#ansible-windows log

20:00:19 <nitzmahone> #startmeeting Ansible Windows Working Group
20:00:19 <zodbot> Meeting started Tue Jan  5 20:00:19 2021 UTC.
20:00:19 <zodbot> This meeting is logged and archived in a public location.
20:00:19 <zodbot> The chair is nitzmahone. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:19 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:00:19 <zodbot> The meeting name has been set to 'ansible_windows_working_group'
20:00:23 <briantist> 👋
20:00:24 <briantist> Happy new year!
20:00:35 <nitzmahone> Howdy- same to you!
20:00:38 <nitzmahone> #chair jborean93
20:00:38 <zodbot> Current chairs: jborean93 nitzmahone
20:00:55 <jborean93> hey all
20:02:01 <nitzmahone> Thanks to jborean93 for starting a new agenda issue:
20:02:07 <nitzmahone> #info agenda https://github.com/ansible/community/issues/581
20:02:11 <nitzmahone> Nothing on it, so
20:02:14 <nitzmahone> #topic open floor
20:02:56 <briantist> I've just got that one PR to spam again 😝
20:02:57 <briantist> https://github.com/ansible-collections/community.windows/pull/170
20:04:41 * nitzmahone will be buried in PR reviews and code deadlines for the next few weeks :(
20:05:44 <jborean93> yea it might be a week or 2 until I can get to it sorry
20:06:30 <nitzmahone> We've got a fast-approaching deadline for ansible core
20:06:49 <briantist> sure np, not a rush for me by any means
20:07:00 <nitzmahone> cool
20:07:19 <briantist> if you find yourself looking for a distraction, keep in the back of your mind lol
20:07:44 <briantist> anything interesting Windows related for the next ansible core?
20:07:49 <nitzmahone> Nothing else exciting from me this week- first day back after 22 days off, so got quite a pile to dig through :)
20:08:24 <nitzmahone> I don't think there's a lot exciting in 2.11, but there's some fun performance and experimental stuff that we're working on during 2.11 that will probably show up in `fallible`
20:08:49 <briantist> fallible?
20:09:12 <nitzmahone> The ansible-core distribution formerly known as `ansible-chaos`- an experimental release of Ansible
20:10:30 <nitzmahone> Basically once certain experiments reach a point where we want feedback on them from a wider audience that might not want to run from source
20:10:51 <nitzmahone> we'll put them in a `fallible` release, which will be able to install side-by-side with `ansible`/`ansible-core`
20:11:04 <briantist> oh that's cool never heard of that
20:11:18 <nitzmahone> So folks can play with them and tell us what sucks, what breaks, etc, before they're committed features in devel
20:11:21 <nitzmahone> It's new
20:11:48 <nitzmahone> We've been lacking ways to get feedback on new directions in the core engine, hoping this will help
20:12:38 <nitzmahone> It's tough to get feedback on things that don't exist- usually get much better results when there's something concrete to play with, but we don't necessarily want to land experimental stuff in devel, as it's too hard to clean it up if we go a different way
20:12:51 <briantist> yeah it sounds like a good idea, SxS is good for that, not everyone maintains venvs or uses containers for things to a point where they could try out other stuff easily unfortunately
20:12:58 <nitzmahone> exactly
20:13:38 <nitzmahone> So it'll be like `fallible`, `fallible-playbook`, etc. If someone wants to symlink to `ansible`, they can, but out of the box we're not going to hijack the main entrypoints
20:14:09 <nitzmahone> (and hopefully clear from the name that this is experimental, subject to breakage, and no commitment that stuff in fallible will ever ship)
20:15:14 <briantist> I don't what the `fall` represents though, wouldn't `failible` be more apt?
20:15:32 <nitzmahone> Jordan's been playing with a PSRP analogue to some of the stuff I've been doing with ssh to allow vastly more parallelism with less resources.
