Reworks Windows smoke test to tunnel through interactive session.

The latest Windows image from containers/automation_image@327d8799 auto-creates
an interactive session through winlogon autologon on boot. Additionally it
includes the PsTools psexec command on the system.

This change utilizes both aspects to launch the verification portion of the
smoke task under the interactive session, away from the session 0 execution
environment that the Cirrus agent runs in.

Since creating a new process under the interactive session requires a new token,
and by extension a clear text password, a new crypto random password is
generated to replace the ec2 boot generated one.

These changes allow WSL to once again function after its move to a store based
delivery stream (which is incompatible with session 0 execution).

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>

.cirrus.yml

@@ -44,7 +44,8 @@ env:
     # Container FQIN's
     FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
-    WINDOWS_AMI: "win-server-wsl-${IMAGE_SUFFIX}"
+    # FIXME, replace override with common suffix once everything is in sync
+    WINDOWS_AMI: "win-server-wsl-c6447802205601792"
     ####
     #### Control variables that determine what to run and how to run it.
     #### N/B: Required ALL of these are set for every single task.
@@ -545,7 +546,7 @@ windows_smoke_test_task:
         CIRRUS_SHELL: powershell
         # Fake version, we are only testing the installer functions, so version doesn't matter
         CIRRUS_WORKING_DIR: "${LOCALAPPDATA}\\Temp\\cirrus-ci-build"
-    main_script: 'contrib/cirrus/win-podman-machine-verify.ps1'
+    main_script: 'contrib/cirrus/win-podman-machine-main.ps1'
 
 
 # versions, as root, without involving the podman-remote client.

contrib/cirrus/win-podman-machine-main.ps1

@@ -0,0 +1,39 @@
+$ErrorActionPreference = 'Stop'
+
+# Powershell doesn't exit after command failures
+# Note, due to a bug in cirrus that does not correctly evaluate exit
+# code, error conditions should always be thrown
+function CheckExit {
+    if ($LASTEXITCODE -ne 0) {
+        throw "Exit code failure = $LASTEXITCODE"
+    }
+}
+
+# Drop global envs which have unix paths, defaults are fine
+Remove-Item Env:\GOPATH
+Remove-Item Env:\GOSRC
+Remove-Item Env:\GOCACHE
+
+mkdir tmp
+Set-Location tmp
+
+# Download and extract alt_build win release zip
+$url = "${ENV:ART_URL}/Windows%20Cross/repo/repo.tbz"
+Write-Output "URL: $url"
+# Arc requires extension to be "tbz2"
+curl.exe -L -o repo.tbz2 "$url"; CheckExit
+arc unarchive repo.tbz2 .; CheckExit
+Set-Location repo
+Expand-Archive -Path "podman-remote-release-windows_amd64.zip" `
+               -DestinationPath extracted
+Set-Location extracted
+$x = Get-ChildItem -Path bin -Recurse
+Set-Location $x
+
+# Recent versions of WSL are packaged as a Windows store app running in
+# an appX container, which is incompatible with non-interactive
+# session 0 execution (where the cirrus agent runs).
+# Run verification under an interactive session instead.
+powershell.exe -File "$PSScriptRoot\wsl-env-launch.ps1" `
+                     "$PSScriptRoot\win-podman-machine-verify.ps1"
+CheckExit

contrib/cirrus/win-podman-machine-verify.ps1

@@ -1,37 +1,16 @@
-# Powershell doesn't exit after command failures
-# Note, due to a bug in cirrus that does not correctly evaluate exit code,
-# errors conditions should always be thrown
+$ErrorActionPreference = 'Stop'
 function CheckExit {
     if ($LASTEXITCODE -ne 0) {
         throw "Exit code failure = $LASTEXITCODE"
     }
 }
 
