#ansible-windows log

20:00:08 <jborean93> #startmeeting Ansible Windows Working Group
20:00:08 <zodbot> Meeting started Tue Jun 26 20:00:08 2018 UTC.
20:00:08 <zodbot> This meeting is logged and archived in a public location.
20:00:08 <zodbot> The chair is jborean93. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:08 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:00:08 <zodbot> The meeting name has been set to 'ansible_windows_working_group'
20:00:12 <jhawkesworth_> hey
20:00:33 <jborean93> hey
20:00:39 <jborean93> #chair jhawkesworth_
20:00:39 <zodbot> Current chairs: jborean93 jhawkesworth_
20:01:28 <nitzmahone> o/
20:01:33 <jhawkesworth_> hey
20:01:52 <jborean93> #chair nitzmahone
20:01:52 <zodbot> Current chairs: jborean93 jhawkesworth_ nitzmahone
20:02:28 <jborean93> seems to be just us 3 for today unless someone else joins
20:02:56 <jborean93> I've added a few topics for the agenda today after browsing the GH issues last week
20:03:08 * jhawkesworth_ looks
20:03:39 <jborean93> #topic https://github.com/ansible/community/issues/294#issuecomment-399319602
20:04:10 <jborean93> There is a PR to add support for specifying an alternative URL for sourcing the Chocolatey install script
20:04:16 <jhawkesworth_> I think its easy enough to install chocolately locally if you need it
20:04:31 <jhawkesworth_> win_copy or win_get_url if you have a local webserver
20:04:58 <jhawkesworth_> I don't use chocolatey much but reluctant to add more to the module
20:05:04 <jborean93> those are my thoughts, this should really be something done outside the module and I am loath to add more complexity to win_chocolatey as it is
20:05:23 <jborean93> On the other hand, it is really convenient that it installs it's own dependencies but really isn't correct
20:05:46 <jhawkesworth_> I have no objection to having an example in the docs of installing choco.exe from local source
20:06:43 <jhawkesworth_> there was some chat on Friday here last week where I think consensus was that a chocolatey_sources module would be the right thing to do, but neither dag or myself use it, so we weren't volunteering
20:06:51 <jhawkesworth_> (slight aside)
20:07:01 <jborean93> yea that's something we should look at at some point
20:07:45 <jhawkesworth_> its perhaps not obvious to go looking for a chocolatey_sources module unless you happen to be familar with linux package management
20:08:12 <jhawkesworth_> perhaps a an ansible chocolatey guide could   solve that though
20:08:36 <jborean93> I would say just linking it from chocolatey would probably be enough for now
20:09:06 <jhawkesworth_> fair enough
20:09:14 <jhawkesworth_> see if it starts causing user questions first
20:09:52 <jborean93> cool
20:09:53 <nitzmahone> Yeah, if anything, I'd rather just add something to the module that says "don't try to install"
20:11:11 <jhawkesworth_> in the case where they try to specify chocolatey as the thing to install?
20:12:24 <jborean93> this is more for when choco.exe is not present and win_chocolatey automatically downloads and installs from a public URL
20:12:31 <jhawkesworth_> sort of wish the magic install hadn't happened but can't take it away now
20:12:38 <jborean93> yea same here
20:13:04 * nitzmahone has mixed feelings
20:13:16 <nitzmahone> It's "neat", but definitely a source of problems.
20:14:14 <jborean93> the question remains do we want to add another param like `install_source` to allow specifying a different URL for the choco install.ps1 script
20:15:15 <jhawkesworth_> I'd rather have an example of installing it using `win_get_url` in the documentation than another module parameter
20:15:41 <jborean93> my feelings are the same, would also confuse people when they source `source` and `install_source`
20:16:59 <nitzmahone> Agreed- we shouldn't add an alt source for the script (but maybe a way to just make it not try to install at all if user wants to handle by some other method)
20:17:24 <jhawkesworth_> I guess we could deprecate the silent install in favour of installation examples.
