20:00:19 #startmeeting Ansible Windows Working Group 20:00:19 Meeting started Tue Jan 5 20:00:19 2021 UTC. 20:00:19 This meeting is logged and archived in a public location. 20:00:19 The chair is nitzmahone. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:19 Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:00:19 The meeting name has been set to 'ansible_windows_working_group' 20:00:23 👋 20:00:24 Happy new year! 20:00:35 Howdy- same to you! 20:00:38 #chair jborean93 20:00:38 Current chairs: jborean93 nitzmahone 20:00:55 hey all 20:02:01 Thanks to jborean93 for starting a new agenda issue: 20:02:07 #info agenda https://github.com/ansible/community/issues/581 20:02:11 Nothing on it, so 20:02:14 #topic open floor 20:02:56 I've just got that one PR to spam again 😝 20:02:57 https://github.com/ansible-collections/community.windows/pull/170 20:04:41 * nitzmahone will be buried in PR reviews and code deadlines for the next few weeks :( 20:05:44 yea it might be a week or 2 until I can get to it sorry 20:06:30 We've got a fast-approaching deadline for ansible core 20:06:49 sure np, not a rush for me by any means 20:07:00 cool 20:07:19 if you find yourself looking for a distraction, keep in the back of your mind lol 20:07:44 anything interesting Windows related for the next ansible core? 20:07:49 Nothing else exciting from me this week- first day back after 22 days off, so got quite a pile to dig through :) 20:08:24 I don't think there's a lot exciting in 2.11, but there's some fun performance and experimental stuff that we're working on during 2.11 that will probably show up in `fallible` 20:08:49 fallible? 20:09:12 The ansible-core distribution formerly known as `ansible-chaos`- an experimental release of Ansible 20:10:30 Basically once certain experiments reach a point where we want feedback on them from a wider audience that might not want to run from source 20:10:51 we'll put them in a `fallible` release, which will be able to install side-by-side with `ansible`/`ansible-core` 20:11:04 oh that's cool never heard of that 20:11:18 So folks can play with them and tell us what sucks, what breaks, etc, before they're committed features in devel 20:11:21 It's new 20:11:48 We've been lacking ways to get feedback on new directions in the core engine, hoping this will help 20:12:38 It's tough to get feedback on things that don't exist- usually get much better results when there's something concrete to play with, but we don't necessarily want to land experimental stuff in devel, as it's too hard to clean it up if we go a different way 20:12:51 yeah it sounds like a good idea, SxS is good for that, not everyone maintains venvs or uses containers for things to a point where they could try out other stuff easily unfortunately 20:12:58 exactly 20:13:38 So it'll be like `fallible`, `fallible-playbook`, etc. If someone wants to symlink to `ansible`, they can, but out of the box we're not going to hijack the main entrypoints 20:14:09 (and hopefully clear from the name that this is experimental, subject to breakage, and no commitment that stuff in fallible will ever ship) 20:15:14 I don't what the `fall` represents though, wouldn't `failible` be more apt? 20:15:32 Jordan's been playing with a PSRP analogue to some of the stuff I've been doing with ssh to allow vastly more parallelism with less resources. 20:15:47 Oh, just the word `fallible` means "apt to fail" 20:15:58 oh that would be lovely, I'd likely try that out 20:16:03 the psrp stuff 20:16:47 omg duh, fallible , of course I know that word. In my head I was pronouncing it the way you pronounce fall 🤦‍♂️ 20:16:50 Yeah- it's a process... The underlying changes to support all those things will allow for persistent connections and even stateful connections if we want, so a lot of performance possibilities open up when the basics are in place. 20:17:40 (and also make Macs usable as a controller again, since we can do it without using `fork`) 20:18:26 Other than that, I don't think there's a lot of exciting new Windows frontiers to conquer right now 20:19:01 Noise about SQL Server modules has started again, but there's nothing on the roadmap right now 20:20:39 I'd also like to consider deprecating pywinrm at some point, but need to make sure psrp is really good to go, and hopefully we'd have some of those new performance things actually merged so we have good reasons to tell people to change over. 20:21:14 ("hey look, it's 5x faster for cheap module runs!") 20:21:24 the psrp stuff is a really slow burn, it's a massive overhaul of the library but it essentially enables asyncio or any other concurrency model we may want in the future 20:21:42 I can certainly speak to some of the issues I've run into in trying to use `psrp` exclusively, as opposed to `winrm` 20:21:52 Please do! 20:22:17 yep now is the time to speak up. If they are issues in pypsrp I'm