ansible-collections / ansible.windows Goto Github PK

View Code? Open in Web Editor NEW

232.0 232.0 156.0 7.51 MB

Windows core collection for Ansible

Home Page: https://galaxy.ansible.com/ansible/windows

License: GNU General Public License v3.0

Python 32.16% C# 8.39% PowerShell 58.63% C 0.03% Shell 0.62% Jinja 0.18%

ansible-collection hacktoberfest

ansible.windows's People

Contributors

Stargazers

Watchers

Forkers

jborean93 akasurde mattclay briantist thlayli123 htaudah polaris197 swikrutpateltr samccann acmisanz jhawkesworth buratina hakon frezzzer ducmre magnush0lm placame james-m-tubbs ksubileau davetapley jantari gundalow jirolin rjkip-seequent joelouthan kumarsai234 amhn yasir2000 andersson007 homedepot sdrik tonyli71 mkletz sky-joker ompragash janaki-k kollibri kvprasoon zigasrc gpzj rpravipatiin 21asn anilkrs09 pydtools onewop florianow micahvandeusen pabelanger tzvifriedman tenpei-on netmoose nktrds baovoicm ws-el-gato klichwalla hungtran84 lydiym frisch-raphael amil131268 chazzrobbz santiagoroman iogoe20 esker-software pawpaw harrysmith2 azurecloudmonk mikeklebolt papaloewe66 mweaver78 tsukiand sabman3 datadope-io mgaruccio acalbazana ptilin imhosung esaenz7 brianhelba anjilinux xenonpk bovial1 jamesnswithers ripolin maximd rangaraj73 saizen01 hackatoo artshamsh tejaswi-bachu chhall1982 hydeen incy-sonic guyrleech catchkarthik sojusms favalos2 gillg aaronk1 robhefty mwtrigg

ansible.windows's Issues

win_user_right: "RemovePrivilege with 2 argument(s): The request is not supported"

SUMMARY

win_user_right fails while trying to 'set' assignments on SeCreateGlobalPrivilege.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_user_right

ANSIBLE VERSION

ansible 2.9.2
  config file = None
  configured module search path = [u'/Users/egvidal/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/egvidal/Library/Python/2.7/lib/python/site-packages/ansible
  executable location = /Users/egvidal/Library/Python/2.7/bin/ansible
  python version = 2.7.16 (default, Jul  5 2020, 02:24:03) [GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.29.21) (-macos10.15-objc-

CONFIGURATION

OS / ENVIRONMENT

target OS: Windows Server 2012 Standard
host OS: MacOS Catalina v10.15.6

STEPS TO REPRODUCE

Having the SeCreateGlobalPrivilege security group with current assignment for NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, BUILTIN\Administrators
Restrict the assignment via win_user_right -> set, to only BUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE

policy_name: "SeCreateGlobalPrivilege"
desired_value: "BUILTIN\\Administrators|NT AUTHORITY\\LOCAL SERVICE"
desired_action: set

    win_user_right:
      name: "{{ policy_name }}"
      users: "{{ desired_value.split('|') }}"
      action: "{{ desired_action }}"

EXPECTED RESULTS

Replace the existing assignment (NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, BUILTIN\Administrators) with the one required (BUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE)
It works perfectly on this other task (having as current assignment NT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators, NT AUTHORITY\NETWORK SERVICE):

policy_name: "SeTimeZonePrivilege"
desired_value: "BUILTIN\\Administrators|NT AUTHORITY\\LOCAL SERVICE"
desired_action: set

    win_user_right:
      name: "{{ policy_name }}"
      users: "{{ desired_value.split('|') }}"
      action: "{{ desired_action }}"

ACTUAL RESULTS

No change was made and an error was reported on module ps1 script execution

Using module file /Users/egvidal/Library/Python/2.7/lib/python/site-packages/ansible/modules/windows/win_user_right.ps1
Pipelining is enabled.
<192.168.0.12> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO 192.168.0.12
EXEC (via pipeline wrapper)
The full traceback is:
Exception calling "RemovePrivilege" with "2" argument(s): "The request is not supported"
At line:320 char:13
+             $lsa_helper.RemovePrivilege($user, $name)
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : Win32Exception

ScriptStackTrace:
at <ScriptBlock>, <No file>: line 320

fatal: [w2k12]: FAILED! => {
    "changed": false, 
    "msg": "Unhandled exception while executing module: Exception calling \"RemovePrivilege\" with \"2\" argument(s): \"The request is not supported\""
}

win_regedit is updating HKU instead of HKCU

SUMMARY

Hi all,
I noticed today morning that wrong keys are modified when using win_regedit module.
HKU keys are modified instead of HKCU

ISSUE TYPE

Bug Report

COMPONENT NAME

lib/ansible/modules/windows/win_regedit.ps1

ANSIBLE VERSION

ansible 2.7.10

OS / ENVIRONMENT

Windows server 2016

STEPS TO REPRODUCE

   - name: MigrateProxy
     win_regedit:
      path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
      name: MigrateProxy
      data: 1
      type: dword

   - name: ProxyEnable
     win_regedit:
      path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
      name: ProxyEnable
      data: 0
      type: dword

   - name: AutoConfigURL
     win_regedit:
      path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
      name: AutoConfigURL
      data: http://pac.zscloud.net/

   - name: AutoDetect
     win_regedit:
      path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
      name: AutoDetect
      data: 0
      type: dword

EXPECTED RESULTS

Add reg keys:
MigrateProxy
ProxyEnable
AutoConfigURL
AutoDetect

under HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

ACTUAL RESULTS

PS output
Get-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"

** module is modifying HKU instead HKCU**
PS output:
Get-ItemProperty -Path "Registry::HKEY_USERS\SID\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"

Could you please take a look at it?

win_copy: Unable to copy large folder

SUMMARY

win_copy is unable to copy large folder. Max it can copy a file/directory of 2.5GiB in size.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_copy

ANSIBLE VERSION

# pip3 show ansible
Name: ansible
Version: 2.9.9
Summary: Radically simple IT automation
Home-page: https://ansible.com/
Author: Ansible, Inc.
Author-email: [email protected]
License: GPLv3+
Location: /usr/local/lib/python3.8/dist-packages
Requires: jinja2, cryptography, PyYAML
Required-by:

CONFIGURATION

No specific configuration

OS / ENVIRONMENT

Ubuntu 20.04 LTS Server

STEPS TO REPRODUCE

Use the below playbook to copy a folder of 4.5 GiB in size from ansible provision server(ubuntu server) to a windows 2016 server, it will fail.

---
- name: Copy SQL files to Windows VM
  hosts: "{{ target }}"
  gather_facts: false
  connection: winrm

  tasks:
    - name: Copy SQL Files using win_copy module
      win_copy:
        src: /root/software/
        dest: C:\SQL2016_standard\

# tree /root/software/
/root/software/
└── SQL2016_standard
    ├── SQL2016Standardw_SP1.zip
    ├── SSMS2016_setup
    │   └── SSMS-Setup-ENU.exe
    └── updates
        ├── SQLServer2016-KB4524334-x64.exe
        └── SQLServer2016SP2-KB4052908-x64-ENU.exe

# cat inventory
[mssql]
xxx.xxx.xxx.xxx

[mssql:vars]
ansible_connection=winrm
ansible_user=global\myadmin
ansible_password=xxxxxxxxxxxxx
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
ansible_port=5985

Command to deploy

# ansible-playbook -i  inventory -e target=mssql wincp.yaml -vvv

EXPECTED RESULTS

It should copy the folder successfully.

ACTUAL RESULTS

Its failing with the following traces:

# ansible-playbook -i  inventory -e target=mssql-sentry-sql wincp.yaml -vvv
ansible-playbook 2.9.9
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.8.2 (default, Apr 27 2020, 15:53:34) [GCC 9.3.0]
No config file found; using defaults
host_list declined parsing /root/playbooks/inventory as it did not pass its verify_file() method
script declined parsing /root/playbooks/inventory as it did not pass its verify_file() method
auto declined parsing /root/playbooks/inventory as it did not pass its verify_file() method
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation
warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
Parsed /root/playbooks/inventory inventory source with ini plugin

PLAYBOOK: wincp.yaml *****************************************************************************************************************************************************************************************************************************************
1 plays in wincp.yaml

PLAY [Copy SQL files to Windows VM] **************************************************************************************************************************************************************************************************************************
META: ran handlers

TASK [Copy SQL Files using win_copy module] ******************************************************************************************************************************************************************************************************************
task path: /root/playbooks/wincp.yaml:8
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/windows/win_copy.ps1
Pipelining is enabled.
<xxx.xxx.xxx.xxx> ESTABLISH WINRM CONNECTION FOR USER: global\myadmin on PORT 5985 TO xxx.xxx.xxx.xxx
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
<xxx.xxx.xxx.xxx> PUT "/root/.ansible/tmp/ansible-local-1581142w2j6iv0m/tmphitjyjsd/win_copy.zip" TO "C:\Users\myadmin\AppData\Local\Temp\ansible-tmp-1598965263.1938927-1581146-49202896425265\source.zip"
EXEC (via pipeline wrapper)
The full traceback is:
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/winrm/protocol.py", line 248, in send_message
    root = ET.fromstring(ex.response_text)
  File "/usr/lib/python3.8/xml/etree/ElementTree.py", line 1321, in XML
    return parser.close()
  File "<string>", line None
xml.etree.ElementTree.ParseError: no element found: line 1, column 0

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/ansible/executor/task_executor.py", line 146, in run
    res = self._execute()
  File "/usr/local/lib/python3.8/dist-packages/ansible/executor/task_executor.py", line 653, in _execute
    self._handler.cleanup()
  File "/usr/local/lib/python3.8/dist-packages/ansible/plugins/action/__init__.py", line 128, in cleanup
    self._remove_tmp_path(self._connection._shell.tmpdir)
  File "/usr/local/lib/python3.8/dist-packages/ansible/plugins/action/__init__.py", line 407, in _remove_tmp_path
    tmp_rm_res = self._low_level_execute_command(cmd, sudoable=False)
  File "/usr/local/lib/python3.8/dist-packages/ansible/plugins/action/__init__.py", line 1075, in _low_level_execute_command
    rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
  File "/usr/local/lib/python3.8/dist-packages/ansible/plugins/connection/winrm.py", line 548, in exec_command
    result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True, stdin_iterator=stdin_iterator)
  File "/usr/local/lib/python3.8/dist-packages/ansible/plugins/connection/winrm.py", line 460, in _winrm_exec
    command_id = self.protocol.run_command(self.shell_id, to_bytes(command), map(to_bytes, args), console_mode_stdin=(stdin_iterator is None))
  File "/usr/local/lib/python3.8/dist-packages/winrm/protocol.py", line 359, in run_command
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/local/lib/python3.8/dist-packages/winrm/protocol.py", line 251, in send_message
    raise ex
  File "/usr/local/lib/python3.8/dist-packages/winrm/protocol.py", line 243, in send_message
    resp = self.transport.send_message(message)
  File "/usr/local/lib/python3.8/dist-packages/winrm/transport.py", line 323, in send_message
    response = self._send_message_request(prepared_request, message)
  File "/usr/local/lib/python3.8/dist-packages/winrm/transport.py", line 339, in _send_message_request
    raise WinRMTransportError('http', ex.response.status_code, response_text)
winrm.exceptions.WinRMTransportError: Bad HTTP response returned from server. Code 400
fatal: [100.89.14.149]: FAILED! => {
    "msg": "Unexpected failure during module execution.",
    "stdout": ""
}

PLAY RECAP ***************************************************************************************************************************************************************************************************************************************************
xxx.xxx.xxx.xxx              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

win_domain_membership: Rename not working

From @dagwieers on Oct 23, 2018 12:06

SUMMARY

The following task

- name: Join system to the domain
  win_domain_membership:
    dns_domain_name: '{{ local_domain }}'
    hostname: '{{ windows_shortname }}'
    domain_admin_user: '{{ windows_domain }}\{{ windows_admin_user }}'
    domain_admin_password: '{{ windows_admin_password }}'
    log_path: C:\Windows\Temp\ad_join_log.txt
    state: domain
  register: domain_state

Causes this error:

failed to join domain: Computer 'RAMSES-REU6T33J' was successfully joined to the new domain 'pod11vmm.aci.lab', but renaming it to 'c220m4-2' failed with the following error message: The account already exists.

This can be avoided by first renaming and rebooting the server, but since win_domain_membership reports it can rename a server, I would prefer to avoid an additional reboot.

In this case I have no clue what "The account already exists." really means, because that system has a unique system name which was not joined before.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_domain_membership

ANSIBLE VERSION

v2.8 and older

OS / ENVIRONMENT

controller: CentOS 7.5
target: Windows Server 2012 R2

STEPS TO REPRODUCE

Rename a system when you're joining. Potentially doing this twice with a reinstalled system using the same target name.

EXPECTED RESULTS

It works, or at least continues with no error.

