftovers from the original code I had.
Thanks for the pickup, was leftovers from the original code I had.
if not module.check_mode: | ||
try: | ||
win_client.create_service() | ||
except PDUException as exc: |
nitzmahone
Apr 19, 2018
Member
Since the error handling is effectively the same beyond slight tweaks to the messaging, you could collapse all this with
except (SCMRException,PDUException,PypsexecException,SMBException) as exc:
...
Since the error handling is effectively the same beyond slight tweaks to the messaging, you could collapse all this with
except (SCMRException,PDUException,PypsexecException,SMBException) as exc:
...
try: | ||
proc_result = win_client.run_executable(**run_args) | ||
except PAExecException as exc: | ||
module.fail_json(msg='Received error when running remote process: ' |
nitzmahone
Apr 19, 2018
Member
same here with the collapse
same here with the collapse
# close the SMB connection | ||
try: | ||
win_client.disconnect() | ||
except SMBResponseException as exc: |
nitzmahone
Apr 19, 2018
Member
Same here with exception handling collapse. You could use something like type(exc).__name__
in the string if you don't want the whole stacktrace but still want to know what it was- I'm guessing that's not useful info to an end user, but might be for troubleshooting.
Same here with exception handling collapse. You could use something like type(exc).__name__
in the string if you don't want the whole stacktrace but still want to know what it was- I'm guessing that's not useful info to an end user, but might be for troubleshooting.
…inRM (ansible#36723) * psexec: new module to run commands on a remote Windows host without WinRM * fix up sanity issue, create test firewall rule for SMB traffic * Fixed up yaml linting issues, trying to fix on the fly firewall rule * Added SMB exception to catch when cleaning up PAExec exe * Don't load profile for Azure hosts when becoming another user * Fixed up example to use correct option * Reworded notes section of module docs * Simplified module options around process integrity levels and the system account
…inRM (ansible#36723) * psexec: new module to run commands on a remote Windows host without WinRM * fix up sanity issue, create test firewall rule for SMB traffic * Fixed up yaml linting issues, trying to fix on the fly firewall rule * Added SMB exception to catch when cleaning up PAExec exe * Don't load profile for Azure hosts when becoming another user * Fixed up example to use correct option * Reworded notes section of module docs * Simplified module options around process integrity levels and the system account
…inRM (ansible#36723) * psexec: new module to run commands on a remote Windows host without WinRM * fix up sanity issue, create test firewall rule for SMB traffic * Fixed up yaml linting issues, trying to fix on the fly firewall rule * Added SMB exception to catch when cleaning up PAExec exe * Don't load profile for Azure hosts when becoming another user * Fixed up example to use correct option * Reworded notes section of module docs * Simplified module options around process integrity levels and the system account
…inRM (ansible#36723) * psexec: new module to run commands on a remote Windows host without WinRM * fix up sanity issue, create test firewall rule for SMB traffic * Fixed up yaml linting issues, trying to fix on the fly firewall rule * Added SMB exception to catch when cleaning up PAExec exe * Don't load profile for Azure hosts when becoming another user * Fixed up example to use correct option * Reworded notes section of module docs * Simplified module options around process integrity levels and the system account
…inRM (ansible#36723) * psexec: new module to run commands on a remote Windows host without WinRM * fix up sanity issue, create test firewall rule for SMB traffic * Fixed up yaml linting issues, trying to fix on the fly firewall rule * Added SMB exception to catch when cleaning up PAExec exe * Don't load profile for Azure hosts when becoming another user * Fixed up example to use correct option * Reworded notes section of module docs * Simplified module options around process integrity levels and the system account
…inRM (ansible#36723) * psexec: new module to run commands on a remote Windows host without WinRM * fix up sanity issue, create test firewall rule for SMB traffic * Fixed up yaml linting issues, trying to fix on the fly firewall rule * Added SMB exception to catch when cleaning up PAExec exe * Don't load profile for Azure hosts when becoming another user * Fixed up example to use correct option * Reworded notes section of module docs * Simplified module options around process integrity levels and the system account
SUMMARY
This is a new module that allows users to run a command on a remote Windows host without the requirement of WinRM. It can be used to run once off commands for a Windows host or even to bootstrap the WinRM listener so you can use the Ansible
winrm
connection plugin.ISSUE TYPE
COMPONENT NAME
psexec
ANSIBLE VERSION