20:15:47 <nitzmahone> Oh, just the word `fallible` means "apt to fail"
20:15:58 <briantist> oh that would be lovely, I'd likely try that out
20:16:03 <briantist> the psrp stuff
20:16:47 <briantist> omg duh, fallible , of course I know that word. In my head I was pronouncing it the way you pronounce fall 🤦‍♂️
20:16:50 <nitzmahone> Yeah- it's a process... The underlying changes to support all those things will allow for persistent connections and even stateful connections if we want, so a lot of performance possibilities open up when the basics are in place.
20:17:40 <nitzmahone> (and also make Macs usable as a controller again, since we can do it without using `fork`)
20:18:26 <nitzmahone> Other than that, I don't think there's a lot of exciting new Windows frontiers to conquer right now
20:19:01 <nitzmahone> Noise about SQL Server modules has started again, but there's nothing on the roadmap right now
20:20:39 <nitzmahone> I'd also like to consider deprecating pywinrm at some point, but need to make sure psrp is really good to go, and hopefully we'd have some of those new performance things actually merged so we have good reasons to tell people to change over.
20:21:14 <nitzmahone> ("hey look, it's 5x faster for cheap module runs!")
20:21:24 <jborean93> the psrp stuff is a really slow burn, it's a massive overhaul of the library but it essentially enables asyncio or any other concurrency model we may want in the future
20:21:42 <briantist> I can certainly speak to some of the issues I've run into in trying to use `psrp` exclusively, as opposed to `winrm`
20:21:52 <nitzmahone> Please do!
20:22:17 <jborean93> yep now is the time to speak up. If they are issues in pypsrp I'm in the mood to fix those :)
20:22:18 <briantist> I don't think any of them are the fault of the plugin itself, but they things that real users will run into, I know Jordan is aware of some as he's helped me figure out a lot of them
20:23:00 <briantist> one of them is the SPN thing. winrm doesn't care/use them, and a few of my servers didn't have the proper SPN. Everything seemed to work, but psrp did not
20:23:10 <nitzmahone> My biggest worry with it right now is around the kerb/gssapi stuff in a highly parallelized environment. The winrm way is really brain-dead and wasteful, but the isolation works *really* well
20:23:22 <jborean93> yea that's something I'm going to change in the new connection
20:23:31 <jborean93> using wsman as the service part in the SPN was a mistake
20:23:43 <jborean93> going to go back to HTTP as that's what PowerShell itself uses
20:23:46 <briantist> I was able to fix the SPNs but it had no effec ton anything else I was doing, so certainly some people will hit it
20:23:53 <nitzmahone> Ah, yeah-IIRC  that's just because winrm made some "weird" choices that didn't translate to psrp
20:23:55 <briantist> ok awesome! that alone will help me transition
20:24:14 <briantist> also inconsistencies in the way kerberos worked between winrm and psrp plugins
20:24:20 <briantist> Jordan did a lot to help me track that down
20:24:30 <briantist> which  ultimately came down to (again) nothing wrong the plugins themselves
20:24:43 <jborean93> there's less that can be done there, I might create a PR for pywinrm to use my pyspnego at some point so they are both aligned
20:24:51 <nitzmahone> Yeah, that's the part I'm most nervous about- in theory, it should work much cleaner, but especially with all the concurrency in the same process, it's a little scary
20:24:54 <briantist> I was just using Ubuntu 16.04 that didn't/couldn't have a new enough kerberos library
20:24:55 <jborean93> but even then you are at the mercy of the gssapi version installed which varies across distributions
20:25:35 <briantist> yup, totally understandable, but again the kind of thing real users will likely run into. Even if it can't be fixed, the more documented/expected it is the better
20:25:37 <nitzmahone> I just can't even imagine trying to ship wheels for the gssapi stuff
20:25:51 <jborean93> heh, python-gssapi has tried :)
20:26:20 <jborean93> it's mostly what I'm trying to do with https://github.com/jborean93/pyspnego/blob/main/docs/gssapi_issues.md
20:26:31 <nitzmahone> I'm pretty confident I could get it to work for the current set of stuff, but as soon as somebody updates something or a distro changes from MIT to heimdal or whatever, *boom*
20:27:15 <briantist> excellent, that issues page is good, some of that needs to get into ansible documentation for the places where it will come up too
20:27:44 <jborean93> yea it's definitely low level but it's my attempt to track and issues/major differences across the GSSAPI implementations and versions
20:28:05 <nitzmahone> Nice- I hadn't seen that brain-dump page either
20:28:12 <nitzmahone> (had I?)
