We want to automatize our integration tests for a Windows-MFC-application (Visual C++) with gitlab-ci/cd. We have set up a gitlab-runner (version 14.2.0) on Windows 10 with Powershell.
In the ci/cd script, we start our application with the following Powershell command. (line breaks included for readability)
- 'foreach ($test in $TestDirectories)
{
Write-Host "Running test $test.";
$proc = Start-Process "./Release/MyApp.exe" -argumentList "-TESTMODE $test" -PassThru;
Wait-Process -Id $proc.Id;
if ($proc.ExitCode -ne 0)
{
$ESC = [char]27;
$ExitCode = $proc.ExitCode;
Write-Host "$ESC[31mTest $test failed with code $ExitCode $ESC[0m";
exit 1;
}
}'
The app is running, but its behavior is very strange. Sometimes it is crashing, sometimes the tests get stuck. I have attached the Visual Studio debugger to the process, but I was not able to find the real problem with many effort. Always some new, changing errors.
I suspect a problem, that the app is started from the gitlab-runner service without a real graphical user interface. I cannot see its windows anywhere, but the application is listed in the task manager. Is it somehow possible to start the application in a "normal" manner? Can I see its window somehow?
I have tried to register the gitlab-runner with a user account
gitlab-runner.exe install -user MyUser -password xxx
and also with the system account (standard)
gitlab-runner.exe install
Also, setting the flag "Allow interact with desktop" in the service manager did not work.
But, if I start the upper commands from normal Powershell console, everything goes well.
Do you have some suggestions, how to handle windows application with GUI in gitlab-ci-cd-scripts?
My config.toml file:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "PEN-PC2101"
url = "https://gitlab.com"
token = "********"
executor = "shell"
shell = "powershell"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
A bit late...
A Windows service can no longer open a GUI, the reason is that the services are potentially running a user that is not you. They can even run even if you are not logged on.
You will have to have a software running in your session, communicating (over sockets/pipes/...) with the service and launch your executables.
Related
I've created a pssession on a remote computer and entered that possession. From within that session I use start-process to start notepad. I can confirm that notepad is running with the get-process command, and also with taskmgr in the remote computer. However, the GUI side of the process isn't showing. This is the sequence I've been using:
$server = New-PSSession -ComputerName myserver -Credential mycreds
Enter-PSSession $server
[$server]: PS C:\>Start-Process notepad -Wait -WindowStyle Maximized
The process is running, but while RDP'd to the box, notepad does not open. If I open notepad from the server, a new notepad process begins. I also tried by using the verb parameter like this:
[$server]: PS C:\>Start-Process notepad -Wait -WindowStyle Maximized -Verb Open
Same result tho... Process starts, but no notepad shows. I've tried this while remoted into the box (but issued from my local host) as well as before remoting into the server.
That is because your powershell session on the remote machine does not go to any visible desktop, but to an invisible system desktop. The receiving end of your powershell remote session is a Windows service. The process is started, but nor you nor anyone else can ever see it.
And if you think about it, since multiple users could RDP to the same machine, there is really no reason to assume a remote powershell session would end up showing on any of the users desktops. Actually, in almost all cases you wouldn't want it anyway.
psexec with the -i parameter is able to do what you want, but you have to specify which of the sessions (users) you want it to show up in.
I know this is old, but I came across it looking for the solution myself so I wanted to update it for future poor souls.
A native workaround for this problem is to use a scheduled task. That will use the active session
function Start-Process-Active
{
param
(
[System.Management.Automation.Runspaces.PSSession]$Session,
[string]$Executable,
[string]$Argument,
[string]$WorkingDirectory,
[string]$UserID
)
if (($Session -eq $null) -or ($Session.Availability -ne [System.Management.Automation.Runspaces.RunspaceAvailability]::Available))
{
$Session.Availability
throw [System.Exception] "Session is not availabile"
}
Invoke-Command -Session $Session -ArgumentList $Executable,$Argument,$WorkingDirectory,$UserID -ScriptBlock {
param($Executable, $Argument, $WorkingDirectory, $UserID)
$action = New-ScheduledTaskAction -Execute $Executable -Argument $Argument -WorkingDirectory $WorkingDirectory
$principal = New-ScheduledTaskPrincipal -userid $UserID
$task = New-ScheduledTask -Action $action -Principal $principal
$taskname = "_StartProcessActiveTask"
try
{
$registeredTask = Get-ScheduledTask $taskname -ErrorAction SilentlyContinue
}
catch
{
$registeredTask = $null
}
if ($registeredTask)
{
Unregister-ScheduledTask -InputObject $registeredTask -Confirm:$false
}
$registeredTask = Register-ScheduledTask $taskname -InputObject $task
Start-ScheduledTask -InputObject $registeredTask
Unregister-ScheduledTask -InputObject $registeredTask -Confirm:$false
}
}
When you use New-PSSession and then RDP into that same computer, you're actually using two separate and distinct user login sessions. Therefore, the Notepad.exe process you started in the PSSession isn't visible to your RDP session (except as another running process via Task Manager or get-process).
