SlideShare a Scribd company logo

10 Things I Hate About You - Taming Windows w/Ansible

Download as PPTX, PDF
Chocolatey Software
Chocolatey Software

Matt Davis, Senior Principal Software Engineer at Ansible Core: Red HatWindows can be a fickle beast to automate. We'll explore ten common Windows pain points and how to tame them via Ansible, then explore an Ansible role that builds on those techniques to deploy a Chocolatey Simple Server.

Technology
1 of 33
10 Things I Hate About You: Taming Windows with Ansible Matt Davis Senior Principal Software Engineer, Ansible Core
Who am I?
I LOVE WINDOWS
● Simple, agentless orchestration ○ Push-mode, linear by default ○ Uses target-native management technologies ● F/OSS command-line, "batteries included" ○ Tower Web UI/Service layer available ○ Sorry, controller is Linux-y (for now) ● Talk to just about anything ○ Windows, Linux, Networking, Embedded What is Ansible?
● List of machines to manage (and how to reach them) ● Static ○ Simple ● Dynamic ○ Source from anything/anywhere! ● Composable ○ Most real-world inventories are both Ansible Basics: Inventory
● Unit of code that executes on a target ● Samples/enforces desired state on a resource ○ Similar to a DSC Resource ● Idempotent! ● Ephemeral! Ansible Basics: Modules
● A series of YAML-based declarative tasks ● Usually drives modules against inventory hosts ● Embedded Jinja2 templating ● Default task-linear/host-parallel ○ Easy orchestration! ● Easy error recovery! Ansible Basics: Playbooks
● Packaged tasks from playbooks ○ Declare defaults, include templates ○ Easy reuse/distribution format We'll take a look at all these in a bit! Ansible Basics: Roles
● Windows-native HTTP/XML remote shell protocol ● Non-interactive logon ● Microsoft OpenSSH? WinRM
DEMOS: Ansible Installation Ansible Inventory WinRM Connectivity
● Unlike Python, "just there" on modern Windows ● We can use .NET ● Powershell 3+, Windows 7/Server 2008+ ● Access to the DSC universe via win_dsc Powershell
- win_psmodule: # install xDNSServer DSC module on target name: xDnsServer - win_dsc: # create DNS zone resource_name: xDnsServerPrimaryZone name: createdbyansible.com - win_dsc: # create DNS record resource_name: xDnsRecord name: test zone: createdbyansible.com target: 1.2.3.4 type: ARecord Powershell / DSC
● win_chocolatey ! ● win_package App Install/Maintenance
● win_reboot action makes managed reboots trivial ● wait_for_connection is just the second half Reboots, oh the reboots...
● Basic, synchronous updates ● Uses configured source (Windows Update/WSUS) ● Transparent run as SYSTEM + auto reboot Windows Update
- win_updates: category_names: CriticalUpdates reboot: yes # new in 2.5! blacklist: # new in 2.5! - KB4056892 Windows Update
● Modules for managing websites, webapps, apppools, virtual dirs, etc. IIS
- win_iis_website: name: Default Web Site physical_path: C:InetpubWWWRoot - win_iis_webapp: site: Default Web Site name: OrchardCMS physical_path: C:InetpubWWWRootOrchard IIS
● Manage individual key/value (win_regedit) ● Manage idempotent bulk import (win_regmerge) Registry
- win_regedit: path: HKLMSoftwareMicrosoftWindows name: SomeValueName value: 0x12345 - win_regmerge: path: ComplexRegData.reg Registry
● win_service ● Basic start/stop ● Provides fine control over complex service behavior config in Windows SCM ○ who/what/when/how Services
# ensure IIS is running - win_service: name: W3Svc state: running # ensure firewall service is stopped/disabled - win_service: name: MpsSvc state: stopped start_mode: disabled Services
● Windows' way of doing enterprise identity ● Makes auth complex ● Ansible can do "throwaway" domains easily ● Promote/depromote DCs ● Joining/leaving domain is simple ● Manage basic domain objects Domains
# create a domain - win_domain: dns_domain_name: mydomain.local safe_mode_password: ItsASecret # add a domain user - win_domain_user: name: somebody upn: somebody@mydomain.local groups: - Domain Admins Domains
DEMO: Domain Join
● win_acl / win_owner ● SDDL?! ACLs
O:BAG:S-1-5-21-328427983-2845905853-4261175022- 513D:AI(A;OICIID;FA;;;SY)(A;OICIID;FA;;;BA)(A;OIC ID;LC;;;BU)(A;CIID;DC;;;BU)(A;OICIIOID;GA;;;CO) ACLs
- win_owner: path: C:Program FilesSomeApp user: Administrator recurse: true - win_acl: path: C:Temp user: Users rights: ReadAndExecute,Write,Delete inherit: ContainerInherit,ObjectInherit ACLs
DEMO: Choco Simple Server Install
Wrapup
+ =
Questions?

