search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.19k stars 5.48k forks source link

[BUG] windows, runas stops the ability to use success_retcodes #59977

Open whytewolf opened 3 years ago

whytewolf commented 3 years ago

Description useing runas with success_retcodes causes the effect that the retcode is ignored on the return so even if the proper retcode happens in your list the retcode is ignored.

Setup

test run:
  cmd.run:
    - name: cmd.exe /c exit 300
    - runas: TestAdmin
    - password: password
    - success_retcodes:
        - 2
        - 44
        - 300

Steps to Reproduce the behavior use the state above on windows with a proper user of course.

with runas ``` [DEBUG ] Rendered data from file: c:\salt\var\cache\salt\minion\files\base\test\test.sls: test run: cmd.run: - name: cmd.exe /c exit 300 - runas: TestAdmin - password: password - success_retcodes: - 2 - 44 - 300 [DEBUG ] Results of YAML rendering: OrderedDict([('test run', OrderedDict([('cmd.run', [OrderedDict([('name', 'cmd.exe /c exit 300')]), OrderedDict([('runas', 'TestAdmin')]), OrderedDict([('password', 'password')]), OrderedDict([('success_retcodes', [2, 44, 300])])])]))]) [PROFILE ] Time (in seconds) to render 'c:\salt\var\cache\salt\minion\files\base\test\test.sls' using 'yaml' renderer: 0.0 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded cmd.run [INFO ] Running state [cmd.exe /c exit 300] at time 14:39:11.267611 [INFO ] Executing state cmd.run for [cmd.exe /c exit 300] [TRACE ] Slot processing list value: 2 [TRACE ] Slot processing list value: 44 [TRACE ] Slot processing list value: 300 [TRACE ] Loaded cmdmod as virtual cmd [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command 'cmd.exe' as user 'TestAdmin' in directory 'C:\Users\TestAdmin' [DEBUG ] Unable to OpenProcess pid=4 name=System [DEBUG ] Unable to OpenProcess pid=88 name=Secure System [DEBUG ] Unable to OpenProcess pid=156 name=Registry [DEBUG ] Unable to OpenProcess pid=564 name=smss.exe [DEBUG ] Unable to OpenProcess pid=636 name=wininit.exe [DEBUG ] OpenProcessToken failed pid=640 name=svchost.exe userNT AUTHORITY\SYSTEM [DEBUG ] Token for pid does not match user sid: S-1-5-18 [DEBUG ] Unable to OpenProcess pid=864 name=csrss.exe [DEBUG ] Unable to OpenProcess pid=940 name=csrss.exe [DEBUG ] Unable to OpenProcess pid=944 name=services.exe [ERROR ] {'pid': 33384, 'retcode': 300, 'stdout': '', 'stderr': ''} [INFO ] Completed state [cmd.exe /c exit 300] at time 14:39:11.397991 (duration_in_ms=130.38) [DEBUG ] File c:\salt\var\cache\salt\minion\accumulator\1985024069128 does not exist, no need to cleanup [TRACE ] Loaded cmdmod as virtual cmd [DEBUG ] LazyLoaded cmd.run [INFO ] Executing command attrib in directory 'C:\Users\Thomas Phipps' [DEBUG ] output: [DEBUG ] LazyLoaded state.check_result [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp://10.40.2.3:4506', 'aes') [DEBUG ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp://10.40.2.3:4506') [DEBUG ] Connecting the Minion to the Master URI (for the return server): tcp://10.40.2.3:4506 [DEBUG ] Trying to connect to: tcp://10.40.2.3:4506 [TRACE ] Inserted key into loop_instance_map id 1985027297224 for key ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp://10.40.2.3:4506', 'aes') and process 26036 [DEBUG ] Closing AsyncZeroMQReqChannel instance [DEBUG ] LazyLoaded highstate.output [DEBUG ] LazyLoaded nested.output [TRACE ] data = {'local': {'cmd_|-test run_|-cmd.exe /c exit 300_|-run': {'name': 'cmd.exe /c exit 300', 'changes': {'pid': 33384, 'retcode': 300, 'stdout': '', 'stderr': ''}, 'result': False, 'comment': 'Command "cmd.exe /c exit 300" run', '__sls__': 'test.test', '__run_num__': 0, 'start_time': '14:39:11.267611', 'duration': '130.38 ms', '__id__': 'test run'}}} local: ---------- ID: test run Function: cmd.run Name: cmd.exe /c exit 300 Result: False Comment: Command "cmd.exe /c exit 300" run Started: 14:39:11.267611 Duration: 130.38 ms Changes: ---------- pid: 33384 retcode: 300 stderr: stdout: Summary for local ------------ Succeeded: 0 (changed=1) Failed: 1 ------------ Total states run: 1 Total run time: 130.380 ms [DEBUG ] Closing AsyncZeroMQReqChannel instance [DEBUG ] Closing AsyncZeroMQReqChannel instance ```
without runas ``` [DEBUG ] Rendered data from file: c:\salt\var\cache\salt\minion\files\base\test\test.sls: test run: cmd.run: - name: cmd.exe /c exit 300 - success_retcodes: - 2 - 44 - 300 [DEBUG ] Results of YAML rendering: OrderedDict([('test run', OrderedDict([('cmd.run', [OrderedDict([('name', 'cmd.exe /c exit 300')]), OrderedDict([('success_retcodes', [2, 44, 300])])])]))]) [PROFILE ] Time (in seconds) to render 'c:\salt\var\cache\salt\minion\files\base\test\test.sls' using 'yaml' renderer: 0.0009751319885253906 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded cmd.run [INFO ] Running state [cmd.exe /c exit 300] at time 14:41:04.623932 [INFO ] Executing state cmd.run for [cmd.exe /c exit 300] [TRACE ] Slot processing list value: 2 [TRACE ] Slot processing list value: 44 [TRACE ] Slot processing list value: 300 [TRACE ] Loaded cmdmod as virtual cmd [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command 'cmd.exe' in directory 'C:\Users\Thomas Phipps' [INFO ] {'pid': 34760, 'retcode': 0, 'stdout': '', 'stderr': ''} [INFO ] Completed state [cmd.exe /c exit 300] at time 14:41:04.653633 (duration_in_ms=29.701) [DEBUG ] File c:\salt\var\cache\salt\minion\accumulator\1420181605512 does not exist, no need to cleanup [TRACE ] Loaded cmdmod as virtual cmd [DEBUG ] LazyLoaded cmd.run [INFO ] Executing command attrib in directory 'C:\Users\Thomas Phipps' [DEBUG ] output: [DEBUG ] LazyLoaded state.check_result [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp://10.40.2.3:4506', 'aes') [DEBUG ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp://10.40.2.3:4506') [DEBUG ] Connecting the Minion to the Master URI (for the return server): tcp://10.40.2.3:4506 [DEBUG ] Trying to connect to: tcp://10.40.2.3:4506 [TRACE ] Inserted key into loop_instance_map id 1420184576456 for key ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp://10.40.2.3:4506', 'aes') and process 11040 [DEBUG ] Closing AsyncZeroMQReqChannel instance [DEBUG ] LazyLoaded highstate.output [DEBUG ] LazyLoaded nested.output [TRACE ] data = {'local': {'cmd_|-test run_|-cmd.exe /c exit 300_|-run': {'name': 'cmd.exe /c exit 300', 'changes': {'pid': 34760, 'retcode': 0, 'stdout': '', 'stderr': ''}, 'result': True, 'comment': 'Command "cmd.exe /c exit 300" run', '__sls__': 'test.test', '__run_num__': 0, 'start_time': '14:41:04.623932', 'duration': '29.701 ms', '__id__': 'test run'}}} local: ---------- ID: test run Function: cmd.run Name: cmd.exe /c exit 300 Result: True Comment: Command "cmd.exe /c exit 300" run Started: 14:41:04.623932 Duration: 29.701 ms Changes: ---------- pid: 34760 retcode: 0 stderr: stdout: Summary for local ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 29.701 ms [DEBUG ] Closing AsyncZeroMQReqChannel instance [DEBUG ] Closing AsyncZeroMQReqChannel instance ```

