1 #!powershell
2
3 # Copyright: (c) 2018, Ansible Project
4 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
5
6 #Requires -Module Ansible.ModuleUtils.Legacy
7
Get-CustomFacts()8 Function Get-CustomFacts {
9 [cmdletBinding()]
10 param (
11 [Parameter(mandatory=$false)]
12 $factpath = $null
13 )
14
15 if (Test-Path -Path $factpath) {
16 $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')}
17
18 foreach ($FactsFile in $FactsFiles) {
19 $out = & $($FactsFile.FullName)
20 $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out)
21 }
22 }
23 else
24 {
25 Add-Warning $result "Non existing path was set for local facts - $factpath"
26 }
27 }
28
Get-MachineSid()29 Function Get-MachineSid {
30 # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is
31 # only accessible by the Local System account. This method get's the local
32 # admin account (ends with -500) and lops it off to get the machine sid.
33
34 $machine_sid = $null
35
36 try {
37 $admins_sid = "S-1-5-32-544"
38 $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
39
40 Add-Type -AssemblyName System.DirectoryServices.AccountManagement
41 $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
42 $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
43 $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
44 $groups = $searcher.FindOne()
45
46 foreach ($user in $groups.Members) {
47 $user_sid = $user.Sid
48 if ($user_sid.Value.EndsWith("-500")) {
49 $machine_sid = $user_sid.AccountDomainSid.Value
50 break
51 }
52 }
53 } catch {
54 #can fail for any number of reasons, if it does just return the original null
55 Add-Warning -obj $result -message "Error during machine sid retrieval: $($_.Exception.Message)"
56 }
57
58 return $machine_sid
59 }
60
61 $cim_instances = @{}
62
Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\\CIMV2")63 Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") {
64 if(-not $cim_instances.ContainsKey($instance_name)) {
65 $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name)
66 }
67
68 return $cim_instances[$instance_name]
69 }
70
71 $result = @{
72 ansible_facts = @{ }
73 changed = $false
74 }
75
76 $grouped_subsets = @{
77 min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user')
78 network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm')
79 hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime','virtual')
80 external=[System.Collections.Generic.List[string]]@('facter')
81 }
82
83 # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal
84 $all_set = [System.Collections.Generic.HashSet[string]]@()
85
86 foreach($kv in $grouped_subsets.GetEnumerator()) {
87 [void] $all_set.UnionWith($kv.Value)
88 }
89
90 # dynamically create an "all" subset now that we know what should be in it
91 $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set
92
93 # start with all, build up gather and exclude subsets
94 $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all
95 $explicit_subset = [System.Collections.Generic.HashSet[string]]@()
96 $exclude_subset = [System.Collections.Generic.HashSet[string]]@()
97
98 $params = Parse-Args $args -supports_check_mode $true
99 $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path"
100 $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all"
101
102 foreach($item in $gather_subset_source) {
103 if(([string]$item).StartsWith("!")) {
104 $item = ([string]$item).Substring(1)
105 if($item -eq "all") {
106 $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set)
107 [void] $all_minus_min.ExceptWith($grouped_subsets.min)
108 [void] $exclude_subset.UnionWith($all_minus_min)
109 }
110 elseif($grouped_subsets.ContainsKey($item)) {
111 [void] $exclude_subset.UnionWith($grouped_subsets[$item])
112 }
113 elseif($all_set.Contains($item)) {
114 [void] $exclude_subset.Add($item)
115 }
116 # NB: invalid exclude values are ignored, since that's what posix setup does
117 }
118 else {
119 if($grouped_subsets.ContainsKey($item)) {
120 [void] $explicit_subset.UnionWith($grouped_subsets[$item])
121 }
122 elseif($all_set.Contains($item)) {
123 [void] $explicit_subset.Add($item)
124 }
125 else {
126 # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX
127 # and we don't have platform-specific config for this...
128 Add-Warning $result "invalid value $item specified in gather_subset"
129 }
130 }
131 }
132
133 [void] $gather_subset.ExceptWith($exclude_subset)
134 [void] $gather_subset.UnionWith($explicit_subset)
135
136 $ansible_facts = @{
137 gather_subset=@($gather_subset_source)
138 module_setup=$true
139 }
140
141 $osversion = [Environment]::OSVersion
142
143 if ($osversion.Version -lt [version]"6.2") {
144 # Server 2008, 2008 R2, and Windows 7 are not tested in CI and we want to let customers know about it before
145 # removing support altogether.