in the mood to fix those :) 20:22:18 I don't think any of them are the fault of the plugin itself, but they things that real users will run into, I know Jordan is aware of some as he's helped me figure out a lot of them 20:23:00 one of them is the SPN thing. winrm doesn't care/use them, and a few of my servers didn't have the proper SPN. Everything seemed to work, but psrp did not 20:23:10 My biggest worry with it right now is around the kerb/gssapi stuff in a highly parallelized environment. The winrm way is really brain-dead and wasteful, but the isolation works *really* well 20:23:22 yea that's something I'm going to change in the new connection 20:23:31 using wsman as the service part in the SPN was a mistake 20:23:43 going to go back to HTTP as that's what PowerShell itself uses 20:23:46 I was able to fix the SPNs but it had no effec ton anything else I was doing, so certainly some people will hit it 20:23:53 Ah, yeah-IIRC that's just because winrm made some "weird" choices that didn't translate to psrp 20:23:55 ok awesome! that alone will help me transition 20:24:14 also inconsistencies in the way kerberos worked between winrm and psrp plugins 20:24:20 Jordan did a lot to help me track that down 20:24:30 which ultimately came down to (again) nothing wrong the plugins themselves 20:24:43 there's less that can be done there, I might create a PR for pywinrm to use my pyspnego at some point so they are both aligned 20:24:51 Yeah, that's the part I'm most nervous about- in theory, it should work much cleaner, but especially with all the concurrency in the same process, it's a little scary 20:24:54 I was just using Ubuntu 16.04 that didn't/couldn't have a new enough kerberos library 20:24:55 but even then you are at the mercy of the gssapi version installed which varies across distributions 20:25:35 yup, totally understandable, but again the kind of thing real users will likely run into. Even if it can't be fixed, the more documented/expected it is the better 20:25:37 I just can't even imagine trying to ship wheels for the gssapi stuff 20:25:51 heh, python-gssapi has tried :) 20:26:20 it's mostly what I'm trying to do with https://github.com/jborean93/pyspnego/blob/main/docs/gssapi_issues.md 20:26:31 I'm pretty confident I could get it to work for the current set of stuff, but as soon as somebody updates something or a distro changes from MIT to heimdal or whatever, *boom* 20:27:15 excellent, that issues page is good, some of that needs to get into ansible documentation for the places where it will come up too 20:27:44 yea it's definitely low level but it's my attempt to track and issues/major differences across the GSSAPI implementations and versions 20:28:05 Nice- I hadn't seen that brain-dump page either 20:28:12 (had I?) 20:28:25 I can't remember if I showed you it 20:28:34 doesn't ring a bell 20:28:53 I've talked about some of the problems like the delegation issue at some point 20:28:59 that was a "fun" one to figure out 20:29:19 I put my work laptop in the closet over holiday break and was pretty much exclusively on a shiny new M1 Mac for the past 3 weeks. It's ... interesting 20:29:34 I nearly pulled the trigger in buying one myself 20:29:58 for better or worse, I don't think I'll ever switch to a mac :-/ 20:30:22 yea after my last round on the MacBook I don't think I can use it exclusively 20:30:45 (and built my mom a new Windows 10 Dell Inspiron 14 5000, cursing the latest version of Windows 10 setup) 20:31:11 oh really, what happened? 20:31:25 briantist: I said the same thing about 7y ago, but was kinda forced to for a few years. It wasn't as bad as I thought, but definitely a bunch of annoying things when compared to either Windows or Linux 20:31:36 "Welcome to your brand new Windows 10, I'm Cortana and here to annoy you" 20:31:38 Oh, mostly just cursing the forced Cortana setup crap 20:31:48 "SHUT UP AND LET ME CLICK THE BUTTONS" 20:32:02 "Also I'm going to start unmutted every time and make it harder for you to mute me" 20:32:39 My favorite part is that even when you mute Cortana, it still makes you sit there on each "page" for as long as it would take Cortana to read it. :( 20:32:41 I know it's years old but I still hate that they basically force you to use a Microsoft account on brand new setup 20:32:55 I'm now fairly ingrained in i3/sway so even going to Windows can be annoying 20:33:10 briantist: the fact they hide the local account option like they do does tick me off as well 20:33:14 Yeah... Plus my mom hasn't been very diligent about using the password manager I set up for her, so finding passwords for all the services and stuff she needed was a chore 20:33:16 I remember it being ridiculously hard to skip, I vaguely remember disconnecting all networks to do it 20:33:44 the last one I tried it was hidden behind the organisation/education option 20:33:47 but I don't