ACTUAL RESULTS

Fails with:

Failed: {
    "_ansible_parsed": true, 
    "_ansible_no_log": false, 
    "msg": "failed to join domain: Computer 'RAMSES-REU6T33J' was successfully joined to the new domain 'pod11vmm.aci.lab', but renaming it to 'c220m4-2' failed with the following error message: The account already exists.", 
    "changed": true, 
   "reboot_required": false
}

Copied from original issue: ansible/ansible#47497

win_template module shows all rows as difference

From @t-nakajimaa on Jul 18, 2020 17:14

SUMMARY

win_template module shows all rows as difference.
It's seem that Template module lost --- before information.
related #59433.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_template

ANSIBLE VERSION

ansible 2.9.10
  config file = None
  configured module search path = ['/home/meonal/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/meonal/.local/lib/python3.8/site-packages/ansible
  executable location = /home/meonal/.local/bin/ansible
  python version = 3.8.2 (default, Mar 13 2020, 10:14:16) [GCC 9.3.0]

CONFIGURATION

empty

OS / ENVIRONMENT

target OS versions: Windows10 2004 Build 19041.388

STEPS TO REPRODUCE

prepare dest file on target os.

echo hello > c:\work\dest

ansible-playbook

$ ansible-playbook -i hosts win_site.yml -CD
a
PLAY [all] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************
ok: [172.17.192.1]

TASK [win_template] ********************************************************************************************************************************
--- before
+++ after: /home/meonal/.ansible/tmp/ansible-local-2814nm_5hwid/tmp__vqndox/src
@@ -0,0 +1,2 @@
+hello
+world

changed: [172.17.192.1]

PLAY RECAP *****************************************************************************************************************************************
172.17.192.1               : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

$ cat win_site.yml 
---
- hosts: all
  vars:
    ansible_user: xxx
    ansible_password: xxx
    ansible_connection: winrm
    ansible_winrm_transport: basic
    ansible_winrm_server_cert_validation: ignore
  tasks:
    - win_template:
        src: src
        dest: c:\work\dest

$ cat src 
hello
world

EXPECTED RESULTS

Show only modified row.

TASK [win_template] ********************************************************************************************************************************
--- before: dest
+++ after: /home/meonal/.ansible/tmp/ansible-local-2814nm_5hwid/tmp__vqndox/src
@@ -1 +1,2 @@
 hello
+world

changed: [172.17.192.1]

ACTUAL RESULTS

$ ansible-playbook -i hosts win_site.yml -CD -vvvv
ansible-playbook 2.9.10
  config file = None
  configured module search path = ['/home/meonal/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/meonal/.local/lib/python3.8/site-packages/ansible
  executable location = /home/meonal/.local/bin/ansible-playbook
  python version = 3.8.2 (default, Mar 13 2020, 10:14:16) [GCC 9.3.0]
No config file found; using defaults
setting up inventory plugins
host_list declined parsing /home/meonal/ansible/hosts as it did not pass its verify_file() method
script declined parsing /home/meonal/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /home/meonal/ansible/hosts as it did not pass its verify_file() method
Parsed /home/meonal/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /home/meonal/.local/lib/python3.8/site-packages/ansible/plugins/callback/default.py

PLAYBOOK: win_site.yml *****************************************************************************************************************************
Positional arguments: win_site.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
check: True
diff: True
inventory: ('/home/meonal/ansible/hosts',)
forks: 5
1 plays in win_site.yml

PLAY [all] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************
task path: /home/meonal/ansible/win_site.yml:2
Using module file /home/meonal/.local/lib/python3.8/site-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.
<172.17.192.1> ESTABLISH WINRM CONNECTION FOR USER: [email protected] on PORT 5986 TO 172.17.192.1
EXEC (via pipeline wrapper)
ok: [172.17.192.1]
META: ran handlers

TASK [win_template] ********************************************************************************************************************************
task path: /home/meonal/ansible/win_site.yml:10
<172.17.192.1> ESTABLISH WINRM CONNECTION FOR USER: [email protected] on PORT 5986 TO 172.17.192.1
EXEC (via pipeline wrapper)
Using module file /home/meonal/.local/lib/python3.8/site-packages/ansible/modules/windows/win_stat.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
Using module file /home/meonal/.local/lib/python3.8/site-packages/ansible/modules/windows/win_file.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
--- before
+++ after: /home/meonal/.ansible/tmp/ansible-local-2779fgf2m82x/tmpr4dhy0j7/src
@@ -0,0 +1,2 @@
+hello
+world

changed: [172.17.192.1] => {
    "changed": true,
    "diff": [
        {
            "after": "hello\r\nworld\r\n",
            "after_header": "/home/meonal/.ansible/tmp/ansible-local-2779fgf2m82x/tmpr4dhy0j7/src",
            "before": ""
        }
    ],
    "invocation": {
        "dest": "c:\\work\\dest",
        "follow": false,
        "mode": null,
        "module_args": {
            "dest": "c:\\work\\dest",
            "follow": false,
            "mode": null,
            "src": "/home/meonal/.ansible/tmp/ansible-local-2779fgf2m82x/tmpr4dhy0j7/src"
        },
        "src": "/home/meonal/.ansible/tmp/ansible-local-2779fgf2m82x/tmpr4dhy0j7/src"
    }
}
META: ran handlers
META: ran handlers

PLAY RECAP *****************************************************************************************************************************************
172.17.192.1               : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Copied from original issue: ansible/ansible#70733

win_package: cannot use env-vars (%TEMP%) in path

From @olenm on Apr 17, 2018 22:12

ISSUE TYPE

Bug Report

COMPONENT NAME

win_package

ANSIBLE VERSION

ansible 2.4.3.0
  config file = /Users/HOME/pwd/ansible.cfg
  configured module search path = ['/Users/HOME/pwd/base/library']
  ansible python module location = /usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.4 (default, Jan  6 2018, 11:51:15) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]

and

ansible 2.5.0
  config file = /Users/HOME/pwd/ansible.cfg
  configured module search path = ['/Users/HOME/pwd/base/library']
  ansible python module location = /usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.4 (default, Jan  6 2018, 11:51:15) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]

CONFIGURATION

ANSIBLE_SSH_ARGS(/Users/HOME/pwd/ansible.cfg) = -F ssh.cfg
ANSIBLE_SSH_CONTROL_PATH(/Users/HOME/pwd/ansible.cfg) = ~/.ssh/mux-%r@%h:%p
DEFAULT_HASH_BEHAVIOUR(/Users/HOME/pwd/ansible.cfg) = merge
DEFAULT_HOST_LIST(/Users/HOME/pwd/ansible.cfg) = ['/Users/HOME/pwd/base/inventory']
DEFAULT_MODULE_PATH(/Users/HOME/pwd/ansible.cfg) = ['/Users/HOME/pwd/base/library']
DEFAULT_ROLES_PATH(/Users/HOME/pwd/ansible.cfg) = ['/Users/HOME/pwd/base/roles']

OS / ENVIRONMENT

running ansible-playbook from a mac, remote system is windows server 2016 core

SUMMARY

running win_package with env variables fails (tested with %TEMP%)

STEPS TO REPRODUCE

# vars
msi_path: "%TEMP%\\bla.msi"

# tasks
- win_package:
    path: "{{msi_path}}"
    state: present

EXPECTED RESULTS

expected it to dereference the env-variable and run without erroring

ACTUAL RESULTS

fatal: [18.208.8.19]: FAILED! => {
    "changed": false,
    "msg": "the file at the local path %TEMP%\\bla.msi cannot be reached",
    "reboot_required": false,
    "restart_required": false
}

Copied from original issue: ansible/ansible#38917

PowerShell single quoted string can use a variety of characters

SUMMARY

It is possible to "single" quote PowerShell strings with characters other than the standard apostrophe ' . This comes up any place we want to generate some PowerShell and need to take unknown content and put it into a single quoted string (like the quote filter, or in connection/shell plugins).

Within PowerShell it's easiest to handle this type of thing with

[System.Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent()

but since that's not available in Python, we can probably just hardcode the list of chars.

The really interesting thing about it is that the character delimiting the start and end don't even have to be the same character as long as they are both valid "single quote" chars.

For example consider this:

’abc'

That's a valid single quoted string. Even though:

"’abc'"[0] -as [int]
"’abc'"[-1] -as [int]

Output:

8217
39

The code gen function handles it correctly:

[System.Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent("’abc'")

Output:

’’abc''

The source for the code gen function is here but the really useful stuff for us is actually in the CharExtensions class where they define the single quote characters (these 4 are in addition to the standard apostrophe, as seen in the IsSingleQuote function).

The most likely place for this to bite someone is with non-English languages (this is actually how I found out about this, by mistake, forgetting to switch back to the English IME).

I think the key takeway from the code gen code is that those characters all need to be doubled against themselves, not changed to apostrophe. That prevents them from being used as string delimiters but ensures their content remains the same:

[System.Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent("won’t stop")

The new quote filter sparked this originally:

ansible.windows/plugins/filter/quote.py

Line 63 in ed0b716

return "'{0}'".format(s.replace("'", "''"))

But this may need a sister issue in ansible/ansible:

powershell shell plugin
powershell/module_wrapper (easy fix since we can use code gen method)

That's all I found with a cursory look but there might be some modules or mod utils out there that are affected too.

ISSUE TYPE

Bug Report

COMPONENT NAME

plugins/filters/quote.py

ANSIBLE VERSION

CONFIGURATION

OS / ENVIRONMENT

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

Check for missing commits vs devel

SUMMARY

The "Big Migration" has now taken place.

As this collection already exists, we need to carefully check to see if any further commits went into devel since this repo was created.

Please check the contents of https://github.com/ansible-collection-migration/ansible.windows against this repo

In particular:

Please do a per-file level diff against every file in the ansible-collection-migration repo and this one
Pay care to files added and removed.
During the last two weeks there have been lots of fixes, especially around and tests, dependencies, and new collection features e.g. meta/action_groups.yml

ISSUE TYPE

Bug Report

Add 'validate' to win_template

Copied from ansible/ansible#35661

SUMMARY

Add validate parameter to win_template module with the same behavior as the template module.

ISSUE TYPE

Feature Request

COMPONENT NAME

win_template module

ADDITIONAL INFORMATION

Mostly copying from the old ansible repo: Copied from ansible/ansible#35661

- name: Create a Unix-style file from a Jinja2 template
  win_template:
    src: unix/config.conf.j2
    dest: C:\share\unix\config.conf
    newline_sequence: '\n'
    backup: yes
    validate: 'C:\Program Files\customtool\bin\run.exe test -c %s'

Inclusion of ansible.windows in Ansible 2.10

This collection will be included in Ansible 2.10 because it contains modules and/or plugins that were included in Ansible 2.9. Please review:

The list of requirements for inclusion in Ansible: https://github.com/ansible-collections/overview/blob/master/collection_requirements.rst
The roadmap with all important dates for Ansible 2.10: https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/COLLECTIONS_2_10.rst

DEADLINE: 2020-08-18

The latest version of the collection available on August 18 will be included in Ansible 2.10.0, except possibly newer versions which differ only in the patch level. (For details, see the roadmap). Please release version 1.0.0 of your collection by this date! If 1.0.0 does not exist, the same 0.x.y version will be used in all of Ansible 2.10 without updates, and your 1.x.y release will not be included until Ansible 2.11 (unless you request an exception at a community working group meeting and go through a demanding manual process to vouch for backwards compatibility . . . you want to avoid this!).

Follow semantic versioning rules

Your collection versioning must follow all semver rules. This means:

Patch level releases can only contain bugfixes;
Minor releases can contain new features, new modules and plugins, and bugfixes, but must not break backwards compatibility;
Major releases can break backwards compatibility.

Changelogs and Porting Guide

Your collection should provide data for the Ansible 2.10 changelog and porting guide. The changelog and porting guide are automatically generated from ansible-base, and from the changelogs of the included collections. All changes from the breaking_changes, major_changes, removed_features and deprecated_features sections will appear in both the changelog and the porting guide. You have two options for providing changelog fragments to include:

If possible, use the antsibull-changelog tool, which uses the same changelog fragment as the ansible/ansible repository (see the documentation).
If you cannot use antsibull-changelog, you can provide the changelog in a machine-readable format as changelogs/changelog.yaml inside your collection (see the documentation of changelogs/changelog.yaml format).

If you cannot contribute to the integrated Ansible changelog using one of these methods, please provide a link to your collection's changelog by creating an issue in https://github.com/ansible-community/ansible-build-data/. If you do not provide changelogs/changelog.yml or a link, users will not be able to find out what changed in your collection from the Ansible changelog and porting guide.

Make sure your collection passes the sanity tests

Run ansible-test sanity --docker -v in the collection with the latest ansible-base or stable-2.10 ansible/ansible checkout.

Keep informed

Be sure you're subscribed to:

Changes impacting Collections to track changes that Collection maintainers should be aware of;
The Bullhorn, a newsletter for the Ansible developer community, back issues and how to add content.

Questions and Feedback

If you have questions or want to provide feedback, please see the Feedback section in the collection requirements.

(Internal link to keep track of issues: ansible-collections/overview#102)

win_domain_membership: Error changing hostname

From @dagwieers on Oct 30, 2018 13:54

SUMMARY

When running our configuration script with Ansible v2..8 (devel branch) on 4 new Windows 10 laptops resulted in the below error:

TASK [Configure hostname, domain and workgroup] ********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 300
fatal: [computer113]: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: Skip computer 'computer113' with new name 'computer113' because the new name is the same as the current name."}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 300
fatal: [computer115]: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: Skip computer 'computer115' with new name 'computer115' because the new name is the same as the current name."}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 300
fatal: [computer116]: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: Skip computer 'computer116' with new name 'computer116' because the new name is the same as the current name."}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 300
fatal: [computer114]: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: Skip computer 'computer114' with new name 'computer114' because the new name is the same as the current name."}

ISSUE TYPE

Bug Report

COMPONENT NAME

win_domain_membership

ANSIBLE VERSION

ansible 2.8.0.dev0 (msc_user 91f86f51a6) last updated 2018/10/30 01:36:49 (GMT +200)
  config file = /home/dag/home-made/crombeen/ansible.cfg
  configured module search path = [u'/home/dag/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/anvers/default/lib/ansible
  executable location = /opt/anvers/default/bin/ansible
  python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

Copied from original issue: ansible/ansible#47810

win_uri: RFE Add src and remote_src options to the win_uri module

From @msilmser on Nov 13, 2018 23:23

SUMMARY

Add src and remote_src options to the win_uri module similar to the standard uri module.