Recommended

Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Bachkoutou Toutou
 
Using Capifony for Symfony apps deployment.
Using Capifony for Symfony apps deployment.Using Capifony for Symfony apps deployment.
Using Capifony for Symfony apps deployment.
Žilvinas Kuusas
 
Serve like a boss (part one)
Serve like a boss (part one)Serve like a boss (part one)
Serve like a boss (part one)
Hamed Nemati
 
Why choose ubuntu server
Why choose ubuntu serverWhy choose ubuntu server
Why choose ubuntu serverKostas Livieratos
 
Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…
Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…
Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…Atwix
 
Super performing websites with TYPO3 and Varnish
Super performing websites with TYPO3 and VarnishSuper performing websites with TYPO3 and Varnish
Super performing websites with TYPO3 and Varnish
christianjul
 
T3DD12 Caching with Varnish
T3DD12 Caching with VarnishT3DD12 Caching with Varnish
T3DD12 Caching with VarnishAOE
 
V mware converter best practices
V mware converter best practicesV mware converter best practices
V mware converter best practicesVenkata Ramana
 

Recommended

Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Bachkoutou Toutou
 
Using Capifony for Symfony apps deployment.
Using Capifony for Symfony apps deployment.Using Capifony for Symfony apps deployment.
Using Capifony for Symfony apps deployment.
Žilvinas Kuusas
 
Serve like a boss (part one)
Serve like a boss (part one)Serve like a boss (part one)
Serve like a boss (part one)
Hamed Nemati
 
Why choose ubuntu server
Why choose ubuntu serverWhy choose ubuntu server
Why choose ubuntu serverKostas Livieratos
 
Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…
Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…
Host and Boast: Best Practices for Magento Hosting | Imagine 2013 Technolog…Atwix
 
Super performing websites with TYPO3 and Varnish
Super performing websites with TYPO3 and VarnishSuper performing websites with TYPO3 and Varnish
Super performing websites with TYPO3 and Varnish
christianjul
 
T3DD12 Caching with Varnish
T3DD12 Caching with VarnishT3DD12 Caching with Varnish
T3DD12 Caching with VarnishAOE
 
V mware converter best practices
V mware converter best practicesV mware converter best practices
V mware converter best practicesVenkata Ramana
 
Cache hcm-topdev
Cache hcm-topdevCache hcm-topdev
Cache hcm-topdev
Thanh Chau
 
Vagrant - Team Development made easy
Vagrant - Team Development made easyVagrant - Team Development made easy
Vagrant - Team Development made easy
Marco Silva
 
[Mas 500] Various Topics
[Mas 500] Various Topics[Mas 500] Various Topics
[Mas 500] Various Topicsrahulbot
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
Nginx [engine x] and you (and WordPress)
Nginx [engine x] and you (and WordPress)Nginx [engine x] and you (and WordPress)
Nginx [engine x] and you (and WordPress)
Justin Foell
 
2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's
Ken Moore
 
How to Install and Use MMS
How to Install and Use MMSHow to Install and Use MMS
How to Install and Use MMS
MongoDB
 
SELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made EasySELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made Easy
Ken Moore
 
Linux network manager configure
Linux network manager configureLinux network manager configure
Linux network manager configure
InfoExcavator
 
體驗 Hhvm
體驗 Hhvm體驗 Hhvm
體驗 Hhvm
Chen Cheng-Wei
 
07 automate windowsenvironmentswithansibleanddsc
07 automate windowsenvironmentswithansibleanddsc07 automate windowsenvironmentswithansibleanddsc
07 automate windowsenvironmentswithansibleanddsc
Khairul Zebua
 
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
Hanoi MagentoMeetup
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Camilo Alvarez Rivera
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them All
Tim Fairweather
 
MongoDB: Advantages of an Open Source NoSQL Database
MongoDB: Advantages of an Open Source NoSQL DatabaseMongoDB: Advantages of an Open Source NoSQL Database
MongoDB: Advantages of an Open Source NoSQL Database
FITC
 
