Aller au contenu
DevSecOps Logo DevSecOps
Docs
Blog
Blog

VM Windows 2019 Server sous Linux

logo ansible

Le principal objectif est de pouvoir lancer mes playbooks à destination des machines Windows sur ma machine Linux! Il faut donc que je puisse rapidement installer une machine de test Windows 2019 Server.

Vagrant toujours …

J’ai tester plusieurs boxes vagrant permettant d’instancier rapidement une VM en un minimum d’opérations. J’ai fini par prendre celle créé par ruzickap.

Il met régulièrement à jour ses VMS et en propose toute une série :

  • Windows 10
  • Windows Server 2012, 2016, 2019 et 2022
  • Ubuntu 14.04, 18.04 et 20.04

Celle qui m’intéresse ici c’est Windows 2019. Dont voici mon vagrantfile :

# -*- mode: ruby -*-
# vi: set ft=ruby :


Vagrant.configure("2") do |config|
  config.vm.box = "peru/windows-server-2019-standard-x64-eval"
  config.vm.synced_folder ".", "/vagrant", :disabled => true
  #config.vm.hostname = "test-windows"
  config.vm.provider "libvirt" do |hv|
    hv.cpus = "2"
    hv.memory = "4096"
  end
  config.vm.network "forwarded_port", guest: 443, host: 8443
  config.vm.network "private_network", ip: "192.168.33.10"
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "provision-playbook.yml"
  end
end

Quelques explications:

  • Je désactive le partage de dossier config.vm.synced_folder -> false
  • On utilise bien le provider libvirt (lien pour l’installation)
  • 4 Go est un minimun mais comme je dispose que de 8Go sur ma vm Linux je dois faire avec ca.
  • Partage du port 443 et je fixe l’ip qui est directement ajouté à mon fichier /etc/hosts via le plugin vagrant-hostsupdater.
  • Ensuite pour finaliser l’installation j’utilise un playbook Ansible.

Mon playbook Ansible :

Ce playbook ne fait qu’installer et configurer OpenSSH (les explications par là ): J’utilise [chocolatey](https://community.chocolatey.org/), qui grace à son module qui auto-installe choco si est absent, pour installer OpenSSH Server

---
- hosts: all
  gather_facts: no


  tasks:
    - win_chocolatey:
        name: openssh
        state: latest
        package_params: /SSHServerFeature
      register: package
      tags: package


    - name: open port 22 for inbound SSH connections
      win_firewall_rule:
        name: Win32-OpenSSH inbound
        protocol: tcp
        localport: 22
        direction: in
        action: allow
        state: present
        enabled: yes
        profiles: domain,private
      tags: firewall


    - name: start sshd service
      win_service:
        name: sshd
        state: started
        start_mode: delayed
        force: yes
        force_dependent_services: yes
      when: package is changed
      tags: service


    - name: Start ssh-agent service
      win_service:
        name: ssh-agent
        state: started
        start_mode: delayed
        force: yes
        force_dependent_services: yes
      tags: service


    - name: Registry configuration for vagrant
      win_regedit:
        path: HKLM:\SOFTWARE\OpenSSH
        name: '{{ item.name }}'
        data: '{{ item.data|default(None) }}'
        type: "{{ item.type|default('dword') }}"
        state: "{{ item.state|default('present') }}"
      with_items:
      - name: DefaultShell
        type: string
        data: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      - name: DefaultShellCommandOption
        type: string
        data: /c
        state: absent
      - name: DefaultShellEscapeArguments
        data: 0
        state: absent
      tags: registry


    - win_file:
        path: '%USERPROFILE%/.ssh/'
        state: directory
      tags: key


    - win_copy:
        src: authorized_keys
        dest: '%USERPROFILE%/.ssh/authorized_keys'
      tags: key


    - win_copy:
        src: sshd_config
        dest: 'C:\ProgramData\ssh\'
      tags: key


    - win_service:
        name: sshd
        state: restarted
        force: yes
        force_dependent_services: yes

J’utilise les modules windows suivant (fichier requirements.yml)

collections:
  - name: community.windows
    version: 1.7.0
  - name: ansible.windows
    version: 1.7.3

Pour les installer :

Terminal window
ansible-galaxy collection install -r requirements.yml

Il faut en plus d’Ansible installer le module pip pywinrm :

Terminal window
pip install pywinrm

On teste :

Terminal window
vagrant up


Bringing machine 'default' up with 'libvirt' provider...
==> default: Box 'peru/windows-server-2019-standard-x64-eval' could not be found. Attempting to find and install...
    default: Box Provider: libvirt
    default: Box Version: >= 0
==> default: Loading metadata for box 'peru/windows-server-2019-standard-x64-eval'
    default: URL: https://vagrantcloud.com/peru/windows-server-2019-standard-x64-eval
==> default: Adding box 'peru/windows-server-2019-standard-x64-eval' (v20211001.01) for provider: libvirt
    default: Downloading: https://vagrantcloud.com/peru/boxes/windows-server-2019-standard-x64-eval/versions/20211001.01/providers/libvirt.box
    default: Calculating and comparing box checksum...
==> default: Successfully added box 'peru/windows-server-2019-standard-x64-eval' (v20211001.01) for 'libvirt'!
==> default: Machine booted and ready!
==> default: [vagrant-hostsupdater] Checking for host entries
==> default: Forwarding ports...
==> default: 3389 (guest) => 3389 (host) (adapter eth0)
==> default: 5986 (guest) => 5986 (host) (adapter eth0)
==> default: 5985 (guest) => 5985 (host) (adapter eth0)
==> default: 443 (guest) => 8443 (host) (adapter eth0)
==> default: Configuring and enabling network interfaces...
==> default: Running provisioner: ansible...
    default: Running ansible-playbook...


PLAY [all] *********************************************************************


TASK [win_chocolatey] **********************************************************
changed: [default]
[WARNING]: Chocolatey was missing from this system, so it was installed during
this task run.


TASK [open port {{ opt_openssh_port }} for inbound SSH connections] ************
changed: [default]


TASK [win_service] *************************************************************
changed: [default]

On teste la connexion ssh :

Terminal window
vagrant ssh
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.


PS C:\Users\vagrant>

Récupérons la conf ssh de vagrant pour l’ajouter dans la config ssh :

Terminal window
vagrant ssh-config >> ~/.ssh/config

dont le contenu est :

Host default
  HostName 192.168.121.252
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /home/vagrant/.vagrant.d/insecure_private_key
  IdentitiesOnly yes
  LogLevel FATAL

On créé un fichier d’inventaire:

[all]
default
[all:vars]
ansible_shell_type=powershell

On teste ansible :

Terminal window
ansible -m win_ping -i hosts all
default | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Objectif atteint !

Si vous voulez plus de tutorials Ansible je vous renvoie sur le billet de l’introduction à ansible