Windows Automation with Ansible by "Swapnil Dahiphale" from (Crevise). The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author.
2. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Who Am I?
- Sr. DevOps Engineer at Crevise Technologies
- Passionate about Learning and implementing disruptive innovations in
DevOps
@Swapnil2233
swapnil@crevise.com
3. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Who Am I?
Sr. DevOps Engineer at Crevise Technologies
@lokeshjawane
lokesh.jawane@crevise.com
4. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Agenda
- Automation
- Why Automation?
- Windows Automation and Challenges
- Automation tools
- Ansible
- Principles of Ansible and How it works
- User case
- Demo
5. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Automation
“Automation is the key to successful DevOps adoption”
- Change Management
- Provisioning
- Orchestration
6. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Change Management
- System State
- Define
- Enforce
- Example
- Apache web server version 2.4.x installed
- PHP 5.4.x installed
- Apache web server started
- Webadmin user exist with authorized key
- Deviation from the state would warrant a change
7. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Provisioning
- Built on top of Automation and Change Management
- Preparing a system
- Installing, updating, configuring software
- Example:
- Start with basic installation of OS
- Update the operating system
- Install the web server
- Deploy the application
8. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Orchestration
- Orchestration is not just Automation
- Coordination between systems
- Order sensitive tasks
- Example:
- Remove web1 from LB
- Run tasks on web1
- Add web1 back to LB
9. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Why Automation?
- We all have to do more with less!
- Consistently deliver stable predictable environment
- Increase number of deployments, decrease time between deployments
- Deliver more secure environment
- Innovate faster
10. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Linux Vs Windows
11. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Windows Automation
12. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Windows Automation Challenges
- Legacy Security Models
- AD dependencies
- Reboot are a pain
- Typically heavy software packages
- We can bootstrap to a point
13. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Automation Tools
14. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
You’ve probably already heard of
the most common tools
15. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible
16. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Principles of Ansible
SIMPLE POWERFUL AGENTLESS
Human readable automation App deployment Agentless architecture
No special coding skills needed Configuration management Uses OpenSSH & WinRM
Tasks executed in order Workflow orchestration No agents to exploit or
update
Get productive quickly Orchestrate the app lifecycle More efficient & more
secure
17. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
How Ansible Works?
18. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible concepts: Playbooks
Defines sequences of tasks (Plays) to be executed on a group of hosts.
- Describes policies machine under management shall enforce
- Contains variables, tasks, handlers, files, templates and roles
- Expressed in YAML
19. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible concepts: Playbooks
---
- win_get_url:
url: “{{ windows_server_iso }}”
dest: “{{ windows_temp_path }}win20121.iso”
force: yes
when: win_iso.stat.exists == false
- win_shell: ‘Mount-DiskImage -ImagePath “{{ windows_temp_path }}win20121.iso”’
- win_shell: ‘(Get-DiskImage -ImagePath “{{ windows_temp_path }}win20121.iso” | Get-Volume).DriveLetter’
register: drive_letter
# - debug: var=drive_letter
- name: net-framework-35
win_feature:
name: NET-Framework-Core
source: ‘{{ drive_letter.stdout_lines[0] }}:sourcessxs’
state: present
20. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible concepts: Playbooks
---
- win_get_url:
url: “{{ windows_server_iso }}”
dest: “{{ windows_temp_path }}win20121.iso”
force: yes
when: win_iso.stat.exists == false
- win_shell: ‘Mount-DiskImage -ImagePath “{{ windows_temp_path }}win20121.iso”’
- win_shell: ‘(Get-DiskImage -ImagePath “{{ windows_temp_path }}win20121.iso” | Get-Volume).DriveLetter’
register: drive_letter
# - debug: var=drive_letter
- name: net-framework-35
win_feature:
name: NET-Framework-Core
source: ‘{{ drive_letter.stdout_lines[0] }}:sourcessxs’
state: present
module
variable
List of plays
List of tasks
21. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible concepts: Roles
Best way to organize your playbooks
- Structure content into related vars, tasks, files, handlers, etc.
- File structure for automated inclusion of role-specific content
- Roles can be shared and pulled from Ansible Galaxy, Github, etc.
22. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible Tower
- Product by Red Hat
- Web based UI
- Cloud Integration (AWS, Azure, RackSpace)
- Compliance: Reporting + Auditing
- Every job run is logged and can be traced
- Role Based Access Control
- REST API
- Monitoring
23. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Preparation
24. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Setup Ansible on Control Node
$ add-apt-repository ppa:ansible
$ apt-get update
$ apt-get install ansible
OR
$ pip install ansible
25. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Limitation for Control Node
- Control Node is recommended to be Linux.
- Or Windows Subsystem for Linux (WSL)
http://docs.ansible.com/ansible/intro_windows.html#using-a-windows-control-machine
26. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Additional Setup for Controlling Windows
- To control Windows Slave with local User Account, no additional setup
required
- To control Windows Slave with AD Account, the easiest way is to setup
Kerberos
$ apt-get install python-dev libkrb5-dev krb5-user
$ pip install pywinrm[kerberos]
$ vim /etc/krb5.conf
27. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Additional Setup for the Windows Slave Nodes
The older Windows require extra setup to meet basic requirements
- Windows 7,8, Windows Server 2008 R2
- .Net Framework >= 4.0 (reboot required)
- PowerShell >=3.0 (reboot required)
- Windows Remote Management (WinRM)
- Apply Hotfix for Windows 7, 8, Windows Server 2008 R2, 2012
28. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
What About Linux Slave?
Nope…
There’s no prerequisites for linux slave, except login user account ;-)
29. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Use case
Setting up private cloud for Cathay Pacific Airways, with Red Hat.
- Challenges:
- Strict and close timelines, RHEL, Windows and all integration points automation, Security,
Compliance and testing in a restricted environment.
- Solution:
- Provisioning of VMs is done with CloudForms
- Configurations on RHEL and Windows VMs is done with Ansible
- Network related activities are automated with Ansible
- Integration with Hitachi Data Systems automated with Ansible
30. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Use case
31. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Use case
Things Automated
- OS Hardening
- Updates and patches
- Antivirus Configuration
- Joining VM to Active Directory
- Installation of softwares like MSSQL
- Windows clustering and MSSQL cluster confuguration
32. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Demo
33. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Ansible makes automating Windows easier!
Conclusion
34. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
Questions?
35. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
github.com/swapnildahiphale
linkedin.com/in/swapnil2233
@Swapnil2233
swapnil@crevise.com
Thank You!
36. #DOPPA17
As the author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing
alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial channels - (Provided due
credit is given to me/us)
References
http://docs.ansible.com/ansible/intro_windows.html#using-a-windows-control-machine
http://docs.ansible.com/ansible/latest/intro_windows.html