All Projects → crombeen → Ansible

crombeen / Ansible

Ansible playbooks for managing an elementary school IT infrastructure (mostly Windows desktops)

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Ansible

Dellemc Openmanage Ansible Modules
Dell EMC OpenManage Ansible Modules
Stars: ✭ 169 (-6.63%)
Mutual labels:  ansible
Ansible Role Redis
Ansible Role - Redis
Stars: ✭ 176 (-2.76%)
Mutual labels:  ansible
Vulnerable Apps
Stars: ✭ 179 (-1.1%)
Mutual labels:  ansible
Nexus3 Oss
Ansible role to install and provision sonatype nexus3-oss
Stars: ✭ 169 (-6.63%)
Mutual labels:  ansible
Schoolcms
中国首个开源学校教务管理系统、网站布局自动化、学生/成绩/教师、成绩查询
Stars: ✭ 175 (-3.31%)
Mutual labels:  school
Ansible Collection Hardening
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Stars: ✭ 2,543 (+1304.97%)
Mutual labels:  ansible
Openshift Ansible
Install and config an OpenShift 3.x cluster
Stars: ✭ 2,032 (+1022.65%)
Mutual labels:  ansible
Chrome Aws Lambda
Chromium Binary for AWS Lambda and Google Cloud Functions
Stars: ✭ 2,502 (+1282.32%)
Mutual labels:  ansible
Ansible Role Wireguard
Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
Stars: ✭ 176 (-2.76%)
Mutual labels:  ansible
Ansible Nginx Hardening
This Ansible role provides secure nginx configurations.
Stars: ✭ 180 (-0.55%)
Mutual labels:  ansible
Deploy
Ansible role to deploy scripting applications like PHP, Python, Ruby, etc. in a capistrano style
Stars: ✭ 2,141 (+1082.87%)
Mutual labels:  ansible
Graylog Ansible Role
Ansible role which installs and configures Graylog
Stars: ✭ 173 (-4.42%)
Mutual labels:  ansible
Robot
Native cross-platform system automation
Stars: ✭ 178 (-1.66%)
Mutual labels:  desktop
Desktopfolder
Bring your Desktop Back to Life
Stars: ✭ 171 (-5.52%)
Mutual labels:  desktop
Wmail
The missing desktop client for Gmail & Google Inbox
Stars: ✭ 2,093 (+1056.35%)
Mutual labels:  desktop
Robot Js
Native system automation for node.js
Stars: ✭ 169 (-6.63%)
Mutual labels:  desktop
Mota
🎡 A state management library
Stars: ✭ 177 (-2.21%)
Mutual labels:  desktop
Phantomstyle
Cross-platform QStyle for traditionalists
Stars: ✭ 179 (-1.1%)
Mutual labels:  desktop
Xiaomiadbfastboottools
A simple tool for managing Xiaomi devices on desktop using ADB and Fastboot
Stars: ✭ 2,810 (+1452.49%)
Mutual labels:  desktop
Komorebi
A beautiful and customizable wallpapers manager for Linux
Stars: ✭ 2,472 (+1265.75%)
Mutual labels:  desktop

= Using Ansible to manage Windows desktops One of the primary goals of this project is to create a systems management solution that would ease our work, but does not create an extra dependency for the infrastructure. If anything, the systems can be managed by hand individually as before.

As part of this project the following modules have been implemented:

  • wakeonlan
  • wait_for_connection
  • win_defrag
  • win_product_facts
  • win_shortcut
  • win_wakeonlan

== Configuring the system for Powershell Remoting The following actions have to be taken to enable WinRM Powershell remoting.

=== Enable WinRM Start Powershell (Run as Administrator) and run the following command:

WinRM qc

Answer yes on each question asked.

=== Allow Powershell script execution Start Powershell (Run as Administrator) and run the following command:

Set-ExecutionPolicy

Enter the policy to be used: +Bypass+

Answer yes when asked to change the policy.

(Or use proper client certificates, which we plan to do)

=== Allow Powershell remoting for Ansible Start Powershell (Run as Administrator) and run the following command:

ConfigureRemotingForAnsible.ps1 -CertValidityDays 3650 -EnableCredSSP

=== Enable Wake-on-LAN (WoL) In order to automatically turn on systems when doing maintenance, we configured the systems to support Wake-on-LAN. Most systems are configured this way automatically, however in some cases they need specific changes to make them work as we like.

=== BIOS settings Boot the system using the F1 key pressed to enter the BIOS.

Inside the (Lenovo) BIOS go to Startup > Automatic Boot Sequence and move the Network entries down using the minus key (-). Ensure that the first entry is the local boot disk.

Save the configuration using the F10 key and select Yes.

=== Windows settings No specific configuration is needed to make Wake-on-LAN work on the Lenovo systems in Windows 10.

== Using Ansible More information is available from: http://docs.ansible.com/ansible/intro_windows.html

=== Capabilities The following things we can manage using Ansible today:

Still need to be implement:

  • Missing automation
    • Customize start menu (disable tiles, change start menu settings)
    • Customize task bar (pinning apps in task bar in specific order)
    • Customize system tray
    • Customize desktop icons (position desktop icons)
  • Missing facts
    • Disk information (size, free-space) using win_disk_facts
  • Security
    • Limit headphone loudness for children
    • Run applications as another user with unknown password (should be possible now)

== Instructions Existing Ansible playbooks are available from: https://github.com/crombeen/ansible

=== Turning on desktops using WoL $ ansible-playbook -k wakeonlan.yml

=== Collect information (creates inventory in CSV format) $ ansible-playbook -k collect.yml

=== Manage software $ ansible-playbook -k provision.yml $ ansible-playbook -k software.yml $ ansible-playbook -k cleanup.yml

== Manage system configuration $ ansible-playbook -k config.yml $ ansible-playbook -k desktop.yml

=== Manage local users $ ansible-playbook -k users.yml

=== Manage RDP and OneDrive $ ansible-playbook -k rdesktop.yml $ ansible-playbook -k onedrive.yml

=== Run everything $ ansible-playbook -k site.yml

== Problems Here is a list of problems today:

  • Often command line desktop management was an afterthought in Windows, not designed with it in mind.

  • A lot of (desktop) manipulations require registry edits because out-of-the-box cmdlets do not exist.

  • Hard to predict how registry modifications will survive Windows 10 updates.

  • Powershell is a big improvement over cmd.exe, however it feels like Perl 4 (1993) more than anything modern (encountered various inconsistencies and design issues).

  • Since we have Windows 10 Home OEM licenses, Microsoft's solution (Active Directory and Group Policies) is not an option, and we prefer open tooling and manageable actions.

  • Microsoft disables WinRM on every Windows 10 upgrade (every 6 months)

== Resources More resources related to Powershell and Ansible-integration below:

=== Ansible

=== Powershell

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].