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_uri

ADDITIONAL INFORMATION

Can be used to submit files to a remote server.

Copied from original issue: ansible/ansible#48629

win_reboot does not ignore unreachable hosts

SUMMARY

Task win_reboot always fails even if ignore_unreachable is set to true.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_reboot

ANSIBLE VERSION

ansible 2.9.6
  config file = /mnt/c/git/auto-installer/ansible.cfg
  configured module search path = ['/home/tokr94/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/tokr94/.local/lib/python3.6/site-packages/ansible
  executable location = /home/tokr94/.local/bin/ansible
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]

CONFIGURATION

DEFAULT_HASH_BEHAVIOUR(/mnt/c/git/auto-installer/ansible.cfg) = merge
DEFAULT_HOST_LIST(/mnt/c/git/auto-installer/ansible.cfg) = ['/mnt/c/git/auto-installer/hosts']
DEFAULT_LOG_PATH(/mnt/c/git/auto-installer/ansible.cfg) = /mnt/c/git/auto-installer/.logs/ansibl
DUPLICATE_YAML_DICT_KEY(/mnt/c/git/auto-installer/ansible.cfg) = true
INTERPRETER_PYTHON(/mnt/c/git/auto-installer/ansible.cfg) = /usr/bin/python3

OS / ENVIRONMENT

Host: MS Edge Windows 10 VirtualBox VM from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Server: Windows Subsystem for Linux (Ubuntu 18.04 LTS)

ansible_connection: winrm
ansible_port: 5986
ansible_winrm_transport: credssp
ansible_winrm_server_cert_validation: ignore

STEPS TO REPRODUCE

When task win_reboot is executed with ignore_unreachable: true, it never skipps unreachable hosts but returns error and therefore stops entire playbook. Not sure if that's the intended behavior anyway. At least it's not what I expected.

- hosts: all
  gather_facts: true
  ignore_unreachable: true

  tasks:
    - name: "Try to ping host"  # skipped correctly for unreachable hosts
      win_ping:

    - name: "Reboot the machine ... waiting for WinRM to come up again"  # fails
      win_reboot:

    - name: "... yet another task"  # never executed
      win_ping:

EXPECTED RESULTS

Task win_reboot should be skipped due to ignore_unreachable: true. Following task win_ping should be executed normally (and may be skipped as well).

ACTUAL RESULTS

Fail of win_reboot stops entire playbook and subsequent tasks never get executed for (un-)reachable hosts unless ignore_errors also is set to true.

PLAYBOOK: main.yml *****************************************************************************************************
Positional arguments: main.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/mnt/c/git/auto-installer/hosts',)
subset: winhost
forks: 5
1 plays in main.yml

PLAY [all] *************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
task path: /mnt/c/git/auto-installer/main.yml:2
Using module file /home/tokr94/.local/lib/python3.6/site-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.
<192.168.56.101> ESTABLISH WINRM CONNECTION FOR USER: IEUser on PORT 5986 TO 192.168.56.101
fatal: [192.168.56.101]: UNREACHABLE! => {
    "changed": false,
    "msg": "credssp: HTTPSConnectionPool(host='192.168.56.101', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f5c425ea940>: Failed to establish a new connection: [Errno 111] Connection refused',))",
    "skip_reason": "Host 192.168.56.101 is unreachable",
    "unreachable": true
}
META: ran handlers

TASK [Try to ping host] ************************************************************************************************
task path: /mnt/c/git/auto-installer/main.yml:7
Using module file /home/tokr94/.local/lib/python3.6/site-packages/ansible/modules/windows/win_ping.ps1
Pipelining is enabled.
<192.168.56.101> ESTABLISH WINRM CONNECTION FOR USER: IEUser on PORT 5986 TO 192.168.56.101
fatal: [192.168.56.101]: UNREACHABLE! => {
    "changed": false,
    "msg": "credssp: HTTPSConnectionPool(host='192.168.56.101', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f5c425a0cc0>: Failed to establish a new connection: [Errno 111] Connection refused',))",
    "skip_reason": "Host 192.168.56.101 is unreachable",
    "unreachable": true
}

TASK [Reboot the machine ... waiting for WinRM to come up again] *******************************************************
task path: /mnt/c/git/auto-installer/main.yml:10
<192.168.56.101> ESTABLISH WINRM CONNECTION FOR USER: IEUser on PORT 5986 TO 192.168.56.101
fatal: [192.168.56.101]: FAILED! => {
    "changed": false,
    "msg": "credssp: HTTPSConnectionPool(host='192.168.56.101', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f5c425b47b8>: Failed to establish a new connection: [Errno 111] Connection refused',))",
    "reboot": false
}

PLAY RECAP *************************************************************************************************************
192.168.56.101             : ok=0    changed=0    unreachable=2    failed=1    skipped=2    rescued=0    ignored=0

The type being used for parsing should be uint32, not int32

From @wsteinford on Apr 07, 2020 01:45

ISSUE TYPE

Bug Report

ANSIBLE VERSION

ansible 2.9

CONFIGURATION

OS / ENVIRONMENT

Deploying to Windows host

SUMMARY

https://github.com/ansible/ansible/blob/18a2183a0be3896f28b9fc77f90563585916e98c/lib/ansible/modules/windows/win_package.ps1#L65

This should use uint32 because the function MsiOpenPackageW returns uint32:

 $int_rc = [uint32]::Parse($rc)

It causes a failure if the expected value exceeds 31 bits, though it should be allowed to reach 32 bits.

STEPS TO REPRODUCE

Add a task like this:

- name: Run installer
  win_package:
    path: "installer.msi"
    product_id: "{e2b3431b-3f10-4f53-abdd-d3ff3feaa1ad}"
    # This package usually returns 3221225477 (access exception) when it succeeds installing
    expected_return_code: [0, 3010, 3221225477]

EXPECTED RESULTS

The installer runs and returns 3221225477, and Ansible accepts it as OK

ACTUAL RESULTS

Ansible returns the message:

fatal: [hostname]: FAILED! => {"changed": false, "msg": "failed to parse expected return code 3221225477 as an integer", "reboot_required": false}

Copied from original issue: ansible/ansible#68732

win_reboot: failed to get host boot time info

From @MaartenMol on Mar 18, 2020 12:29

SUMMARY

Getting the following error: win_reboot: failed to get host boot time info, rc: 1, stdout: , stderr:

While running this play on Windows Server 2019

I have seen other reports from before but those are a long time ago and from very old versions of Ansible.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_reboot

ANSIBLE VERSION

2.9.5

CONFIGURATION

OS / ENVIRONMENT

Running the playbook from Ansible AWX on Docker using the official installation steps. No other weird errors when running Playbooks on Windows.

OS to be configured by playbooks: Windows Server 2019 latest updates

Connection method to hosts:

ansible_connection: vmware_tools
ansible_shell_type: powershell

STEPS TO REPRODUCE

---
- name: Deploy an Active Directory
  hosts: domaincontrollers
  gather_facts: yes
  tasks:
    - name: Create new Windows domain in a new forest
      win_domain:
        dns_domain_name: "{{ organization }}"
        safe_mode_password: P@ssword
      register: domain_install
    - name: Reboot when AD feature requires it
      win_reboot:
      when: domain_install.reboot_required

EXPECTED RESULTS

Reboots when the active directory module requires it.

ACTUAL RESULTS

{
    "reboot": false,
    "msg": "win_reboot: failed to get host boot time info, rc: 1, stdout: , stderr: ",
    "_ansible_no_log": false,
    "changed": false
}

Copied from original issue: ansible/ansible#68307

Any option to exclude some files from delete in windows using ansible

From @dhikrahashim on Aug 11, 2020 04:06

SUMMARY

ISSUE TYPE

I want to exclude some files from deleting in windows using win_file module.
Unfortunately exclude option is there only for Linux module file, I believe.

I am getting updated application code from developer. I need to keep some files without any change in the windows application like "web.config". In that case I only need to exclude one or two files and I can replace all other files.

Other option I have is, I need to copy original "web.config" in my src folder and idempotent will work.

COMPONENT NAME

ANSIBLE VERSION

Latest

CONFIGURATION

- win_find:
paths: "c:/Users/xxxx/Desktop/Newfolder/test/"
file_type: file
excludes:
 - "Global.asax"
register: found_files

- win_file:
path: "{{ item.path }}"
state: absent
with_items: "{{ found_files.files }}"
================================

- win_find:
paths: "c:/Users/farmoh/Desktop/Newfolder/test-farooq/"
file_type: file
register: found_files

- win_file:
path: "{{ item.path }}"
state: absent
with_items: "{{ found_files.files }}"
when: 'Global.asax not in item.path'

OS / ENVIRONMENT

Windows

ADDITIONAL INFORMATION

Tried all two types plays, nothing works

Copied from original issue: ansible/ansible#71196

win_package: Support PackageManagement providers

SUMMARY

Add the ability to specify package name, provider, and version through win_package

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_package

ADDITIONAL INFORMATION

Extend win_package to handle requests similar to the following

Install-Package -Name "package-name" –ProviderName  ProviderName -RequiredVersion X.Y.Z -Force

win_updates: failed_updates_count not always returned

From @TylerKerrACG on Jun 27, 2018 20:20

SUMMARY

The documentation for win_updates claims that the "failed_updates_count" return value will always be returned, but that is not the case. Other values that are only returned on success are still present when no changes are made.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_updates

ANSIBLE VERSION

ansible 2.5.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/it/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]

CONFIGURATION

Nothing changed.

OS / ENVIRONMENT

Running from AWX Docker on Linux.
Controlling Windows 10 machines.

STEPS TO REPRODUCE

    - name: Install all important updates
      win_updates:
        category_names:
          - SecurityUpdates
          - CriticalUpdates
          - UpdateRollups
        log_path: c:\_ansible\wu.txt
        state: installed
        become: yes
        become_method: runas
        become_user: SYSTEM
      register: update_result

EXPECTED RESULTS

return value included "failed_update_count": 0

ACTUAL RESULTS

return value "failed_update_count" is undefined

{
    "_ansible_parsed": true,
    "_ansible_no_log": false,
    "filtered_updates": {},
    "installed_update_count": 0,
    "changed": false,
    "reboot_required": false,
    "updates": {},
    "found_update_count": 0
}

Copied from original issue: ansible/ansible#42020

win_dsc: failed when used with psrp connection and Windows CJK locale

SUMMARY

win_dsc was failed when used with psrp connection and Windows ja-JP locale.
I think it happens in CJK as well as ja-JP.

I created the following dirty patch and applied it and it worked.

--- psrp.py     2020-07-06 07:36:27.355066100 +0000
+++ /usr/local/lib/python3.8/dist-packages/ansible/plugins/connection/psrp.py   2020-07-06 07:37:22.695066100 +0000
@@ -505,7 +505,7 @@ class Connection(ConnectionBase):
         if process.rc != 0:
             raise AnsibleError(to_native(process.stderr))

-        put_output = json.loads(process.stdout)
+        put_output = json.loads(process.stdout.decode('utf-8'))
         remote_sha1 = put_output.get("sha1")

         if not remote_sha1:
@@ -687,6 +687,7 @@ if ($bytes_read -gt 0) {
             negotiate_delegate=self._psrp_negotiate_delegate,
             negotiate_hostname_override=self._psrp_negotiate_hostname_override,
             negotiate_service=self._psrp_negotiate_service,
+            locale="ja-JP",
         )

         # Check if PSRP version supports newer read_timeout argument (needs pypsrp 0.3.0+)

ISSUE TYPE

Bug Report

COMPONENT NAME

win_dsc
psrp

ANSIBLE VERSION

# ansible --version
ansible 2.9.10
  config file = /root/.ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.8.2 (default, Apr 27 2020, 15:53:34) [GCC 9.3.0]

CONFIGURATION

empty

OS / ENVIRONMENT

target OS version: Windows Server 2019 version 1809 build 17763.379

PS C:\Users\Administrator> Get-WinSystemLocale

LCID             Name             DisplayName
----             ----             -----------
1041             ja-JP            日本語 (日本)

STEPS TO REPRODUCE

# ansible-playbook -i hosts win_dsc.yml

PLAY [all] ********************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************
ok: [10.0.4.105]

TASK [win_shell] **************************************************************************************************
changed: [10.0.4.105]

TASK [win_psmodule] ***********************************************************************************************
ok: [10.0.4.105]

TASK [win_dsc] ****************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 332
fatal: [10.0.4.105]: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: The 'Get-DscResource' command was found in the module 'PSDesiredStateConfiguration', but the module could not be loaded. For more information, run 'Import-Module PSDesiredStateConfiguration'."}

PLAY RECAP ********************************************************************************************************
10.0.4.105                 : ok=3    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

# cat win_dsc.yml
---
- hosts: all
  vars:
    ansible_user: xxx
    ansible_password: xxx
    ansible_port: 5986
    ansible_connection: psrp
    ansible_psrp_cert_validation: ignore
    ansible_psrp_proxy: socks5h://xxx:[email protected]:1080
  tasks:
    - win_shell: Install-PackageProvider -Name NuGet

    - win_psmodule:
        name: xWebAdministration
        state: present

    - win_dsc:
        resource_name: xWebsite
        Name: WebApi
        AuthenticationInfo:
          Anonymous: yes
          Basic: no
          Digest: no
          Windows: no

EXPECTED RESULTS

It does not fail.

