Whats the best practice regarding Windows Templates?

jsterr

jsterr

Renowned Member
Jul 24, 2020
784
220
68
32
Hello Community,

Is there a way to automate it, like using cloudinit for windows?
Or how do you get a unique windows machine from a template?
Afaik PVE only resets the mac-adresses and maybe some ids from the disks, but im not 100% sure.

I thought about using qemu guest exec to execute a sysprep via quemu-agent.
Is this the way to go?

Thanks for your help, I really appreciate it.
Greetings Jonas
 
I keep my templates as a VM so I can power them up and run updates and/or add stuff to the VM over time, and within this template VM you can keep separate snapshot series for different things too.

To deploy, I just use the clone function on the GUI. If the clones will be joined to an active directory domain I will also use the SIDCHG utility.

The clone function can be automated with the qm clone command.

If you want to automate the sysprep or SIDCHG part, that would be done with PowerShell inside the VM, but that could be called from the same outside script that handles the cloning and distribution. Or there could be a script inside the clones that evaluates themselves upon startup or deployment.

You can get into PowerShell on the guest VM with Invoke-Command -ComputerName $nameServer -ScriptBlock $scriptBlock -Credential $credential etc, and it's much more interactive than sending shots in the dark with qemu guest agent.
 
  • Like
Reactions: jsterr
alyarb said:
I keep my templates as a VM so I can power them up and run updates and/or add stuff to the VM over time, and within this template VM you can keep separate snapshot series for different things too.
Click to expand...

Thanks, thats a great idea I havent thought about yet.

alyarb said:
To deploy, I just use the clone function on the GUI. If the clones will be joined to an active directory domain I will also use the SIDCHG utility.
Click to expand...
Thanks!

alyarb said:
You can get into PowerShell on the guest VM with Invoke-Command -ComputerName $nameServer -ScriptBlock $scriptBlock -Credential $credential etc, and it's much more interactive than sending shots in the dark with qemu guest agent.
Click to expand...
Sorry to ask but where does the Invoke-Command needs to be executed? Im not that much into windows, but im very interested in learning so thanks for your answer.
 
Any 2 or more computers with PowerShell can use Invoke-Command. So all you need is network access and a known credential on the target computer, and you'll get in.

You can have a dedicated Windows machine to store all your scripts that you use to manage your PVE hosts and templates, or you can install PowerShell Core on the PVE hosts themselves and work from there. I do a mix of both, PowerShell on Linux has made tremendous strides in the past 3-4 years imo.

On the PVE hosts of course there will be more mixed bash/PowerShell use which is OK. On a Windows system I use the Posh-SSH module to interact with my hosts via SSH.

Here is an example of how I use Invoke-Command


Code: 
$targetComputer = "TEMPLATE"      ### Could be a FQDN, name, IP address, etc
$user = "TEMPLATE\Administrator"  ### Storing creds in your script is not ideal but another issue to deal with separately
$password = "yTkuMfQeZNhtRf4z"

  
### Encode the user and password into a PowerShell "pscredential" object so that you can work with it
$secureString = $password | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object pscredential($user, $secureString)

$scriptBlock = {
    ### Everything you want to run on the $targetComputer goes in here, it could be simple commands or complex logic
    $computerName = hostname
    $systemTime = Get-Date
    $whats_on_the_C_drive = Get-ChildItem -Path C:\

    $computerName
    $systemTime
    $whats_on_the_C_drive
    ### and so on
}

### Issue the remote commands and store the output in a $result variable for further processing
$result = Invoke-Command -ComputerName $targetComputer -ScriptBlock $scriptBlock -Credential $credential

So there could be a PowerShell or bash script on the host (or elsewhere) that handles the cloning and deployment of your template and once
the cloned template VM is online, with some default IP address, you can get into it, change the hostname, change the IP, reboot, wait for it to come back at its deployed IP address, and continue with whatever configuration remains.

The $scriptBlock can also be dynamic and receive arguments from Invoke-Command for more advanced stuff.
 
Last edited:
  • Like
Reactions: jsterr
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back