146 $version_string = "{0}.{1}" -f ($osversion.Version.Major, $osversion.Version.Minor)
147 $msg = "Windows version '$version_string' will no longer be supported or tested in the next Ansible release"
148 Add-DeprecationWarning -obj $result -message $msg -version "2.11"
149 }
150
151 if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) {
152 $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration
153
154 # TODO: split v4/v6 properly, return in separate keys
155 $ips = @()
156 Foreach ($ip in $netcfg.IPAddress) {
157 If ($ip) {
158 $ips += $ip
159 }
160 }
161
162 $ansible_facts += @{
163 ansible_ip_addresses = $ips
164 }
165 }
166
167 if($gather_subset.Contains('bios')) {
168 $win32_bios = Get-LazyCimInstance Win32_Bios
169 $win32_cs = Get-LazyCimInstance Win32_ComputerSystem
170 $ansible_facts += @{
171 ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy")
172 ansible_bios_version = $win32_bios.SMBIOSBIOSVersion
173 ansible_product_name = $win32_cs.Model.Trim()
174 ansible_product_serial = $win32_bios.SerialNumber
175 # ansible_product_version = ([string] $win32_cs.SystemFamily)
176 }
177 }
178
179 if($gather_subset.Contains('date_time')) {
180 $datetime = (Get-Date)
181 $datetime_utc = $datetime.ToUniversalTime()
182 $date = @{
183 date = $datetime.ToString("yyyy-MM-dd")
184 day = $datetime.ToString("dd")
185 epoch = (Get-Date -UFormat "%s")
186 hour = $datetime.ToString("HH")
187 iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ")
188 iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff")
189 iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss")
190 iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ")
191 minute = $datetime.ToString("mm")
192 month = $datetime.ToString("MM")
193 second = $datetime.ToString("ss")
194 time = $datetime.ToString("HH:mm:ss")
195 tz = ([System.TimeZoneInfo]::Local.Id)
196 tz_offset = $datetime.ToString("zzzz")
197 # Ensure that the weekday is in English
198 weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture)
199 weekday_number = (Get-Date -UFormat "%w")
200 weeknumber = (Get-Date -UFormat "%W")
201 year = $datetime.ToString("yyyy")
202 }
203
204 $ansible_facts += @{
205 ansible_date_time = $date
206 }
207 }
208
209 if($gather_subset.Contains('distribution')) {
210 $win32_os = Get-LazyCimInstance Win32_OperatingSystem
211 $product_type = switch($win32_os.ProductType) {
212 1 { "workstation" }
213 2 { "domain_controller" }
214 3 { "server" }
215 default { "unknown" }
216 }
217
218 $installation_type = $null
219 $current_version_path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
220 if (Test-Path -LiteralPath $current_version_path) {
221 $install_type_prop = Get-ItemProperty -LiteralPath $current_version_path -ErrorAction SilentlyContinue
222 $installation_type = [String]$install_type_prop.InstallationType
223 }
224
225 $ansible_facts += @{
226 ansible_distribution = $win32_os.Caption
227 ansible_distribution_version = $osversion.Version.ToString()
228 ansible_distribution_major_version = $osversion.Version.Major.ToString()
229 ansible_os_family = "Windows"
230 ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim()
231 ansible_os_product_type = $product_type
232 ansible_os_installation_type = $installation_type
233 }
234 }
235
236 if($gather_subset.Contains('env')) {
237 $env_vars = @{ }
238 foreach ($item in Get-ChildItem Env:) {
239 $name = $item | Select-Object -ExpandProperty Name
240 # Powershell ConvertTo-Json fails if string ends with \
241 $value = ($item | Select-Object -ExpandProperty Value).TrimEnd("\")
242 $env_vars.Add($name, $value)
243 }
244
245 $ansible_facts += @{
246 ansible_env = $env_vars
247 }
248 }
249
250 if($gather_subset.Contains('facter')) {
251 # See if Facter is on the System Path
252 Try {
253 Get-Command facter -ErrorAction Stop > $null
254 $facter_installed = $true
255 } Catch {
256 $facter_installed = $false
257 }
258
259 # Get JSON from Facter, and parse it out.