ACTUAL RESULTS

# ansible-playbook -i hosts win_dsc.yml -vvvv
ansible-playbook 2.9.10
  config file = /root/.ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.8.2 (default, Apr 27 2020, 15:53:34) [GCC 9.3.0]
Using /root/.ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /root/Web/ansible/hosts as it did not pass its verify_file() method
script declined parsing /root/Web/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /root/Web/ansible/hosts as it did not pass its verify_file() method
Parsed /root/Web/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/local/lib/python3.8/dist-packages/ansible/plugins/callback/default.py

PLAYBOOK: win_dsc.yml *********************************************************************************************
Positional arguments: win_dsc.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/root/Web/ansible/hosts',)
forks: 5
1 plays in win_dsc.yml

PLAY [all] ********************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************
task path: /root/Web/ansible/win_dsc.yml:2
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.
<10.0.4.105> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.0.4.105
PSRP: EXEC (via pipeline wrapper)
ok: [10.0.4.105]
META: ran handlers

TASK [win_shell] **************************************************************************************************
task path: /root/Web/ansible/win_dsc.yml:11
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/windows/win_shell.ps1
Pipelining is enabled.
<10.0.4.105> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.0.4.105
PSRP: EXEC (via pipeline wrapper)
changed: [10.0.4.105] => {
    "changed": true,
    "cmd": "Install-PackageProvider -Name NuGet",
    "delta": "0:00:02.625093",
    "end": "2020-07-19 07:21:41.676321",
    "rc": 0,
    "start": "2020-07-19 07:21:39.051228",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "",
    "stdout_lines": []
}

TASK [win_psmodule] ***********************************************************************************************
task path: /root/Web/ansible/win_dsc.yml:13
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/windows/win_psmodule.ps1
Pipelining is enabled.
<10.0.4.105> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.0.4.105
PSRP: EXEC (via pipeline wrapper)
ok: [10.0.4.105] => {
    "changed": false,
    "nuget_changed": false,
    "output": "Module xWebAdministration already present",
    "repository_changed": false
}

TASK [win_dsc] ****************************************************************************************************
task path: /root/Web/ansible/win_dsc.yml:17
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/windows/win_dsc.ps1
Pipelining is enabled.
<10.0.4.105> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.0.4.105
PSRP: EXEC (via pipeline wrapper)
The full traceback is:
The 'Get-DscResource' command was found in the module 'PSDesiredStateConfiguration', but the module could not be loaded. For more information, run 'Import-Module PSDesiredStateConfiguration'.
At line:332 char:21
+ $module_versions = (Get-DscResource -Name $resource_name -ErrorAction ...
+                     ~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-DscResource:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule

ScriptStackTrace:
at <ScriptBlock>, <No file>: line 332
fatal: [10.0.4.105]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: The 'Get-DscResource' command was found in the module 'PSDesiredStateConfiguration', but the module could not be loaded. For more information, run 'Import-Module PSDesiredStateConfiguration'."
}

PLAY RECAP ********************************************************************************************************
10.0.4.105                 : ok=3    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

win_updates: Windows updates processing is stopped if any update fails

From @ramon-garcia on Dec 13, 2018 10:34

SUMMARY

When updating windows with win_updates, with the reboot option, the intention is that the system is updated and rebooted as many times as necessary.

But, if after some update, any of them fails,the processing is stopped.

After reading the source, this looks like a simple bug. In the source file lib/ansible/plugins/action/win_updates.py

    # if the module failed to run at all then changed won't be populated
    # so we just return the result as is
    # https://github.com/ansible/ansible/issues/38232
    failed = result.get('failed', False)
    if ("updates" not in result.keys() and self._task.async_val == 0) or failed:
        result['failed'] = True
        return result

The problem is in the conditional. For fixing issue #38232 , in the case failed the processing is stopped.
I changed the condition to:

if ("updates" not in result.keys() and self._task.async_val == 0) or \
            (failed and not (reboot and result.get('reboot_required', False))):

So that, if reboots are requested, and the last update attempt returned that reboot is needed, then go on.

Another similar case, if the update request fails because a reboot is pending. The flow should not stop.

Hope this helps.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_updates

ANSIBLE VERSION

2.7.4

CONFIGURATION

OS / ENVIRONMENT

This is Ansible runing under Centos 7. The target is Windows Server.

STEPS TO REPRODUCE

run

ansible -m win_updates --args 'reboot=true' [some server]

EXPECTED RESULTS

The server should install all updates including rebooting as many times as necessary.

ACTUAL RESULTS

The process stops as soon as one update fails.

Copied from original issue: ansible/ansible#49874

setup : Throws an exception error when used to gather custom facts for Windows targets.

SUMMARY

Since Ansible release v2.8.0, the 'setup' module which we use for gathering custom facts ( powershell scripts ) on Windows targets, is failing with exception error.

ISSUE TYPE

Bug Report

COMPONENT NAME

setup.ps1

ANSIBLE VERSION

ansible 2.9.6
  config file = /code/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /root/.local/lib/python2.7/site-packages/ansible
  executable location = /root/bin/ansible
  python version = 2.7.5 (default, Dec  4 2019, 17:34:13) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39.0.1)]

CONFIGURATION

OS / ENVIRONMENT

Windows Server 2012 R2 Standard - PowerShell v5.1
Windows Server 2016 Standard - PowerShell v6.0

STEPS TO REPRODUCE

Calling the 'setup' module with 'fact_path:' pointing to 'C:\ansible\facts.d' which has staged PowerShell scripts, throws an exception error. This error is not seen with Ansible =<v2.7.16; this error is seen with Ansible >=v2.8.0.

- name: 'Gather Custom Facts.'
  setup:
    fact_path: 'C:\\ansible\\facts.d\\'

EXPECTED RESULTS

The task should complete without any errors.

ACTUAL RESULTS

The full traceback is:
Exception setting "CursorPosition": "A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related commands from command types that do not support user interaction, such as Windows PowerShell workflows."
At line:299 char:5
+     Get-CustomFacts -factpath $factpath
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-CustomFacts], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting,Get-CustomFacts

ScriptStackTrace:
at <ScriptBlock>, <No file>: line 3
at <ScriptBlock>, C:\ansible\facts.d\<script>.ps1: line 2
at Get-CustomFacts, <No file>: line 22
at <ScriptBlock>, <No file>: line 299

System.Management.Automation.SetValueInvocationException: Exception setting "CursorPosition": "A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related commands from command types that do not support user interaction, such as Windows PowerShell workflows." ---> System.Management.Automation.Host.HostException: A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related commands from command types that do not support user interaction, such as Windows PowerShell workflows.
   at System.Management.Automation.Internal.Host.InternalHostRawUserInterface.ThrowNotInteractive()
   at System.Management.Automation.Internal.Host.InternalHostRawUserInterface.set_CursorPosition(Coordinates value)
   at CallSite.Target(Closure , CallSite , Object , Hashtable )
   --- End of inner exception stack trace ---
   at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
   at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)
   at System.Management.Automation.PSScriptCmdlet.DoEndProcessing()
   at System.Management.Automation.CommandProcessorBase.Complete()
fatal: [<windows_target_machine>]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: Exception setting \"CursorPosition\": \"A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related commands from command types that do not support user interaction, such as Windows PowerShell workflows.\""
}

win_user_right: Intermittent failure on domain controller

SUMMARY

We are receiving intermittent errors when applying user right assignments to a domain controller.

FAILED! => {"changed": false, "msg": "failed to convert sid '[sid value removed]' to a logon name: Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated.""}

ISSUE TYPE

Bug Report

COMPONENT NAME

win_user_right

ANSIBLE VERSION

ansible 2.9.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/AD/zzmorada/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/AD/zzmorada/.local/lib/python3.5/site-packages/ansible
  executable location = /home/AD/zzmorada/.local/bin/ansible
  python version = 3.5.2 (default, Apr 16 2020, 17:47:17) [GCC 5.4.0 20160609]

CONFIGURATION

ANSIBLE_PIPELINING(/etc/ansible/ansible.cfg) = True
DEFAULT_FORKS(/etc/ansible/ansible.cfg) = 25
DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = ['/etc/ansible/inventory']
DEFAULT_LOG_PATH(/etc/ansible/ansible.cfg) = /var/log/ansible/ansible.log
HOST_KEY_CHECKING(env: ANSIBLE_HOST_KEY_CHECKING) = False
TRANSFORM_INVALID_GROUP_CHARS(/etc/ansible/ansible.cfg) = ignore

OS / ENVIRONMENT

Ubuntu 16.04

STEPS TO REPRODUCE

  win_user_right:
    name: SeAuditPrivilege
    users: "{{ security_win2012r2_wn12_ur_000024_users }}"
    action: set
  when: (security_win2012r2_wn12_ur_000024|bool)
  tags:
    - userRightsAssignment


----

security_win2012r2_wn12_ur_000024_users:
  - Local Service
  - Network Service
  - IIS APPPOOL\DefaultAppPool

EXPECTED RESULTS

win_user_right works consistently and is idempotent

ACTUAL RESULTS

FAILED! => {"changed": false, "msg": "failed to convert sid '[sid removed]' to a logon name: Exception calling \"Translate\" with \"1\" argument(s): \"Some or all identity references could not be translated.\""}

win_updates reboot:True - host is not rebooted, module returns error

SUMMARY

I've set win_updates reboot: True so that the hosts will be rebooted if necessary. However I've had one host fail with error message A reboot is required before more updates can be installed.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_updates

ANSIBLE VERSION

ansible 2.9.7
  config file = /home/douglas/Code/infra-as-code/ansible.cfg
  configured module search path = ['/home/douglas/Code/infra-as-code/lib/ansible/modules']
  ansible python module location = /home/douglas/Code/infra-as-code/venv/lib/python3.6/site-packages/ansible
  executable location = /home/douglas/Code/infra-as-code/venv/bin/ansible
  python version = 3.6.9 (default, Apr 18 2020, 01:56:04) [GCC 8.4.0]

CONFIGURATION

ANSIBLE_PIPELINING(/home/douglas/Code/infra-as-code/ansible.cfg) = True
COLLECTIONS_PATHS(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/vendor']
DEFAULT_CLICONF_PLUGIN_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/lib/ansible/plugins/cliconf
DEFAULT_FORKS(/home/douglas/Code/infra-as-code/ansible.cfg) = 30
DEFAULT_HOST_LIST(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/inventory/staging.yml']
DEFAULT_INVENTORY_PLUGIN_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/lib/ansible/plugins/inven
DEFAULT_LOOKUP_PLUGIN_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/lib/ansible/plugins/lookup']
DEFAULT_MODULE_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/lib/ansible/modules']
DEFAULT_MODULE_UTILS_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/lib/ansible/module_utils']
DEFAULT_PRIVATE_KEY_FILE(/home/douglas/Code/infra-as-code/ansible.cfg) = /home/douglas/.ssh/ctadmin_rsa
DEFAULT_ROLES_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/vendor/roles', '/home/douglas/Code/i
DEFAULT_STDOUT_CALLBACK(/home/douglas/Code/infra-as-code/ansible.cfg) = debug
DEFAULT_TERMINAL_PLUGIN_PATH(/home/douglas/Code/infra-as-code/ansible.cfg) = ['/home/douglas/Code/infra-as-code/lib/ansible/plugins/termin
HOST_KEY_CHECKING(/home/douglas/Code/infra-as-code/ansible.cfg) = False
INTERPRETER_PYTHON(/home/douglas/Code/infra-as-code/ansible.cfg) = auto_silent
TRANSFORM_INVALID_GROUP_CHARS(/home/douglas/Code/infra-as-code/ansible.cfg) = ignore

OS / ENVIRONMENT

Ansible host: Ubuntu 18.04 LTS
Target host: Windows 10 1903

STEPS TO REPRODUCE

      - name: Update Windows Hosts
        win_updates:
          state: installed
          reboot: True
          category_names:
            - "Application"
            - "Connectors"
            - "Critical Updates"
            - "Definition Updates"
            - "Developer Kits"
            - "Feature Packs"
            - "Guidance"
            - "Security Updates"
            - "Service Packs"
            - "Tools"
            - "Update Rollups"
            - "Updates"
            - "Windows Defender"

EXPECTED RESULTS

All updates should be installed, host rebooted as many times as necessary.

ACTUAL RESULTS

fatal: [WINDOWS-HOST]: FAILED! => {
    "changed": false,
    "filtered_updates": {},
    "found_update_count": 1,
    "installed_update_count": 0,
    "reboot_required": true,
    "updates": {
        "a5becc0d-4344-493b-96f6-4945bbeae18b": {
            "categories": [
                "Updates",
                "Windows 10, version 1903 and later"
            ],
            "id": "a5becc0d-4344-493b-96f6-4945bbeae18b",
            "installed": false,
            "kb": [
                "4497165"
            ],
            "title": "2020-01 Update for Windows 10 Version 1903 for x64-based Systems (KB4497165)"
        }
    }
}

MSG:

A reboot is required before more updates can be installed

setup: Windows FQDN incomplete

From @lanoxx on Feb 07, 2019 13:05

SUMMARY

On Windows hosts the DhcpDomain suffix is ignored in the FQDN name.

ISSUE TYPE

Bug Report

COMPONENT NAME

setup -> win_setup

ANSIBLE VERSION

   master

OS / ENVIRONMENT

Windows

STEPS TO REPRODUCE

Setup a Windows machine which is not joined to an AD domain.
Make sure the DHCP server is sending a Dhcp Domain, let say example.com
Execute the setup module.

EXPECTED RESULTS

Expected ansible_fqdn to be myhostname.example.com if the machines hostname is myhostname.

ACTUAL RESULTS

The ansible_fqdn is something like: myhostname. (notice the trailing dot).

Copied from original issue: ansible/ansible#51865

win_dsc: fails to serialize properties into CimInstance

From @rukas on Aug 10, 2018 18:48

SUMMARY

Using win_dsc results in the following error: Failed to serialize properties into CimInstance.

