Skip to content

ntalekt/windows_lab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Lab for VMware Horizon

Overview

The goal of this environment is for some VMware Horizon testing. Currently I have a vSphere environment with several Ubuntu servers but zero Windows.

Prerequisites

  • Hardware: a vSphere environment (i have a single ESXi host that hosts a vCenter)
  • Software: all the software prerequisites are baked into this vagrant ubuntu desktop: vagrant-ubuntu-desktop

Note If you already have a linux machine and you'd like to install the prerequisites you can look in the following scripts in vagrant-ubuntu-desktop

Packer

Packer creates a Windows Server 2022 vSphere template and ovf that has VMware tools, and some other basic applications installed.

Packer uses autounattend.xml and sysprep-autounattend.xml to automate Windows Settings windows_lab/packer/configs.

  • It pulls Windows Server 2022 Datacenter Eval Edition (Desktop Experience) from Microsoft's site
  • Installs & configure OpenSSH Client & Server for remote connection
  • Installs VMware tools from ISO provided from the build ESX server

File definitions

  • myvarfile.json All those quality values that will be used
  • WinServ2022.pkr.hcl The main top quality with variable declares at the top, and the provisioner steps after.
  • scripts/win-update.ps1 runs first: updates windows
  • scripts/adjustments.ps1 runs second: tweaks windows, and installs some tools
  • scripts/cleanup.ps1 cleans up windows after all the updates
  • scripts/install-vmware-tools-from-iso.ps1 installs VMware tools so it's baked into the base image.

Packer Provisioner Steps

  • Updating OS via Windows Update
  • Doing some OS adjustments
    • Set Windows telemetry settings to minimum
    • Show file extensions by default (TODO: might not work?)
    • Install Chocolatey - a Windows package manager
      • Install Microsoft Edge (Chromium)
      • Install Win32-OpenSSH-Server
      • Install PowerShell Core
      • Install 7-Zip
      • Install Notepad++
    • Enable Powershell-Core (pwsh) to be the default SSHD shell
  • Cleanup tasks
  • Remove CDROM drives from VM template (otherwise there would be 2)

Terraform

Terraform deploys the required virtual machines against infrastructure using the vSphere provider in this case.

File definitions

  • variables.tf declares the variables that will be used
  • terraform.tfvars All those quality values that will be used
  • base.tf defining the vSphere provider and common stuffs
  • 01-PDF.tf defining the Primary Domain Controller VM
  • 01-ConnServ1.tf defining the Connection Server 1 (standard)
  • 02-ConnServ2.tf defining the Connection Server 2 (replica1)
  • 03-ConnServ3.tf defining the Connection Server 3 (replica2)

Ansible

winlab_install.yml

Configures the VMs once they are deployed.

  • Setup Windows Server Feature: Domain
    • Primary Domain Controller
    • Auto-Join the Virtual Machines to the domain
    • Create a Horizon user and group within Active Directory
  • Install Horizon Connection: Primary
    • TODO: Configure Events DB
  • Install Horizon Connection: Replica
    • Register with Primary
  • Common Configurations
    • Enable RDP and allow it through the firewall on all windows servers created

connection_server_upgrade.yml

Upgrade the VMware Connection Servers to a new version

  • Upgrade Horizon Connection: Primary/Replica
    • Check currently installed version
    • Take VMware snapshot
    • Take Connection Server backup
      • Located: C:\Install\Backup-*
    • Disable Connection Server client authentication
    • Download new Connection Server binary
    • Upgrade Connection Server
    • Check currently installed version
      • Enable Connection Server client authentication
      • Reboot

File definitions

  • inventory.yml inventory of the hosts we will be touching
  • winlab_install.yml an association of the roles to the servers for the greenfield base install/configure
  • connection_server_upgrade.yml an association of the roles to the servers for the Connection Server upgrade
  • ansible.cfg main hotness
  • group_vars/all.yml defines all they key:value pairs needed
  • roles/* all the different roles and stuff that tells ansible what it needs to do (hint: look in winlab_install.yml and connection_server_upgrade.yml)

Process

Image Creation (packer)

  • Update variables in myvarfile.json.example and rename

    mv myvarfile.json.example myvarfile.json
  • Update variables in WinServ2022.pkr.hcl (mainly the location of the VMware tools /ISO/windows.iso)

  • Initialize packer

    packer init -upgrade WinServ2022.pkr.hcl
  • Create the template

    packer build -timestamp-ui -force -var-file=myvarfile.json WinServ2022.pkr.hcl

Note This will result in a template in your vSphere infrastructure named WinServ2022 and an OVF in the build directory.