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Lance Albertson
 
Server Core2
Server Core2Server Core2
Server Core2Concentrated Technology
 
J+s
J+sJ+s
J+s
happyuk
 
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShiftDevops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShift
Yaniv cohen
 
Lessons From A DevOps Transformation on AWS
Lessons From A DevOps Transformation on AWSLessons From A DevOps Transformation on AWS
Lessons From A DevOps Transformation on AWS
Hrishikesh Barua
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
Osama Mustafa
 
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VIIDebugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Martin Leyrer
 

More Related Content

What's hot

Cache hcm-topdev
Cache hcm-topdevCache hcm-topdev
Cache hcm-topdev
Thanh Chau
 
Vagrant - Team Development made easy
Vagrant - Team Development made easyVagrant - Team Development made easy
Vagrant - Team Development made easy
Marco Silva
 
[Mas 500] Various Topics
[Mas 500] Various Topics[Mas 500] Various Topics
[Mas 500] Various Topicsrahulbot
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
Nginx [engine x] and you (and WordPress)
Nginx [engine x] and you (and WordPress)Nginx [engine x] and you (and WordPress)
Nginx [engine x] and you (and WordPress)
Justin Foell
 
2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's
Ken Moore
 
How to Install and Use MMS
How to Install and Use MMSHow to Install and Use MMS
How to Install and Use MMS
MongoDB
 
SELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made EasySELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made Easy
Ken Moore
 
Linux network manager configure
Linux network manager configureLinux network manager configure
Linux network manager configure
InfoExcavator
 
體驗 Hhvm
體驗 Hhvm體驗 Hhvm
體驗 Hhvm
Chen Cheng-Wei
 

What's hot (10)

Cache hcm-topdev
Cache hcm-topdevCache hcm-topdev
Cache hcm-topdev
 
Vagrant - Team Development made easy
Vagrant - Team Development made easyVagrant - Team Development made easy
Vagrant - Team Development made easy
 
[Mas 500] Various Topics
[Mas 500] Various Topics[Mas 500] Various Topics
[Mas 500] Various Topics
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
 
Nginx [engine x] and you (and WordPress)
Nginx [engine x] and you (and WordPress)Nginx [engine x] and you (and WordPress)
Nginx [engine x] and you (and WordPress)
 
2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's
 
How to Install and Use MMS
How to Install and Use MMSHow to Install and Use MMS
How to Install and Use MMS
 
SELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made EasySELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made Easy
 
Linux network manager configure
Linux network manager configureLinux network manager configure
Linux network manager configure
 
體驗 Hhvm
體驗 Hhvm體驗 Hhvm
體驗 Hhvm
 

Similar to 10 Things I Hate About You - Taming Windows w/Ansible

07 automate windowsenvironmentswithansibleanddsc
07 automate windowsenvironmentswithansibleanddsc07 automate windowsenvironmentswithansibleanddsc
07 automate windowsenvironmentswithansibleanddsc
Khairul Zebua
 
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
Hanoi MagentoMeetup
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Camilo Alvarez Rivera
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them All
Tim Fairweather
 
MongoDB: Advantages of an Open Source NoSQL Database
MongoDB: Advantages of an Open Source NoSQL DatabaseMongoDB: Advantages of an Open Source NoSQL Database
MongoDB: Advantages of an Open Source NoSQL Database
FITC
 
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Lance Albertson
 
J+s
J+sJ+s
J+s
happyuk
 
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShiftDevops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShift
Yaniv cohen
 
Lessons From A DevOps Transformation on AWS
Lessons From A DevOps Transformation on AWSLessons From A DevOps Transformation on AWS
Lessons From A DevOps Transformation on AWS
Hrishikesh Barua
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
Osama Mustafa
 
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VIIDebugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Martin Leyrer
 
Ansible Tutorial.pdf
Ansible Tutorial.pdfAnsible Tutorial.pdf
Ansible Tutorial.pdf
NigussMehari4
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
Mehmet Ali Aydın
 
Nodejs web service for starters
Nodejs web service for startersNodejs web service for starters
Nodejs web service for starters
Bruce Li
 
Self 2013
Self 2013Self 2013
Self 2013
krispcbsd
 
BSDCan2013
BSDCan2013BSDCan2013
BSDCan2013
krispcbsd
 
Texas 2013
Texas 2013Texas 2013
Texas 2013
krispcbsd
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
xabean
 
