Foreman is a great open source server lifecycle management tool which can also be used as a ENC (external Node Classifier) for puppet. It comes prepackaged with the ability to use VSphere as a compute resource. This means you can deploy VM’s from within foreman. The majority of the supported deployment scenarios are based on linux based operating systems. There are a few missing bit for deploying a windows vm from template. The major one being the ability to apply a customization spec to the windows deployment. This isn’t completely due to the lack of support in foreman but rather due to the missing pieces in the Fog.io library.
A patch has recently been added into foreman to support cloudinit userdata but this also was missing a critical bit of code which should be committed to theforeman soon.
The next issue is to get fog.io to use this user data, I’ve submitted a pull request which when accepted will mean you can pass the windows customization spec from theforeman to VSphere.
But how do you setup foreman to send this customization spec? Below are the steps required (you will need to apply the outstanding pull requests to both foreman and fog.io).
1. Create a new Provisioning template of type user_data, the contents of which being a yaml formatted customization spec, eg (the encryptionkey has been shortened and passwords changed, the product ID use here is the standard volume license one):
--- encryptionKey: - 48 - -126 - 3 - -37 - 48 - -126 - 2 - -61 - -96 identity: Sysprep: guiRunOnce: commandList: - 'commandtosysprep.cmd' - 'schtasks /create /tn "PostForemanBuild" /tr "\\example.com\sysvol\example.com\scripts\PostForemanBuild.bat \"<%= foreman_url("built") %>\"" /sc ONSTART /ru SYSTEM' - 'schtasks /Run /tn "PostForeManBuild"' guiUnattended: autoLogon: true autoLogonCount: 1 password: plainText: false value: 'dlasdassdasdxczxcxzckjhakjsasupersecretencryptedpassword==' timeZone: 290 identification: domainAdmin: 'joindomain@example.com' domainAdminPassword: plainText: false value: 'dlasdassdasdxczxcxzckjhakjsasupersecretencryptedpassword==' joinDomain: 'EXAMPLE.COM' licenseFilePrintData: autoMode: 'perSeat' userData: computerName: <%= @host.shortname%> fullName: 'IT' orgName: 'YourORG' productId: 'D2N9P-3P6X9-2R39C-7RTCD-MDVJX' nicSettingMap: - adapter: dummy: foo globalIPSettings: dnsSuffixList: - example.com options: changeSID: true deleteAccounts: false
Associate this template with your windows operating system (the same operating system you will choose when setting up your host).
Add the windows template to use from Vsphere: Infrastructure -> Compute Resources -> Select your Vsphere resource -> Images, add your template here. Enable the image for User Data.
When creating your host, on the operating system, select the operating system (windows) that you associated the user_data template to. Select ‘Image Based’. Complete other tabs as normal.
Once you click submit, the user_data template will get passed from foreman to fog.io to Vsphere and your windows template with be customized!
The final piece in this deployment puzzle was to get puppet installed and the windows vm report back to foreman that it the build is complete. As you can see in the user_data template I achieve this by creating a scheduled task to run a job which connects to sysvol where the post foreman script is located. I had to setup a scheduled task as this runs as system which has permissions to mount sysvol. The script takes a single argument which is the foreman build url with token.
The contents of this batch file is:
Start /wait %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -Command "start-transcript c:\postlog.txt; . \\example\sysvol\example.com\scripts\install_puppet.ps1; Invoke-WebRequest -Uri %1" Start /wait schtasks /change /tn "PostForemanBuild" /DISABLE shutdown.exe /r /t 00
The install puppet powershell script is one I found here
Pingback: Deploying Windows Server with Foreman in vSphere | inovex-Blog
Pingback: Deploying Windows Server with Foreman in vSphere - inovex-Blog