260 if ($facter_installed) {
261 &facter -j | Tee-Object -Variable facter_output > $null
262 $facts = "$facter_output" | ConvertFrom-Json
263 ForEach($fact in $facts.PSObject.Properties) {
264 $fact_name = $fact.Name
265 $ansible_facts.Add("facter_$fact_name", $fact.Value)
266 }
267 }
268 }
269
270 if($gather_subset.Contains('interfaces')) {
271 $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration
272 $ActiveNetcfg = @()
273 $ActiveNetcfg += $netcfg | Where-Object {$_.ipaddress -ne $null}
274
275 $namespaces = Get-LazyCimInstance __Namespace -namespace root
276 if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) {
277 $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2
278 $guid_key = "InterfaceGUID"
279 $name_key = "Name"
280 } else {
281 $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter
282 $guid_key = "GUID"
283 $name_key = "NetConnectionID"
284 }
285
286 $formattednetcfg = @()
287 foreach ($adapter in $ActiveNetcfg)
288 {
289 $thisadapter = @{
290 default_gateway = $null
291 connection_name = $null
292 dns_domain = $adapter.dnsdomain
293 interface_index = $adapter.InterfaceIndex
294 interface_name = $adapter.description
295 macaddress = $adapter.macaddress
296 }
297
298 if ($adapter.defaultIPGateway)
299 {
300 $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString()
301 }
302 $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID }
303 if ($net_adapter) {
304 $thisadapter.connection_name = $net_adapter.$name_key
305 }
306
307 $formattednetcfg += $thisadapter
308 }
309
310 $ansible_facts += @{
311 ansible_interfaces = $formattednetcfg
312 }
313 }
314
315 if ($gather_subset.Contains("local") -and $null -ne $factpath) {
316 # Get any custom facts; results are updated in the
317 Get-CustomFacts -factpath $factpath
318 }
319
320 if($gather_subset.Contains('memory')) {
321 $win32_cs = Get-LazyCimInstance Win32_ComputerSystem
322 $win32_os = Get-LazyCimInstance Win32_OperatingSystem
323 $ansible_facts += @{
324 # Win32_PhysicalMemory is empty on some virtual platforms
325 ansible_memtotal_mb = ([math]::ceiling($win32_cs.TotalPhysicalMemory / 1024 / 1024))
326 ansible_memfree_mb = ([math]::ceiling($win32_os.FreePhysicalMemory / 1024))
327 ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024))
328 ansible_pagefiletotal_mb = ([math]::round($win32_os.SizeStoredInPagingFiles / 1024))
329 ansible_pagefilefree_mb = ([math]::round($win32_os.FreeSpaceInPagingFiles / 1024))
330 }
331 }
332
333
334 if($gather_subset.Contains('platform')) {
335 $win32_cs = Get-LazyCimInstance Win32_ComputerSystem
336 $win32_os = Get-LazyCimInstance Win32_OperatingSystem
337 $domain_suffix = $win32_cs.Domain.Substring($win32_cs.Workgroup.length)
338 $fqdn = $win32_cs.DNSHostname
339
340 if( $domain_suffix -ne "")
341 {
342 $fqdn = $win32_cs.DNSHostname + "." + $domain_suffix
343 }
344
345 try {
346 $ansible_reboot_pending = Get-PendingRebootStatus
347 } catch {
348 # fails for non-admin users, set to null in this case
349 $ansible_reboot_pending = $null
350 }
351
352 $ansible_facts += @{
353 ansible_architecture = $win32_os.OSArchitecture
354 ansible_domain = $domain_suffix
355 ansible_fqdn = $fqdn
356 ansible_hostname = $win32_cs.DNSHostname
357 ansible_netbios_name = $win32_cs.Name
358 ansible_kernel = $osversion.Version.ToString()
359 ansible_nodename = $fqdn
360 ansible_machine_id = Get-MachineSid
361 ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact)
362 ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName)
363 # FUTURE: should this live in its own subset?
