StopOnIdleEnd was set in the task definition for elevated/privileged
windows guest scripts. This setting:
> specifies that the task stops when the idle condition ceases to be true [1]
The "idle condition" is something that Windows periodically checks for,
and it's defined by a bunch of criteria like user presence/absence, CPU
/ IO idle time, etc. [2]
Telling our provisioner to stop the task if the "idle condition" ceases
to be true is a recipe for some sporadically stopped tasks, which seems
like precisely the behavior being reported in #5362.
I'm pretty sure this fixes#5362
[1] https://msdn.microsoft.com/en-us/library/cc248332.aspx
[2] https://msdn.microsoft.com/en-us/library/windows/desktop/aa383561%28v=vs.85%29.aspx
When the winrm communicator executes a command in an elevated shell,
this patch causes it to escape double quotes.
This is necessary as the first line in the file that it produces and
then executes it puts the command into a variable called command that
is delimited by double quotes.
Command failures include the stdout and stderr in the error message just like the SSH communicator.
Its now possible to specify only an error_class and have that use the correct error_key by default.
Running Windows guest commands through a scheduled task were not returning the correct exit codes, they were only returning 1 or 0. This has negative consequences especially for Puppet which can return an exit code of 2 for partial success.
Since we're running an executable from inside a powershell encoded command we need to ensure we explicitly propagate the exit code to the original caller just like a regular PowerShell script - in this case cmd /c which in return is called from a scheduled task.
Elevated command line is now rendered to a script which is uploaded to the guest and executed. This allows the command line itself to be less than 100 chars to start the script and any user commands are puts into the script which has unlimited* length.
The logic used to read the file contents sometimes would leave lines behind unread. It now defaults to reading all lines and counts each line it has actually read.
This script creates an immediately run scheduled task using fresh credentials. This is a generic implementation used by the Chef provisioners. The script gets around several limitations in WinRM.
1. Credential hopping
2. The non-default Administrator account sometimes doesn't have true Administrator access when run through WinRM even with UAC disabled.
In short, this script allows commands to run through WinRM just as if they were run directly on the box.
Paul Hinze
Max Lincoln
Shawn Neal
Vít Ondruch
Mitchell Hashimoto
Peter Ericson
Matt Wrock
Stefan Scherer
William E. Triest. III
Richard Guin
Kalman Hazins