mirror of https://github.com/ansible/ansible.git
win_reboot: fix 2.6 issues and better handle post reboot reboot (#42330)
* win_reboot: fix 2.6 issues and better handle post reboot reboot
* changed winrm _reset to reset
* Add handler to reset calls when .reset() throws an AnsibleError on older hosts
* Moving back to _reset to get the issue fixed
(cherry picked from commit 940d4a0e89
)
pull/42147/merge
parent
f126eddff1
commit
f3570c2b0c
@ -0,0 +1,4 @@
|
|||||||
|
bugfixes:
|
||||||
|
- win_reboot - handle post reboots when running test_command - https://github.com/ansible/ansible/issues/41713
|
||||||
|
- win_reboot - fix issue when overridding connection timeout hung the post reboot uptime check - https://github.com/ansible/ansible/issues/42185 https://github.com/ansible/ansible/issues/42294
|
||||||
|
- win_reboot - fix for handling an already scheduled reboot and other minor log formatting issues
|
@ -0,0 +1,2 @@
|
|||||||
|
windows/ci/group1
|
||||||
|
windows/ci/smoketest
|
@ -0,0 +1,73 @@
|
|||||||
|
---
|
||||||
|
- name: reboot with defaults
|
||||||
|
win_reboot:
|
||||||
|
|
||||||
|
- name: schedule a reboot for sometime in the future
|
||||||
|
win_command: shutdown.exe /r /t 599
|
||||||
|
|
||||||
|
- name: reboot with a shutdown already scheduled
|
||||||
|
win_reboot:
|
||||||
|
|
||||||
|
# test a reboot that reboots again during the test_command phase
|
||||||
|
- name: create test file
|
||||||
|
win_file:
|
||||||
|
path: '{{win_output_dir}}\win_reboot_test'
|
||||||
|
state: touch
|
||||||
|
|
||||||
|
- name: reboot with secondary reboot stage
|
||||||
|
win_reboot:
|
||||||
|
test_command: powershell.exe -NoProfile -EncodedCommand {{lookup('template', 'post_reboot.ps1')|b64encode(encoding='utf-16-le')}}
|
||||||
|
|
||||||
|
# try and reboot the host with a non admin user, we expect an error here
|
||||||
|
# this requires a bit of setup to create the user and allow it to connect
|
||||||
|
# over WinRM
|
||||||
|
- name: create password fact
|
||||||
|
set_fact:
|
||||||
|
standard_user: ansible_user_test
|
||||||
|
standard_pass: password123! + {{ lookup('password', '/dev/null chars=ascii_letters,digits length=8') }}
|
||||||
|
|
||||||
|
- name: get original SDDL for WinRM listener
|
||||||
|
win_shell: (Get-Item -Path WSMan:\localhost\Service\RootSDDL).Value
|
||||||
|
register: original_sddl
|
||||||
|
|
||||||
|
- name: create standard user
|
||||||
|
win_user:
|
||||||
|
name: '{{standard_user}}'
|
||||||
|
password: '{{standard_pass}}'
|
||||||
|
update_password: always
|
||||||
|
groups: Users
|
||||||
|
state: present
|
||||||
|
register: user_res
|
||||||
|
|
||||||
|
- name: add standard user to WinRM listener
|
||||||
|
win_shell: |
|
||||||
|
$sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList "{{user_res.sid}}"
|
||||||
|
$sd = New-Object -TypeName System.Security.AccessControl.CommonSecurityDescriptor -ArgumentList $false, $false, "{{original_sddl.stdout_lines[0]}}"
|
||||||
|
$sd.DiscretionaryAcl.AddAccess(
|
||||||
|
[System.Security.AccessControl.AccessControlType]::Allow,
|
||||||
|
$sid,
|
||||||
|
(0x80000000 -bor 0x20000000),
|
||||||
|
[System.Security.AccessControl.InheritanceFlags]::None,
|
||||||
|
[System.Security.AccessControl.PropagationFlags]::None
|
||||||
|
)
|
||||||
|
$new_sddl = $sd.GetSddlForm([System.Security.AccessControl.AccessControlSections]::All)
|
||||||
|
Set-Item -Path WSMan:\localhost\Service\RootSDDL -Value $new_sddl -Force
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: fail to reboot with non admin user
|
||||||
|
win_reboot:
|
||||||
|
vars:
|
||||||
|
ansible_user: '{{standard_user}}'
|
||||||
|
ansible_password: '{{standard_pass}}'
|
||||||
|
ansible_winrm_transport: ntlm
|
||||||
|
register: fail_shutdown
|
||||||
|
failed_when: fail_shutdown.msg != "Shutdown command failed, error text was 'Access is denied.(5)\n'"
|
||||||
|
|
||||||
|
always:
|
||||||
|
- name: set the original SDDL to the WinRM listener
|
||||||
|
win_shell: Set-Item -Path WSMan:\localhost\Service\RootSDDL -Value "{{original_sddl.stdout_lines[0]}}" -Force
|
||||||
|
|
||||||
|
- name: remove standard user
|
||||||
|
win_user:
|
||||||
|
name: '{{standard_user}}'
|
||||||
|
state: absent
|
@ -0,0 +1,8 @@
|
|||||||
|
if (Test-Path -Path '{{win_output_dir}}\win_reboot_test') {
|
||||||
|
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager' `
|
||||||
|
-Name PendingFileRenameOperations `
|
||||||
|
-Value @("\??\{{win_output_dir}}\win_reboot_test`0") `
|
||||||
|
-PropertyType MultiString
|
||||||
|
Restart-Computer -Force
|
||||||
|
exit 1
|
||||||
|
}
|
Loading…
Reference in New Issue