We have the use case where we need to prep a Windows VM from within. We are not allowed to open up any services to remotely managed the VM. Would Ansible still be a fit?
The runbooks are fairly easy:
- Installing some choco packages
- Installing some windows features
- configuring IIS
- mounting some fileshares, configuring permissions on the fileshares
I see two options:
- Run Ansible from the Windows host. I have seen some documentation somewhere that this is highly discouraged. All kinds of dependencies are not present on a Windows host. I wonder if this is something Ansible has on their roadmap?
- Run Ansbile from WSL. Currently I don’t see a built-in interface between WSL and Windows. It still requires the winrm service running on the Windows host and an authorized user account. Is there something on the Ansible roadmap to support WSL? I don’t think we really fancy WSL because this requires additional installs on the Windows VM, broadening the attack surface.
Ideally we just provide a ZIP file which needs to be unpacked on the Windows VM that runs a self-contained installation process.
