Ansible role based deployment for windows guest along with os customization, WinRM and AD integration

-

 In enterprise level, just deploying the windows vm is always not enough. The vm need to connect AD to support enterprise logins and many guest os level changes needed like configuring DNS, NTP, adding multiple hard disks, applying the disk labels etc. Using ansible modules these steps can be done easily.

Its always a good practice to write role based ansible playbooks and using tags so that when needed a specific role can be called using its respective tag.

In this example we will perform the below tasks using ansible roles:

  • VM Deployment
  • Guest OS customization
  • Windows Updates
  • Software Upload
  • Software Installation
  • VM Deletion

Lets go through the following example to understand how these requirements can be achieved:


Each role consists of multiple tasks in it which will be performed sequentially. These roles will use specific ansible modules which are part of ansible collections. Under roles folder we have subfolders for each role which will have atleast 2 folders in it.

  • tasks
  • meta

In some cases we have one additional folder called 'files' that we need to send to guest os. Here is the complete deployment structure along with a README file which have the deployment version, software details and the role based execution syntax.



As you can see in the above image, the 'dcWinDemo' is the main project folder which is having roles, inventory, README and primary playbook 'dcwindemo.yaml' thats having all the roles along with its tags.

In each role, multiple ansible modules can be used and that can be defines in the 'meta/main.yaml' file of that specific role. Let's see an example:


The modules that are used in 'guestoscustom' roles, few of them are part of 'community.windows' and remaining are part of 'ansible.windows' collections. Hence we need to include both under the meta files.

If you need to install software in the guest os then its required to keep them in the ansible provision server under some location so that push method can be used to copy them to the guest OS and then installation can be performed.

As the guest os is an windows operating system, we need to have pywinrm package installed in the ansible provision server along with pywinrm[credssp] which will be used for authentication to the guest OS. Its always good to use HTTPS port of WinRM 5986 for the communication which required a certificate. It can either be a self signed SSL or a CA signed one. And in the dynamic_inventory file can have the connection & authentication type.


At the time of guest os deployment, following powershell script can be used to generate the self signed certificate:


For the VM deployment I have used the VMware as a Virtualized platform and ansible has great support for it. All ansible collections for specific platform can be accessed using the below links:

And for any issues related to above modules, always feel free to report in their respective github links.

Comments

Post a Comment

Popular posts from this blog

VNC Configuration using Ansible in CentOS 7

-
1. Install epel repo on CentOS 7 system:   # yum install epel-release -y 2. Install ansible using yum:   # yum install ansible -y 3. Go to '/etc/ansible/roles/' directory and run the below command to create the skeleton directory structure:   # ansible-galaxy init vnc7 --offline   # tree vnc7          vnc7     ├── defaults     │   └── main.yml     ├── files     ├── handlers     │   └── main.yml     ├── meta     │   └── main.yml     ├── README.md     ├── tasks     │   └── main.yml     ├── tests     │   ├── inventory     │   └── test.yml     └── vars         └── main.yml 4. Create the service file to allow 'root' user to access the vncserver using port 5901.    In "/etc/ansible/roles/vnc7/files/" directory create a ...
Read more

How to build Ubuntu Server 20.04 LTS OVA with vAPP Properties ?

-
Image
This document will explain how to build an Ubuntu Server 20.04 LTS ova with vAPP properties enabled. Requirement: VM Deployment access required in vCenter environment. We have used the vCenter Server 6.7 and ESXi 6.5 while documented the below steps 1. Install a ubuntu server 20.04 lts vm with minimal cpu, ram and HDD(as needed). Make your own partition. 2. Use apt-get to upgrade all the packages along with the additional packages that required to install in the vm:      $ sudo apt-get update && apt-get upgrade -y 3. Make sure that 'open-vm-tools' and 'ifupdown' package is installed in the vm:       $ sudo apt-get install open-vm-tools  -y       $ sudo apt-get install ifupdown  -y 4. Take the console of the vm and stop, disable and mask the Network Manager service:       $ systemctl  stop  NetworkManager.service       $ systemctl  disable NetworkManager.service     ...
Read more

LVM Configuration using Ansible in CentOS 7

-
1. Install epel repo on CentOS 7 system:   # yum install epel-release -y 2. Install ansible using yum:   # yum install ansible -y   3. Open '/etc/ansible/hosts' file and make a group called 'dbhosts' to add two hosts in it:   # vi  /etc/ansible/hosts   [dbhosts]    host1.example.com    host2.example.com  4. Configure passwordless ssh to both host1 & host2 from ansible server:   # ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: ce:7d:fd:65:4e:61:4e:a9:09:61:90:d2:75:1b:d1:1d root@server.example.com The key's randomart image is: +--[ RSA 2048]----+ |        ..o. +oEo| |       . o. . o..| | ...
Read more