20:17:38 <jborean93> that would be up to them installing it before calling win_chocolatey
20:18:03 <nitzmahone> Silent install is nice demoware
20:18:04 <jhawkesworth_> yeah that way they are in control of what version they have installed
20:18:24 <jborean93> sounds good will update the issue and say thanks but now thanks. Add an example instead
20:18:33 <jborean93> #topic https://github.com/ansible/community/issues/294#issuecomment-399325575
20:19:08 <jborean93> Currently win_regedit does not support keys with `/` in the name. The PS registry provider automatically converts that to a key/path separator
20:19:21 <nitzmahone> I'd probably suggest using templated win_regmerge or something
20:19:34 <jhawkesworth_> yeah that's annoying but its powershell trying to be helpful
20:19:41 <jhawkesworth_> this exact thing has come up before
20:19:44 <nitzmahone> Damn SCHANNEL keys
20:19:48 <jborean93> win_regmerge is not idempotent, plus the .reg file is pretty strict in how it needs to be formatted IIRC
20:19:51 <nitzmahone> Whoever named those things needs a 2x4 to the head
20:20:13 <jhawkesworth_> this guy fixed using win_shell:
20:20:14 <jhawkesworth_> https://github.com/deekayen/ansible-role-schannel/blob/master/tasks/windows/ciphers.yml
20:20:45 <jhawkesworth_> L70
20:20:48 <jborean93> yea you can get it working but the registry module Ansible uses just won't support it
20:21:03 <jborean93> or it will create a subkey which wouldn't be the intended behaviour
20:21:15 <nitzmahone> I talked it over a couple times with the Powershell PMs, they were kinda like, "yeah that sucks, but we're probably not going to fix it"
20:21:40 <jborean93> you can use .net to create it
20:21:59 <jborean93> the issue with us doing that is it could break compatibility with someone who already uses `/` as a path separator
20:22:33 <nitzmahone> Yeah; maybe a "literal_path" or some kind of flag that says "don't try to munge this"
20:22:36 <jborean93> the only saving grace is that you can't do a path like `HKLM:/SOFTWARE/path/to/key`, the root must be `HKLM:\`
20:23:07 <jborean93> so `HKLM:\SOFTARE/path/to/key` currently works and would break in that scenario
20:24:15 <jhawkesworth_> I like `literal_path` idea best I think
20:24:33 <jborean93> hmm that could be tricky and complex in the module code
20:24:39 <nitzmahone> Anything "automatic" we do here is going to break somebody
20:24:52 <jborean93> would have to swap between .net and PS based on that flag
20:25:07 <nitzmahone> Which is why I dropped it last time it came up ;)
20:25:28 <jhawkesworth_> yeah is baggage to carry for 1% of uses otherwise
20:25:54 <nitzmahone> Tell SCHANNEL team to stop giving their keys names that can't be managed in Powershell
20:25:56 <jhawkesworth_> `win_registry_dotnet` module perhaps?
20:26:00 <jborean93> I personally think that someone who did `HKLM:\SOFTARE/path/to/key` would be rare
20:26:35 <nitzmahone> Yeah, but it's even been in the docs in the past that you can use forward slashes in most cases
20:26:48 <jborean93> really?
20:26:57 <jhawkesworth_> I can just imagine someone storing a unix path under a certain point in the registry
20:27:13 <jborean93> but you need to use the backslash for the HKLM:\ part
20:27:15 <nitzmahone> Given the problems in the past with that, there are almost certainly playbooks out there doing it with K=V syntax or people passing on cmdline or whatever
20:27:20 <jhawkesworth_> not sure if it was in the docs but was in my first fest talk I think
20:27:27 <jborean93> so why would someone use \ at the start and then swap to /
20:27:41 <nitzmahone> It's not been in the docs for that module, but the Windows docs in general in the past have mentioned it
20:27:52 <nitzmahone> Lack of escaping
20:28:01 <nitzmahone> (laziness)
20:28:14 <nitzmahone> I'm not saying we *shouldn't* break them, just saying I'm sure they're out there
20:28:32 <jhawkesworth_> I have seen apps which basically have a 'home' registry location ... and then dump all manner of crap in subkeys
20:28:49 <jborean93> ok my vote was to break that and put it in the porting guide for that scenario but if you disagree that's fine
20:28:52 <jhawkesworth_> I'm afraid they are out there
20:29:06 <nitzmahone> Yep. Also constructed subkeys via vars- could be HKLM:\{{stuff}} in the playbook but the var has /
20:29:16 <nitzmahone> I don't necessarily disagree
20:29:24 <jborean93> nitzmahone true I didn't think of that scenario
20:29:26 <nitzmahone> Just saying they *are* out there
20:30:11 <nitzmahone> Question is: do we just hard-break it, or try to do a deprecation cycle?
20:30:44 <nitzmahone> The latter seems to imply a flag, which gets us into either dual impl or replicating the munging powershell does in the provider ourselves
20:31:03 <nitzmahone> (neither of which are palatable to me personally)
20:31:03 <jborean93> we can probably detect if `/` is used in the path after the provider and throw a dep warning. Trouble is that it seems like once the key is there it would actually work right now
20:31:09 <jborean93> it's just creating that key where it would fail
20:31:24 <jborean93> yea the dual implementation is not something I want to go down
20:31:29 <jborean93> the module is complex enough as it is
20:32:26 <nitzmahone> `/` *should* be a pretty corner case; we could just toss it in the porting guide I suppose
20:32:46 <jhawkesworth_> yes I vote for that.
20:32:56 <jhawkesworth_> you can workaround as we have seen
20:34:16 <nitzmahone> Still a lot of work to basically completely expunge the Powershell providers...