The same configuration in pure DSC works without issue:

        xIEEsc DisableIEEscAdmin {
            IsEnabled = $false
            UserRole  = "Administrators"   
        }

ISSUE TYPE

Bug Report

COMPONENT NAME

win_dsc

ANSIBLE VERSION

2.6.2

CONFIGURATION

DEFAULT_FORKS(/opt/devops-ansible/playbooks/test/ansible.cfg) = 40
DEFAULT_HOST_LIST(/opt/devops-ansible/playbooks/test/ansible.cfg) = [u'/opt/devops-ansible/playbooks/test/hosts.yml']
DEFAULT_LOG_PATH(/opt/devops-ansible/playbooks/test/ansible.cfg) = /opt/devops-ansible/playbooks/test/playbook.log
PERSISTENT_CONNECT_TIMEOUT(/opt/devops-ansible/playbooks/test/ansible.cfg) = 30

OS / ENVIRONMENT

From Ubuntu 16.04.2
Managing Server 2016

STEPS TO REPRODUCE

hosts.yml

sql:
  hosts:
    10.2.1.6:
      ansible_winrm_server_cert_validation: ignore
      ansible_connection: winrm
      ansible_user: "some user"
      ansible_password: "some vault password"

test_playbook.yml

---
- hosts: sql
  gather_facts: true
  tasks:
    - name: Install PSDesiredStateConfiguration PowerShell Module
      win_psmodule:
        name: PSDesiredStateConfiguration
        state: present
    - name: Install xSystemSecurity PowerShell Module
      win_psmodule:
        name: xSystemSecurity
        state: present
    - name: Set IE security to disabled for Administrators
      win_dsc:
        resource_name: xIEEsc
        IsEnabled: false
        UserRole: 'Administrators'
        PsDscRunAsCredential_username: '{{ansible_user}}'
        PsDscRunAsCredential_password: '{{ansible_password}}'

EXPECTED RESULTS

The DSC configuration to be successful

ACTUAL RESULTS

ansible-playbook test_playbook.yml -i hosts.yml -vv --ask-vault-pass

ansible-playbook 2.6.2
  config file = /opt/devops-ansible/playbooks/test/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0 20160609]
Using /opt/devops-ansible/playbooks/test/ansible.cfg as config file

PLAYBOOK: test_playbook.yml *********************************************************************************************************************************************************
1 plays in test_playbook.yml

PLAY [sql] **************************************************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************************************
task path: /opt/devops-ansible/playbooks/test/test_playbook.yml:2
ok: [10.2.1.6]
META: ran handlers

TASK [Install PSDesiredStateConfiguration PowerShell Module] ************************************************************************************************************************
task path: /opt/devops-ansible/playbooks/test/test_playbook.yml:5
ok: [10.2.1.6] => {"changed": false, "nuget_changed": false, "output": "Module PSDesiredStateConfiguration already present", "repository_changed": false}

TASK [Install xSystemSecurity PowerShell Module] ************************************************************************************************************************************
task path: /opt/devops-ansible/playbooks/test/test_playbook.yml:9
ok: [10.2.1.6] => {"changed": false, "nuget_changed": false, "output": "Module xSystemSecurity already present", "repository_changed": false}

TASK [Set IE security to disabled for Administrators] *******************************************************************************************************************************
task path: /opt/devops-ansible/playbooks/test/test_playbook.yml:13
fatal: [10.2.1.6]: FAILED! => {"changed": false, "module_version": "1.4.0.0", "msg": "Failed to serialize properties into CimInstance.", "reboot_required": false}
        to retry, use: --limit @/opt/devops-ansible/playbooks/test/test_playbook.retry

PLAY RECAP **************************************************************************************************************************************************************************
10.2.1.6                   : ok=3    changed=0    unreachable=0    failed=1



_Copied from original issue: ansible/ansible#43975_

setup: Only user of group Administrators on Windows server can successfully gather info using Ansible setup module

From @pytkr on Sep 27, 2019 03:22

I deeply admire you for your wonderful work for the many Operation jobs, however, Ansible 2.8 supports linux server with non-root user to gather info using setup module, I just don't know how to do the same thing with non-administrator user to gather info using ansible setup module for windows server, thanks!

Copied from original issue: ansible/ansible#62899

win_service: is missing service failure handling

From @sm4rk0 on Apr 28, 2017 09:09

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_service

ANSIBLE VERSION

ansible 2.4.0 (devel ecbf8e933a) last updated 2017/04/28 10:59:50 (GMT +200)
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/administrator/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/administrator/ansible/lib/ansible
  executable location = /home/administrator/ansible/bin/ansible
  python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]

CONFIGURATION

N/A

OS / ENVIRONMENT

N/A

SUMMARY

sc.exe has failure command to change the actions upon service failure.
It would be useful to have the same feature exposed in win_service module.
Alternate idea would be to have a separate module, ie. win_service_failure in order not to over-complicate the win_service module.

STEPS TO REPRODUCE

N/A

EXPECTED RESULTS

N/A

ACTUAL RESULTS

N/A

Copied from original issue: ansible/ansible#24098

ansible.windows.win_get_url unhandled exception

SUMMARY

win_get_url from collection not working and end in unhandled exception

ISSUE TYPE

Bug Report

COMPONENT NAME

ansible.windows.win_get_url

ANSIBLE VERSION

  config file = None
  configured module search path = ['/home/dockeruser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.9 (default, Jul 19 2020, 03:46:11) [GCC 8.3.0]

CONFIGURATION

DEFAULT_ROLES_PATH(/home/nighty/repos/windows_image/windows_image/ansible.cfg) = ['/home/nighty/repos/windows_image/windows_image']

OS / ENVIRONMENT

fresh Azure - Windows Server 2016 Datacenter VM

STEPS TO REPRODUCE

download collection ansible.windows and try using win_get_url

- name: Download image to temp
  ansible.windows.win_get_url:
    url: 'https://www.google.de/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png'
    dest: 'C:\test.png'

EXPECTED RESULTS

the file is downloaded and stored

ACTUAL RESULTS

I received an unhandled exception

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 51
fatal: [win2016]: FAILED! => {"changed": false, "msg": "Unhandled exception while executing module: The term 'Get-AnsibleWindowsWebRequestSpec' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."}

Please note
The win_get_url that ships with ansible is (still) working - if i use win_get_url: instead of ansible.windows.win_get_url: it works without issues!

win_service: does not support virtual account

From @agowa338 on Sep 19, 2019 14:22

SUMMARY

Installing a service with the virtual account configured for execution of the service does not work.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_service

ANSIBLE VERSION

ansible 2.8.5
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.7.4 (default, Jul 16 2019, 07:12:58) [GCC 9.1.0]

CONFIGURATION

OS / ENVIRONMENT

ArchLinux

STEPS TO REPRODUCE

- name: Create the windows service for auditbeat
  win_service:
    state: started
    display_name: Foobar
    name: foobar
    path: "C:\Windows\System32\calc.exe"
    username: NT SERVICES\foobar$
    password: ''

EXPECTED RESULTS

Service being created successfully.

ACTUAL RESULTS

fatal: [naboo]: FAILED! => {
    "changed": false,
    "msg": "account_name NT SERVICES\\foobar$ is not a valid account, cannot get SID: Ausnahme beim Aufrufen von \"Translate\" mit 1 Argument(en):  \"Manche oder alle Identitätsverweise konnten nicht übersetzt werden.\""
}

Copied from original issue: ansible/ansible#62601

win_updates does not list feature updates

SUMMARY

The win_updates module can not find any optional or feature updates which means it cannot install them.

For example on a Windows 10 1909 I can see in the windows update settings UI that the 2004 feature update is available.

I can click on Download and install manually but I cannot get this to appear in any search through the Windows Update API COM interface. The same also applies for any preview cumulative updates as they are considered optional in the same sense as the feature update install.s

Using Get-WindowsUpdate.ps1 I can replicate the same update searcher that win_updates use and it's unable to find either of those optional updates no matter the criteria I specify.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_updates

ANSIBLE VERSION

All

CONFIGURATION

N/A

OS / ENVIRONMENT

Windows 10

win_dsc: DSC Resources that specify 'System.ServiceProcess' as one of the 'RequiredAssemblies' are not discoverable using Get-DSCResource when run via Ansible

SUMMARY

If a custom DSC Resource contains a reference to System.ServiceProcess as one of the RequiredAssemblies in the respective .psd1 file, and the associated .psm1 file contains references to that assembly, the call to Get-DscResource in win_dsc, when run via the Ansible, cannot find that DSC Resource (even though it does exist) and the Ansible call fails.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_dsc

ANSIBLE VERSION

ansible 2.9.7
  config file = /media/sf_trusty64/Ansible_Configuration_Management/windows/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.6 (default, Oct 26 2016, 20:30:19) [GCC 4.8.4]

CONFIGURATION

DISPLAY_SKIPPED_HOSTS(env: ANSIBLE_DISPLAY_SKIPPED_HOSTS) = False

OS / ENVIRONMENT

Windows 10

STEPS TO REPRODUCE

Unzip these files (ExampleDscResource.zip) to C:\Program Files\WindowsPowerShell\Modules\ExampleDscResource\1.0.0.0:
Run Get-DscResource to confirm the DSC Resource is installed correctly
Create a playbook containing the following:

---
- name: Example Dsc Resource
  hosts: all
  tasks:
  - name: Run ExampleDscResource
    win_dsc:
      resource_name: "ExampleDscResource"
      Ensure: present

EXPECTED RESULTS

The DSC Resource runs:

PLAY [Example Dsc Resource] **********************************************************

TASK [Gathering Facts] *********************************************************
ok: [windows]

TASK [Run ExampleDscResource] **************************************************
ok: [windows]

PLAY RECAP *********************************************************************
windows                    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

ACTUAL RESULTS

PLAY [Example Dsc Resource] **********************************************************

TASK [Gathering Facts] *********************************************************
ok: [windows]

TASK [Run ExampleDscResource] **************************************************
fatal: [windows]: FAILED! => {"changed": false, "msg": "Resource 'ExampleDscResource' not found."}

PLAY RECAP *********************************************************************
windows                    : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Adding Add-Type -assemblyname System.ServiceProcess to win_dsc at the line preceding the call to Get-DscResource here causes the playbook to execute successfully.

win_dsc: Invoke multiple resources in one run

From @gvcgael on Dec 12, 2019 16:54

SUMMARY

Sometimes, invoking resources in different steps in ansible does not work. It would be great if win_dsc could call multiple dsc resources in one step without requiring ansible reconnecting.

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_dsc

ADDITIONAL INFORMATION

For example, consider the following dsc :

Configuration IPAddress_AddingStaticIP_Config
{
    Import-DscResource -Module NetworkingDsc

    Node localhost
    {
        NetIPInterface DisableDhcp
        {
            InterfaceAlias = 'Ethernet'
            AddressFamily  = 'IPv4'
            Dhcp           = 'Disabled'
        }

        IPAddress NewIPv4Address
        {
            IPAddress      = '192.168.10.5'
            InterfaceAlias = 'Ethernet'
            AddressFamily  = 'IPV4'
        }
    }
}

The ansible equivalent would not work because disabling DHCP would remove any ip address and ansible could not connect anymore.

  win_dsc:
    resource_name: NetIPInterface
    InterfaceAlias: 'Ethernet'
    AddressFamily: 'IPv4'
    Dhcp: 'Disabled'

  win_dsc:
    resource_name: IPAddress 
    IPAddress: '192.168.10.5'
    InterfaceAlias: 'Ethernet'
    AddressFamily: 'IPV4'

It would be great if we could do something like this :

  win_dsc:
  - DisableDhcp:
       resource_name: NetIPInterface
       InterfaceAlias: 'Ethernet'
       AddressFamily: 'IPv4'
       Dhcp: 'Disabled'
  - NewIPv4Address:
       resource_name: IPAddress 
       IPAddress: '192.168.10.5'
       InterfaceAlias: 'Ethernet'
       AddressFamily: 'IPV4'

Copied from original issue: ansible/ansible#65771

New win_capability module

SUMMARY

Would be nice if there was a module to configure (enable/disable) Windows Capabilities, similar to win_optional_feature module.

ISSUE TYPE

Feature Idea

COMPONENT NAME

I guess the new module's name would be win_capability?

ADDITIONAL INFORMATION

The module would replicate the functionality of the cmdlets found via this query:

Get-Command -Module Dism -Noun WindowsCapability

It would allow people to enable, or disable Windows Capabilities, along with Optional Features and Features (on Servers).

Since Capabilities have version numbers in their names, we should be able to use wildcards, or provide names partially.

Below is an example how I would add RSAT Windows Capabilities with PowerShell and a mockup of an Ansible task where I would disable a couple of Capabilities that are enabled by default.

The asterisk after "{{ item }}" is clearly not correctly placed, I don't know how it should work, but it should indicate that it would be best if the name parameter would accept partial Capability names.

Get-WindowsCapability -Online -Name Rsat.* | Add-WindowsCapability -Online

- name: Disable unnecessary Windows Capabilities
  win_capability:
    name: "{{ item }}"*
    state: absent
  loop:
    - 'XPS.Viewer'
    - 'App.Support.QuickAssist'
    - 'Browser.InternetExplorer'

win_user not idempotent when user belongs to Administrator group

SUMMARY

win_user is not idempotent with the user is in Administrator group.