Once you've RDP'd into the server (after doing what you wrote in your post), start another Notepad instance from there. Then drop to PowerShell & run this: get-process -name notepad |select name,processid
Note that there are two instances, each in a different session.
Now open up Task Manager and look at the user sessions. Your RDP session will probably be listed as session 1.
Now quit Notepad and run get-process again. You'll see one instance, but for session 0. That's the one you created in your remote PSSession.
There are only 2 workarounds that I know of that can make this happen.
Create a task schedule as the logged in user, with no trigger and trigger it manually.
Create a service that starts the process with a duplicated token of the logged in user.
For the task schedule way I will say that new-scheduledtask is only available in Windows 8+. For windows 7 you need to connect to the Schedule Service to create the task like this (this example also starts the task at logon);
$sched = new-object -ComObject("Schedule.Service")
$sched.connect()
$schedpath = $sched.getFolder("\")
$domain = "myDomain"
$user="myuser"
$domuser= "${domain}\${user}"
$task = $sched.newTask(0) # 0 - reserved for future use
$task.RegistrationInfo.Description = "Start My Application"
$task.Settings.DisallowStartIfOnBatteries=$false
$task.Settings.ExecutionTimeLimit="PT0S" # there's no limit
$task.settings.priority=0 # highest
$task.Settings.IdleSettings.StopOnIdleEnd=$false
$task.settings.StopIfGoingOnBatteries=$false
$trigger=$task.Triggers.create(9) # 9 - at logon
$trigger.userid="$domuser" # at logon
$action=$task.actions.create(0) # 0 - execute a command
$action.path="C:\windows\system32\cmd.exe"
$action.arguments='/c "c:\program files\vendor\product\executable.exe"'
$action.WorkingDirectory="c:\program files\vendor\product\"
$task.principal.Id="Author"
$task.principal.UserId="$domuser"
$task.principal.LogonType=3 # 3 - run only when logged on
$task.principal.runlevel=1 # with elevated privs
# 6 - TASK_CREATE_OR_UPDATE
$schedpath.RegisterTaskDefinition("MyApplication",$viztask,6,$null,$null,$null)
Creating a service is way more complicated, so I'll only outline the calls needed to make it happen. The easy way is to use the invoke-asservice script on powershell gallery: https://www.powershellgallery.com/packages/InvokeAsSystem/1.0.0.0/Content/Invoke-AsService.ps1
Use WTSOpenServer and WTSEnumerateSessions to get the list of sessions on the machine. You also need to use WTSQuerySessionInformation on each session to get additional information like username. Remember to free your resources using WTSFreeMemory and WTSCloseServer You'll end up with some data which looks like this (this is from the qwinsta command);
SESSIONNAME USERNAME ID STATE
services 0 Disc
>rdp-tcp#2 mheath 1 Active
console 2 Conn
rdp-tcp 65536 Listen
Here's an SO post about getting this data; How do you retrieve a list of logged-in/connected users in .NET?
This is where you implement your logic to determine which session to target, do you want to display it on the Active desktop regardless of how it's being presented, over RDP or on the local console? And also what will you do if there is no one logged on? (I've setup auto logon and call a lock desktop command at logon so that a logged in user is available.)
You need to find the process id of a process that is running on the desktop as that user. You could go for explorer, but your machine might be Server Core, which explorer isn't running by default. Also not a good idea to target winlogon because it's running as system, or dwm as it's running as an unprivileged user.
The following commands need to run in a service as they require privileges that only system services have. Use OpenProcess to get the process handle, use OpenProcessToken to get the security token of the process, duplicate the token using DuplicateTokenEx then call ``CreateProcessAsUser``` and finally Close your handles.
The second half of this code is implemented in invoke-asservice powershell script.
You can also use the sysinternals tool psexec, I didn't list it as a 3rd way because it just automates the process of creating a service.