Expected behavior success_retcodes works with or without runas

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ``` PS C:\WINDOWS\system32> salt-call --versions Salt Version: Salt: 3002.5 Dependency Versions: cffi: 1.12.2 cherrypy: 17.4.1 dateutil: 2.8.0 docker-py: Not Installed gitdb: 2.0.5 gitpython: Not Installed Jinja2: 2.10.1 libgit2: Not Installed M2Crypto: Not Installed Mako: 1.0.7 msgpack: 1.0.0 msgpack-pure: Not Installed mysql-python: Not Installed pycparser: 2.19 pycrypto: Not Installed pycryptodome: 3.9.8 pygit2: Not Installed Python: 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)] python-gnupg: 0.4.4 PyYAML: 5.3.1 PyZMQ: 18.0.1 smmap: 2.0.5 timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.1 System Versions: dist: locale: cp1252 machine: AMD64 release: 10 system: Windows version: 10 10.0.19041 SP0 ``` and ``` Salt Version: Salt: 3003 Dependency Versions: cffi: 1.14.5 cherrypy: 18.6.0 dateutil: 2.8.1 docker-py: Not Installed gitdb: 4.0.5 gitpython: Not Installed Jinja2: 2.10.1 libgit2: Not Installed M2Crypto: Not Installed Mako: 1.1.4 msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed pycparser: 2.20 pycrypto: Not Installed pycryptodome: 3.9.8 pygit2: Not Installed Python: 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)] python-gnupg: 0.4.6 PyYAML: 5.3.1 PyZMQ: 18.0.1 smmap: 3.0.4 timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.1 System Versions: dist: locale: cp1252 machine: AMD64 release: 10 system: Windows version: 10 10.0.19041 SP0 ```

Additional context Add any other context about the problem here.

xeacott commented 3 years ago

Able to reproduce this... will be looking into a fix.

xeacott commented 3 years ago

So have this dialed in, just not entirely sure on the fix yet. The issue is when cmd.run runs, apart from cmd.script we actually run the command and return immediately instead of going through the rest of the normal business when executing cmd.run.

https://github.com/saltstack/salt/blob/c4bd7f6915e1438ba0cdb7452885153c1e2cc42c/salt/modules/cmdmod.py#L427

and the issue is honoring the success_retcodes doesn't happen until around https://github.com/saltstack/salt/blob/c4bd7f6915e1438ba0cdb7452885153c1e2cc42c/salt/modules/cmdmod.py#L773