Ansible : how to set recovery options in Windows services - windows

I need to bring up the following service and configure recovery options as below using ansible,
rem Register windows services
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" "C:\myservice.exe"
rem Configure windows services recovery options
%SystemRoot%\System32\sc.exe failure myservice reset= 600 actions= restart/300000
%SystemRoot%\System32\sc.exe failureflag myservice 1
I can use win_service module to install service.
- name: Install Windows service
win_service:
name: myservice
path: 'C:\myservice.exe'
How do I set recovery options in ansible ? I don't see any free-form text in below given link,
https://docs.ansible.com/ansible/2.3/win_service_module.html

The link you have shared points out to the win_service module in ansible version 2.3 which is quite old.
Meanwhile, I just checked and there is nothing about recovery options either in the latest version of win_service (2.8 at time of writing)
However, there seems to be an ongoing pretty advanced PR that would introduce changes meeting your requirements. There are still some issues to fix and it missed 2.9 code freeze. But hopefully it could come out for the next version.
If you really can't wait you can try to install ansible from the above PR branch. But if you want to keep it safe, you will have to launch commands through the win_command module after installing the service until this PR is released.

Related

Using a Windows VM from Jenkins through vsphere

I'm trying to reset-and-launch a Windows VM (in vsphere) during a Jenkins job. I successfully installed the vSphere Cloud Plugin. I've followed instructions to setup the Windows machine as a jenkins-mvn-slave, and have it setup to run as a service.
If I click on the button in Jenkins for Launch Slave Agent, I can see (in vsphere) that the VM does a revert snapshot, and then it does a power on virtual machine. If I attach to the machine, I can see that the Jenkins service starts automatically. However, back in Jenkins, it tells me that the Slave did not come online in allowed time.
Some key settings for my slave:
Force VM launch: Checked
Wait for VMTools: Not checked
Delay between launch and boot complete: 120
Secondary launch method: Launch slave agents view Java Web Start
Versions:
Jenkins: 1.596.2
vSphere: 5.5.0
Windows: Server 2012 R2 Standard, Build 9600
vSphere plugin: 2.7
What am I missing?
I've done a lot of messing around since I posted, but I think the following is what I was doing wrong. I first got the VM working as a normal slave agent. Once I had that working, then I tried to setup the same as a vsphere-cloud-slave-agent. I wasn't realizing that setting up a host as a slave agent is "agent-name specific".
So, I uninstalled the Jenkins service, launched the "vsphere cloud slave agent", logged into the machine, and ran javaws (as specified in the previously mentioned instructions.
A couple of other gotchas that I encountered (not relevant to the initial post, but maybe relevant to someone who reads this):
I originally installed git with a password manager. Unfortunately, since jenkins jobs aren't interactive, it was hanging on the git clone command. I tried uninstalling and re-installing git, but it didn't fix the problem for whatever user the jenkins slave was running as. I ended up having to revert to a previous slave image and install git from there. (I probably could have also figured out what user was running the jenkins slave, and entered the desired password there.)
I wanted to run a clean VM for each job. I never figured out this one. If I set Availability to Take this slave on-line when in demand and off-line when idle, that was a good start. However, if I set the times to 0 and 0, then the machine was constantly rebooting. If I set the times to 1 and 1, then the machine does mostly what I want, unless there are back-to-back jobs queued to run.

Smartfoxserver 2X linux 64 running on EC2 via dotcloud - how to install?

