I've been trying to get this running but it just won't go for me.
Here's the thing, I need to install Qualys through Ansible and it's making me mad.
The script I've got (that works) is a powershell script and it's like this:
Invoke-Command -ScriptBlock {& cmd /c .\QualysCloudAgent_4.6.1.6.exe CustomerId=$CId ActivationId=$AId WebServiceUri="http://qagpublic.qg2.apps.qualys.eu/CloudAgent/"}
Now, I've tried to use win_shell, win_powershell, win_raw, win_package...
I've tried to pass the parameters separately, to use become to become another user and elevate it.... but it just won't go.
It looks something like this what I need:
- name: Install Qualys Agent on the machine
ansible.win_shell: Invoke-Command -ScriptBlock {& cmd /c C:\\_IDTDeploy\\SW\\Qualys\\QualysCloudAgent_4.6.1.6.exe CustomerId="'{'{{customer_id}}'}'" ActivationId="'{'{{activation_id}}'}'" WebServiceUri="http://qagpublic.qg2.apps.qualys.eu/CloudAgent/"}
I've tried this
- name: Install Qualys agent
ansible.windows.win_package:
path: "{{ installingpath46 }}"
arguments:
- ActivationId="'{'{{activation_id}}'}'"
- CustomerId="'{'{{customer_id}}'}'"
- WebServiceUri="{{uripath}}"
- /install
- /passive
- /norestart
- /S
state: present
still, nothing.
Some of them won't go through, and some of them will but will install nothing.
Note that if I am to run the original script in PS or if I do just the CMD bit in a command prompt window it works perfectly.
Has any of you had to deal with this?
Thank you in advance!
I by now think I've tried pretty much everything I could find, there's even a script in github to install particularly Qualys, but I haven't found any that would have to use those arguments I'm having trouble with, I don't know if that's normal in all qualys installations.
Any advice will be much appreciated.
Cheers!
Related
We have an EC2 instance with a Files Share. Until now we could access it via UNC like so \\files.server.com.
Now we've started using packer and Ansible to setup our servers in deployment. After sysprep all the credentials get deleted and we need to create the access once again using the UserData script.
One more thing we need to give this access to all of our users because we have special user for our Windows service.
I have tried many things and still no luck, from New-PSDrive, NET USE,MapNetworkDrive, CredentialsManager and so on.
I would appreciate some assistance with this.
I do something similar, but I use the commands: section of a configSet within CloudFormation:
commands:
10-Create-Local-Fileshare-Directory:
command: >-
powershell.exe -Command New-Item "D:\Shared" -type directory
waitAfterCompletion: '0'
11-Create-Fileshare:
command: >-
powershell.exe -Command New-SmbShare -Name my-fileshare -Path "D:\Shared"
waitAfterCompletion: '0'
12-Grant-Fileshare-Permissions:
command: >-
powershell.exe -Command Grant-SmbShareAccess -Name my-fileshare -AccountName Everyone -AccessRight Change -Force
waitAfterCompletion: '0'
You could do the same if you're using CloudFormation or just pull out the Powershell commands you need.
Can anyone help me with a command running on a legacy network device (switch) from an Ansible (v2.5) connection? Because the network device is legacy I cannot use an Ansible module, which is why I have to resort to raw. Also, it is worth pointing out that I have no control over the legacy device - I cannot replace it with a more up-to-date model, or alter the configuration in any but the most trivial ways.
The Ansible command I want to run is quite basic. Something like this (obviously not this, in reality the command is 'nsshow', but I don't want to focus on that as I am sure there will be other commands with the same problem):
- name: "Device Command"
raw: "command1"
register: command
That does work, but not in the way required. The problem is that the command runs in the wrong context on the target device, so even though the command runs successfully the output it produces is not useful.
