20:03:00 #startmeeting Ansible Windows Working Group 20:03:00 Meeting started Tue Jun 2 20:03:00 2020 UTC. 20:03:00 This meeting is logged and archived in a public location. 20:03:00 The chair is jborean93. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:03:00 Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:03:00 The meeting name has been set to 'ansible_windows_working_group' 20:03:06 oops sorry was a bit late 20:03:22 wow latest I've ever seen it start, 3 whole minutes lol 😂 20:03:31 Hey 20:03:34 hey all 20:03:45 you can blame me, Matt is typically right on the dot 20:04:33 * jhawkesworth still doing kids bedtime should be done shortly 20:05:00 good luck :) 20:05:06 #topic open floor 20:05:40 I think the ansible.windows is in a good shape right now. While there's always something to do there it's mostly ready for the release, just need to sort out the changelog process and it's good to go 20:06:05 The community.windows requires a bit of TLC when it comes to the docs. Some recent changes to ansible-test in devel causes the sanity tests to fail 20:06:19 should hopefully have that fixed up sometime this week 20:06:49 I set out to add Offline Domain Join support to `win_domain_computer` today, but so far I've spent all day getting its weird tests to work: https://github.com/ansible-collections/community.windows/pull/93 20:07:47 those tests run offline don't they? 20:08:53 yes, but they didn't run at all. They seemed to be copy/pasted from a different set of offline tests with a few search/replaces; but they left out some required params and all kinds of stuff 20:09:29 Wow I didn't know offline domain join was a thing 20:09:40 (part of the difficulty was me setting my own `$ANSIBLE_COLLECTIONS_PATHS` wrong 🤦‍♂️ ) 20:10:19 Yea right now it isn't the best. I'm not sure if git support for ansible-galaxy collection install is live yet but that will hopefully make things a bit easier 20:10:42 jhawkesworth We use ODJ for deploying Windows AMIs in AWS. It's not exactly a common way of doing it I guess, but I like it. I provision all the AD stuff and the BLOB gets put in user data so it can join upon booting up 20:11:22 there are other ways to do one-time / limited creds, but this works decently for us at the moment 20:12:20 Unlike the DSC resource I'd like to do this by p/invoking the functions rather than shelling out to `djoin.exe` 20:12:36 if it works well I might port that back to the DSC resource too, we'll see 20:14:06 will there be further benefit by doing PInvoke over the djoin.exe call? 20:14:21 If we aren't needing to parse any output then the complexity it adds may not justify it 20:15:40 Avoiding the shell escaping stuff mostly (although I think there's a module util that handles all that right?). But the main benefit is that `djoin.exe` only writes out a file, and it's a bit of a pain to deal with. I'd like to be able to return the BLOB directly from the module 20:16:11 I guess I could just read it out of the file and delete it after.. you think it's better to just go with `djoin`? 20:17:45 It has `/PRINTBLOB` which I'll have to look into again, for some reason I remember that not working with `/REQUESTODJ`, I wonder if that was an issue with null termination 🤔 20:18:24 I usually use PInvoke if we need to handle complex objects or things the binary does not handle. A good example would be the service manager stuff. Technically I could have used `sc.exe` but it doesn't expose all the functionality the PInvoke calls do and parsing text for complex objects like failure actions is quite painful (that's without localisation added into the mix) 20:18:56 If we are just calling a binary to run something and we can rely on the exit codes for process control then usually that's more ideal compared to PInvoke 20:19:27 If it's dead simple like a method call without marshaling structs then that's also fine. It just gets complex when you need to deal with structs and unmanaged memory yourself. 20:20:42 There are no structs luckily; it return a buffer that it allocates itself and the library has a deallocate that can be called to free buffers created by commands in that lib. 20:20:58 But I'm fine with looking back toward the exe 20:21:22 What's the name of that module util that helps with calling external processes? 20:21:59 https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.CommandUtil.psm1 runs the commands and gives you back stdout/stderr and the rc 20:22:11 https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.ArgvParser.psm1 helps convert a list of arguments to a string for Run-Command 20:22:41 perfect, thanks! I'll look into those 20:23:49 but feel free to ignore me and continue the PInvoke stuff, really just a fine line between the extra functionality it may give you compared to the complexity it adds 20:26:40 understood, it's a good call out 20:27:39 I'll look into both methods 20:28:03 cool 20:29:51 Thanks briantist I will pass that on to my colleague who is tackling aws stand up. Azure has a vm extension for domain joining which worked fine if slowly. But domain joining always seems slow to me 20:32:17 jhawkesworth: with the current workflow it's a bit crude to be sure, I haven't improved it since putting in place 2 years ago, so our userdata script is a little messy, he's an excerpt https://www.irccloud.com/pastebin/UIKIRYJf/ 20:32:34 I am basically getting zero ansible time at the moment. I used to do stuff while commuting but obviously that isn't a thing right now. 20:33:53 we will get you back on it at some point 20:36:44 Yep, I look forward to that day. 20:37:55 anything else we would like to discuss? 20:38:32 Thanks for the snip briantist it's kinda awesome to be able to do this stuff at all. 20:38:51 Not from me this time 20:39:02 sure, hit me up anytime if you have questions or want to chat about it 20:39:09 same nothing else from me 20:40:19 cool 20:40:22 thanks everyone for joining 20:40:24 have a good one 20:40:27 #endmeeting