- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with powershell
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This module adds a new exec provider capable of executing PowerShell commands.
Puppet provides a built-in exec
type that is capable of executing commands. This module adds a powershell
and pwsh
provider to the exec
type, which enables exec
parameters, listed below. This module is particularly helpful if you need to run PowerShell commands but don't know how PowerShell is executed, because you can run PowerShell commands in Puppet without the module.
The powershell
provider requires you install Windows PowerShell and have powershell.exe
available in the system PATH. Note that most Windows operating systems already have Windows PowerShell installed.
The pwsh
provider requires you install PowerShell Core and make pwsh
available either in the system PATH or specified in the path
parameter.
For example, when you install PowerShell Core in /usr/alice/pscore
, you need the following manifest:
exec { 'RESOURCENAME':
...
path => '/usr/alice/pscore',
provider => pwsh,
}
The powershell module adapts the Puppet exec resource to run PowerShell commands. To get started, install the module and declare 'powershell' in provider
with the applicable command.
exec { 'RESOURCENAME':
command => 'SOMECOMMAND',
provider => powershell,
}
When using exec
resources with the powershell
or pwsh
provider, the command
parameter must be single-quoted to prevent Puppet from interpolating $(..)
.
For instance, to rename the Guest account:
exec { 'rename-guest':
command => '(Get-WMIObject Win32_UserAccount -Filter "Name=\'guest\'").Rename("new-guest")',
unless => 'if (Get-WmiObject Win32_UserAccount -Filter "Name=\'guest\'") { exit 1 }',
provider => powershell,
}
Note that the example uses the unless
parameter to make the resource idempotent. The command
is only executed if the Guest account does not exist, as indicated by unless
returning 0.
Note: PowerShell variables (such as $_
) must be escaped in Puppet manifests either using backslashes or single quotes.
Alternately, you can put the PowerShell code for the command
, onlyif
, and unless
parameters into separate files, and then invoke the file function in the resource. You could also use templates and the template()
function if the PowerShell scripts need access to variables from Puppet.
exec { 'rename-guest':
command => file('guest/rename-guest.ps1'),
onlyif => file('guest/guest-exists.ps1'),
provider => powershell,
logoutput => true,
}
Each file is a PowerShell script that should be in the module's files/
folder.
For example, here is the script at: guest/files/rename-guest.ps1
$obj = $(Get-WMIObject Win32_UserAccount -Filter "Name='Guest'")
$obj.Rename("OtherGuest")
This has the added benefit of not requiring escaping '$' in the PowerShell code. Note that the files must have DOS linefeeds or they will not work as expected. One tool for converting UNIX linefeeds to DOS linefeeds is unix2dos.
If you are calling external files, such as other PowerShell scripts or executables, be aware that the last executed script's exitcode is used by Puppet to determine whether the command was successful.
For example, if the file C:\fail.ps1
contains the following PowerShell script:
& cmd /c EXIT 5
& cmd /c EXIT 1
and we use the following Puppet manifest:
exec { 'test':
command => '& C:\fail.ps1',
provider => powershell,
}
Then the exec['test']
resource will always fail, because the last exit code from the external file C:\fail.ps1
is 1
. This behavior might have unintended consequences if you combine multiple external files.
To stop this behavior, ensure that you use explicit Exit
statements in your PowerShell scripts. For example, we changed the Puppet manifest from the above to:
exec { 'test':
command => '& C:\fail.ps1; Exit 0',
provider => powershell,
}
This will always succeed because the Exit 0
statement overrides the exit code from the C:\fail.ps1
script.
The PowerShell module internally captures output sent to the .NET [System.Console]::Error
stream like:
exec { 'test':
command => '[System.Console]::Error.WriteLine("foo")',
provider => powershell,
}
However, to produce output from a script, use the Write-
prefixed cmdlets such as Write-Output
, Write-Debug
and Write-Error
.
-
powershell
: Adapts the Puppetexec
resource to run Windows PowerShell commands. -
pwsh
: Adapts the Puppetexec
resource to run PowerShell Core commands.
All parameters are optional.
Specifies the file to look for before running the command. The command runs only if the file doesn't exist. Note: This parameter does not create a file, it only looks for one. Valid options: A string of the path to the file. Default: Undefined.
Sets the directory from which to run the command. Valid options: A string of the directory path. Default: Undefined.
Specifies the actual PowerShell command to execute. Must either be fully qualified or a search path for the command must be provided. Valid options: String. Default: Undefined.
Sets additional environment variables to set for a command. Valid options: String, or an array of multiple options. Default: Undefined.
Defines whether to log command output in addition to logging the exit code. If you specify 'on_failure', it only logs the output when the command has an exit code that does not match any value specified by the returns
attribute. Valid options: true, false, and 'on_failure'. Default: 'on_failure'.
Runs the exec only if the command returns 0. Valid options: String. Default: Undefined.
Specifies the search path used for command execution. Valid options: String of the path, an array, or a semicolon-separated list. Default: Undefined.
The pwsh
provider can also use the path to find the pwsh executable.
Refreshes the command. Valid options: String. Default: Undefined.
Refreshes the command only when a dependent object is changed. Used with subscribe
and notify
metaparameters. Valid options: true, false. Default: false.
Lists the expected return code(s). If the executed command returns something else, an error is returned. Valid options: An array of acceptable return codes or a single value. Default: 0.
Sets the maximum time in seconds that the command should take. Valid options: Number or string representation of a number. Default: 300. A value of 0
for this property will result in using the default timeout of 300. Inifinite timeout is not supported in this module, but large timeouts are allowed if needed.
Determines the number of times execution of the command should be attempted. Valid options: Number or a string representation of a number. Default: '1'.
Specifies the time to sleep in seconds between tries
. Valid options: Number or a string representation of a number. Default: Undefined.
Runs the exec
, unless the command returns 0. Valid options: String. Default: Undefined.
-
The
powershell
provider is only supported on:-
Windows Server 2008 and above
-
Windows 7 and above
-
-
The
pwsh
provider is supported on:-
CentOS 7
-
Debian 8.7+, Debian 9
-
Fedora 27, 28
-
MacOS 10.12+
-
Red Hat Enterprise Linux 7
-
Ubuntu 14.04, 16.0.4 and 18.04
-
Windows Desktop 7 and above
-
Windows Server 2008 R2 and above
Note that this module will not install PowerShell on these platforms. For further information see the Linux installation instructions.
-
-
Only supported on Windows PowerShell 2.0 and above, and PowerShell Core 6.1 and above.
-
When using here-strings in inline or templated scripts executed by this module, you must use the double-quote style syntax that begins with
@"
and ends with"@
. The single-quote syntax that begins with@'
and ends with'@
is not supported.Note that any external .ps1 script file loaded or executed with the call operator
&
is not subject to this limitation and can contain any style here-string. For instance, the script file external-code.ps1 can contain any style of here-string:exec { 'external-code': command => '& C:\external-code.ps1', provider => powershell, }
Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our module contribution guide.