ISSUE TYPE

Bug Report

COMPONENT NAME

plugins/modules/win_user.py

ANSIBLE VERSION

ansible-playbook 2.9.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/cody/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible-playbook
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

CONFIGURATION

OS / ENVIRONMENT

CentOS Linux release 7.8.2003 (Core)
Ansible installed from epel-7

STEPS TO REPRODUCE

execute the follow task two times

 win_user:
    name: useradm
    account_disabled: no
    account_locked: no
    description: "admin account"
    groups: Administrators
    groups_action: add
    password: "{{ password }}"
    password_expired: no
    password_never_expires: yes
    update_password: always
    user_cannot_change_password: yes
    state: present

EXPECTED RESULTS

win_user is supposed to be idempotent.
The first first create the user
The second run update the user (password)

ACTUAL RESULTS

The second run fails with:


 fatal: [172.22.100.83]: FAILED! => {
   "changed": true,
   "msg": "Exception calling \"SetInfo\" with \"0\" argument(s): \"This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.\r\n\""
}

win_template: diff output is not produced

From @mr-fIErcE on Dec 25, 2017 20:45

ISSUE TYPE

Bug Report

COMPONENT NAME

win_template

ANSIBLE VERSION

ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/sd/ansible']
  ansible python module location = /usr/lib/python2.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.6.6 (r266:84292, Oct 12 2012, 14:23:48) [GCC 4.4.6 20120305 (Red Hat 4.4.6-4)]

CONFIGURATION

DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = [u'/sd/ansible/hosts']
DEFAULT_MODULE_PATH(/etc/ansible/ansible.cfg) = [u'/sd/ansible']

OS / ENVIRONMENT

ansible server: RHEL 6.4
managed host: Windows Server 2008 R2 / Windows Server 2012 R2

SUMMARY

win_template module does not produce diff output when ansible-playbook is invoked with --diff option

STEPS TO REPRODUCE

difftest.j2:

{{ var }}

difftest.yml:

- name: diff test
  hosts: aes-virt
  gather_facts: False
  tasks:
   - name: get random value
     set_fact:
       var: "{{ 100 | random }}"
   - name: test template
     win_template:
       src: /sd/ansible/difftest.j2
       dest: C:\test.txt

EXPECTED RESULTS

Changes in file produced by win_template module are shown as a diff, similar to following:

TASK [difftest : test template] *************************************************************************************************************************************************************************************************************
--- before: /tmp/testfile
+++ after: /tmp/tmpLCgbUU/t.j2
@@ -1,1 +1,1 @@
-93
+6

changed: [aes-virt -> localhost]

ACTUAL RESULTS

Diff is not produced.

root@fond1:/sd/ansible # ansible-playbook difftest.yml --diff -vvvv
ansible-playbook 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/sd/ansible']
  ansible python module location = /usr/lib/python2.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.6.6 (r266:84292, Oct 12 2012, 14:23:48) [GCC 4.4.6 20120305 (Red Hat 4.4.6-4)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /sd/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.6/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: difftest.yml ********************************************************************************************************************************************************************************************************************************************************
1 plays in difftest.yml

PLAY [diff test] **************************************************************************************************************************************************************************************************************************************************************
META: ran handlers

TASK [get random value] *******************************************************************************************************************************************************************************************************************************************************
task path: /sd/ansible/difftest.yml:5
ok: [aes-virt] => {
    "ansible_facts": {
        "var": "29"
    },
    "changed": false
}

TASK [test template] **********************************************************************************************************************************************************************************************************************************************************
task path: /sd/ansible/difftest.yml:8
<172.22.10.12> ESTABLISH WINRM CONNECTION FOR USER: adminaes on PORT 5986 TO 172.22.10.12
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
Using module file /usr/lib/python2.6/site-packages/ansible/modules/windows/win_stat.ps1
EXEC (via pipeline wrapper)
Using module file /usr/lib/python2.6/site-packages/ansible/modules/windows/win_file.ps1
EXEC (via pipeline wrapper)
Using module file /usr/lib/python2.6/site-packages/ansible/modules/windows/slurp.ps1
EXEC (via pipeline wrapper)
<172.22.10.12> PUT "/tmp/tmp5f86Nc/difftest.j2" TO "C:\Users\adminaes\AppData\Local\Temp\ansible-tmp-1514234201.16-102084777883269\source"
Using module file /usr/lib/python2.6/site-packages/ansible/modules/windows/win_copy.ps1
EXEC (via pipeline wrapper)
changed: [aes-virt] => {
    "changed": true,
    "checksum": "ef2781bbe133c16adb6600f5d01c3683f584384e",
    "diff": {}
}
META: ran handlers
META: ran handlers

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
aes-virt                   : ok=2    changed=1    unreachable=0    failed=0

Copied from original issue: ansible/ansible#34226

win_template: will remove the contents of a file if there is an open file handle on that file

From @unacceptable on May 21, 2018 21:14

SUMMARY

I found this when updating the system's machine.config

ISSUE TYPE

Bug Report

COMPONENT NAME

win_template

ANSIBLE VERSION

ansible 2.5.3
  config file = /root/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

CONFIGURATION

DEFAULT_FORKS(/root/ansible/ansible.cfg) = 60
DEFAULT_HOST_LIST(/root/ansible/ansible.cfg) = [u'/root/ansible/inventory']
DEFAULT_VAULT_PASSWORD_FILE(/root/ansible/ansible.cfg) = /root/ansible/secret
RETRY_FILES_ENABLED(/root/ansible/ansible.cfg) = False

OS / ENVIRONMENT

 # head -n 1 /etc/*release
==> /etc/centos-release <==
CentOS Linux release 7.4.1708 (Core) 

==> /etc/os-release <==
NAME="CentOS Linux"

==> /etc/redhat-release <==
CentOS Linux release 7.4.1708 (Core) 

==> /etc/system-release <==
CentOS Linux release 7.4.1708 (Core)

STEPS TO REPRODUCE

Start a C# application that keeps the system's macheine.config open (Like IIS - Facepalm, I did not stop it in advance).
Run the following playbook.

- name: Copy over the machine.config
  win_template:
    src: ../templates/machine.config.j2
    dest: C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Config\machine.config
  when: ansible_os_family == 'Windows'

Watch your server break

EXPECTED RESULTS

I would expect that the module would check to see if an application has an open file handle on the destination file and if so fail immediately, without attempting to copy to that file. It would also be nice to have the PID of the application holding the file open returned in the fail JSON.

ACTUAL RESULTS

fatal: [A055.fh.local]: FAILED! => {
    "changed": false, 
    "checksum": "499530024db739112896cf6bfbcbce20732fe40d", 
    "diff": [], 
    "module_stderr": "Copy-Item : The process cannot access the file 'C:\\Windows\\Microsoft.Net\\Framework64\\v4.0.30319\\Config\\machine.config' \r\nbecause it is being used by another process.\r\nAt line:393 char:5\r\n+     Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null\r\n+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (:) [Copy-Item], IOException\r\n    + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand\r\n \r\n\r\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}

Copied from original issue: ansible/ansible#40510

setup: Windows Setup wrong epoch timestamp (get-date prints epoch + local_tz)

From @mkayontour on Sep 09, 2019 12:10

SUMMARY

Running the module setup on Windows prints the wrong epoch timestamp.
https://github.com/ansible/ansible/blob/a95f9c66401e99e72a12cb9d3a6d6c828bc1ecfe/lib/ansible/modules/windows/setup.ps1#L175

PS C:\Users\ansible> get-date

Montag, 9. September 2019 14:06:33


PS C:\Users\ansible> get-date -UFormat %s
1568038002,68659

Windows prints the seconds since 1970 with the local timezone added.

[vagrant@ansible ~]$ date
Mon Sep  9 12:07:14 UTC 2019
[vagrant@ansible ~]$ date +%s
1568030842
# epoch Timestamp from windows without nanoseconds
[vagrant@ansible ~]$ date -d @1568038002  
Mon Sep  9 14:06:42 UTC 2019

This issue is already known to powershell and it will be fixed in powershell version 6.
See Issue#2195

In addition the nanoseconds aren't necessary to the epoch timestamp and so it shouldn't be used anymore.

Possible Solution

To get the most accurate result as in the powershell bug described, get-date should be used like this. This is rounded and without nanoseconds
[int][double]::Parse((get-date ([DateTime]::UtcNow) -UFormat +%s))

ISSUE TYPE

Bug Report

COMPONENT NAME

Module setup on windows

ANSIBLE VERSION

Any

OS / ENVIRONMENT

Windows with Powershell version < 6.x

Copied from original issue: ansible/ansible#61990

win_package install from network share does not work correctly

SUMMARY

According to win_package module documentation, when the installation file is hosted on a network share and username and password are specified, the file is not copied locally on the target server.
Actual behavior of the module is opposite.
Local copy cause an issue when the installation files are more then one. After the copy of the installation exe and executed it cannot find the rest installation files ( dll files etc ).
In my opinion the problem is in the line 406 of win_pacakge.ps1
if ($program_metadata.location_type -eq [LocationType]::Unc -and $null -ne $credential) {
which should be :
if ($program_metadata.location_type -eq [LocationType]::Unc -and $credential -eq $null) {

I think that the comment on lines 404 and 405 is not correct.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_package
win_package.ps1

ANSIBLE VERSION

`ansible 2.9.7
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/ansible
executable location = /opt/rh/rh-python36/root/usr/bin/ansible
python version = 3.6.9 (default, Sep 11 2019, 16:40:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]``

CONFIGURATION

DEFAULT_HOST_LIST(/root/ansible/ansible.cfg) = ['/root/ansible/inventory']
DEFAULT_MANAGED_STR(/root/ansible/ansible.cfg) = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S
DEFAULT_REMOTE_USER(/root/ansible/ansible.cfg) = stefan
DEPRECATION_WARNINGS(/root/ansible/ansible.cfg) = False

OS / ENVIRONMENT

Red Hat Enterprise Linux Server release 7.8 (Maipo)

STEPS TO REPRODUCE

Try to install a package hosted on windows network share, and specify username and password to access the share.

  - name: Run installer from mounted network share
    win_package:    
      path: \\server\ServerSoftware\SQL\SQL2017\Developer\setup.exe
      product_id: mssql2017
      user_name: DOMAIN\user
      user_password: password
      log_path: C:\tmp\install.log
      arguments: '/IAcceptSqlServerLicenseTerms /Q /ConfigurationFile="C:\\ConfigurationFile.ini" /SQLSYSADMINACCOUNTS="DOMAIN\user"'
      state: present

EXPECTED RESULTS

Successful installation

ACTUAL RESULTS

fatal: [wintstaa1187]: FAILED! => {
"changed": false,
"msg": "unexpected rc from install xb1rikep.aes: see rc, stdo ut and stderr for more details",
"rc": 3221225781,
"reboot_required": false,
"stderr": "",
"stderr_lines": [],
"stdout": "",
"stdout_lines": []

win_updates: can't update reboot_required status on WinServer 2019

From @pawellrus on Jul 13, 2019 14:12

SUMMARY

I faced with a strange issue when I was trying to install updates for Windows Server 2019.
Playbook stuck in rebooting loop.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_updates

ANSIBLE VERSION

ansible 2.8.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/polushin/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)

STEPS TO REPRODUCE

- name: Check for Updates
    win_updates:
      state: searched
      category_names: ['Application','CriticalUpdates','DefinitionUpdates','FeaturePacks','SecurityUpdates','ServicePacks','Tools','UpdateRollups','Updates']
      log_path: 'c:/ansible_wu.txt'
    register: searched
    
  - name: Return update list
    debug:
      msg: '{{ item }}'
    loop: "{{ searched.updates|json_query('*.title[]') }}"
    
  - name: Install updates
    win_updates:
      category_names: ['Application','CriticalUpdates','DefinitionUpdates','FeaturePacks','SecurityUpdates','ServicePacks','Tools','UpdateRollups','Updates']
      log_path: 'c:/ansible_wu.txt'
      reboot: yes
    when: searched.found_update_count>0

EXPECTED RESULTS

Windows Server gets updated.

ACTUAL RESULTS

reboot_required status isn't get lifted after ansible initiated reboot. Playbook stuck in reboot loop.
User needs to log on to server and reboot server from Windows Update GUI.

