#ansible-windows log

20:00:02 <jborean93> #startmeeting Ansible Windows Working Group
20:00:02 <zodbot> Meeting started Tue Jul  6 20:00:02 2021 UTC.
20:00:02 <zodbot> This meeting is logged and archived in a public location.
20:00:02 <zodbot> The chair is jborean93. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:00:02 <zodbot> The meeting name has been set to 'ansible_windows_working_group'
20:00:11 <briantist> hey hey
20:00:29 <jborean93> hey how's it going
20:00:36 <jborean93> how's your hashicorp stuff coming along?
20:00:44 <briantist> not too bad, yourself?
20:00:55 <briantist> good! some new features released recently that ar every helpful
20:01:23 <jborean93> it's been ok, my focus is back on the asyncio psrp stuff which has proven to be a massive time sink unfortunately
20:01:23 <briantist> at the moment in the midst of(once again) trying to pull apart the tests in a way that will scale past a single plugin
20:01:41 <jborean93> heh testing is one of those joys that just keeps on giving :)
20:02:15 <briantist> while somehow gracefully managing the external dependencies, a vault server and a proxy server, in a way that works well both in CI and on a local dev setup 😩
20:02:41 <briantist> so yeah, much like that asyncio stuff... in the way that it's a massive time sink that is lol
20:03:42 <jborean93> heh, are you considering the same route we use for the httpserver stuff?
20:03:58 <jborean93> seems to be a common pattern used for `ansible-test`
20:04:01 <briantist> httptester?
20:04:42 <briantist> unfortunately all of the "cloud" providers in `ansible-test` are hardcoded, and there's no way (yet? 🙏) to extend that as a collection developer, if I understand it correctly
20:04:58 <jborean93> https://github.com/ansible/http-test-container - basically the container we use to mock httpbin.org in tests
20:05:07 <jborean93> ah yea it's not extendable yet
20:05:41 <jborean93> nitz is got a few things on his plate so it's just me today
20:05:44 <jborean93> #topic open floor
20:06:13 <briantist> ok, I do have something for open floor actually
20:06:20 <jborean93> awesome
20:06:52 <briantist> I had been thinking about the possibility of a connection plugin for Windows that would act for as a local connection, specifically for WSL
20:07:25 <briantist> I was looking for a way to have ansible running in WSL configure the host Windows OS, without needing to remote into it (because that can be all kinds of a pain in the ass)
20:07:40 <briantist> and I remembered that you cna call Windows apps directly in WSL
20:07:43 <jborean93> :) I've been dealing with building Hyper-V images with Ansible recently and that is something I wished was in place
20:08:09 <jborean93> So my thoughts on that are very much tied onto the asyncio support I'm adding for pypsrp
20:08:13 <briantist> so if we ran as "local" and just called `powershell.exe` to execute the modules (just without the WinRM part), it maybe could possiblly maybe perhaps work
20:09:52 <briantist> you might recall in a previous meeting I did a similar experiment, creating a "local" type connection that uses `pwsh` that be used for powershell modules. That's still working (it requires a custom shell plugin, it's slightly hacky but not terribly so)
20:10:28 <jborean93> Basically powershell has a server mode where you can do the PSRP actions by communicating over stdout/stdin
20:11:00 <briantist> I spent around 15 mins tinkering with that the other day to see if I could get it working with `powershell.exe`, running from WSL (as I always do anyway), and it kinda sorta worked.. but I couldn't get past some pathing issues related to a tmp dir, and I abandoned it for the time being)
20:11:10 <briantist> oh that's very interesting...
20:11:24 <briantist> Windows PowerShell has that? or only pwsh?
