Using ansible to manage windows 10 vm software applications with no Internet Access

Archives Ansible Project
1

Hi everyone

I’ve been asked to look into using ansible to manage all the software on our windows10 vm farm.

Here’s the kicker, neither the windows VM’s OR the ansible server will have internet access.

I have no idea where to start with this one, I’ve seen some posts about chocolatey, but really uncertain how this would work with no internet access.

I’m guessing I’d have to copy all the objects I need to install software onto the internal ansible machine, and then relate to that area somehow instead of the internet?

Also, not really sure how I’m going to keep software up to date.

Any links, tips, articles or advice is very welcomed here, I’m just at the beginning of this particular journey.

Thanks in advance

Matt

2

I don't manage windows desktops, only windows servers, but one thing you could do is put all the software you need on the ansible controller and then put a web server on the ansible box too. Then you can fetch the installers using ansible's win_get_url module, and install them with win_package, or use win_command or win_shell to run the installers.

Hope that is enough to get you started.

Jon

3

Hi Jon

Thanks for getting back to me.

Your plan was what I was thinking of doing, or something along those lines anyway.

Due to me being such a lazy beggar I was hoping someone would have written up the process of building that sort of system, with all the pitfalls and things to watch out for. I’m sure someone has to be honest, just need to find it.

Thanks again

Matt

4

Hi Matt,

Been looking at something quite similar. So there is indeed a way to host an internal Chocolatey repo and then use win-choco with your internal repo URL.
The kicker is that the choco packages basically have the internet URL for the installer in the Nuget package. You would need to internalize the packages:
Here there are 2 options - do it manually (do-able if you aren’t planning on updating often) or automatically, although then you need the Chocolatey Pro/Business package.

So the main pitfall is the internalization of the packages, if you can get around it then that would work.