2022-12-17T16:41:40-07:00: Build 'WinServ2022.vsphere-iso.WinServ2022' finished after 1 hour 11 minutes.

==> Wait completed after 1 hour 11 minutes

==> Builds finished. The artifacts of successful builds are:
--> WinServ2022.vsphere-iso.WinServ2022: WinServ2022

Deploy VMs (terraform)

  • Update variables in terraform.tfvars.example and rename

    mv terraform.tfvars.example terraform.tfvars
  • Initialize terraform

    terraform init
  • Terraform plan in order to detect an my errors

    terraform plan
  • Actually deploy the VMs (parallelism=1 because my lab is slow 🐢)

    terraform apply -auto-approve -parallelism=1

Note This will result in 4 VMs being creating using the variables defined in terraform.tfvars

...
vsphere_virtual_machine._PDC: Creation complete after 10m11s [id=420b41aa-e3fc-8ae7-19a2-537ba43fb62b]
...
vsphere_virtual_machine._ConnServ: Creation complete after 10m59s [id=420bf9b2-4ed7-a291-fe8f-df3a07d019ab]
...
vsphere_virtual_machine._ConnServ2: Creation complete after 9m50s [id=420baf8a-8b33-95d0-8720-b0efb2e56f1f]
...
vsphere_virtual_machine._ConnServ3: Creation complete after 7m38s [id=420b9a46-9743-c9ad-800e-90133a5a2084]
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

Warning Remove the VMs by running terraform apply -auto-approve -destroy

Install Software and Configure (ansible) - winlab_install.yml

  • Update variables in all.yml.example and rename

    mv all.yml.example all.yml
  • Test connectivity to the VMs

    ansible all -i inventory.yml -m win_ping -vvv
  • Run the playbook to configure the servers

    ansible-playbook winlab_install.yml

Note Limit running ansible plays against only connection server and replica hosts and output in verbose ansible-playbook winlab_install.yml --limit "cs,csr" -vvv

Note The connection servers are in a unconfigured state and at version 8.4.x.

Horizon Connection Servers1

Upgrade Connection Servers (ansible) - connection_server_upgrade.yml

  • Update binary parameter in all.yml

    #install_binary: "VMware-Horizon-Connection-Server-x86_64-8.4.1-20741546.exe"
    install_binary: "VMware-Horizon-Connection-Server-x86_64-8.7.0-20649599.exe"
  • Run the playbook to configure the servers

    ansible-playbook connection_server_upgrade.yml

Horizon Connection Servers2

Credentials

  • The local administrator for the VMs:

    Username Password
    administrator Password1234
  • The domain accounts:

    Username Password
    windows_lab\horizonadmin Password1234

Servers

Server IP Purpose
dc01.windows_lab.local 192.168.20.50 Domain Controller
cs01.windows_lab.local 192.168.20.101 Connection Server (standard)
cs02.windows_lab.local 192.168.20.102 Connection Server (replica1)
cs03.windows_lab.local 192.168.20.103 Connection Server (replica2)

References

Scratchpad

Jenkins install

  • deploy a GCP VM (free tier)
gcloud compute instances create gcp-docker-01 --project=jenkins-372604 --zone=us-west1-b --machine-type=e2-micro --network-interface=network-tier=PREMIUM,subnet=default --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=871997622931-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --create-disk=auto-delete=yes,boot=yes,device-name=jenkins-1,image=projects/ubuntu-os-cloud/global/images/ubuntu-1804-bionic-v20221201,mode=rw,size=10,type=projects/jenkins-372604/zones/us-west1-b/diskTypes/pd-standard --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --reservation-affinity=any
  • Connect to the VM
export PROJECT_ID=$(gcloud config get-value project)
export ZONE=$(gcloud config get-value compute/zone)
echo -e "PROJECT ID: $PROJECT_ID\nZONE: $ZONE"

gcloud compute instances list

gcloud compute ssh gcp-docker-01

TODO

  • Parameterize the installation and upgrade ansible roles. Possible to condense into a single connection server installation role and have the parameters control the installation type?
  • install_connection_server_release.sh - continue to complete the install script as parameters exist. MVP only input will be install_connection_server_release.sh -f -r <test || WLR-nn>
  • automation
    • packer image update process
    • connection server vendor download process
    • auto upgrade pod process
    • pod-management pipeline
      • what's the bare minimum that you need to configure in order to provision a single VDI?
      • pod-management pipeline will run every n minutes and try to connect to the pod and configure it, or re-configure it, or do nothing to it, or time out trying to connection to it
  • figure out how to git repo for release files would work.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published