-# Drop global envs which have unix paths, defaults are fine
-Remove-Item Env:\GOPATH
-Remove-Item Env:\GOSRC
-Remove-Item Env:\GOCACHE
-
-mkdir tmp
-Set-Location tmp
-
-# Download and extract alt_build win release zip
-$url = "${ENV:ART_URL}/Windows%20Cross/repo/repo.tbz"
-Write-Output "URL: $url"
-# Arc requires extension to be "tbz2"
-curl.exe -L -o repo.tbz2 "$url"; CheckExit
-arc unarchive repo.tbz2 .; CheckExit
-Set-Location repo
-Expand-Archive -Path "podman-remote-release-windows_amd64.zip" -DestinationPath extracted
-Set-Location extracted
-$x = Get-ChildItem -Path bin -Recurse
-Set-Location $x
-
 # Verify extracted podman binary
-Write-Output "Starting init..."
+Write-Output `n"Starting init...`n"
 .\podman machine init; CheckExit
-Write-Output "Starting podman machine..."
+Write-Output "`nStarting podman machine...`n"
 .\podman machine start; CheckExit
+Write-Output "`nDumping info...`n"
 for ($i =0; $i -lt 60; $i++) {
     .\podman info
     if ($LASTEXITCODE -eq 0) {
@@ -39,9 +18,10 @@ for ($i =0; $i -lt 60; $i++) {
     }
     Start-Sleep -Seconds 2
 }
-Write-Output "Running container..."
+Write-Output "`nRunning container...`n"
 .\podman run ubi8-micro sh -c "exit 123"
 if ($LASTEXITCODE -ne 123) {
     throw  "Expected 123, got $LASTEXITCODE"
 }
+Write-Host "`nMachine verification is successful!`n"
 Exit 0

contrib/cirrus/wsl-env-launch.ps1

@@ -0,0 +1,70 @@
+# Runs a script and established interactive session (session 1) and
+# tunnels the output such that WSL operations will complete
+$ErrorActionPreference = 'Stop'
+
+if ($Args.Length -lt 1) {
+    Write-Object "Usage: " + $MyInvocation.MyCommand.Name + " <script>"
+    Exit 1;
+}
+
+function RegenPassword {
+    param($username)
+    $syms = [char[]]([char]'a'..[char]'z' `
+               + [char]'A'..[char]'Z'  `
+               + [char]'0'..[char]'9')
+    $rnd = [byte[]]::new(32)
+    [System.Security.Cryptography.RandomNumberGenerator]::create().getBytes($rnd)
+    $password = ($rnd | % { $syms[$_ % $syms.length] }) -join ''
+    $encPass = ConvertTo-SecureString $password -AsPlainText -Force
+    Set-LocalUser -Name $username -Password $encPass
+    return $password
+}
+
+$runScript = $Args[0]
+$nil > tmpout
+$cwd = Get-Location
+Write-Output "Location: $cwd"
+
+# Reset the password to a new random pass since it's needed in the
+# clear to reauth.
+$pass = RegenPassword "Administrator"
+
+$ljob = Start-Job -ArgumentList $cwd -ScriptBlock {
+    param($cwd)
+    Get-Content -Wait "$cwd\tmpout"
+}
+$pjob = Start-Job -ArgumentList $cwd,$runScript,$pass -ScriptBlock {
+    param($cwd, $runScript, $pass)
+    $pwargs = @("-NonInteractive", "-WindowStyle", "hidden")
+    $command = "& { powershell.exe $pwargs -File " +
+               $runScript + " 3>&1 2>&1 > `"$cwd\tmpout`";" +
+               "Exit `$LastExitCode }"
+    $encoded = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($command))
+    & psexec -accepteula -w $cwd -i 1 -u Administrator -p $pass `
+      powershell.exe $pwargs -EncodedCommand $encoded
+    if ($LASTEXITCODE -ne 0) {
+       throw "failure running psexec"
+    }
+}
+
+while ($pjob.State -eq 'Running') {
+   Start-Sleep -Milliseconds 200
+   Receive-Job $ljob
+}
+
+Start-Sleep  2
+Stop-Job $ljob
+
+while ($ljob.HasMoreData) {
+  Receive-Job $ljob
+  Start-Sleep -Milliseconds 200
+}
+
+if ($pjob.State -eq 'Failed') {
+  Write-Output "Failure occured, see above. Extra info:"
+  Receive-Job $pjob
+  throw "wsl task failed on us!"
+}
+
+Remove-Job $ljob
+Remove-Job $pjob