From 4840952f3df148d85cd063a1b7d21870cb227a38 Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Tue, 19 Mar 2019 05:53:28 +1000 Subject: [PATCH] win_reboot - Fix rc validation when using psrp and add extra docs - 2.7 (#53718) * win_reboot - Fix rc validation when using psrp and add extra docs (#53711) * win_reboot - Fix rc validation when using psrp and add extra docs * Revert boot time command and fix docs (cherry picked from commit 3d23e47c53caf981fefbbb64d51e07336a93cbf9) * win_reboot - fix broken tests after recent commit (#53722) (cherry picked from commit d9795bad98c55afb7730a608998f75a9c7865b29) --- changelogs/fragments/win_reboot-psrp.yaml | 2 ++ lib/ansible/modules/windows/win_reboot.py | 3 +++ lib/ansible/plugins/action/win_reboot.py | 5 +++-- test/integration/targets/win_reboot/tasks/main.yml | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/win_reboot-psrp.yaml diff --git a/changelogs/fragments/win_reboot-psrp.yaml b/changelogs/fragments/win_reboot-psrp.yaml new file mode 100644 index 0000000000..2325d36fb5 --- /dev/null +++ b/changelogs/fragments/win_reboot-psrp.yaml @@ -0,0 +1,2 @@ +bugfixes: +- win_reboot - Fix reboot command validation failure when running under the psrp connection plugin diff --git a/lib/ansible/modules/windows/win_reboot.py b/lib/ansible/modules/windows/win_reboot.py index b15fd81d7a..4cdb47b7b0 100644 --- a/lib/ansible/modules/windows/win_reboot.py +++ b/lib/ansible/modules/windows/win_reboot.py @@ -61,6 +61,9 @@ options: notes: - If a shutdown was already scheduled on the system, C(win_reboot) will abort the scheduled shutdown and enforce its own shutdown. - For non-Windows targets, use the M(reboot) module instead. +- The connection user must have the C(SeRemoteShutdownPrivilege) privilege enabled, see + U(https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system) + for more information. author: - Matt Davis (@nitzmahone) ''' diff --git a/lib/ansible/plugins/action/win_reboot.py b/lib/ansible/plugins/action/win_reboot.py index 1d4903e0cb..f8773857c2 100644 --- a/lib/ansible/plugins/action/win_reboot.py +++ b/lib/ansible/plugins/action/win_reboot.py @@ -52,7 +52,7 @@ class ActionModule(RebootActionModule, ActionBase): def perform_reboot(self, task_vars, distribution): shutdown_command = self.get_shutdown_command(task_vars, distribution) shutdown_command_args = self.get_shutdown_command_args(distribution) - reboot_command = '{0} {1}'.format(shutdown_command, shutdown_command_args) + reboot_command = self._connection._shell._encode_script('{0} {1}'.format(shutdown_command, shutdown_command_args)) display.vvv("{action}: rebooting server...".format(action=self._task.action)) display.debug("{action}: distribution: {dist}".format(action=self._task.action, dist=distribution)) @@ -69,7 +69,8 @@ class ActionModule(RebootActionModule, ActionBase): display.warning('A scheduled reboot was pre-empted by Ansible.') # Try to abort (this may fail if it was already aborted) - result1 = self._low_level_execute_command('shutdown /a', sudoable=self.DEFAULT_SUDOABLE) + result1 = self._low_level_execute_command(self._connection._shell._encode_script('shutdown /a'), + sudoable=self.DEFAULT_SUDOABLE) # Initiate reboot again result2 = self._low_level_execute_command(reboot_command, sudoable=self.DEFAULT_SUDOABLE) diff --git a/test/integration/targets/win_reboot/tasks/main.yml b/test/integration/targets/win_reboot/tasks/main.yml index 6bbaf98806..ebb8707ad9 100644 --- a/test/integration/targets/win_reboot/tasks/main.yml +++ b/test/integration/targets/win_reboot/tasks/main.yml @@ -78,7 +78,7 @@ ansible_password: '{{standard_pass}}' ansible_winrm_transport: ntlm register: fail_shutdown - failed_when: "fail_shutdown.msg != 'Reboot command failed, error was: Access is denied.(5)'" + failed_when: "'Reboot command failed, error was: Access is denied.(5)' not in fail_shutdown.msg" always: - name: set the original SDDL to the WinRM listener