#ansible-windows log

20:03:00 <jborean93> #startmeeting Ansible Windows Working Group
20:03:00 <zodbot> Meeting started Tue Jun  2 20:03:00 2020 UTC.
20:03:00 <zodbot> This meeting is logged and archived in a public location.
20:03:00 <zodbot> The chair is jborean93. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:03:00 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:03:00 <zodbot> The meeting name has been set to 'ansible_windows_working_group'
20:03:06 <jborean93> oops sorry was a bit late
20:03:22 <briantist> wow latest I've ever seen it start, 3 whole minutes lol 😂
20:03:31 <jhawkesworth> Hey
20:03:34 <jborean93> hey all
20:03:45 <jborean93> you can blame me, Matt is typically right on the dot
20:04:33 * jhawkesworth still doing kids bedtime should be done shortly
20:05:00 <jborean93> good luck :)
20:05:06 <jborean93> #topic open floor
20:05:40 <jborean93> I think the ansible.windows is in a good shape right now. While there's always something to do there it's mostly ready for the release, just need to sort out the changelog process and it's good to go
20:06:05 <jborean93> The community.windows requires a bit of TLC when it comes to the docs. Some recent changes to ansible-test in devel causes the sanity tests to fail
20:06:19 <jborean93> should hopefully have that fixed up sometime this week
20:06:49 <briantist> I set out to add Offline Domain Join support to `win_domain_computer` today, but so far I've spent all day getting its weird tests to work: https://github.com/ansible-collections/community.windows/pull/93
20:07:47 <jborean93> those tests run offline don't they?
20:08:53 <briantist> yes, but they didn't run at all. They seemed to be copy/pasted from a different set of offline tests with a few search/replaces; but they left out some required params and all kinds of stuff
20:09:29 <jhawkesworth> Wow I didn't know offline domain join was a thing
20:09:40 <briantist> (part of the difficulty was me setting my own `$ANSIBLE_COLLECTIONS_PATHS` wrong 🤦‍♂️ )
20:10:19 <jborean93> Yea right now it isn't the best. I'm not sure if git support for ansible-galaxy collection install is live yet but that will hopefully make things a bit easier
20:10:42 <briantist> jhawkesworth We use ODJ for deploying Windows AMIs in AWS. It's not exactly a common way of doing it I guess, but I like it. I provision all the AD stuff and the BLOB gets put in user data so it can join upon booting up
20:11:22 <briantist> there are other ways to do one-time / limited creds, but this works decently for us at the moment
20:12:20 <briantist> Unlike the DSC resource I'd like to do this by p/invoking the functions rather than shelling out to `djoin.exe`
20:12:36 <briantist> if it works well I might port that back to the DSC resource too, we'll see
20:14:06 <jborean93> will there be further benefit by doing PInvoke over the djoin.exe call?
20:14:21 <jborean93> If we aren't needing to parse any output then the complexity it adds may not justify it
20:15:40 <briantist> Avoiding the shell escaping stuff mostly (although I think there's a module util that handles all that right?). But the main benefit is that `djoin.exe` only writes out a file, and it's a bit of a pain to deal with. I'd like to be able to return the BLOB directly from the module
20:16:11 <briantist> I guess I could just read it out of the file and delete it after.. you think it's better to just go with `djoin`?
20:17:45 <briantist> It has `/PRINTBLOB` which I'll have to look into again, for some reason I remember that not working with `/REQUESTODJ`,  I wonder if that was an issue with null termination 🤔
20:18:24 <jborean93> I usually use PInvoke if we need to handle complex objects or things the binary does not handle. A good example would be the service manager stuff. Technically I could have used `sc.exe` but it doesn't expose all the functionality the PInvoke calls do and parsing text for complex objects like failure actions is quite painful (that's without localisation added into the mix)
20:18:56 <jborean93> If we are just calling a binary to run something and we can rely on the exit codes for process control then usually that's more ideal compared to PInvoke
20:19:27 <jborean93> If it's dead simple like a method call without marshaling structs then that's also fine. It just gets complex when you need to deal with structs and unmanaged memory yourself.
20:20:42 <briantist> There are no structs luckily; it return a buffer that it allocates itself and the library has a deallocate that can be called to free buffers created by commands in that lib.
20:20:58 <briantist> But I'm fine with looking back toward the exe
20:21:22 <briantist> What's the name of that module util that helps with calling external processes?
20:21:59 <jborean93> https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.CommandUtil.psm1 runs the commands and gives you back stdout/stderr and the rc
20:22:11 <jborean93> https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.ArgvParser.psm1 helps convert a list of arguments to a string for Run-Command
20:22:41 <briantist> perfect, thanks! I'll look into those
20:23:49 <jborean93> but feel free to ignore me and continue the PInvoke stuff, really just a fine line between the extra functionality it may give you compared to the complexity it adds
20:26:40 <briantist> understood, it's a good call out
20:27:39 <briantist> I'll look into both methods
20:28:03 <jborean93> cool
20:29:51 <jhawkesworth> Thanks briantist I will pass that on to my colleague who is tackling aws stand up. Azure has a vm extension for domain joining which worked fine if slowly. But domain joining always seems slow to me
20:32:17 <briantist> jhawkesworth: with the current workflow it's a bit crude to be sure, I haven't improved it since putting in place 2 years ago, so our userdata script is a little messy, he's an excerpt https://www.irccloud.com/pastebin/UIKIRYJf/
20:32:34 <jhawkesworth> I am basically getting zero ansible time at the moment. I used to do stuff while commuting but obviously that isn't a thing right now.
20:33:53 <jborean93> we will get you back on it at some point
20:36:44 <jhawkesworth> Yep, I look forward to that day.
20:37:55 <jborean93> anything else we would like to discuss?
20:38:32 <jhawkesworth> Thanks for the snip briantist it's kinda awesome to be able to do this stuff at all.
20:38:51 <jhawkesworth> Not from me this time
20:39:02 <briantist> sure, hit me up anytime if you have questions or want to chat about it
20:39:09 <briantist> same nothing else from me
20:40:19 <jborean93> cool
20:40:22 <jborean93> thanks everyone for joining
20:40:24 <jborean93> have a good one
20:40:27 <jborean93> #endmeeting