20:34:31 <nitzmahone> Well, *some* work
20:34:40 <jborean93> we already use .net for setting properties IIRC
20:34:49 <jborean93> it's more the key side where we still use PS
20:35:22 * jhawkesworth_ is trying not to get annoyed.  Its stuff like this that makes powershell still feel like a toy
20:35:46 <nitzmahone> Meh- just a nasty corner case intersection of two features
20:36:07 <jborean93> jhawkesworth_ maybe if Windows never used `\` as a path separator and based it on `/`
20:36:14 <jborean93> would solve so many issues
20:36:41 <jhawkesworth_> yeah very true
20:36:48 <jborean93> ok so we are ok with changing the functionality of `/` to mean the actual key name and not a path sep + porting guide info
20:38:26 * jhawkesworth_ grepping playbooks
20:38:34 <jborean93> we can probably check if `\` is used at all in the path. If not replace `/` with `\` and throw a dep warning saying to specify `\` as a path separator and it will be removed in future versions
20:39:06 <jborean93> the only scenario that would break is if you wanted a root key to have `/` in the name
20:39:29 <jhawkesworth_> which sounds like it would be pretty rare
20:40:31 <nitzmahone> Yep
20:40:36 <jhawkesworth_> I can live with that
20:40:46 <jhawkesworth_> esp as I have 0 examples in my playbooks
20:41:36 <jborean93> cool will update the agenda item with how we want to move forward in that
20:41:55 <jborean93> last one on the agenda from me
20:41:57 <jborean93> # https://github.com/ansible/community/issues/294#issuecomment-399328025
20:42:01 <jborean93> #topic https://github.com/ansible/community/issues/294#issuecomment-399328025
20:42:55 <jborean93> basically the `creates_version` is only comparing the major.minor.build part of a file version
20:43:07 <jborean93> If a file has .something_else it is ignored
20:43:24 <jhawkesworth_> its a bit fiddly but how about having a `creates_version_full` alternative to `creates_version` on win_package
20:43:35 <jhawkesworth_> then you could use either
20:44:07 <jborean93> that's one option
20:44:10 <jhawkesworth_> as long as docs are clear that full version is exact, creates version ignores the private part
20:44:18 <jhawkesworth_> nobodys playbooks get broken
20:44:25 <jborean93> could also have another option that specifies what version to compare it with
20:44:49 <nitzmahone> I think I'd prefer the latter
20:44:50 <jhawkesworth_> yeah that could work
20:44:50 <jborean93> e.g. has options like `major, minor, build, raw` and allows something to specify the version based on that
20:45:05 <jborean93> wording up for debate :)
20:45:07 <nitzmahone> Oh, I thought you meant which property
20:45:31 <nitzmahone> Basically default works as it does today, but you can override to compare a different property version
20:45:33 <jhawkesworth_> yeah iirc there are typically a bunch of properties in the registry's uninstall stuff
20:45:58 <jborean93> there's also that, the trouble with going with the property is that someone would need to know the names of properties. Simple enough to give an example for people to use though
20:46:19 <jhawkesworth_> that would be quite good as there's sod all consistency about what uninstall properties get populated in my experience
20:46:50 <nitzmahone> This is also arguably a very minor corner case
20:47:01 <jhawkesworth_> indeed
20:47:19 <jborean93> yep cool, so add extra option to specify the version property to compare it with
20:47:33 <jhawkesworth_> for folks who don't want to look in the registry and used product_id, I think this version appears in the installed programs list
20:47:39 <nitzmahone> Typical end-users aren't installing different patch versions of the same major/minor/build; this is almost certainly a CI case or something
20:48:19 <nitzmahone> We can specify a valid list of values as well (if it's what I'm thinking)
20:48:53 <jborean93> do we want the list of values to be word for word based on the Version properties or Ansiblised naming?
20:49:22 <nitzmahone> Given how rarely it's likely to be used, I'd just go for the raw PS prop names
20:49:41 <jborean93> cool, keeps things simmple
20:51:07 <jhawkesworth_> yep happy with that
20:51:31 <jborean93> sounds good to me
20:51:34 <jborean93> #topic open floor
20:51:36 <jhawkesworth_> if you need to be really specific, you'll have to go for a dive into the registry anyway
20:52:18 <jhawkesworth_> I'm contemplating `win_active_hours` module for later windows so you can set active hours.
20:52:45 <nitzmahone> 👍
20:52:49 <jhawkesworth_> need to read some more as I think to be useful you might want to also specify reboot time
20:53:07 <jhawkesworth_> which Ihaven't yet seen an example of tweaking via PS
20:54:04 <jhawkesworth_> also not sure about validating the active hours window size, which I believe started at 12 hours but in some later builds is 18 hours
20:54:43 <jhawkesworth_> nothing else from me (need to finish Fest talk proposal!)
20:54:45 <jborean93> I've heard some pretty gnarly stuff about the active hours and windows automatic reboot behaviour
20:55:39 <jborean93> yep I'm all good, just trying to get through the backlog of PRs and Issues I left lingering. Hopefully get through most of the active ones by the end of this week
20:56:36 <jhawkesworth_> we have some clusters which run across a lot of nodes, I really want a way to make sure they aren't all going to reboot at the same time
20:58:40 <jborean93> cool, if there's nothing else will bring it to a close
20:58:47 <jborean93> thanks all
20:59:27 <jborean93> #endmeeting