Loading...

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: Unspecified
Component/s: cloud-content, Public Cloud
Labels:
- aws
- github

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

https://github.com/ansible-collections/community.aws/issues/1952

1. 1. Summary

A similar issue has been reported on: https://github.com/ansible/ansible/issues/67119
That is however on the main Ansible repo, while I have the feeling this is the more appropriate place.

In short, connection to Windows based EC2 instances using aws_ssm connection and using the become option of runas fails every job.
The job itself actually finishes, but as Powershell 5 adds additional wrapping with CLIXML information.
Which makes the output unreadable for Ansible.

adding the in the earlier mentioned issue does resolve the problem (the section that contains the CLIXML statement)
```
def _post_process(self, stdout, mark_begin):
''' extract command status and strip unwanted lines '''

if self.is_windows:

Value of $LASTEXITCODE will be the line after the mark
trailer = stdout[stdout.rfind(mark_begin):]
last_exit_code = trailer.splitlines()[1]
if last_exit_code.isdigit:
returncode = int(last_exit_code)
else:
returncode = -1
output to keep will be before the mark
stdout = stdout[:stdout.rfind(mark_begin)]

If the return code contains #CLIXML (like a progress bar) remove it
clixml_filter = re.compile(r'#<\sCLIXML\s<Objs.*</Objs>')
stdout = clixml_filter.sub('', stdout)

If it looks like JSON remove any newlines
if stdout.startswith('{'):
stdout = stdout.replace('\n', '')

return (returncode, stdout)
```

But as the posted on that item says, not sure what kind of possible side effects this causes......

1. 1. Issue Type

Bug Report

1. 1. Component Name

aws_ssm connection

1. 1. Ansible Version

ansible [core 2.15.4]
config file = None
configured module search path = ['/Users/<redacted>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/homebrew/Cellar/ansible/8.4.0/libexec/lib/python3.11/site-packages/ansible
ansible collection location = /Users/<redacted>/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/homebrew/bin/ansible
python version = 3.11.5 (main, Aug 24 2023, 15:09:45) [Clang 14.0.3 (clang-1403.0.22.14.1)] (/opt/homebrew/Cellar/ansible/8.4.0/libexec/bin/python)
jinja version = 3.1.2
libyaml = True