364 ansible_reboot_pending = $ansible_reboot_pending
365 ansible_system = $osversion.Platform.ToString()
366 ansible_system_description = ([string] $win32_os.Description)
367 ansible_system_vendor = $win32_cs.Manufacturer
368 }
369 }
370
371 if($gather_subset.Contains('powershell_version')) {
372 $ansible_facts += @{
373 ansible_powershell_version = ($PSVersionTable.PSVersion.Major)
374 }
375 }
376
377 if($gather_subset.Contains('processor')) {
378 $win32_cs = Get-LazyCimInstance Win32_ComputerSystem
379 $win32_cpu = Get-LazyCimInstance Win32_Processor
380 if ($win32_cpu -is [array]) {
381 # multi-socket, pick first
382 $win32_cpu = $win32_cpu[0]
383 }
384
385 $cpu_list = @( )
386 for ($i=1; $i -le $win32_cs.NumberOfLogicalProcessors; $i++) {
387 $cpu_list += $win32_cpu.Manufacturer
388 $cpu_list += $win32_cpu.Name
389 }
390
391 $ansible_facts += @{
392 ansible_processor = $cpu_list
393 ansible_processor_cores = $win32_cpu.NumberOfCores
394 ansible_processor_count = $win32_cs.NumberOfProcessors
395 ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cpu.NumberofCores)
396 ansible_processor_vcpus = $win32_cs.NumberOfLogicalProcessors
397 }
398 }
399
400 if($gather_subset.Contains('uptime')) {
401 $win32_os = Get-LazyCimInstance Win32_OperatingSystem
402 $ansible_facts += @{
403 ansible_lastboot = $win32_os.lastbootuptime.ToString("u")
404 ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds))
405 }
406 }
407
408 if($gather_subset.Contains('user')) {
409 $user = [Security.Principal.WindowsIdentity]::GetCurrent()
410 $ansible_facts += @{
411 ansible_user_dir = $env:userprofile
412 # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains
413 ansible_user_gecos = ""
414 ansible_user_id = $env:username
415 ansible_user_sid = $user.User.Value
416 }
417 }
418
419 if($gather_subset.Contains('windows_domain')) {
420 $win32_cs = Get-LazyCimInstance Win32_ComputerSystem
421 $domain_roles = @{
422 0 = "Stand-alone workstation"
423 1 = "Member workstation"
424 2 = "Stand-alone server"
425 3 = "Member server"
426 4 = "Backup domain controller"
427 5 = "Primary domain controller"
428 }
429
430 $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole)
431
432 $ansible_facts += @{
433 ansible_windows_domain = $win32_cs.Domain
434 ansible_windows_domain_member = $win32_cs.PartOfDomain
435 ansible_windows_domain_role = $domain_role
436 }
437 }
438
439 if($gather_subset.Contains('winrm')) {
440
441 $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse -ErrorAction SilentlyContinue | `
442 Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | Select-Object PSParentPath
443 if ($winrm_https_listener_parent_paths -isnot [array]) {
444 $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths)
445 }
446
447 $winrm_https_listener_paths = @()
448 foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) {
449 $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\"))
450 }
451
452 $https_listeners = @()
453 foreach ($winrm_https_listener_path in $winrm_https_listener_paths) {
454 $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path"
455 }
456
457 $winrm_cert_thumbprints = @()
458 foreach ($https_listener in $https_listeners) {
459 $winrm_cert_thumbprints += $https_listener | Where-Object {$_.Name -EQ "CertificateThumbprint" } | Select-Object Value
460 }
461
462 $winrm_cert_expiry = @()
463 foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) {
464 Try {
465 $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | Select-Object NotAfter
466 } Catch {
467 Add-Warning -obj $result -message "Error during certificate expiration retrieval: $($_.Exception.Message)"
468 }
469 }
470
471 $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter
472 if ($winrm_cert_expirations) {
473 # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern
474 $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss"))
475 }
476 }
477
478 if($gather_subset.Contains('virtual')) {
479 $machine_info = Get-LazyCimInstance Win32_ComputerSystem
480
481 switch ($machine_info.model) {
482 "Virtual Machine" {
483 $machine_type="Hyper-V"
484 $machine_role="guest"
485 }
486
487 "VMware Virtual Platform" {
488 $machine_type="VMware"
489 $machine_role="guest"
490 }
491
492 "VirtualBox" {
493 $machine_type="VirtualBox"
494 $machine_role="guest"
495 }
496
497 "HVM domU" {
498 $machine_type="Xen"
499 $machine_role="guest"
500 }
501
502 default {
503 $machine_type="NA"
504 $machine_role="NA"
505 }
506 }
507
508 $ansible_facts += @{
509 ansible_virtualization_role = $machine_role
510 ansible_virtualization_type = $machine_type
511 }
512 }
513
514 $result.ansible_facts += $ansible_facts
515
516 Exit-Json $result
517