20:11:53 <jborean93> Both, WinPS supports it on v5. It's actually what win_powershell can do, althought it's a bit redundant there
20:12:36 <briantist> I like where this is going... it sounds very promising
20:12:38 <jborean93> Essentially I have it working on my asyncio branch but it's just not ready for prime time
20:12:51 <briantist> awesome, I would love to check that out
20:13:16 <briantist> for completeness, here's the two primary use cases I envision for it:
20:13:17 <jborean93> But what it means for WSL is it starts a powershell.exe process and communicates over stdio like you would expect it to with WSMan
20:13:29 <jborean93> no auth required
20:14:03 <briantist> 1) configure host computer from WSL in environments (like my work laptop) where powershell remoting is disabled by policy
20:14:25 <briantist> 2) enable an `ansible-pull` type of setup on Windows servers
20:14:29 <jborean93> The only downside I can think of is dealing with elevation and reboots
20:14:42 <jborean93> Elevation will work if you start WSL as an elevated process, reboots is a whole other story
20:14:43 <briantist> yeah, the reboots are an issue
20:15:12 <briantist> elevation I did test, it means you have to run your wsl prompt elevated before starting ansible
20:15:27 <briantist> so not the best.. but an ok workaround
20:15:54 <jborean93> There was a caveat with that I found though. I had an elevated wsl instance but any process it started on Windows was a limited one. It seemed like the first WSL instance needed to be elevated
20:16:06 <jborean93> the first being the one that started the VM
20:16:39 <briantist> interesting.. I didn't have that issue, but I am on WSL2, were you trying on 2 as well?
20:17:07 <briantist> I didn't test extensively, mostly just by running `whoami.exe /priv` via the prompts
20:17:20 <jborean93> yea, I only came across it once and dissappeared when I closed everything down and started again
20:18:26 <briantist> 4:13 PM <@jborean93> But what it means for WSL is it starts a powershell.exe process and communicates over stdio like you would expect it to with WSMan
20:18:26 <briantist> 4:13 PM <@jborean93> no auth required
20:18:26 <briantist> ^ in any case, this sounds very promising already
20:18:58 <jborean93> https://github.com/jborean93/pypsrp/tree/asyncio is the WIP changes I've got. It's unfortunately going through a big rebuild as I've just split the core PSRP stuff out into another library
20:19:35 <briantist> I see, ok
20:20:25 <jborean93> The API should be similar to this https://www.irccloud.com/pastebin/6TVS0Fn8/
20:20:48 <jborean93> there's a sync one as well but it's not as well tested just yet
20:22:41 <briantist> sweet, this has been on my mind variably for a while, seeing more and more uses for it, so I can at least say you know one other person looking forward to it :)
20:22:51 <jborean93> it should also enable things like SSH, Hyper-V direct, any other transport you wish to implement
20:23:03 <jborean93> glad it's all not in vain :)
20:23:45 <jborean93> I'll let you know when it's a bit less unstable
20:24:19 <briantist> right, I could all those being very useful, maybe even nano targeting via ansible 🤯
20:24:59 <jborean93> people still use that :P
20:25:29 <jborean93> My very very very large stretch goal is to enable it over RDP somehow
20:25:57 <briantist> heheh RDP, via clipboard?  😈
20:25:59 <jborean93> But that seems like it would require registering some plugin server side
20:26:15 <jborean93> Not 100% sure yet, I've never really dealt with RDP as a protocol before
20:27:57 <jborean93> essentially I think I need to use https://docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-virtual-channels to spawn and be able to communicate with the process
20:28:15 <jborean93> but it would be the same principal, find a way to start powershell then find a way to communicate with it's stdio pipes
20:28:40 <briantist> that is pretty interesting
20:30:14 <jborean93> yea, I'm trying to make the pypsrp changes easy to adapt to future plugins. Essentially there's something you can inherit and all you need to provide is a read/write method and it does the rest
20:31:05 <jborean93> anywho I've blabbed on enough about that, anything else you wanted to talk about?
20:31:10 <briantist> ironically, that's what I'm trying to do with the hashi_vault collection: centralize the connection and auth pieces and then every plugin will be a few lines
20:31:27 <briantist> nah that was it, the WSL stuff has been nagging at me
20:31:39 <briantist> very cool to see there's an even better version of the idea in the works
20:31:49 <briantist> hadn't realized the asyncio stuff could lead to that
20:32:19 <jborean93> it's not really asyncio, I just need to reimplement the API to support asyncio and that's led me into supporting the OutOfProc stuff
20:32:31 <briantist> right
20:32:51 <jborean93> it's quite different from how PSRP works over WSMan so I've been putting it off for ages due to the large changes required internally
20:33:34 <briantist> well, godspeed! it's great stuff
20:34:14 <jborean93> awesome have a good one
20:34:32 <briantist> you too
20:34:41 <jborean93> #endmeeting