Care and Feeding of Large Web Applications
Care and Feeding of Large Web ApplicationsCare and Feeding of Large Web Applications
Care and Feeding of Large Web Applications
Perrin Harkins
 

Similar to 10 Things I Hate About You - Taming Windows w/Ansible (20)

07 automate windowsenvironmentswithansibleanddsc
07 automate windowsenvironmentswithansibleanddsc07 automate windowsenvironmentswithansibleanddsc
07 automate windowsenvironmentswithansibleanddsc
 
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
#3 Hanoi Magento Meetup - Part 2: Scalable Magento Development With Containers
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them All
 
MongoDB: Advantages of an Open Source NoSQL Database
MongoDB: Advantages of an Open Source NoSQL DatabaseMongoDB: Advantages of an Open Source NoSQL Database
MongoDB: Advantages of an Open Source NoSQL Database
 
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
Hands on Virtualization with Ganeti (part 1) - LinuxCon 2012
 
Server Core2
Server Core2Server Core2
Server Core2
 
J+s
J+sJ+s
J+s
 
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShiftDevops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShift
 
Lessons From A DevOps Transformation on AWS
Lessons From A DevOps Transformation on AWSLessons From A DevOps Transformation on AWS
Lessons From A DevOps Transformation on AWS
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Debugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VIIDebugging IBM Connections for the Impatient Admin - Social Connections VII
Debugging IBM Connections for the Impatient Admin - Social Connections VII
 
Ansible Tutorial.pdf
Ansible Tutorial.pdfAnsible Tutorial.pdf
Ansible Tutorial.pdf
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
Nodejs web service for starters
Nodejs web service for startersNodejs web service for starters
Nodejs web service for starters
 
Self 2013
Self 2013Self 2013
Self 2013
 
BSDCan2013
BSDCan2013BSDCan2013
BSDCan2013
 
Texas 2013
Texas 2013Texas 2013
Texas 2013
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Care and Feeding of Large Web Applications
Care and Feeding of Large Web ApplicationsCare and Feeding of Large Web Applications
Care and Feeding of Large Web Applications
 

More from Chocolatey Software

Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Chocolatey Software
 
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyProvision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Chocolatey Software
 
WinOps in a Secure Environment
WinOps in a Secure EnvironmentWinOps in a Secure Environment
WinOps in a Secure Environment
Chocolatey Software
 
Docker - A Container Full of Chocolatey
Docker - A Container Full of ChocolateyDocker - A Container Full of Chocolatey
Docker - A Container Full of Chocolatey
Chocolatey Software
 
Killing Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure SetupsKilling Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure Setups
Chocolatey Software
 
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Chocolatey Software
 
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Chocolatey Software
 
The Future of Windows Automation
The Future of Windows AutomationThe Future of Windows Automation
The Future of Windows Automation
Chocolatey Software
 
Improving Infrastructure Quality
Improving Infrastructure QualityImproving Infrastructure Quality
Improving Infrastructure Quality
Chocolatey Software
 
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and ChocolateyEnsuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Chocolatey Software
 
Bootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 ClickBootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 Click
Chocolatey Software
 
Chocolatey and Puppet at Yelp
Chocolatey and Puppet at YelpChocolatey and Puppet at Yelp
Chocolatey and Puppet at Yelp
Chocolatey Software
 
Chef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet RecipesChef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet Recipes
Chocolatey Software
 

More from Chocolatey Software (13)

Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
 
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyProvision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
 
WinOps in a Secure Environment
WinOps in a Secure EnvironmentWinOps in a Secure Environment
WinOps in a Secure Environment
 
Docker - A Container Full of Chocolatey
Docker - A Container Full of ChocolateyDocker - A Container Full of Chocolatey
Docker - A Container Full of Chocolatey
 
Killing Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure SetupsKilling Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure Setups
 
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
 
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
 
The Future of Windows Automation
The Future of Windows AutomationThe Future of Windows Automation
The Future of Windows Automation
 
Improving Infrastructure Quality
Improving Infrastructure QualityImproving Infrastructure Quality
Improving Infrastructure Quality
 
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and ChocolateyEnsuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
 
Bootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 ClickBootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 Click
 
Chocolatey and Puppet at Yelp
Chocolatey and Puppet at YelpChocolatey and Puppet at Yelp
Chocolatey and Puppet at Yelp
 