I am currently trying to deploy smartfoxserver 2X on EC2 using dotcloud. I have been able to detect the private ip of the amazon web instance, and using the dotcloud tools I have been able to determine the correct port. However, I have difficulty installing the server proper via the command line so that I can log into it using the AdminTool.
My postinstall is fairly straightforward:
./SFS2X/sfs2x-service start-launchd
I find that on 'dotcloud push' there is a fair amount of promising output in my cygwin terminal, but the push hangs after saying that the sfs2x-service has been launched correctly, until timeout.
Consequently, my question is, has anyone found a way to install SFS2X on EC2 via dotcloud successfully? I managed to have partial success with SFS Pro, with a complete push to dotcloud, by calling ./jre/bin/java -jar installer.jar in my postinstall. Do I need to do extra legwork and build an installer jar for SFS2X? Is there a way that would be best to do this?
I do understand that there is a standard approach to deployment with SFS2X using RightScale on EC2, however I am interested in deployment using the dotcloud platform.
Thanks in advance.
The reason why it is hanging is because you are trying to start your process in the postinstall, and this is not the correct place to do that. The postinstall script is suppose to finish, if it doesn't the deployment will time out, and then get cancelled.
Once the postinstall script is finished, it will then finish the rest of your deployment.
See this page for more information about dotCloud postinstall script:
http://docs.dotcloud.com/0.9/guides/hooks/#post-install
Pay attention to this warning at the end.
Warning:
If your post-install script returns an error (non-zero exit code), or if it runs for more than 10 minutes, the platform will consider that your build has failed, and the new version of your code will not be deployed.
Instead of putting this in the postinstall script, you should add it as a background process, so that it starts up once the deployment process is complete.
See this page for more information on adding background processes to dotCloud services:
http://docs.dotcloud.com/0.9/guides/daemons/
TL;DR: You need to create a supervisord.conf file, and add it to the root of your project, and add your service to that.
Example (you will need to change to fit your situation):
[program:smartfoxserver]
command = /home/dotcloud/current/SFS2X/sfs2x-service start-launchd
Also, make sure you have the correct dotCloud service specified in your dotcloud.yml in order to have the correct binary and libraries installed for what your smartfoxserver application.

How do install security updates on an Amazon Linux AMI EC2 instance?

I see the following notices displayed on login:
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
See /usr/share/doc/system-release/ for latest release notes.
There are 30 security update(s) out of 39 total update(s) available
How do I install these updates on my machine?
As outlined in section Security Updates within Amazon Linux AMI Basics, Amazon Linux AMIs are configured to download and install security updates at launch time, i.e. If you do not need to preserve data or customizations on your running Amazon Linux AMI instances, you can simply relaunch new instances with the latest updated Amazon Linux AMI (see section Product Life Cycle for details).
This currently includes only Critical or Important security updates though, see the AWS team's response to Best practices for Amazon Linux image security updates:
The default on Amazon Linux AMI is to install any Critical or
Important security updates on launch. This is a function of cloud-init
and be modified in cloud.cfg on the box or by passing in user-data.
This is why you see some security updates still available at launch.
Consequently, if you want to install all security updates or indeed need to preserve data or customizations on your running Amazon Linux AMI instances, you can maintain those instances through the Amazon Linux AMI yum repositories, i.e. you need to facilitate the regular Yum update mechanism as outlined for the yum-security plugin:
# yum update --security
Please note: This does not work if only security updates are selected, due to the fact that security updates are not properly flagged in centos and amazon linux. This may be a matter of Redhat making security a paid feature which, if I'm being frank, is bullshit.
For this to work you must update the yum-cron config file to install all updates. This makes security updates less likely to run reliably which makes everyone less secure.
update_cmd = default
Amazon Linux runs updates when the host boots for the first time.
If you plan to have hosts up long-term you may also want to enable automatic security updates. I recommend using yum-cron:
sudo yum install yum-cron
The config file is here: (you probably want to just run security updates)
/etc/yum/yum-cron.conf
You can then enable yum-cron like so:
sudo service yum-cron start
edit from a useful comment below:
"If you're creating/destroying instances with an auto-scaling group, etc, the command should be something like "sudo yum update -y" in user data."
The answer above is correct, here are the 4 commands you can copy and paste to run:
# Install the package yum-cron
sudo yum install yum-cron -y
# Change the config file /etc/yum/yum-cron.conf and modify the line apply_updates from no to yes
sudo sed -i "s/apply_updates = no/apply_updates = yes/" /etc/yum/yum-cron.conf
# Enable the yum-cron service to start automatically upon system boot
sudo systemctl enable yum-cron
# Start the yum-cron service now
sudo systemctl start yum-cron
These commands also work on Red Hat 7, CentOS 7
If you are running as the root user you can simply run the commands without sudo:
yum install yum-cron -y
sed -i "s/apply_updates = no/apply_updates = yes/" /etc/yum/yum-cron.conf
systemctl enable yum-cron
systemctl start yum-cron
For more information see https://linuxize.com/post/configure-automatic-updates-with-yum-cron-on-centos-7/
https://www.howtoforge.com/tutorial/how-to-setup-automatic-security-updates-on-centos-7/

Uninstall Windows Service from Deployment package

I know that you can install your Windows Service via the VS deployment system which I've done. But how do you deploy updates after that? Each time I deploy a new version, it says that the service already exists and exits.
I tried to add a little DOS CMD file with the following:
net stop [ServiceName]
sc delete [ServiceName]
It would work fine if I could just get to run it, but the custom scripts options in the Deployment system doesn't allow that file type.
How can I either a). Update my package on the clients pc or b). run that uninstall utility from within my installer so I can run the update?
Any help would be greatly appreciated.
Regards,
Storm
If the service is already installed, all you need to do is NET STOP it, replace the exe, then NET START the service.

