jborean93 / ansible-windows Goto Github PK

Not sure if this is because of a change to github requiring TLS1.2 now?

Regardless, you need to specify:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

As first line in the script in order to actually download the file with WebClient.DownloadFile

Hi there,

Great Script but in testing it incorrectly identifies Server 2012 R2 as Server 2012. The minor version in Server 2012 R2 is still 2 so it will download the file W2K12-KB3191565-x64.msu where it should get Win8.1AndW2K12R2-KB3191564-x64.msu

Cheers

Matt

详细信息: downloading url
'https://hotfixv4.trafficmanager.net/Windows%207/Windows%20Server2008%20R2%20SP1/sp2/Fix467402/7600/free/463984_intl_x6
4_zip.exe' to 'C:\Users\ADMINI~1\AppData\Local\Temp\1\463984_intl_x64_zip.exe.zip'
C:\Users\Administrator\AppData\Local\Temp\1\Install-WMF3Hotfix.ps1 : 使用“2”个参数调用“DownloadFile”时发生异常:“Un
able to connect to the remote server”
    + CategoryInfo          : NotSpecified: (:) [Install-WMF3Hotfix.ps1], MethodInvocationException
    + FullyQualifiedErrorId : WebException,Install-WMF3Hotfix.ps1

https://hotfixv4.trafficmanager.net and http://hotfixv4.microsoft.com both of down

I think it might be better advice to suggest updating to WMF 4.0 which is available from Windows 7 /Server 2008 R2 onwards.

ref ansible/ansible#10825 (comment)

Should be possible to update to fedora 28 in inventory?

Hi Jordan,

Please can you modify the code so it could be used in automation scripts: in particular remove user-interaction steps here:
142: Restart-Computer -Confirm

I'm running this script from Packer and I have to perform the following workaround otherwise Packer waits for user input forever:

# Automation script copied from
# https://github.com/jborean93/ansible-windows/tree/master/scripts
# Prepare temp directory
$tmp_dir = $env:temp
if (-not (Test-Path -Path $tmp_dir)) {
    New-Item -Path $tmp_dir -ItemType Directory > $null
}
# Download script from GitHub
$url    = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1"
$file   = "$tmp_dir\Install-WMF3Hotfix.ps1"
$script = "$tmp_dir\Install-WMF3Hotfix-no-restart.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
# Remove user-interaction line asking for computer restart confirmation
(Get-Content $file) -notmatch "^(.*)Restart-Computer -Confirm$" | Out-File $script
# Run WMF3Hotfix installation
powershell.exe -ExecutionPolicy ByPass -File $script -Verbose

Followed by Windows restart handled by Packer itself

BR
Pavel

Hello,

I have been receiving this error when I try to run the upgrade script.

Could you please point me to what could be the issue here?

failed to update Powershell to version 3: exit code 1618
At C:\Ansible\Upgrade-PowerShell.ps1:390 char:14

•     throw <<<<  $log_msg
  

  • CategoryInfo : OperationStopped: (failed to updat... exit code 1618:St
  • FullyQualifiedErrorId : failed to update Powershell to version 3: exit code 161

Thanks

It seems like the URL for KB2842230 has changed. This is referenced in the script https://github.com/jborean93/ansible-windows/blob/master/scripts/Install-WMF3Hotfix.ps1 and needs to be updated.

Also look at changing the tmp path to use $env:TEMP instead so it doesn't rely on a folder that doesn't always exists on hosts.

The comment block <#PSScriptInfo is being treated as script content on Powershell 1.0, is there an easy fix for this?

The code $os_version = [System.Environment]::OSVersion.Version uses a deprecated function in windows 8.1. It returns a value, but thw wrong value (identifies as Windows server 2012).

Changing it to $os_version =(Get-CimInstance Win32_OperatingSystem).version gives the right version.

If the script is run without admin priv's, I get this:

VERBOSE: 2020-04-30T12:43:07 - INFO - process completed with exit code '3010'
VERBOSE: 2020-04-30T12:43:07 - INFO - adding script to run on next logon
Set-ItemProperty : Requested registry access is not allowed.
At C:\Users\Owner\Documents\Upgrade-PowerShell.ps1:123 char:21
+     Set-ItemProperty <<<<  -Path $reg_key -Name $reg_property_name -Value $command
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...Version\RunOnce:String) [Set-ItemProperty], Securit
   yException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

If the script has to run again after a reboot, you must specify the -username and -password args.
Typically, username would be the same user that is currently logged in when the script is first run.

