search

ansible / awx-ee

An Ansible execution environment for AWX project
https://quay.io/ansible/awx-ee
Other
129 stars 151 forks source link

win_updates broken since AWX-EE 22.2.0 inclusive #216

Open prof79 opened 9 months ago

prof79 commented 9 months ago

Regardless of operator/AWX - tried 2.2.1/22.3.0 and 2.6.0/23.2.0 - last fully working version of AWX-EE in my Windows environment is 22.1.0. (Kubernetes v1.22.6+k3s1 on Ubuntu 22.04)

Starting with AWX-EE 22.2.0 and beyond win_updates always throws NativeCreateProcess/CreateProcessW() error messages and is unusable:

"exception": "Traceback (most recent call last):\n File \"/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py\", line 760, in run\n result = self._run_sync(task_vars, module_options, reboot, reboot_timeout)\n File \"/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py\", line 835, in _run_sync\n update_result = self._run_updates(task_vars, module_options, poll_script_path, cancel_script_path)\n File \"/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py\", line 926, in _run_updates\n output_path, task_pid, cancel_id = self._start_updates(task_vars, module_options)\n File \"/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py\", line 985, in _start_updates\n raise _ReturnResultException(msg, exception=result.get('exception', None), **extra_result)\nansible_collections.ansible.windows.plugins.action.win_updates._ReturnResultException: Failed to invoke batch job: Ausnahme beim Aufrufen von \"NativeCreateProcess\" mit 9 Argument(en): \"CreateProcessW() failed (Zugriff verweigert, Win32ErrorCode 5 - 0x00000005)\"\n", "msg": "Failed to invoke batch job: Ausnahme beim Aufrufen von \"NativeCreateProcess\" mit 9 Argument(en): \"CreateProcessW() failed (Zugriff verweigert, Win32ErrorCode 5 - 0x00000005)\"",

(transl. Exception calling NativeCreateProcess with 9 arguments/access denied)

fosterseth commented 9 months ago

this looks like an issue with the windows module. Can you track down which version of the module (not version of awx-ee) was last working for you? We may need to contact the maintainers of that module

prof79 commented 8 months ago

I'm so sorry, I suppose I've tracked it down:

I used docker to check versions and ps1/py files. Though Ansible just jumped from 2.14.4 to 2.14.5 comparing awx-ee:22.1.0 to awx-ee:22.2.0, I see that the win_updates.ps1 had a myriad of code changes between these versions. I also found out that the module has been part of Ansible core modules for quite some time (since 2017, after initial development by @nitzmanhoe ~ 2015).

So I skimmed through the public Ansible repositories and finally found this with the exact same error message:

https://github.com/ansible-collections/ansible.windows/issues/540

I now could also figure out that indeed Ansible 2.14.5 in awx-ee:22.2.0 contains the affected ansible.windows-1.14.0 collection whereas 2.14.4 in awx-ee:22.1.0 contains ansible.windows-1.13.0!

fosterseth commented 8 months ago

thanks for digging into that, so this is no longer an issue for you?

prof79 commented 8 months ago

Well I'm not sure, as I just posted in the other issue thread trying to switch to recommended psrp transport, at least for Kerberos I get a gssapi Python module error which is probably just a missing module from awx-ee container issue?

About the second "become" issue I'm unsure where that fits, might be a general AWX credential orchestration issue.