update my home computer often, current one is like 8 years old and still fine for me, so I haven't run bare Windows setup in quite a while 20:34:38 Yeah, I've got a nice XPS13 2-in-1 running Windows (that I bought last year to replace a 12 year old Optiplex), but I don't use it all that much. 20:35:14 My wife and parents insist on Windows, though my wife's need for it is basically zero now over a Chromebook 20:35:30 My mom still needs it for Quickbooks for the nonprofits she's treasurer for 20:35:42 mine's custom built, but even that far back I didn't want to. I'm just so done with homelab-type of anything. But I built anyway because I couldn't find a dell or other out of the box machine with enough expandability on RAM and storage that wasb't ridiculously epxensive 20:36:11 I still need to figure out why my new work laptop is hard locking :( 20:36:27 It happens fairly irregularly that I've mostly just ignored it 20:36:28 for the first time in my life, I think my next main machine might be a laptop, they're finally capable of having enough RAM, and with USB-C/TB I can put my large bulk HDDs in an external enclosure that acts local 20:36:32 My homelab stuff has shrunk significantly over the years as well, though it's creeping back up with all the Ubiquiti/Unifi gear and stuff, since consumer grade network hardware makes me rage-y 20:37:16 living in a NYC apt also helps remove the taste for homelab stuff... even my custom computer now feels incredibly huge and bulky haha 20:37:38 Finally ripped open the walls to wire my upstairs AP over the break- it's been meshed since I moved into this house, and worked "just well enough" that I wasn't motivated to run Cat6 from my network closet into the attic 20:37:39 I was big into pfSense, and even though I had embedded stuff for it, when I moved here I switched to a consumer router and haven't looked back 20:37:46 heh 20:38:23 I just upgraded to an EdgeRouter 12 (so I could actually max out my gig fiber connection- the ER-X couldn't quite) 20:38:27 I would love to wire the house but my partner is pretty against the idea 20:38:35 and I've got an EdgeMax switch and a couple of Unifi APs 20:38:57 and a Synology that's running Docker for HomeAssistant, the Unifi controller, and a few other little things 20:39:24 My big thing was the power- I've got a solar + powerwall setup, and my old home lab was ridiculously expensive to run 20:39:43 I did upgrade to a wi-fi 6 router this year and was surprised to see a wireless connection surpass gigabit... another first for me: considering that maybe just maybe I don't need a wired connection for everything anymore... 20:39:53 The Synology is quite power effiicient, so I've got my steady-state power draw down to about 400W for the whole house 20:40:46 I'd imagine the congestion and flakiness in NYC would be horrible for wifi though- even here in my suburban Portland single-family house, I can see dozens of wireless networks from my neighbors. 20:41:10 and on 2.4GHz? Forget it! Every time the neighbor turns on the microwave... 20:42:07 I don't have any issues, despite seeing dozens of networks around.. of course I'm also stuck on a 200/20 cable modem 20:42:20 jborean93: yeah, my wife's office is upstairs, so she's the one that suffers the most when the network's flaky... Everything's wired in my office, since that's where the network closet is. So it was actually the opposite here- my wife was begging me to rip into the walls :D 20:42:48 I've been interested in FiOS since it came out 15+ years ago but literally everywhere I've lived in that time has been JUST out of reach of it. Like, it's available across the street but not in my building 20:42:51 heh, apart from one of my mesh routers crapping itself a few months ago the wifi is pretty solid throughout the house 20:43:19 Twas really nice to fire up some speed tests on the upstairs AP and see it go from ~70Mbit (meshed) to ~500Mbit (wired) 20:44:07 Unifi just started selling their Wifi6 stuff, but unless I decide to hand-me-down my stuff to my folks, I'm probably gonna be on AC for the foreseeable future. My office is the only place I really care about the gigabit internet connection. 20:45:53 My BIL texted me after Christmas asking about upgrading theirs- apparently they were on some ancient ISP-provided pre-N wifi... For his budget, I sent him to a 3pk of Google Mesh routers, and he says it's like a whole new world 20:47:28 briantist: yeah, it's pretty awesome- ours was originally VZ FIOS, then got bought by Frontier, and now bought again by a little hedge-fund backed thing... But I went from paying $85/mo for 100/100 to $60/mo for gigabit symmetric... WFM! 20:48:08 🤤 20:48:25 Well, since this has devolved into home networking, I guess we can close out the meeting part til next week... Thanks all! 20:48:26 NYC's internet market sucks big time 20:48:28 #endmeeting