1. 1. Collection Versions

```

/Users/<redacted>/.ansible/collections/ansible_collections
Collection Version
- - - - -------
        amazon.aws 6.4.0
        cloud.terraform 1.1.1
        community.aws 6.3.0

/opt/homebrew/Cellar/ansible/8.4.0/libexec/lib/python3.11/site-packages/ansible_collections
Collection Version
- - - - -------
        amazon.aws 6.4.0
        ansible.netcommon 5.2.0
        ansible.posix 1.5.4
        ansible.utils 2.11.0
        ansible.windows 1.14.0
        arista.eos 6.1.0
        awx.awx 22.7.0
        azure.azcollection 1.17.0
        check_point.mgmt 5.1.1
        chocolatey.chocolatey 1.5.1
        cisco.aci 2.7.0
        cisco.asa 4.0.1
        cisco.dnac 6.7.4
        cisco.intersight 1.0.27
        cisco.ios 4.6.1
        cisco.iosxr 5.0.3
        cisco.ise 2.5.15
        cisco.meraki 2.16.0
        cisco.mso 2.5.0
        cisco.nso 1.0.3
        cisco.nxos 4.4.0
        cisco.ucs 1.10.0
        cloud.common 2.1.4
        cloudscale_ch.cloud 2.3.1
        community.aws 6.3.0
        community.azure 2.0.0
        community.ciscosmb 1.0.6
        community.crypto 2.15.1
        community.digitalocean 1.24.0
        community.dns 2.6.1
        community.docker 3.4.8
        community.fortios 1.0.0
        community.general 7.4.0
        community.google 1.0.0
        community.grafana 1.5.4
        community.hashi_vault 5.0.0
        community.hrobot 1.8.1
        community.libvirt 1.2.0
        community.mongodb 1.6.1
        community.mysql 3.7.2
        community.network 5.0.0
        community.okd 2.3.0
        community.postgresql 2.4.3
        community.proxysql 1.5.1
        community.rabbitmq 1.2.3
        community.routeros 2.9.0
        community.sap 1.0.0
        community.sap_libs 1.4.1
        community.skydive 1.0.0
        community.sops 1.6.5
        community.vmware 3.9.0
        community.windows 1.13.0
        community.zabbix 2.1.0
        containers.podman 1.10.3
        cyberark.conjur 1.2.0
        cyberark.pas 1.0.19
        dellemc.enterprise_sonic 2.2.0
        dellemc.openmanage 7.6.1
        dellemc.powerflex 1.8.0
        dellemc.unity 1.7.1
        f5networks.f5_modules 1.26.0
        fortinet.fortimanager 2.2.1
        fortinet.fortios 2.3.2
        frr.frr 2.0.2
        gluster.gluster 1.0.2
        google.cloud 1.2.0
        grafana.grafana 2.1.8
        hetzner.hcloud 1.16.0
        hpe.nimble 1.1.4
        ibm.qradar 2.1.0
        ibm.spectrum_virtualize 1.12.0
        infinidat.infinibox 1.3.12
        infoblox.nios_modules 1.5.0
        inspur.ispim 1.3.0
        inspur.sm 2.3.0
        junipernetworks.junos 5.3.0
        kubernetes.core 2.4.0
        lowlydba.sqlserver 2.2.1
        microsoft.ad 1.3.0
        netapp.aws 21.7.0
        netapp.azure 21.10.0
        netapp.cloudmanager 21.22.0
        netapp.elementsw 21.7.0
        netapp.ontap 22.7.0
        netapp.storagegrid 21.11.1
        netapp.um_info 21.8.0
        netapp_eseries.santricity 1.4.0
        netbox.netbox 3.14.0
        ngine_io.cloudstack 2.3.0
        ngine_io.exoscale 1.1.0
        ngine_io.vultr 1.1.3
        openstack.cloud 2.1.0
        openvswitch.openvswitch 2.1.1
        ovirt.ovirt 3.1.3
        purestorage.flasharray 1.21.0
        purestorage.flashblade 1.13.1
        purestorage.fusion 1.6.0
        sensu.sensu_go 1.14.0
        servicenow.servicenow 1.0.6
        splunk.es 2.1.0
        t_systems_mms.icinga_director 1.33.1
        telekom_mms.icinga_director 1.34.1
        theforeman.foreman 3.14.0
        vmware.vmware_rest 2.3.1
        vultr.cloud 1.9.0
        vyos.vyos 4.1.0
        wti.remote 1.0.5
```

1. 1. AWS SDK versions

latest aws client installed via brew.. not using pip

1. 1. Configuration

```
CONFIG_FILE() = None
PAGER(env: PAGER) = less
```

1. 1. OS / Environment

Target OS version = Windows Server 2022
AWS EC2 Instance
PowerShell 5 installed on target system (default version)

1. 1. Steps to Reproduce

```
—

name: Windows Testing
hosts: member_servers
vars:
ansible_become_user: 'svc_ansible@{{ win_domain_name }}'
ansible_runas_password: '{{ svc_ansible_password }}'
ansible_become_method: ansible.builtin.runas

vars_files:

variables/ansible-all-vars.json

tasks:

name: Run WhoAmI
ansible.windows.win_whoami:
become: true
register: become_value

name: Debug
ansible.builtin.debug:
var: become_value
```

1. 1. Expected Results

Expected result was that who am I would return the correct output.

As shown in the expected results, the task actually completes, but due to unhandled wrapping it fails.

