Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet + Windows Nano Server


Published on

Puppet and Nano Server provide an amazing mix when it comes to automated cloud deployments. This slide deck is from my session at PuppetCamp NYC and Boston.

Published in: Technology
  • Be the first to comment

Puppet + Windows Nano Server

  1. 1. Windows Nano Server & Puppet Alessandro Pilotti Cloudbase Solutions
  2. 2. @cloudbaseit
  3. 3. Agenda Nano Server Puppet on Nano Server Managing resources DSC + Puppet Demos
  4. 4. What is Nano Server? A lightweight installation option for Windows Server Optimized for cloud deployments Optimized footprint, a few hundred megabytes! Fast boot times Windows without Windows
  5. 5. What can I do with Nano Server? Included Packages Hyper-V Shielded VM Windows Containers (including Docker) File Server (including SoFS / S2D) IIS / ASP.Net 5 Windows Failover Clustering DNS SCVMM DSC Additional Packages OpenStack
  6. 6. Availability? Released with Windows Server 2016 Currently available in Technical Preview (TP5) Get a Windows Server 2016 TP5 ISO from: preview
  7. 7. Limitations Nano Server’s API surface is limited! Includes “reverse forwarders” for compatibility with existing binaries Any API that requires Windows GUI / shell interaction is missing or not implemented Win64 .Net CoreCLR is portable (Windows, Linux, OS X) but more limited compared to the Full CLR
  8. 8. Limitations Some CLI differences PowerShell differences No MSI No ADSI (used by puppet for managing users and groups) COM STA mode not available (only MTA) No COM monikers In general porting applications to run on Nano requires some effort
  9. 9. How to check application compatibility? Windows API (Native apps, C/C++, etc): NanoServerApiScan.exe .Net Core
  10. 10. Build a Nano Server image for bare metal or Hyper-V Get a Windows Server 2016 TP5 ISO from windows-server-technical-preview Example: Packages can be added (Hyper-V, IIS, etc) Select –DeploymentType Host for physical servers A custom unattend.xml can be provided for apps deployment / configuration No need for activation! New-NanoServerImage -Edition Standard -DeploymentType Guest -MediaPath f: -BasePath .Base -TargetPath .Nano1Nano.vhd -ComputerName Nano1
  11. 11. What about OpenStack, KVM, ESXi, MAAS, etc? PowerShell script to add additional features and target formats: ..NewNanoServerImage.ps1 -IsoPath C:WindowsServerTP5.iso ` -TargetPath C:Nano.qcow2 -Platform KVM ` -AdministratorPassword $password ` -Compute -Storage -Clustering ` -ExtraDriversPaths C:DevDriversNUC_2015_Intel_ndis64 ` -AddCloudbaseInit ` -AddMaaSHooks ` -MaxSize 1500MB ` -DiskLayout "BIOS"
  12. 12. Managing Nano Server On a Hyper-V host: PowerShell remoting is available also on regular Windows! This is the native equivalent of SSH on Windows How to copy files remotely: $c = Get-Credential Enter-PSSession <NanoServer> -Credential $c Enter-PSSession –VMName <NanoServerVMName> -Credential $c $s = New-PSSession <NanoServer> -Credential $c Copy –ToSession $s –Path c:SomeFiles –Destination c:SomeRemoteDir
  13. 13. Install packages Windows equivalent of apt-get find-packageprovider find-package -provider nuget -source install-package node.js -destination c:node -provider nuget -source
  14. 14. OpenStack + Nano Server Cloudbase-Init support → Including Heat templates support Works on OpenStack supported hypervisors: → Hyper-V → KVM → ESXi
  15. 15. Add packages at runtime Install-PackageProvider NanoServerPackage Find-NanoServerPackage -name * Find-NanoServerPackage Microsoft-NanoServer-IIS-Package | ` Install-NanoServerPackage -culture en-us
  16. 16. Create a Nano Server instance
  17. 17. Offline domain join No need to share sensitive domain credentials! On a domain joined host: Copy blob.txt to the host that needs to join the domain and run: Works on Windows Server 2008 R2 and above as well! djoin /provision /domain cloudbase.demo /machine nanotp5 /savefile blob.txt djoin /requestODJ /loadfile blob.txt /windowspath %SystemRoot% /localos
  18. 18. Puppet on Nano Server Puppet is based on Ruby 2.x and C++ Ruby works on Nano Server with some minor changes: Win32ole win32-dir Facter needs also minor changes (both Ruby and native ones) Some resource types do not work ATM, e.g. users and groups Other providers require minor changes, e.g.: Puppetlabs-dsc Puppetlabs-reboot
  19. 19. How to create packages on Nano Server MSI are not supported on Nano Server Nano Server has a new packaging model called Windows Server Apps (WSA) based on APPX Packages include a directory tree and some extensions: NT services, WMI providers, COM servers An XML manifest file is needed Appx packages need to be signed Deployment:Add-AppxPackage puppet.appx Get-AppxPackage puppet Remove-AppxPackage puppet
  20. 20. A Puppet APPX package Here’s a Puppet for Nano Server package: For creating the package, you need the latest Windows 10 SDK (10.0.14332.1000 or above) The certificate CN must match the publisher’s identity in the certificate makeappx pack /d puppet-nano-server /p puppet.appx signtool.exe sign /fd sha256 /sha1 xxxxxxxxxxxxxxxxxxxxx /t /v puppet.appx
  21. 21. Puppet and Nano Server Some notable modules: puppetlabs-powershell puppetlabs-acl puppetlabs-reboot puppetlabs-dsc Some widely used Windows modules and resource types don’t work, e.g.: puppet-iis is based on the PowerShell WebAdministration module (Not available on Nano) scheduled_task requires mstask.dll, not available on Nano Server
  22. 22. How to manage local users and groups ADSI is not supported on Nano, so until Puppet will add an alternative (e.g. Win32): $username = 'nano' $password = 'P@ssw0rd' $groupname = 'puppet' exec { 'new-local-group': command => "New-LocalGroup -Name ${groupname}", unless => "Get-LocalGroup -Name ${groupname}", provider => powershell, }
  23. 23. How to manage local users and groups exec { 'new-local-user': command => "New-LocalUser -Name ${username} –Password (ConvertTo-SecureString -AsPlainText "${password}" -Force) -PasswordNeverExpires", unless => "Get-LocalUser -Name ${username}", provider => powershell, } exec { 'add-local-group-member': command => "Add-LocalGroupMember -Group ${groupname} -Member ${username}", unless => "Get-LocalGroupMember -Group ${groupname} -Member ${username}", provider => powershell, require => [Exec['new-local-group'], Exec['new-local-user']], }
  24. 24. DSC and Puppet PowerShell Distributed State Configuration (DSC) DSC is a declarative platform used for configuration, deployment, and management of systems Similar in scope to Puppet The puppetlabs-dsc module offers a bridge between puppet and DSC Allows to use DSC resources, no need to rewrite them for Puppet Only a few resources work on Nano for the time being (technical preview) Notice the dsc_ prefix dsc_registry {'registry_test': dsc_ensure => 'Present', dsc_key => 'HKEY_LOCAL_MACHINESOFTWAREExampleKey', dsc_valuename => 'TestValue', dsc_valuedata => 'TestData',
  25. 25. Demo
  26. 26. Licensing Windows licensing is surprisingly easy in OpenStack → Datacenter license => unlimited instances → 1 license per socket => per core in 2016 → Works with Hyper-V, VMWare, KVM, etc → Very cost effective (a few USD / month per VM) Volume licensing Multitenant? SPLA
  27. 27. Q&A
  28. 28. | @cloudbaseit