I have done some investigation with SSH commands to discover the nature of the problem. Initially I tried using SSH to connect to the device and entering the command manually. That worked, and I could see from the command prompt on the device that the command was running in the correct context. The next thing I tried was running the command as a pipeline. I found that the first of these commands didn't work (in the same way as Ansible), but that the second worked correctly:
echo -e "command1" | ssh myaccount#mydevice
echo -e "command1" | ssh -tt myaccount#mydevice
So, it seems that the problem relates to pseudo terminals. I realised I needed the -tt option when the first command gave a warning error 'Pseudo-terminal will not be allocated because stdin is not a terminal'. Going back to the Ansible command I can see that if I run Ansible with verbose output that -tt is used on the SSH command line. So why doesn't the Ansible command work? I then discovered that this command also hits the warning error problem when run from the command line:
ssh -tt myaccount#mydevice command1
I think that is more like what Ansible is doing than the pipeline examples I used above and that this explains why Ansible is not working.
Of course within Ansible I can run the command like this, which does work, but I'd rather avoid it.
- name: "Device Command"
local_action:
module: shell echo -e "command1" | ssh -tt myaccount#{{ inventory_hostname }}
register: command
So, the actual question is 'how can I run an Ansible play that runs a raw command on the target device that avoids the psuedo terminal issue'?
Thanks in advance for any help or suggestions.
You can always add ansible_ssh_args to your play:
- hosts: legacy_device
vars:
ansible_ssh_args: -tt
tasks:
- name: "Device Command"
raw: "command1"
register: command
or better yet to the inventory, or host_vars, or group_vars.
I want to log into a Windows server using a local user, then map a network drive using an Active Directory user and run an installer from it automated with Ansible.
I followed the suggestion from this question to create a PowerShell script and do the mount and the install. I used that script as follows:
Inventory:
[winserver]
windows
[winserver:vars]
ansible_user="local_user"
ansible_password="P#ssw0rd"
ansible_connection="winrm"
ansible_winrm_cert_validation=ignore
win_user="domain\aduser"
win_pass="P#55w0rd"
task yaml:
---
- name: Mount and run a script
script: 'files/maprun.ps1 -map_user {{ win_user }} -map_password {{ win_pass }} -script z:\ascript.ps1'
And the maprun.ps1 script contains the following:
param(
$map_user,
$map_password,
$script
)
$PWord="$map_password"|ConvertTo-SecureString -AsPlainText -Force
$myCreds=New-Object System.Management.Automation.PsCredential($map_user,$PWord)
New-PSDrive -Name "Z" -PSProvider "FileSystem" -Root "\\domain\share" -Credential $myCreds
echo Invoke-Command -ScriptBlock $script
And I get the error:
New-PSDrive: A specified logon session does not exist. It may already have
been terminated
Most hits talk about a double-hop problem, but I am trying to specify different credentials in the remote script, so this isn't a double hop problem. The other answer suggests this ought to be possible. The script works in interactive mode, so it is something to do with being in batch mode. Any ideas how I can get this to work?
I am using Ansible 2.3.1.0 on Red Hat Enterprise Linux. Windows is Windows Server 2012 R2. Scripts were manually typed, sorry for any typos.
I can make a few suggestions.
As you've written it, the script "maprun.ps1" must be saved in the "files" directory of your Linux controller machine. If it is, the "maprun.ps1" script will be copied by Ansible to the remote host, executed and deleted. If "maprun.ps1" is going to call "ascript.ps1" you need to copy "ascript.ps1" over to the remote host before calling "maprun.ps1" and have it's location defined in the context of "maprun.ps1".
You don't need parameter names before the args in your playbook "script:" command.
Args internal to your Ansible playbook need double curly brackets and quotes around them.
As an alternative to connecting to the network drive with the New-PSDrive command you could try the "net use" command as shown below.
So instead of
script: 'files/maprun.ps1 -map_user {{ win_user }} -map_password {{ win_pass }} -script z:\ascript.ps1'
Try
script: files/maprun.ps1 "Z:" "{{ win_user }}" "{{ win_pass }}" "z:\ascript.ps1"
Where maprun.ps1 contains the following...
# connect to a shared resource and run script
param(
[string]$map_server,
[string]$map_user,
[string]$map_password,
[string]$script
)
# connect to the network drive
net use $map_server $map_password /USER:$map_user
Invoke-Item (start powershell ((Split-Path $MyInvocation.InvocationName) + $script))
net use $uncServer /delete
Situation: Running the bat file on windows machine:
1. When I double click the bat file: Bat running is failed.
2. When I right click on bat file and run as administrator: Bat run is successful.
Now I have to run this bat file successfully from remote machine.
What I did:
1. Installed freeSSDd on remote machine and configured administrator user on freeSSHd to access shell and SFTP.
2. Now I am able to login to the remote machine using putty.
Problem:
I am not able to run the bat file successfully. How can I achieve this?
I also used runas /savecred /user:administrator C:/install.bat, but It didn't helped.
There is a way to get this working without any 3rd party software.
You have to create a task on the remote machine using the windows task scheduler which simply executes the desired command. There is an option where you can tell the scheruler to run a bat with a specific account. Enter an admin account and the password and check the "run with highest privileges" box. Leave "Triggers" empty, go to "Settings" and check the "Allow task to be run on demand" box. That's it!
Now when you want to run your file from a different location do
SCHTASKS /RUN /S <RemoteServerName> /U username /P password /TN "<task name>"
If you don't want to enter username and password each time you can adept the user policy (e.g. add the calling machine to the trusted list of the server).
If you have installed an ssh daemon, then you can run your BAT in a remote shell, but you remote shell may open up in something other than CMD.COM. I use cygwin to set up sshd and then from a remote machine, if I ssh in to run a command, it is using cygwin's bash. I can run a BAT file, but need to call CMD first:
ssh WINDOWS_SERVER "cmd /C D:\PATH_TO_BAT\BATCHFILE.BAT"
But there are some pieces missing here. I looked briefly at the Freesshd page and saw only graphical interfaces. Does freesshd support remote command execution, or just secure fire transfer? And what sort of shell get executed on the windows server when you run it?
cygwin is an entire Linux subsystem that runs under Windows and includes an sshd server, but might be a bit much for someone starting out: https://cygwin.com/
\n makes a powershell remote server that listens on port 22 (ssh) and dumps you into a powershell prompt, you can then use my steps above to call CMD from powershell, versus a bash shell.
http://www.powershellserver.com/
I have a problem running runas /USER:testuser cmd or runas /USER:testuser powershell:
If testuser has opened RDP session, %HOMEPATH% points to \Users\testuser
If testuser is logged off, the environment looks strange to me:
PS C:\Windows\system32> echo $env:HOMEPATH
\Windows\system32
PS C:\Windows\system32> echo $env:APPDATA
C:\Users\testuser\AppData\Roaming
PS C:\Windows\system32> echo $env:USERPROFILE
C:\Users\testuser
PS C:\Windows\system32> cd ~
PS C:\Windows\system32> cd $home
PS C:\Windows\system32>
I need a correct %HOMEPATH% for my scheduled script. Is it expected behaviour? What can I do about that?
I've tested it on two Win2008, Win7, Win2012 with the same result.
UPDATE: The initial issue was a hanging scheduled task. When I had tested it with runas, I found that ssh command doesn't see a configuration placed in user directory and asks user for additional info.
Since you mentioned ssh, I'm going to take a stab at an answer, since I just worked through a similar issue. I'm using cwRsync 3.1.0, and the example script that comes packaged with it uses %HOMEPATH% to setup %HOME% for rsync execution. Like you experienced, when using 'runas' with the target user not logged into the host, the script halts to accept a hostid, because Windows\system32.ssh doesn't exist. The HOMEPATH is set to Windows\system32.
When the target user is logged into the host (but runas is run under a distinct user's login), the HOMEPATH is set to user's profile path (Users\), and the .ssh path does resolve.
My solution was to change the script o use %USERPROFILE%, rather than %HOMEPATH%. At https://serverfault.com/questions/29948/difference-between-profile-and-home-path and http://blogs.msdn.com/b/patricka/archive/2010/03/18/where-should-i-store-my-data-and-configuration-files-if-i-target-multiple-os-versions.aspx there is discussion that to my understanding, indicates %HOMEPATH% is for user content, whereas %USERPROFILE% is for settings, etc., and probably better for pointing to .ssh.