Ansible Configuring Windows

Ansible Configuring WindowsJoe Gardner@joehack3rDemo material and slides with notes available on github:https://github.com/joehack3r/ansible-demoWarningSlides created in < 10 minutes

All text; no picturesIm more of a Unix guy :-pCredentials10+ years Systems Management experience

Manage Unix and Windows Servers

AWS since 2012

Ansible since 2013

Demo SetupAWS & VPC

SSH Key in S3 bucket

CloudFormationFor VPCFor Ansible ControlIf you don't have VPC, create one or modify playbook yml file to remove vpc_subnet_id Template to simulate Default VPC: http://github.com/joehack3r/aws/tree/master/cloudformation/templates May need to change availability zones based on your account Need to manually set subnets to auto-assign public IP address (not yet supported in CloudFormation)

Ansible Control CloudFormation templates for EC2-Classic and VPC http://github.com/joehack3r/aws/tree/master/cloudformation/templates

4Stop!Demo TimeWhat Workswin_pingMakes sure you can connect and run modules

win_get_urlEasy way to download files

win_msiInstall Windows packages

What Workswin_userCreate and modify user

win_featureInstall Windows feature and dependencies

scriptCopy and run script on remote Windows machine

What I Would DevelopDefine variables in playbookansible_ssh_useransible_ssh_pass

ec2-facts

command/shellDefine variables in playbook Set username/password (ansible_ssh_user, ansible_ssh_pass) when running the playbook. This will allow defining the desired username and/or password when launching the AMI. Reduces or eliminates need for storing the username/password in a file. When using AWS provided image, get a random password for the Administrator user. Can override the random administrator password by using UserData: $user=[adsi]"WinNT://localhost/Administrator,user" $user.SetPassword("myDemoPass1+2")

ec2-facts Want this to ease creation of AMI from running instance

command/shell Easier to run command than write a PowerShell script for everything

8What I Would Developwin_feature

idempotencywin_user Add user to groups (following the same default behavior as user module for Unix) Ignore errors so user can be deleted before creating AMI

win_feature Install multiple features at once

Idempotency Everything returns green9What I LearnedWindows support is "beta"Expect:issuesmissing (key) featuresthings work one minute and not the next (and vice-versa)What I LearnedIt's WindowsLike Unix, it has its own peccadilloesNeeded to launch with key pair even if not using it. When launched without key pair, ConfigureRemotingForAnsible.ps1 did not run correctly.Ran into issues when adding and modifying a user via UserData when they were the first items in the script.11Questions?