Remove -username and automatically fill it in with the current user that's logged in.
Remove -password and have it prompt for the password in a dialog box or user input at the command line.

Replace:
$reg_key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

With:
$reg_key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

First, Thanks for this repo, very useful for testing.

My use case is windows role testing. I only use two vm (DC + Ansible machine).
Could yo add a ansible_stable user with stable versions for ansible and python to the ansible machine?

This is what I'm doing now to use it for role testing:

cd my_role/tests/
git clone https://github.com/jborean93/ansible-windows.git

# Creating windows domain controler and client
cd ansible-windows/vagrant/
vim inventory.yml # Comment the following:
        # SERVER2008:
        #   ansible_host: 192.168.56.11
        #   vagrant_box: jborean93/WindowsServer2008-x64
        #   opt_domain_join_is_longhorn: yes
        # SERVER2008R2:
        #   ansible_host: 192.168.56.12
        #   vagrant_box: jborean93/WindowsServer2008R2
        # SERVER2012:
        #   ansible_host: 192.168.56.13
        #   vagrant_box: jborean93/WindowsServer2012
        # SERVER2012R2:
        #   ansible_host: 192.168.56.14
        #   vagrant_box: jborean93/WindowsServer2012R2
pip install --upgrade --user pywinrm
vagrant plugin install winrm winrm-fs winrm-elevated # Needed in Fedora28
vagrant up
vagrant halt
vagrant snapshot save "snapshot_$(date -Is)"
vagrant up dc # If only dc is needed (my case)

# Creating linux domain client
cd ../vagrant-linux/
vim inventory.yml # Comment the following:
        # UBUNTU1604:
        #   ansible_host: 192.168.56.21
        #   ansible_python_interpreter: /usr/bin/python3
        #   vagrant_box: ubuntu/xenial64
        #   ansible_package_name: 'apt'
        # CENTOS7:
        #   ansible_host: 192.168.56.22
        #   vagrant_box: centos/7
        #   ansible_package_name: 'yum'
vim main.yml  # Comment python and ansible roles

vagrant up

vim Vagrantfile  # Add the following synced folder before the last "end"
# config.vm.synced_folder "../../..", "/home/ansible/my_role", owner: "ansible", group: "ansible-admin"

vagrant halt
vagrant snapshot save "snapshot_$(date -Is)"
vagrant reload

# Setup done. Launch tests
vagrant ssh
sudo -u ansible -i
pip install --upgrade ansible --user
sudo dnf -y install sshpass python2-pexpect
sudo systemctl disable networkmanager
sudo systemctl mask networkmanager
sudo sh -c 'echo "192.168.56.10   dc01.domain.local dc01" >> /etc/hosts'
sudo sh -c 'echo "
search domain.local
nameserver 192.168.56.10
nameserver 10.180.188.75
" > /etc/resolv.conf'

cd ~/my_role/tests/
ansible-playbook main.yml -i inventory.yml

Hello,

I will find useful to have AD DS tools installed on DC01 to manage Active Directory services.

It will be nice to create a collection with roles, playbooks and modules in this repo and host it on Galaxy.

I read your script and I would like to propose some improvements.

• Currently, credentials are provided as strings - the best practice is to use [System.Management.Automation.PSCredential] type - detailed explanation How to Add Credential Parameters to PowerShell Functions. Changing the list of parameters is a broking change so the newer version should be published as 2.0 with an error message that parameters username and password are not valid anymore.

• The parameter verbose is declared as a switch type you don't have to assign the $false value to it. It has $false value by default. Additionally, usage of verbose should be checked by $verbose.IsPresent

• References in the file header

.LICENSEURI https://github.com/jborean93/ansible-windows-scripts/blob/master/LICENSE
.PROJECTURI https://github.com/jborean93/ansible-windows-scripts

are not actual - you probably changed the GitHub project name. Yes, GitHub redirects to the current URL but ... ;-)

If you will pre-agree with my remarks I can prepare a pull request to address them.

failed: [10.64.14.11] (item=-"googlechrome") => {"changed": false, "item": "-"googlechrome"", "module_stderr": "An error occurred while creating the pipeline.\r\n + CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordE \r\n xception\r\n + FullyQualifiedErrorId : RuntimeException\r\n \r\n\r\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 2}