Running raw_exec jobs as a different user in Nomad

Nomad
1

Hello,

I am using Nomad on windows 10 to schedule a job to run few python scripts however I want the scripts to be run as a different user other than the account that is tagged to the client service so I wrote a wrapper that will launch a new powershell terminal as a different user. The Wrapper works fine when I run it within the VM however when I run the job in Nomad to run this wrapper via powershell, it fails to open the new powershell terminal with a different user with this info in the eventlog.

"Application popup: powershell.exe - Application Error : The application was unable to start correctly (0xc0000142). Click OK to close the application. "

Wrapper:

$SecurePassword = ConvertTo-SecureString $password -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential $username,$SecurePassword
$Credential
Start-Process -FilePath “powershell” -ArgumentList “-file D:\data_query_yesterday.ps1” -Credential $Credential

Job Spec to call the wrapper:

task “Pull” {

  driver = "raw_exec"

  config {

    command = "powershell"

    args = ["D:\\DataQuery_Wrapper.ps1"]

  }

Has anyone faced this issue or has any idea how to resolve this? I basically want to run a python script with a different user.

2

This job example appears to work with two local Windows users. The Start-Process cmdlet doesn’t appear to launch powershell.exe correctly without the WorkingDirectory argument. You may also want to ensure your Nomad process is running with elevated privileges.

job "test" {
  datacenters = ["dc1"]
  group "test" {
    task "test" {
      driver = "raw_exec"
      config {
        command = "powershell.exe"
        args = ["-File", "C:\\test\\test.ps1"]
      }
    }
  }
}

#test.ps1
$SecurePassword = ConvertTo-SecureString "test123" -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential "test",$SecurePassword
$Credential
whoami
Start-Process -FilePath "powershell.exe" -Credential $Credential -ArgumentList "c:\test\test2.ps1" -WorkingDirectory "C:\Windows\System32\WindowsPowerShell\v1.0\"

#test2.ps1
for(;;)
{
Write-Output "Hello World"
whoami
Start-Sleep 10
}

image
image2560×1552 143 KB