awx-ee icon indicating copy to clipboard operation
awx-ee copied to clipboard

win_updates broken since AWX-EE 22.2.0 inclusive

Open prof79 opened this issue 1 year ago • 4 comments

Regardless of operator/AWX - tried 2.2.1/22.3.0 and 2.6.0/23.2.0 - last fully working version of AWX-EE in my Windows environment is 22.1.0. (Kubernetes v1.22.6+k3s1 on Ubuntu 22.04)

Starting with AWX-EE 22.2.0 and beyond win_updates always throws NativeCreateProcess/CreateProcessW() error messages and is unusable:

"exception": "Traceback (most recent call last):\n File "/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 760, in run\n result = self._run_sync(task_vars, module_options, reboot, reboot_timeout)\n File "/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 835, in _run_sync\n update_result = self._run_updates(task_vars, module_options, poll_script_path, cancel_script_path)\n File "/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 926, in _run_updates\n output_path, task_pid, cancel_id = self._start_updates(task_vars, module_options)\n File "/usr/share/ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 985, in _start_updates\n raise _ReturnResultException(msg, exception=result.get('exception', None), **extra_result)\nansible_collections.ansible.windows.plugins.action.win_updates._ReturnResultException: Failed to invoke batch job: Ausnahme beim Aufrufen von "NativeCreateProcess" mit 9 Argument(en): "CreateProcessW() failed (Zugriff verweigert, Win32ErrorCode 5 - 0x00000005)"\n", "msg": "Failed to invoke batch job: Ausnahme beim Aufrufen von "NativeCreateProcess" mit 9 Argument(en): "CreateProcessW() failed (Zugriff verweigert, Win32ErrorCode 5 - 0x00000005)"",

(transl. Exception calling NativeCreateProcess with 9 arguments/access denied)

prof79 avatar Oct 03 '23 18:10 prof79

this looks like an issue with the windows module. Can you track down which version of the module (not version of awx-ee) was last working for you? We may need to contact the maintainers of that module

fosterseth avatar Oct 04 '23 17:10 fosterseth

I'm so sorry, I suppose I've tracked it down:

I used docker to check versions and ps1/py files. Though Ansible just jumped from 2.14.4 to 2.14.5 comparing awx-ee:22.1.0 to awx-ee:22.2.0, I see that the win_updates.ps1 had a myriad of code changes between these versions. I also found out that the module has been part of Ansible core modules for quite some time (since 2017, after initial development by @nitzmanhoe ~ 2015).

So I skimmed through the public Ansible repositories and finally found this with the exact same error message:

https://github.com/ansible-collections/ansible.windows/issues/540

I now could also figure out that indeed Ansible 2.14.5 in awx-ee:22.2.0 contains the affected ansible.windows-1.14.0 collection whereas 2.14.4 in awx-ee:22.1.0 contains ansible.windows-1.13.0!

prof79 avatar Oct 11 '23 15:10 prof79

thanks for digging into that, so this is no longer an issue for you?

fosterseth avatar Oct 11 '23 15:10 fosterseth

Well I'm not sure, as I just posted in the other issue thread trying to switch to recommended psrp transport, at least for Kerberos I get a gssapi Python module error which is probably just a missing module from awx-ee container issue?

About the second "become" issue I'm unsure where that fits, might be a general AWX credential orchestration issue.

prof79 avatar Oct 11 '23 16:10 prof79