20:28:25 <jborean93> I can't remember if I showed you it
20:28:34 <nitzmahone> doesn't ring a bell
20:28:53 <jborean93> I've talked about some of the problems like the delegation issue at some point
20:28:59 <jborean93> that was a "fun" one to figure out
20:29:19 <nitzmahone> I put my work laptop in the closet over holiday break and was pretty much exclusively on a shiny new M1 Mac for the past 3 weeks. It's ... interesting
20:29:34 <jborean93> I nearly pulled the trigger in buying one myself
20:29:58 <briantist> for better or worse, I don't think I'll ever switch to a mac :-/
20:30:22 <jborean93> yea after my last round on the MacBook I don't think I can use it exclusively
20:30:45 <nitzmahone> (and built my mom a new Windows 10 Dell Inspiron 14 5000, cursing the latest version of Windows 10 setup)
20:31:11 <briantist> oh really, what happened?
20:31:25 <nitzmahone> briantist: I said the same thing about 7y ago, but was kinda forced to for a few years. It wasn't as bad as I thought, but definitely a bunch of annoying things when compared to either Windows or Linux
20:31:36 <jborean93> "Welcome to your brand new Windows 10, I'm Cortana and here to annoy you"
20:31:38 <nitzmahone> Oh, mostly just cursing the forced Cortana setup crap
20:31:48 <nitzmahone> "SHUT UP AND LET ME CLICK THE BUTTONS"
20:32:02 <jborean93> "Also I'm going to start unmutted every time and make it harder for you to mute me"
20:32:39 <nitzmahone> My favorite part is that even when you mute Cortana, it still makes you sit there on each "page" for as long as it would take Cortana to read it. :(
20:32:41 <briantist> I know it's years old but I still hate that they basically force you to use a Microsoft account on brand new setup
20:32:55 <jborean93> I'm now fairly ingrained in i3/sway so even going to Windows can be annoying
20:33:10 <jborean93> briantist: the fact they hide the local account option like they do does tick me off as well
20:33:14 <nitzmahone> Yeah... Plus my mom hasn't been very diligent about using the password manager I set up for her, so finding passwords for all the services and stuff she needed was a chore
20:33:16 <briantist> I remember it being ridiculously hard to skip, I vaguely remember disconnecting all networks to do it
20:33:44 <jborean93> the last one I tried it was hidden behind the organisation/education option
20:33:47 <briantist> but I don't update my home computer often, current one is like 8 years old and still fine for me, so I haven't run bare Windows setup in quite a while
20:34:38 <nitzmahone> Yeah, I've got a nice XPS13 2-in-1 running Windows (that I bought last year to replace a 12 year old Optiplex), but I don't use it all that much.