I have a PowerShell completion hook that looks like:
$scriptblock = {
param($wordToComplete, $commandAst, $cursorPosition)
# ...
clap-json-test-completions power-shell query $wordToComplete $script:index -- #elements | ForEach-Object {
[System.Management.Automation.CompletionResult]::new($_)
}
}
Register-ArgumentCompleter -Native -CommandName clap-json-test -ScriptBlock $scriptblock
The clap-json-test-completions command is a program written in Rust which generates suggestions for the completing the current command line.
The clap-json-test-completions program is designed to talk to a local "server" process on the machine for certain bits of information that take longer to figure out and can be cached by the server process. If the server process isn't running then the clap-json-test-completions program attempts to start it up.
Unfortunately, the PowerShell completions mechanism waits until that server process stops before returning the suggestions to the user. As that server process is designed to not stop, this is an issue.
I have tried spawning the server process using:
.creation_flags(
DETACHED_PROCESS_FLAG
| CREATE_NEW_PROCESS_GROUP_FLAG
)
Based on the Creation Flags documentation in the Windows docs. Unfortunately they don't seem to have to desired effect. Instead of allowing the completion process to return whilst the server is still running, they just seem to make it so that Ctrl-C no longer kills the server from the hung completion prompt.
I've also tried launching the command a "Job" using:
Start-Job -ScriptBlock { clap-json-test-completions power-shell query $wordToComplete $script:index -- #elements } | Receive-Job -AutoRemoveJob -Wait | ForEach-Object {
[System.Management.Automation.CompletionResult]::new($_)
}
In the Power-Shell completion script and using CREATE_BREAKAWAY_FROM_JOB_FLAG as an additional creation flag but that doesn't seem to work.
I understand that Windows Services exist for long running processes but we would rather have a situation where the server only starts when the user first tries to do a completion and have a situation where the user has permissions to start the server (as a normal process) rather than requiring extra permissions to interact with the Windows Service system.
The current approach works fine if the clap-json-test-completions binary is run by itself outside of the completions system. It doesn't hang waiting for the server to finish.
Is there an approach to either the PowerShell completion script or the process creation in the Rust code that'll allow the completion system to return whilst the server still runs?
I am trying to build an AWS AMI for a gitlab runner for building our .NET application.
I am using packer for building the image based one the official Windows Server 2019 base AWS AMI.
I am using WinRM, with HTTPS, not changing any password.
Here are the powershell commands to configure the virtual machine :
"Creating desktop directory"
mkdir C:\Windows\SysWOW64\config\systemprofile\Desktop
"Installing ntrights tools"
mkdir tools
Invoke-WebRequest -Uri "https://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe" -OutFile "tools\tools.exe" -UseBasicParsing
Start-Process "tools\tools.exe" -ArgumentList "/T:$pwd\tools\ /C" -Wait
Start-Process "msiexec.exe" -ArgumentList "/i $pwd\tools\rktools.msi /qn" -Wait
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
Remove-Item tools -Recurse
"Setting rights of service logon to $Env:WINRMUSER"
ntrights.exe ntrights +r SeServiceLogonRight -u $Env:WINRMUSER
# Git lab runner
$path = ".\gitlab-runner.exe"
If(!(test-path $path))
{
"Downloading Gitlab Runner"
Invoke-WebRequest -Uri "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-windows-386.exe" -OutFile $path -UseBasicParsing
}
"Scheduling runner to start at startup of the system"
schtasks.exe /create /tn "Gitlab Runner service start" /RU $Env:WINRMUSER /RP `"$Env:WINRMPASS`" /Sc ONSTART /tr "powershell -Command $pwd\register-gitlabrunner.ps1 -ExecutionPolicy Bypass"
There are obviously more scripts executed (install msbuild, install .net sdk 4.7.2, nugget, and git) I can provide them if relevant. Here I focus on the powershell code I came up with for the gitlab runner problem.
I want the virtual machine to start the runner on start so we just have to launch instances of the AMI to scale up.
To explain a bit more what I did try :
You can see I am trying to create the desktop directory in order for windows to get that it can run interactive things... Not working
I am setting up the SeServiceLogonRight in order to avoid the "failed to logon" error
The user is Administrator, and the password is the right password
The scheduled tasks is created and ready to run. Won't run on start, won't run If i start it through schtasks /Run (the last run time is never updated and show a value in 19XX)
Tried to cmd /c the task command, everything work as expected
I don't find any logs anywhere, event log seems to be empty of problem from Application, System and Powershell. The file in c:\Windows\Tasks\SchlogU (or something like that), does not exist (but the folder exists)
I have no UI for the scheduler, I use a light version of windows so all I can do is play with the schtasks.exe
Default folder is : c:\Users\Administrator
The powershell script is pushed by packer onto the server and is located in c:\Users\Administrator (as for the gitlab-runner.exe)
I connect directly through RDP to try debugging the situation.
Here is the script that should be started
Set-Location $PSScriptRoot
$path = ".\gitlab-runner.exe"
"Stopping runner"
Invoke-Expression "$path stop"
"Unregistering previous configuration"
Invoke-Expression "$path unregister --all-runners"
"Uninstalling runner"
Invoke-Expression "$path uninstall"
"Installing runner"
Invoke-Expression "$path install"
"Registering Gitlab Runner"
Invoke-Expression "$path register --non-interactive --url 'https://URL_HERE/' --registration-token 'TOKEN HERE' --executor shell"
"Starting the runner"
Invoke-Expression "$path start"
I can install the runner only once in the configuration using the user and password but this is not the problem here since the task never runs...
Answer the question with what I came up thanks :
I was told by so many docs and answers everywhere that the task scheduler is the way to go when you need to start scripts at startup or logon.
As I always worked with windows servers with GUIs, the Task Scheduler was working fine until now. Maybe I did something wrong somewhere, maybe not.
Anyway, after trying using powershell commands to create the task (with improvements but no sufficient solutions), I tried to put a command file in the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp, did not work either.
the file look like this thanks to this link
PowerShell -Command "Set-ExecutionPolicy Unrestricted"
PowerShell -Command "c:\Users\Administrator\register-gitlabrunner.ps1" >> c:\startup.log.txt
I tried to delay the start of the script to 5 minutes after startup. Was to test if it was a problem with a slow initialization of network or something else. Still not working.
There is something preventing the script to be executed when it's launched at startup using this methods.
From there I added a persistent "user_data" script on my EC2 launch template in order to start what I was expecting on start. It works.
I don't feel it's the best way since I need to configure the template and not only the AMI but at least it works.
The script in user_data looks like this :
<script>
cmd /c "C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/startup.cmd"
</script>
<persist>true</persist>
I kept the installation and registering in the startup script since I got logon errors when I install gitlab runner through WinRM using the account credentials (--user --password)
I still don't understand what is up with this issue. I guess it's a problem with the account used to start the script (localsystem or something like that, that would conflict with the gitlab runner service).
Since I have no GUI (the docs are mostly on GUI) and limited time, I won't investigate more for the moment and feel it's enough at least for the moment.
Hope this can help someone that will encounter the same situation
I need to run a powershell script whenever the server is rebooted/shutdown (whether graceful or disgraceful reboot).
The script will stop 4 application services at an interval of 1 minute and then finally reboots the system.(This is a business requirement, don't ask why)
How can I make server to invoke the .ps1 script whenever a reboot or a shutdown is initiated.
My test results:
I tried to create a test script which will generate a text file with current date/time and added it to the scheduled task on the trigger of event log 6006 (which is created whenever a system reboot/shutdown is initiated.)
I checked the box -"Run with highest privileges" but after system restart no text file was generated as it was supposed to, although it generates when ran manually.
Do we have any better approach to implement this?
(My final expectation should look like this-
On a random day a random user initiated reboot after a monthly patch when a command prompt window opens before him with message something like:
Stopping service abc...
Stopped.
Waiting for 60 seconds.
Stopping service xyz...
Stopped
EDIT: I've been successfully able to invoke the .ps1 file by adding it to the gpedit as suggested by Kory and Alroc but the script runs only in background when computer restart is initiated. It doesn't opens a regular cmd window to show the progress.
I'm adding the .ps1 script as well below which stops 2 services(chosen for testing purpose) at an interval of 10 seconds and will show the timer as well, only when ran manually.When invoked by the shutdown command it'll stop services only in the background without showing the progress to the user. Kindly assist to achieve this?
Write-Host "Shutdown script invoked"
stop-service W32Time -force -PassThru
for($i = 10 ; $i -gt 0 ; $i--)
{
Write-Progress -Activity "`n Waiting for" -status "`$i equals $i seconds"
sleep 1
}
stop-service wuauserv -force -PassThru
You can use GPO to configure a shutdown script for systems.
You might be able to to it via a Win32_ComputerShutdownEvent watcher as well.
After deep digging, I've finally figured out how to make the cmd window visible while system shutdown in progress.
Here is the complete steps of performing above mentioned expectation:
Open gpedit.msc
Navigate to Computer Configuration->Windows
Settings->Scripts(Startup/Shutdown)->Shutdown.
Go to Shutdown properties. In the powershell scripts tab add your
script and select 'Run Windows Powershell script first'
Above steps will enable the invoke of script at every system shutdown. Now to make the script visible and show progress:
Navigate to Computer Configuration->Administrative
Templates->System->Scripts
Among the policies showing in the right pane enable below
properties:
Run Windows Powershell scripts first at computer start,shutdown
Run shutdown scripts visible
I would like to have a Windows 2003 server fire a script to fire another script in a separate Windows Server 2008 computer.
I have been told that Powershell can do that, and that's fine, but I need more specific details.
Does anyone have any tips for this?
Thanks!
psexec from SysInternals
Look into the syntax for the AT command. You can use it to schedule a process to run on a remote machine.
The AT command schedules commands and programs to run on a computer at
a specified time and date. The Schedule service must be running to use
the AT command.
AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]
AT [\\computername] time [/INTERACTIVE]
[ /EVERY:date[,...] | /NEXT:date[,...]] "command"
\\computername Specifies a remote computer. Commands are scheduled on the
local computer if this parameter is omitted.
id Is an identification number assigned to a scheduled
command.
/delete Cancels a scheduled command. If id is omitted, all the
scheduled commands on the computer are canceled.
/yes Used with cancel all jobs command when no further
confirmation is desired.
time Specifies the time when command is to run.
/interactive Allows the job to interact with the desktop of the user
who is logged on at the time the job runs.
/every:date[,...] Runs the command on each specified day(s) of the week or
month. If date is omitted, the current day of the month
is assumed.
/next:date[,...] Runs the specified command on the next occurrence of the
day (for example, next Thursday). If date is omitted, the
current day of the month is assumed.
"command" Is the Windows NT command, or batch program to be run.
easiest way that is use will be in two steps
a. installing cygwin to remote pc
b. run ssh hudson#mcs '/cygdrive/c/path_to_script.bat'
Speaking about PsExec, I would strongly suggest to use Cygwin/OpenSSH instead.
SSH has multiple advantages (over tools like PsExec or even custom-made services).
For example, try to use with PsExec and implement what these bash / ssh command lines do:
ssh user#remotehost "find . -name something" 2> all.errors.txt
ssh user#remotehost "grep -r something ."
if [ "$?" == "0" ]
then
echo "FOUND"
else
echo "NOT FOUND"
fi
Good Luck!
SSH transfers (!) remote stdout / stderr / exit status to local shell for inspection
(killer feature and common requirement to integrate remote execution into logic of local scripts)
Cygwin/OpenSSH provides standard POSIX shell environment
(efficient time investment, fundamental tools, cross-platform ready, compatible habits, etc.)
You can still/always run all native Windows application
(including automatic execution of *.bat files by cmd processor)
You can configure password-less auth using public keys
(think about unattended automated tasks)
Tip
There was one requirement I had problems with initially:
background sshd service had to execute apps in user's graphical session
(to make application window appear in desktop environment).
The acceptable solution for me was running sshd service directly in user's GUI session
(start automatically when user logs in, follow the link to see configuration file changes):
/usr/sbin/sshd -f /home/user/sshd_config
The accepted solution from http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22959948.html is:
What I provide was a script that takes
parameters... In this case it takes 4.
1) Server: if you pass -server it will
only do that one server 2) List: You
can provide a list file of servers.
3) Service: Name of the service you
want to modify 4) Verbose: is not
used here.
I did have some mistakes that I
changed in the following code. To use
cut/paste the code into a file called
Set-RemoteService.ps1. Make sure to
set your executionpolicy to run
scripts... it will not by default. You
do that by using the
set-executionpolicy cmdlet. PS>
Set-Executionpolicy "RemoteSigned" to
run the script you do PS>
C:\PathToScript\Set-RemoteService.ps1
-list c:\ServerList.txt -service "DHCP"
######################### Param($server,$list,$service,[switch]$verbose)
if($Verbose){$VerbosePreference =
"Continue"} if($list) {
foreach($srv in (get-content $list))
{
$query = "Select * from Win32_Service where Name='$service'"
$myService = get-WmiObject -query $query -computer $srv
$myService.ChangeStartMode("Automatic")
$myService.Start()
} } if($server) {
$query = "Select * from Win32_Service where Name='$service'"
$myService = get-WmiObject -query $query -computer $server
$myService.ChangeStartMode("Automatic")
$myService.Start() }