Run batch file as a Windows service

In order to run one application, a batch file has to be kicked off (which does things like start Jetty, display live logs, etc). The application will work only if this batch file is running. I am hence forced to have this batch file running and not logout from the Windows server.
Can this batch file be run as a service? I am experimenting with one of the suggestions from a similar question.
NSSM is totally free and hyper-easy, running command prompt / terminal as administrator:
nssm install "YourCoolServiceNameLabel"
then a dialog will appear so you can choose where is the file you want to run.
to uninstall
nssm remove "YourCoolServiceNameLabel"
There's a built in windows cmd to do this: sc create. Not as fancy as nssm, but you don't have to download an additional piece of software.
sc create "ServiceName" start= demand displayname= "DisplayName" binpath= [path to .bat file]
Note
start=demand means you must start the service yourself. Options include: boot, system, auto, demand, disabled, delayed-auto
whitespace is required after =
I did encounter an error on service start that the service did not respond in a timely manner, but it was clear the service had run the .bat successfully. Haven't dug into this yet but this thread experienced the same thing and solved it using nssm to install the service.
No need for extra software. Use the task scheduler -> create task -> hidden. The checkbox for hidden is in the bottom left corner. Set the task to trigger on login (or whatever condition you like) and choose the task in the actions tab. Running it hidden ensures that the task runs silently in the background like a service.
Note that you must also set the program to run "whether the user is logged in or not" or the program will still run in the foreground.
On Windows 2019 Server, you can run a Minecraft java server with these commands:
sc create minecraft-server DisplayName= "minecraft-server" binpath= "cmd.exe /C C:\Users\Administrator\Desktop\rungui1151.lnk" type= own start= auto
The .lnk file is a standard windows shortcut to a batch file.
--- .bat file begins ---
java -Xmx40960M -Xms40960M -d64 -jar minecraft_server.1.15.1.jar
--- .bat file ends ---
All this because:
service does not know how to start in a folder,
cmd.exe does not know how to start in a folder
Starting the service will produce "timely manner" error, but the log file reveals the server is running.
If you need to shut down the server, just go into task manager and find the server java in background processes and end it, or terminate the server from in the game using the /stop command, or for other programs/servers, use the methods relevant to the server.
As Doug Currie says use RunAsService.
From my past experience you must remember that the Service you generate will
have a completely different set of environment variables
have to be carefully inspected for rights/permissions issues
might cause havoc if it opens dialogs asking for any kind of input
not sure if the last one still applies ... it was one big night mare in a project I worked on some time ago.
While it is not free (but $39), FireDaemon has worked so well for me I have to recommend it. It will run your batch file but has loads of additional and very useful functionality such as scheduling, service up monitoring, GUI or XML based install of services, dependencies, environmental variables and log management.
I started out using FireDaemon to launch JBoss application servers (run.bat) but shortly after realized that the richness of the FireDaemon configuration abilities allowed me to ditch the batch file and recreate the intent of its commands in the FireDaemon service definition.
There's also a SUPER FireDaemon called Trinity which you might want to look at if you have a large number of Windows servers on which to manage this service (or technically, any service).
Since NSSM is no longer maintained, you can consider using WinSW. It has binaries that would work with or without .Net.
Basically you create an XML file and then install it. Here is a sample of a minimal XML:
<service>
<!-- ID of the service. It should be unique across the Windows system-->
<id>myapp</id>
<!-- Path to the executable, which should be started -->
<!-- CAUTION: Don't put arguments here. Use <arguments> instead. -->
<executable>%BASE%\myExecutable.exe</executable>
</service>
And then you can install and start it:
winsw install myapp.xml
winsw start myapp.xml
Install NSSM and run the .bat file as a windows service.
Works as expected
My easest way is using opensource svcbatch (https://github.com/mturk/svcbatch/) as wrapper of CMD(BAT) in sc :
sc create myservice binPath= ""%cd%\svcbatch.exe" myservice.bat"

Resources