Support preexisting (Cloud?) VMs

nightkr · nightkr · commit bcb799cc1498 · 2024-08-22T17:06:45.000+02:00
diff --git a/README.md b/README.md
@@ -50,6 +50,30 @@ rmdir tmp
 
 After this, `install_iso_windows` can be pointed at `windows-2k22-noprompt.iso` instead to fully automate the process. `ansible-playbook install.yaml -i inventory.ini` should then be enough.
 
+### Running against a preinstalled Windows (such as cloud images)
+
+Generally, a preinstalled Windows can be connected to by setting `ansible_connection=ssh` in `inventory.ini`, for example:
+
+```
+sble-addc ansible_connection=ssh ansible_host=1.2.3.4 vm_network_ipv4=1.2.3.4
+```
+
+Where `ansible_host` is the IP address that will be connected to, and `vm_network_ipv4` is the address that can be used to connect to the Windows host from the Kubernetes cluster.
+
+*However*, requires SSH to be enabled manually, and for Ansible to have valid SSH authentication credentials to connect.
+
+SSH can be enabled by running the following PowerShell on the Windows target:
+
+``` powershell
+Add-WindowsCapability -Online -Name OpenSSH.Server
+Start-Service sshd
+Set-Service -Name sshd -StartupType 'Automatic'
+```
+
+Credentials can be provided to Ansible by adding the `-u USERNAME --ask-pass` flags. Alternatively, you can install your public SSH key to the server instead of using password authentication.
+
+Finally, Kubernetes must still be able to connect to the Windows's LDAP, DNS, and Kerberos services. When running in a cloud environment, this typically means running Kubernetes in the same VPC as the Windows VM.
+
 ## Troubleshooting
 
 ### LDAP error: connection reset by peer
diff --git a/install.yaml b/install.yaml
@@ -7,6 +7,8 @@
   hosts: localhost
   roles:
     - role: create-vm
+      # If using a non-libvirt connection, assume that Windows is already installed
+      when: hostvars['sble-addc'].ansible_connection == 'community.libvirt.libvirt_qemu'
 - name: Wait for VM to install and boot
   hosts: sble-addc
   gather_facts: false
@@ -17,6 +19,8 @@
         This will take a while.. if it times out, restart the playbook but leave the VM running to resume.
         It is normal to see a bunch of QEMU guest agent errors in the Ansible output while waiting.
       ansible.builtin.wait_for_connection:
+      # When using a preinstalled Windows, assume that any such initialization is already done.
+      when: hostvars['sble-addc'].ansible_connection == 'community.libvirt.libvirt_qemu'
 - name: Install AD and initialize domain controller
   hosts: sble-addc
   roles:
diff --git a/roles/ad-dc/tasks/main.yaml b/roles/ad-dc/tasks/main.yaml
@@ -12,6 +12,7 @@
 - name: Extract Primary IP address
   set_fact:
     vm_network_ipv4: "{{ (ansible_facts.interfaces | rekey_on_member('macaddress'))[vm_network_mac | upper].ipv4.address }}"
+  when: not vm_network_ipv4 | default
 
 - name: Name Secret-Operator User
   set_fact:
