Windows Automation using Ansible: Myth or Truth
•Download as ODP, PDF•
1 like•209 views
Thanks to Matt Davis who is the original creator of this presentation. I adjusted this presentation to fit to my 40 minutes Meetup. This was delivered for Ansible Meetup in Wellington
Recommended
More Related Content
Similar to Windows Automation using Ansible: Myth or Truth
Similar to Windows Automation using Ansible: Myth or Truth (20)
Recently uploaded
Recently uploaded (20)
Windows Automation using Ansible: Myth or Truth
- 1. Windows Automation using Ansible Myth or Truth Michael Calizo Senior Technical Account Manager
- 2. Who am I?
- 3. Agenda ● Connection methods ● App Install and Maintenance ● Windows Security and Hardening ● Windows Services ● Of course we need to talk about reboots
- 4. The Ansible Way CROSS PLATFORM ENABLE REUSE HUMAN READABLE DESCRIPTION OF APPLICATION VERSION CONTROLLED ENVIRONMENT TRANSPARENC Y ORCHESTRATI ON PLAYS WELL WITH OTHERS
- 5. Connection Methods ● WinRM (HTTP-based remote shell protocol) ● Batch logon ● Different connection plugin ● Microsoft OpenSSH? https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible. ps1
- 7. App Install/Maintenance ● win_chocolatey ! ● win_package ● NOT win_msi
- 9. Windows Security Update and Hardening ● Most tideos work ● Regular activity
- 10. Services ● win_service looks/acts like Linux service module ● Provides fine control over complex service behavior config in Windows SCM (who/what/when/how)
- 11. - name: Install IIS (Web-Server only) win_feature: name: Web-Server state: present - name: Start IIS win_service: name: W3Svc state: started Services
- 12. Windows Update ● Basic, synchronous updates ● Uses configured source (Windows Update/WSUS)
- 13. - win_updates: category_names: criticalupdates register: wuout # no longer required in 2.5! - win_reboot: when: wuout.reboot_required Windows Update
- 14. Reboots, oh the reboots... ● win_reboot action makes managed reboots trivial ● wait_for_connection is just the second half
- 15. Wrapup
- 16. + =
- 17. Questions?
Editor's Notes
- Poll: How many hate Windows? Poll: using Ansible w/ Windows today?
- While every modern Linux distro has some kind of package management built in, Windows as a whole has still managed to avoid it. The closest thing (outside the Windows App Store itself) is Chocolatey. If you're not familiar with it, it's probably closest to something like Homebrew for the Mac. I highly recommend using it wherever possible over directly installing apps, even if it means you have to maintain your own. Having installed app version metadata makes app management with an idempotent solution like Ansible so much easier. Choco also is easily deployed behind your firewall, if you're worried about relying on the public service, or want to deploy your own software privately, and they're starting to provide paid, supported offerings as well.
- The IIS webserver has been a staple on Windows since NT4. It's gotten a lot more manageable over the years, and Ansible ships with a set of modules for idempotently managing the basics, like websites, virtual directories, webapps, app pools, and more.
- Windows Services are another thing fairly unique to Windows. The concept definitely exists on Linux, but in many different forms that are generally simpler, like init, upstart, now systemd, and some others. The Windows Service Control Manager has a fairly broad surface area, and can be a hassle to set up and manage if you're not used to doing it. Ansible win_service module makes it a whole lot easier, and it looks very similar to the Linux service module that exposes a handful of properties necessary to making a service go, like when it should start, who it runs as, what it runs, etc.