Chef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet RecipesChef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet Recipes
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 

10 Things I Hate About You - Taming Windows w/Ansible

  • 1. 10 Things I Hate About You: Taming Windows with Ansible Matt Davis Senior Principal Software Engineer, Ansible Core
  • 4.
  • 5. ● Simple, agentless orchestration ○ Push-mode, linear by default ○ Uses target-native management technologies ● F/OSS command-line, "batteries included" ○ Tower Web UI/Service layer available ○ Sorry, controller is Linux-y (for now) ● Talk to just about anything ○ Windows, Linux, Networking, Embedded What is Ansible?
  • 6. ● List of machines to manage (and how to reach them) ● Static ○ Simple ● Dynamic ○ Source from anything/anywhere! ● Composable ○ Most real-world inventories are both Ansible Basics: Inventory
  • 7. ● Unit of code that executes on a target ● Samples/enforces desired state on a resource ○ Similar to a DSC Resource ● Idempotent! ● Ephemeral! Ansible Basics: Modules
  • 8. ● A series of YAML-based declarative tasks ● Usually drives modules against inventory hosts ● Embedded Jinja2 templating ● Default task-linear/host-parallel ○ Easy orchestration! ● Easy error recovery! Ansible Basics: Playbooks
  • 9. ● Packaged tasks from playbooks ○ Declare defaults, include templates ○ Easy reuse/distribution format We'll take a look at all these in a bit! Ansible Basics: Roles
  • 10. ● Windows-native HTTP/XML remote shell protocol ● Non-interactive logon ● Microsoft OpenSSH? WinRM
  • 12. ● Unlike Python, "just there" on modern Windows ● We can use .NET ● Powershell 3+, Windows 7/Server 2008+ ● Access to the DSC universe via win_dsc Powershell
  • 13. - win_psmodule: # install xDNSServer DSC module on target name: xDnsServer - win_dsc: # create DNS zone resource_name: xDnsServerPrimaryZone name: createdbyansible.com - win_dsc: # create DNS record resource_name: xDnsRecord name: test zone: createdbyansible.com target: 1.2.3.4 type: ARecord Powershell / DSC
  • 14. ● win_chocolatey ! ● win_package App Install/Maintenance
  • 15. ● win_reboot action makes managed reboots trivial ● wait_for_connection is just the second half Reboots, oh the reboots...
  • 16. ● Basic, synchronous updates ● Uses configured source (Windows Update/WSUS) ● Transparent run as SYSTEM + auto reboot Windows Update
  • 17. - win_updates: category_names: CriticalUpdates reboot: yes # new in 2.5! blacklist: # new in 2.5! - KB4056892 Windows Update
  • 18. ● Modules for managing websites, webapps, apppools, virtual dirs, etc. IIS
  • 19. - win_iis_website: name: Default Web Site physical_path: C:InetpubWWWRoot - win_iis_webapp: site: Default Web Site name: OrchardCMS physical_path: C:InetpubWWWRootOrchard IIS
  • 20. ● Manage individual key/value (win_regedit) ● Manage idempotent bulk import (win_regmerge) Registry
  • 21. - win_regedit: path: HKLMSoftwareMicrosoftWindows name: SomeValueName value: 0x12345 - win_regmerge: path: ComplexRegData.reg Registry
  • 22. ● win_service ● Basic start/stop ● Provides fine control over complex service behavior config in Windows SCM ○ who/what/when/how Services
  • 23. # ensure IIS is running - win_service: name: W3Svc state: running # ensure firewall service is stopped/disabled - win_service: name: MpsSvc state: stopped start_mode: disabled Services
  • 24. ● Windows' way of doing enterprise identity ● Makes auth complex ● Ansible can do "throwaway" domains easily ● Promote/depromote DCs ● Joining/leaving domain is simple ● Manage basic domain objects Domains
  • 25. # create a domain - win_domain: dns_domain_name: mydomain.local safe_mode_password: ItsASecret # add a domain user - win_domain_user: name: somebody upn: somebody@mydomain.local groups: - Domain Admins Domains
  • 27. ● win_acl / win_owner ● SDDL?! ACLs
  • 29. - win_owner: path: C:Program FilesSomeApp user: Administrator recurse: true - win_acl: path: C:Temp user: Users rights: ReadAndExecute,Write,Delete inherit: ContainerInherit,ObjectInherit ACLs
  • 32. + =