2019-07-13 08:18:03Z WUA is available in current logon process, running natively
2019-07-13 08:18:03Z Creating Windows Update session...
2019-07-13 08:18:03Z Create Windows Update searcher...
2019-07-13 08:18:03Z Setting the Windows Update Agent source catalog...
2019-07-13 08:18:03Z Requested search source is 'default'
2019-07-13 08:18:03Z Search source set to 'default' (ServerSelection = 0)
2019-07-13 08:18:03Z Searching for updates to install
2019-07-13 08:18:10Z Found 1 updates
2019-07-13 08:18:10Z Creating update collection...
2019-07-13 08:18:10Z Adding update 299b218e-aa1b-400f-8364-7088a4061dbf - 2019-07 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB4507469)
2019-07-13 08:18:10Z Calculating pre-install reboot requirement...
2019-07-13 08:18:10Z No reboot is pending...
2019-07-13 08:18:10Z Downloading updates...
2019-07-13 08:18:10Z Update (1 of 1) 299b218e-aa1b-400f-8364-7088a4061dbf already downloaded, skipping...
2019-07-13 08:18:10Z Installing updates...
2019-07-13 08:18:10Z Creating installer object...
2019-07-13 08:18:10Z Creating install collection...
2019-07-13 08:18:10Z Adding update 299b218e-aa1b-400f-8364-7088a4061dbf
2019-07-13 08:18:12Z Update (1 of 1) 299b218e-aa1b-400f-8364-7088a4061dbf succeeded
2019-07-13 08:18:12Z Performing post-install reboot requirement check...
2019-07-13 08:18:12Z Return value:
{
    "updates":  {
                    "299b218e-aa1b-400f-8364-7088a4061dbf":  {
                                                                 "id":  "299b218e-aa1b-400f-8364-7088a4061dbf",
                                                                 "title":  "2019-07 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB4507469)",
                                                                 "categories":  [
                                                                                    "Security Updates"
                                                                                ],
                                                                 "kb":  [
                                                                            "4507469"
                                                                        ],
                                                                 "installed":  true
                                                             }
                },
    "failed_update_count":  0,
    "found_update_count":  1,
    "changed":  false,
    "reboot_required":  true,
    "installed_update_count":  1,
    "filtered_updates":  {

                         }
}
2019-07-13 08:18:12Z Native job completed with output: 
Name                           Value                                                                                                                                                                                                                                                                        
----                           -----                                                                                                                                                                                                                                                                        
updates                        {299b218e-aa1b-400f-8364-7088a4061dbf}                                                                                                                                                                                                                                       
failed_update_count            0                                                                                                                                                                                                                                                                            
found_update_count             1                                                                                                                                                                                                                                                                            
changed                        False                                                                                                                                                                                                                                                                        
reboot_required                True                                                                                                                                                                                                                                                                         
installed_update_count         1                                                                                                                                                                                                                                                                            
filtered_updates               {}                                                                                                                                                                                                                                                                           



2019-07-13 08:18:34Z WUA is available in current logon process, running natively
2019-07-13 08:18:34Z Creating Windows Update session...
2019-07-13 08:18:34Z Create Windows Update searcher...
2019-07-13 08:18:34Z Setting the Windows Update Agent source catalog...
2019-07-13 08:18:34Z Requested search source is 'default'
2019-07-13 08:18:34Z Search source set to 'default' (ServerSelection = 0)
2019-07-13 08:18:35Z Searching for updates to install
2019-07-13 08:18:41Z Found 1 updates
2019-07-13 08:18:41Z Creating update collection...
2019-07-13 08:18:41Z Adding update 299b218e-aa1b-400f-8364-7088a4061dbf - 2019-07 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB4507469)
2019-07-13 08:18:41Z Calculating pre-install reboot requirement...
2019-07-13 08:18:41Z No reboot is pending...
2019-07-13 08:18:41Z Downloading updates...
2019-07-13 08:18:41Z Update (1 of 1) 299b218e-aa1b-400f-8364-7088a4061dbf already downloaded, skipping...
2019-07-13 08:18:41Z Installing updates...
2019-07-13 08:18:41Z Creating installer object...
2019-07-13 08:18:41Z Creating install collection...
2019-07-13 08:18:41Z Adding update 299b218e-aa1b-400f-8364-7088a4061dbf
2019-07-13 08:18:43Z Update (1 of 1) 299b218e-aa1b-400f-8364-7088a4061dbf succeeded
2019-07-13 08:18:43Z Performing post-install reboot requirement check...
2019-07-13 08:18:43Z Return value:
{
    "updates":  {
                    "299b218e-aa1b-400f-8364-7088a4061dbf":  {
                                                                 "id":  "299b218e-aa1b-400f-8364-7088a4061dbf",
                                                                 "title":  "2019-07 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB4507469)",
                                                                 "categories":  [
                                                                                    "Security Updates"
                                                                                ],
                                                                 "kb":  [
                                                                            "4507469"
                                                                        ],
                                                                 "installed":  true
                                                             }
                },
    "failed_update_count":  0,
    "found_update_count":  1,
    "changed":  false,
    "reboot_required":  true,
    "installed_update_count":  1,
    "filtered_updates":  {

                         }
}
2019-07-13 08:18:43Z Native job completed with output: 
Name                           Value                                                                                                                                                                                                                                                                        
----                           -----                                                                                                                                                                                                                                                                        
updates                        {299b218e-aa1b-400f-8364-7088a4061dbf}                                                                                                                                                                                                                                       
failed_update_count            0                                                                                                                                                                                                                                                                            
found_update_count             1                                                                                                                                                                                                                                                                            
changed                        False                                                                                                                                                                                                                                                                        
reboot_required                True                                                                                                                                                                                                                                                                         
installed_update_count         1                                                                                                                                                                                                                                                                            
filtered_updates               {}  

_Copied from original issue: ansible/ansible#59056_

setup: Windows gathering facts should honor gather_timeout

SUMMARY

Windows facts should honor gather_timeout

playbook:

- hosts: windows
  gather_facts: false
  roles:
    - gather_fact

role: gather_fact

- name: Getting hosts infos
  setup:
    gather_timeout: 3

gather_timeout is ignored. Setup module never gives up after 3 seconds on windows machines.

COMPONENT NAME

setup

Ansible win_dsc fails to install SqlServer with SqlServerDsc

SUMMARY

I am trying to install SQLServer 2019 on Windows Server 2019 using ansible and SqlServerDsc I am getting am error about missing CimClass MSFT_SqlSetup.

The full traceback is:
Not found 
At line:50 char:17
+ ... $resource = Get-CimClass -ClassName $ClassName -Namespace root\Micros ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (root\Microsoft\...n:MSFT_SqlSetup:String) [Get-CimClass], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041002,Microsoft.Management.Infrastructure.CimCmdlets.GetCimClassCommand

ScriptStackTrace:
at Get-DscCimClassProperties, <No file>: line 50
at Get-OptionSpec, <No file>: line 150
at <ScriptBlock>, <No file>: line 376

Microsoft.Management.Infrastructure.CimException: Not found 
   at Microsoft.Management.Infrastructure.Internal.Operations.CimAsyncObserverProxyBase`1.ProcessNativeCallback(OperationCallbackProcessingContext callbackProcessingContext, T currentItem, Boolean moreResults, MiResult operationResult, String errorMessage, InstanceHandle errorDetailsHandle)
fatal: [192.168.56.5]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: Not found "
}

ISSUE TYPE

Bug Report

COMPONENT NAME

win_dsc

ANSIBLE VERSION

$ ansible --version
ansible 2.9.6
  config file = None
  configured module search path = ['/home/<username>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/<username>/<myproject>/ve/lib/python3.6/site-packages/ansible
  executable location = /home/<username>/<myproject>/ve/bin/ansible
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]

CONFIGURATION

ansible-config dump --only-changed
=> Empty

OS / ENVIRONMENT

Ansible control machine: Ubuntu 1804
Target Machine: Windows Server 2019

STEPS TO REPRODUCE

- name: Windows | Install .NET Framework 4.5 Core
  win_feature:
    name: NET-Framework-45-Core
    state: present
    include_sub_features: True

- name: Windows | Install DSC resource (SqlServerDsc)
  win_psmodule:
    name: SQLServerDsc
    state: present

- name: Windows | Create directory structure
  win_file:
    path: C:\mssql_2019_setup
    state: directory

- name: Windows | Fetch SQL Media Downloader
  win_get_url:
    url: https://download.microsoft.com/download/8/8/8/888b0a29-8ead-4a4c-89c2-34ec753b73e8/SQL2019-SSEI-Eval.exe
    dest: C:\mssql_2019_setup\sql2019-setup.exe
    force: no

- name: Windows | Download install media
  win_command: C:\mssql_2019_setup\sql2019-setup.exe /ENU /Action=Download /HideProgressBar /MediaPath=C:\mssql_2019_setup\media /MediaType=ISO  /Quiet
  args:
    creates: C:\mssql_2019_setup\media

- name: Windows | Find ISO in downloaded media
  win_find:
    paths: C:\mssql_2019_setup\media
    patterns: '*.iso'
    file_type: file
  register: iso_find

- name: Windows | Mount ISO image of SQL Server
  win_disk_image:
    image_path: '{{ iso_find.files[0].path }}'
    state: present
  register: mount_info
  changed_when: false

- name: Windows | Install SQL Server
  win_dsc:
    resource_name: SqlSetup
    Action: Install
    InstanceName: '{{ mssql_instance_name }}'
    SourcePath: '{{ mount_info.mount_paths[0] }}'
    Features: SQLENGINE
    ProductKey: '{{ mssql_pid | d(omit)}}'
    UpdateEnabled: False
    InstallSharedDir: C:\Program Files\Microsoft SQL Server
    InstallSharedwowDir: C:\Program Files (x86)\Microsoft SQL Server
    InstanceDir: C:\Program Files\Microsoft SQL Server
    SQLCollation: French_CI_AS
    SQLSysAdminAccounts: BUILTIN\Administrators
    SecurityMode: SQL
    SAPwd_username: sa
    SAPwd_password: '{{ mssql_sa_password }}'
    SQLUserDBDir: C:\MSSQL\Data
    SQLUserDBLogDir: C:\MSSQL\DataLogs
    SQLTempDBDir: C:\MSSQL\TempDB
    SQLTempDBLogDir: C:\MSSQL\TempDBLogs
    SQLBackupDir: C:\MSSQL\Backup
    SqlSvcStartupType: Automatic
    AgtSvcStartupType: Manual
    AsSvcStartupType: Manual
    BrowserSvcStartupType: Manual
    PsDscRunAsCredential_username: '{{ ansible_user | d(omit) }}'
    PsDscRunAsCredential_password: '{{ ansible_password | d(omit)}}'

EXPECTED RESULTS

No error

ACTUAL RESULTS

The full traceback is:
Not found 
At line:50 char:17
+ ... $resource = Get-CimClass -ClassName $ClassName -Namespace root\Micros ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (root\Microsoft\...n:MSFT_SqlSetup:String) [Get-CimClass], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041002,Microsoft.Management.Infrastructure.CimCmdlets.GetCimClassCommand

ScriptStackTrace:
at Get-DscCimClassProperties, <No file>: line 50
at Get-OptionSpec, <No file>: line 150
at <ScriptBlock>, <No file>: line 376

Microsoft.Management.Infrastructure.CimException: Not found 
   at Microsoft.Management.Infrastructure.Internal.Operations.CimAsyncObserverProxyBase`1.ProcessNativeCallback(OperationCallbackProcessingContext callbackProcessingContext, T currentItem, Boolean moreResults, MiResult operationResult, String errorMessage, InstanceHandle errorDetailsHandle)
fatal: [192.168.56.5]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: Not found "
}

win_reboot: Ansible 2.8.5 win_reboot never successfully validate reboot completion

From @vfuyong on Sep 16, 2019 08:35

SUMMARY

win_reboot is able to initiate reboot successfully. After 15 seconds, Windows is back with Windows Remote Management service running fine. Ansible debug log says it is still sending commands to get OS bootup time even Windows is ready to receive commands.

However, since reboot is initiated I validated that Ansible is NOT sending any more wsman protocol action (like shell creation, execute command, send input, receive, signal or shell deletion) over HTTPS despite logging repetitively says "ESTABLISH WINRM CONNECTION FOR USER: on PORT 5002 TO windows01" (this is totally unexpected behavior)

ISSUE TYPE

Bug Report

COMPONENT NAME

win_reboot

ANSIBLE VERSION

ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/young/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15+ (default, Jul 9 2019, 16:51:35) [GCC 7.4.0]

CONFIGURATION

DEFAULT_FORKS(/etc/ansible/ansible.cfg) = 100

OS / ENVIRONMENT

Ansible client runs on Ubuntu 18
Target: Windows 2016

STEPS TO REPRODUCE

- name: Reboot
  hosts: all
  gather_facts: no
  tasks:
    - name: Reboot immediately
      win_reboot:
        connect_timeout: 60
        post_reboot_delay: 0
        reboot_timeout: 30 # longer than reboot duration 15s

EXPECTED RESULTS

Expecting win_reboot to detect Windows reboot has completed

ACTUAL RESULTS

<windows01> ESTABLISH WINRM CONNECTION FOR USER: e1c_ma on PORT 5002 TO windows01
EXEC (via pipeline wrapper)
win_reboot: rebooting server...
EXEC (via pipeline wrapper)
win_reboot: validating reboot
win_reboot: attempting to get system boot time
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
win_reboot: attempting to get system boot time
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
win_reboot: attempting to get system boot time
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
win_reboot: attempting to get system boot time
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
win_reboot: attempting to get system boot time
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
<windows01> ESTABLISH WINRM CONNECTION FOR USER: <user> on PORT 5002 TO windows01
fatal: [windows01]: FAILED! => {
    "changed": false,
    "elapsed": 30,
    "msg": "Timed out waiting for last boot time check (timeout=30)",
    "rebooted": true
}

PLAY RECAP *************************************************************************************************************
windows01                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Copied from original issue: ansible/ansible#62343

win_share: unable to create a share on the root of a drive

From @samyo66 on Feb 20, 2020 21:17

SUMMARY

Attempting to share the root of a drive with win_share results in an error

ISSUE TYPE

Bug Report

COMPONENT NAME

win_share

ANSIBLE VERSION

ansible 2.9.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/samyo66/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

CONFIGURATION

DEFAULT_LOG_PATH(/etc/ansible/ansible.cfg) = /var/log/ansible/ansible.log
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False

OS / ENVIRONMENT

target OS = Windows Server 2016

STEPS TO REPRODUCE

- hosts: all
  tasks: 
  - name: 'Share C: drive'
    win_share:
      name: Everything
      path: C:\

EXPECTED RESULTS

A new share is created on the target machine pointing to the root of the C: drive.

