ansible configuring windows
TRANSCRIPT
Ansible Configuring Windows
Ansible Configuring WindowsJoe Gardner@joehack3rDemo material and slides with notes available on github:https://github.com/joehack3r/ansible-demoWarningSlides created in < 10 minutes
All text; no picturesIm more of a Unix guy :-pCredentials10+ years Systems Management experience
Manage Unix and Windows Servers
AWS since 2012
Ansible since 2013
Demo SetupAWS & VPC
SSH Key in S3 bucket
CloudFormationFor VPCFor Ansible ControlIf you don't have VPC, create one or modify playbook yml file to remove vpc_subnet_id Template to simulate Default VPC: http://github.com/joehack3r/aws/tree/master/cloudformation/templates May need to change availability zones based on your account Need to manually set subnets to auto-assign public IP address (not yet supported in CloudFormation)
Ansible Control CloudFormation templates for EC2-Classic and VPC http://github.com/joehack3r/aws/tree/master/cloudformation/templates
4Stop!Demo TimeWhat Workswin_pingMakes sure you can connect and run modules
win_get_urlEasy way to download files
win_msiInstall Windows packages
What Workswin_userCreate and modify user
win_featureInstall Windows feature and dependencies
scriptCopy and run script on remote Windows machine
What I Would DevelopDefine variables in playbookansible_ssh_useransible_ssh_pass
ec2-facts
command/shellDefine variables in playbook Set username/password (ansible_ssh_user, ansible_ssh_pass) when running the playbook. This will allow defining the desired username and/or password when launching the AMI. Reduces or eliminates need for storing the username/password in a file. When using AWS provided image, get a random password for the Administrator user. Can override the random administrator password by using UserData: $user=[adsi]"WinNT://localhost/Administrator,user" $user.SetPassword("myDemoPass1+2")
ec2-facts Want this to ease creation of AMI from running instance
command/shell Easier to run command than write a PowerShell script for everything
8What I Would Developwin_feature
idempotencywin_user Add user to groups (following the same default behavior as user module for Unix) Ignore errors so user can be deleted before creating AMI
win_feature Install multiple features at once
Idempotency Everything returns green9What I LearnedWindows support is "beta"Expect:issuesmissing (key) featuresthings work one minute and not the next (and vice-versa)What I LearnedIt's WindowsLike Unix, it has its own peccadilloesNeeded to launch with key pair even if not using it. When launched without key pair, ConfigureRemotingForAnsible.ps1 did not run correctly.Ran into issues when adding and modifying a user via UserData when they were the first items in the script.11Questions?