20:35:14 <nitzmahone> My wife and parents insist on Windows, though my wife's need for it is basically zero now over a Chromebook
20:35:30 <nitzmahone> My mom still needs it for Quickbooks for the nonprofits she's treasurer for
20:35:42 <briantist> mine's custom built, but even that far  back I didn't want to. I'm just so done with homelab-type of anything. But I built anyway because I couldn't find a dell or other out of the box machine with enough expandability on RAM and storage that wasb't ridiculously epxensive
20:36:11 <jborean93> I still need to figure out why my new work laptop is hard locking :(
20:36:27 <jborean93> It happens fairly irregularly that I've mostly just ignored it
20:36:28 <briantist> for the first time in my life, I think my next main machine might be a laptop, they're finally capable of having enough RAM, and with USB-C/TB I can put my large bulk HDDs in an external enclosure that acts local
20:36:32 <nitzmahone> My homelab stuff has shrunk significantly over the years as well, though it's creeping back up with all the Ubiquiti/Unifi gear and stuff, since consumer grade network hardware makes me rage-y
20:37:16 <briantist> living in a NYC apt also helps remove the taste for homelab stuff... even my custom computer now feels incredibly huge and bulky haha
20:37:38 <nitzmahone> Finally ripped open the walls to wire my upstairs AP over the break- it's been meshed since I moved into this house, and worked "just well enough" that I wasn't motivated to run Cat6 from my network closet into the attic
20:37:39 <briantist> I was big into pfSense, and even though I had embedded stuff for it, when I moved here I switched to a consumer router and haven't looked back
20:37:46 <nitzmahone> heh
20:38:23 <nitzmahone> I just upgraded to an EdgeRouter 12 (so I could actually max out my gig fiber connection- the ER-X couldn't quite)
20:38:27 <jborean93> I would love to wire the house but my partner is pretty against the idea
20:38:35 <nitzmahone> and I've got an EdgeMax switch and a couple of Unifi APs
20:38:57 <nitzmahone> and a Synology that's running Docker for HomeAssistant, the Unifi controller, and a few other little things
20:39:24 <nitzmahone> My big thing was the power- I've got a solar + powerwall setup, and my old home lab was ridiculously expensive to run
20:39:43 <briantist> I did upgrade to a wi-fi 6 router this year and was surprised to see a wireless connection surpass gigabit... another first for me: considering that maybe just maybe I don't need a wired connection for everything anymore...
20:39:53 <nitzmahone> The Synology is quite power effiicient, so I've got my steady-state power draw down to about 400W for the whole house
20:40:46 <nitzmahone> I'd imagine the congestion and flakiness in NYC would be horrible for wifi though- even here in my suburban Portland single-family house, I can see dozens of wireless networks from my neighbors.
20:41:10 <nitzmahone> and on 2.4GHz? Forget it! Every time the neighbor turns on the microwave...
20:42:07 <briantist> I don't  have any issues, despite seeing dozens of networks around.. of course I'm also stuck on a 200/20 cable modem
20:42:20 <nitzmahone> jborean93: yeah, my wife's office is upstairs, so she's the one that suffers the most when the network's flaky... Everything's wired in my office, since that's where the network closet is. So it was actually the opposite here- my wife was begging me to rip into the walls :D
20:42:48 <briantist> I've been interested in FiOS since it came out 15+ years ago but literally everywhere I've lived in that time has been JUST out of reach of it. Like,  it's available across the street but not in my building
20:42:51 <jborean93> heh, apart from one of my mesh routers crapping itself a few months ago the wifi is pretty solid throughout the house
20:43:19 <nitzmahone> Twas really nice to fire up some speed tests on the upstairs AP and see it go from ~70Mbit (meshed) to ~500Mbit (wired)
20:44:07 <nitzmahone> Unifi just started selling their Wifi6 stuff, but unless I decide to hand-me-down my stuff to my folks, I'm probably gonna be on AC for the foreseeable future. My office is the only place I really care about the gigabit internet connection.
20:45:53 <nitzmahone> My BIL texted me after Christmas asking about upgrading theirs- apparently they were on some ancient ISP-provided pre-N wifi... For his budget, I sent him to a 3pk of Google Mesh routers, and he says it's like a whole new world
20:47:28 <nitzmahone> briantist: yeah, it's pretty awesome- ours was originally VZ FIOS, then got bought by Frontier, and now bought again by a little hedge-fund backed thing... But I went from paying $85/mo for 100/100 to $60/mo for gigabit symmetric... WFM!
20:48:08 <briantist> 🤤
20:48:25 <nitzmahone> Well, since this has devolved into home networking, I guess we can close out the meeting part til next week... Thanks all!
20:48:26 <briantist> NYC's internet market sucks big time
20:48:28 <nitzmahone> #endmeeting