ACTUAL RESULTS

The full traceback is:
The filename, directory name, or volume label syntax is incorrect.
At line:90 char:13
+             New-SmbShare -Name $name -Path $path | Out-Null
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare], CimException
    + FullyQualifiedErrorId : Windows System Error 123,New-SmbShare

ScriptStackTrace:


Microsoft.Management.Infrastructure.CimException: The filename, directory name, or volume label syntax is incorrect.
   at Microsoft.Management.Infrastructure.Internal.Operations.CimAsyncObserverProxyBase`1.ProcessNativeCallback(OperationCallbackProcessingContext callbackProcessingContext, T currentItem, Boolean moreResults, MiResult operationResult, String errorMessage, InstanceHandle errorDetailsHandle)
fatal: [computer.domain.com]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: The filename, directory name, or volume label syntax is incorrect. "
}

Copied from original issue: ansible/ansible#67627

win_package: parameter "creates_version" checks "product version" and not "file version"

From @Yvan-Masson on Jun 21, 2018 15:18

SUMMARY

win_package documentation states that creates_version checks for "file version" but this seems false or incomplete: in the following case, the check is done on "product version" attribute of the file.

ISSUE TYPE

Documentation Report

COMPONENT NAME

win_package

ANSIBLE VERSION

ansible 2.5.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/yvan/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15 (default, May  1 2018, 05:55:50) [GCC 7.3.0]

CONFIGURATION

OS / ENVIRONMENT

Ansible runs from Debian testing, target is Windows 7 Pro 64 bits.

STEPS TO REPRODUCE

Run a simple task that install Firefox ESR: after installation, showing details of the exe shows that file version is 60.0.2 and product version is 60.0.2.6730.

- name: install or update Firefox-ESR 64 bits
  win_package:
    creates_path: "{{ ansible_env.ProgramFiles }}\\Mozilla Firefox\\firefox.exe"
    creates_version: "60.0.2.6730"
    path: "\\\\some\\share\\FirefoxESR\\Firefox Setup 60.0.2esr x64.exe"
    arguments: /S

EXPECTED RESULTS

Task should run only once.

ACTUAL RESULTS

Check is false so task run each time. However, if you check against product version (i.e. 60.0.2), the check succeeds. I could not find a fix about this issue in lasts changelog, so I suppose this is an issue in the documentation.

Best regards,
Yvan

Copied from original issue: ansible/ansible#41799

win_service set "desktop_interact=false" when used in "query mode"

From @dariopai on Jul 01, 2020 16:01

SUMMARY

According to the documentation … https://docs.ansible.com/ansible/latest/modules/win_service_module.html
… the module WIN_SERVICE should only "query" the SERVICE STATUS if only the "name" is given. But following the code inside powershell script (win_service.ps1) some parameters are always defined with the default values as "desktop_interact=false". So, when the service status is collected, if "desktop_interact" is different from the default value [false/no], it is changed to [false]. It could be either a problem in the documentation or in the script.

ISSUE TYPE

Bug Report

COMPONENT NAME

lib/ansible/modules/windows/win_service.py

ANSIBLE VERSION

ansible 2.9.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/administrator/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/administrator/.local/lib/python3.6/site-packages/ansible
  executable location = /home/administrator/.local/bin/ansible
  python version = 3.6.9 (default, Apr 18 2020, 01:56:04) [GCC 8.4.0]

CONFIGURATION

HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False

OS / ENVIRONMENT

uname -r
4.15.0-108-generic

cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

lsb_release -a
LSB Version: core-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic

hostnamectl
Static hostname: XXXXX
Icon name: computer
Machine ID: 135f406e8b90c6df5d7954a85a5398ad
Boot ID: d319c1e441424e0a843701f2b6e8fedc
Operating System: Ubuntu 18.04.4 LTS
Kernel: Linux 4.15.0-108-generic
Architecture: x86-64

STEPS TO REPRODUCE

set desktop_interact=yes using win_service module in any windows service
query the service only, just to check its status
desktop_interact is changed to false

ansible -i ./hosts w230 -m "win_service" -a "name=NNNNNN desktop_interact=yes"
ansible -i ./hosts w230 -m "win_service" -a "name=NNNNNN"

EXPECTED RESULTS

second command should not change anything

w230 | Ok => {
    "can_pause_and_continue": false,
    "changed": true,
    "depended_by": [],
    "dependencies": [],
    "description": "NNNNNN",
    "desktop_interact": true,
    "display_name": "NNNNNN",
    "exists": true,
   .....

ACTUAL RESULTS

desktop_intercat is changed to false


ansible -i ./hosts w230 -m "win_service" -a "name=NNNNNN"
w230 | CHANGED => {
    "can_pause_and_continue": false,
    "changed": true,
    "depended_by": [],
    "dependencies": [],
    "description": "NNNNNN",
    "desktop_interact": false,
    "display_name": "NNNNNN",
    "exists": true,
...

Copied from original issue: ansible/ansible#70415

win_certificate_store has no function to check for existing certificates or perform enrollments

From @dubblies on Mar 17, 2020 15:23

SUMMARY

no "get" capabilities - I cannot query for existing certificates or see their data

ISSUE TYPE

Please finish out the functionality here and if possible adopt Powershell for the Test-Path functionality at minimum if not full get-certificate functionality for enrollment as well

COMPONENT NAME

win_certificate_store

Copied from original issue: ansible/ansible#68280

Allow win_package to accept multiple product_id's

SUMMARY

Some .exe installers bundle multiple packages. I'd like to be able to specify multiple product_id's when using the win_package.

Originally submitted on Ansible repo, was asked to move here.

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_package

ADDITIONAL INFORMATION

I've been working through automating our windows infrastructure with Ansible and I've come across a few installers, like SophosAV and .Net SDKs, that install several product_id's. Currently I just use one of the product_id's. It'd be nice to add all of them so if just one is missing it re-runs the installer.

- name: Install .NET 4.5.2
  win_package:
    path: "NDP452-KB2901951-x86-x64-DevPack.exe"
    product_id:
    - "{290FC320-2F5A-329E-8840-C4193BD7A9EE}"
    - "{19E8AE59-4D4A-3534-B567-6CC08FA4102E}"
    arguments:
      - /q
      - /norestart

win_acl: to have /reset capability of icacls

From @SagarKodam on Oct 05, 2018 13:09

SUMMARY

win_acl can be used to set ACL to files and folders, but cannot be used to reset the permissions.

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_acl

ADDITIONAL INFORMATION

- name: Reset current to default permission for temp folder
  win_acl:
    path: C:\temp
    state: reset

Copied from original issue: ansible/ansible#46540

win_package - Installing MSI Succeeds, But ConnectionError Thrown Before Program is Listed in Control Panel

SUMMARY

The installation of WindowsAdminCenter1910.2.msi on a Windows Server 2016 instance is successful via win_package. However, a WinRM message is thrown before WAC is listed in Control Panel, making look as though the install failed.

ISSUE TYPE

Bug Report

COMPONENT NAME

win_package

ANSIBLE VERSION

ansible 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible
  executable location = /var/lib/awx/venv/test/bin/ansible
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

CONFIGURATION

(test) [root@0b37f81e0ac0 inventory]# ansible-config dump --only-changed
(test) [root@0b37f81e0ac0 inventory]#

OS / ENVIRONMENT

Control Node: CentOS7
Target Node: Windows Server 2016 (WinRM/NTLM)

STEPS TO REPRODUCE

---
- name: Provision Windows Server Instance
  hosts: Windows2016
  gather_facts: false

  tasks:
    - name: Install WAC
      win_package:
        path: C:\Users\Administrator\Downloads\WindowsAdminCenter1910.2.msi
        state: present
        arguments:
           - SME_PORT=443
           - SSL_CERTIFICATE_OPTION=generate

EXPECTED RESULTS

I would expect the win_package task to install the MSI successfully, without generating an error as though it failed:

FIRST RUN:

(test) [root@0b37f81e0ac0 inventory]# ansible-playbook center.yml -i demo_hosts -vvvvv
ansible-playbook 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible
  executable location = /var/lib/awx/venv/test/bin/ansible-playbook
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /opt/tower_resources/inventory/inventory/demo_hosts as it did not pass its verify_file() method
script declined parsing /opt/tower_resources/inventory/inventory/demo_hosts as it did not pass its verify_file() method
auto declined parsing /opt/tower_resources/inventory/inventory/demo_hosts as it did not pass its verify_file() method
Parsed /opt/tower_resources/inventory/inventory/demo_hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: center.yml ******************************************************************************************************************************************************************************************
Positional arguments: center.yml
become_method: sudo
inventory: (u'/opt/tower_resources/inventory/inventory/demo_hosts',)
forks: 5
tags: (u'all',)
verbosity: 5
connection: smart
timeout: 10
1 plays in center.yml

PLAY [Provision Windows Server Instance] ******************************************************************************************************************************************************************************************
META: ran handlers

TASK [Install WAC] *************************************************************************************************************************************************************************************
task path: /opt/tower_resources/inventory/inventory/center.yml:7
Using module file /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/modules/windows/win_package.ps1
Pipelining is enabled.
<win2016.test.com> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO win2016.test.com
<win2016.test.com> WINRM CONNECT: transport=ntlm endpoint=https://win2016.test.com:5986/wsman
<win2016.test.com> WINRM OPEN SHELL: 5C222E5F-2E9C-4C54-8A1A-FC02D4D87D8D
EXEC (via pipeline wrapper)
<win2016.test.com> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', u'UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=']
<win2016.test.com> WINRM CLOSE SHELL: 5C222E5F-2E9C-4C54-8A1A-FC02D4D87D8D
The full traceback is:
Traceback (most recent call last):
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 146, in run
    res = self._execute()
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 645, in _execute
    result = self._handler.run(task_vars=variables)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 46, in run
    result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async))
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 923, in _execute_module
    res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 1071, in _low_level_execute_command
    rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 548, in exec_command
    result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True, stdin_iterator=stdin_iterator)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 509, in _winrm_exec
    self.protocol.cleanup_command(self.shell_id, command_id)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/winrm/protocol.py", line 390, in cleanup_command
    res = self.send_message(xmltodict.unparse(req))
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/winrm/protocol.py", line 243, in send_message
    resp = self.transport.send_message(message)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/winrm/transport.py", line 323, in send_message
    response = self._send_message_request(prepared_request, message)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/winrm/transport.py", line 328, in _send_message_request
    response = self.session.send(prepared_request, timeout=self.read_timeout_sec)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/var/lib/awx/venv/test/lib/python2.7/site-packages/requests/adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
ConnectionError: HTTPSConnectionPool(host='win2016.test.com', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f5117e4dd90>: Failed to establish a new connection: [Errno 111] Connection refused',))
fatal: [win2016.test.com]: FAILED! => {
    "msg": "Unexpected failure during module execution.", 
    "stdout": ""
}

PLAY RECAP ****************************************************************************************************************************************************************************************************
win2016.test.com              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

SECOND RUN:

(test) [root@0b37f81e0ac0 inventory]# ansible-playbook center.yml -i demo_hosts -vvvvv
ansible-playbook 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible
  executable location = /var/lib/awx/venv/test/bin/ansible-playbook
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /opt/tower_resources/inventory/inventory/demo_hosts as it did not pass its verify_file() method
script declined parsing /opt/tower_resources/inventory/inventory/demo_hosts as it did not pass its verify_file() method
auto declined parsing /opt/tower_resources/inventory/inventory/demo_hosts as it did not pass its verify_file() method
Parsed /opt/tower_resources/inventory/inventory/demo_hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: center.yml ******************************************************************************************************************************************************************************************
Positional arguments: center.yml
become_method: sudo
inventory: (u'/opt/tower_resources/inventory/inventory/demo_hosts',)
forks: 5
tags: (u'all',)
verbosity: 5
connection: smart
timeout: 10
1 plays in center.yml

PLAY [Provision Windows Server Instance] ******************************************************************************************************************************************************************************************
META: ran handlers

TASK [Install WAC] *************************************************************************************************************************************************************************************
task path: /opt/tower_resources/inventory/inventory/center.yml:7
Using module file /var/lib/awx/venv/test/lib/python2.7/site-packages/ansible/modules/windows/win_package.ps1
Pipelining is enabled.
<win2016.test.com> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO win2016.test.com
<win2016.test.com> WINRM CONNECT: transport=ntlm endpoint=https://win2016.test.com:5986/wsman
<win2016.test.com> WINRM OPEN SHELL: 87F9375F-7284-4EC8-BED9-26B98F237CD4
EXEC (via pipeline wrapper)
<win2016.test.com> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', u'UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=']
<win2016.test.com> WINRM RESULT u'<Response code 0, out "{"changed":false,"re", err "#< CLIXML\r\n<Objs Ver">'
<win2016.test.com> WINRM CLOSE SHELL: 87F9375F-7284-4EC8-BED9-26B98F237CD4
ok: [win2016.test.com] => {
    "changed": false, 
    "reboot_required": false
}
META: ran handlers
META: ran handlers

PLAY RECAP ****************************************************************************************************************************************************************************************************
win2016.test.com             : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

ACTUAL RESULTS

win_package does succeed, however, it's like the process is ending before the task can fully finish. The connection being killed then generates a ConnectionError and makes it look as though the install failed. Not sure if this is win_package not handling the connection correctly or if it's something on the WinRM side.

win_user: Add support for check mode

From @chopraaa on Mar 13, 2019 09:13

SUMMARY

I feel it's important to add support for check mode to win_user. In my case, it would make sure the user doesn't exist already with the required groups, or only reset password if it exists and not create a new account and stuff like this.

ISSUE TYPE

Feature Idea

COMPONENT NAME

win_user

ADDITIONAL INFORMATION

    - name: "Check if requested user already exists"
      win_user:
        name: "{{ rdp_user }}"
        groups: "{{ rdp_groups }}"
      register: win_user_query_result
      check_mode: True

    - name: "Create a new user called {{ rdp_user }}"
      win_user:
        name: "{{ rdp_user }}"
        password: "{{ rdp_password }}"
        state: present
        groups: "{{ rdp_groups }}"
      when: win_user_query_result is not changed
      register: win_user_result

Copied from original issue: ansible/ansible#53737