1. 1. Actual Results

```
fatal: [i-0239e06c7f985e040]: FAILED! => {"changed": false, "module_stderr": "", "module_stdout": "{\"changed\":false,\"invocation\":{\"module_args\":{}},\"logon_id\":13770065,\"account\":

{\"domain_name\":\"<redacted\",\"sid\":\"S-1-5-21-79238050-3557252883-818722371-1104\",\"account_name\":\"svc_ansible\",\"type\":\"User\"}

,\"login_domain\":\"<redacted>\",\"authentication_package\":\"Kerberos\",\"logon_type\":\"Batch\",\"login_time\":\"2023-09-21T21:05:14.8836717+00:00\",\"logon_server\":\"DC02\",\"dns_domain_name\":\"<redacted>.LOCAL\",\"upn\":\"svc_ansible@<redacted>.local\",\"user_flags\":[],\"impersonation_level\":\"SecurityAnonymous\",\"token_type\":\"TokenPrimary\",\"groups\":[

{\"account_name\":\"Domain Users\",\"domain_name\":\"<redacted>\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-5-21-79238050-3557252883-818722371-513\",\"type\":\"Group\"}

,

{\"account_name\":\"Everyone\",\"domain_name\":\"\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-1-0\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"Users\",\"domain_name\":\"BUILTIN\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-5-32-545\",\"type\":\"Alias\"}

,

{\"account_name\":\"Administrators\",\"domain_name\":\"BUILTIN\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\",\"Owner\"],\"sid\":\"S-1-5-32-544\",\"type\":\"Alias\"}

,

{\"account_name\":\"BATCH\",\"domain_name\":\"NTAUTHORITY\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-5-3\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"CONSOLE LOGON\",\"domain_name\":\"\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-2-1\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"Authenticated Users\",\"domain_name\":\"NT AUTHORITY\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-5-11\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"This Organization\",\"domain_name\":\"NT AUTHORITY\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-5-15\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"LOCAL\",\"domain_name\":\"\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-2-0\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"Domain Admins\",\"domain_name\":\"<redacted>\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-5-21-79238050-3557252883-818722371-512\",\"type\":\"Group\"}

,

{\"account_name\":\"Service asserted identity\",\"domain_name\":\"\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\"],\"sid\":\"S-1-18-2\",\"type\":\"WellKnownGroup\"}

,

{\"account_name\":\"Denied RODC Password Replication Group\",\"domain_name\":\"<redacted>\",\"attributes\":[\"Mandatory\",\"Enabled by default\",\"Enabled\",\"Resource\"],\"sid\":\"S-1-5-21-79238050-3557252883-818722371-572\",\"type\":\"Alias\"}

,

{\"account_name\":\"High Mandatory Level\",\"domain_name\":\"Mandatory Label\",\"attributes\":[\"Integrity\",\"Integrity enabled\"],\"sid\":\"S-1-16-12288\",\"type\":\"Label\"}

],\"rights\":[\"SeNetworkLogonRight\",\"SeInteractiveLogonRight\",\"SeBatchLogonRight\",\"SeRemoteInteractiveLogonRight\"],\"label\":

{\"domain_name\":\"Mandatory Label\",\"sid\":\"S-1-16-12288\",\"account_name\":\"High Mandatory Level\",\"type\":\"Label\"}

,\"privileges\":{\"SeChangeNotifyPrivilege\":\"enabled-by-default\",\"SeRemoteShutdownPrivilege\":\"disabled\",\"SeBackupPrivilege\":\"disabled\",\"SeLoadDriverPrivilege\":\"disabled\",\"SeSystemProfilePrivilege\":\"disabled\",\"SeShutdownPrivilege\":\"disabled\",\"SeCreatePagefilePrivilege\":\"disabled\",\"SeSystemEnvironmentPrivilege\":\"disabled\",\"SeSystemtimePrivilege\":\"disabled\",\"SeSecurityPrivilege\":\"disabled\",\"SeDelegateSessionUserImpersonatePrivilege\":\"disabled\",\"SeIncreaseWorkingSetPrivilege\":\"disabled\",\"SeTakeOwnershipPrivilege\":\"disabled\",\"SeIncreaseQuotaPrivilege\":\"disabled\",\"SeCreateGlobalPrivilege\":\"enabled-by-default\",\"SeCreateSymbolicLinkPrivilege\":\"disabled\",\"SeRestorePrivilege\":\"disabled\",\"SeUndockPrivilege\":\"disabled\",\"SeImpersonatePrivilege\":\"enabled-by-default\",\"SeProfileSingleProcessPrivilege\":\"disabled\",\"SeDebugPrivilege\":\"enabled\",\"SeIncreaseBasePriorityPrivilege\":\"disabled\",\"SeManageVolumePrivilege\":\"disabled\",\"SeTimeZonePrivilege\":\"disabled\"}}#< CLIXML<Objs Version=\"1.1.0.1\" xmlns=\"http://schemas.microsoft.com/powershell/2004/04\"><Obj S=\"progress\" RefId=\"0\"><TN RefId=\"0\"><T>System.Management.Automation.PSCustomObject</T><T>System.Object</T></TN><MS><I64 N=\"SourceId\">1</I64><PR N=\"Record\"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj><Obj S=\"progress\" RefId=\"1\"><TNRef RefId=\"0\" /><MS><I64 N=\"SourceId\">2</I64><PR N=\"Record\"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj></Objs>", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 0}
```

1. 1. Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates