-- 
Mike Gore - 2021-09-22
Mike Gore - 2021-09-22
Deploying a Windows Laptop Fall 2021 from CSCF RSG Salt master
- Deploying a Windows Laptop Fall 2021 from CSCF RSG Salt master
Inventory update
- Get a laptop for deployment from DC2561
- Update CSCF inventory and include:
- serial number
- MAC address(es)
- DNS Host Name
- Auth User
- RT# for request in description format RT#1234556
New user account created by install script
- NOTE: New user password is set to CSCF2021
Initial Setup
- Connect laptop that can access salt-rsg-2004 such as VLAN 420
- VLAN 420 will auto assign an IP whereas other networks depend on Inventory setting updating campus DHCP and DNS servers
- Insert USB key with containing window-salt-minion.bat
- https://vault.cs.uwaterloo.ca/s/F7M97Yr69xE8zTx/download
- Note: this may be included on c:\window-salt-minion.bat on CSCF Windows 10 base imaged systems
- https://vault.cs.uwaterloo.ca/s/F7M97Yr69xE8zTx/download
- Connect AC Adapter and Power in Laptop
- Note: some Lenovo laptops will power on the off on first use
- Just power on again if this happens - its normal
- Note: some Lenovo laptops will power on the off on first use
- With until Windows displays the first question after boot
- This is called the OOBE phase or Out Of Box Experience
- Press shift-F10 on (On Lenovo Laptops you may need Fn lock also)
- This opens an MSDOS prompt
- Note the laptop name and user name from the RT/Inventory for the next step
- Run the Minion Client install batch file
- Note: on some CSCF Windows 10 base images systems the window-salt-minion.bat may be already in C:\window-salt-minion.bat
- cd \
- windows-salt-minion.bat laptop_name.cs.uwaterloo.ca user_NAME
- Replace laptop_name and user_name with the correct values
- USB key batch file usage
- D: - we assume the USB key is drive D:
- windows-salt-minion.bat laptop_name.cs.uwaterloo.ca user_NAME
- Replace laptop_name and user_name with the correct values
- windows-salt-minion.bat laptop_name.cs.uwaterloo.ca user_NAME
- D: - we assume the USB key is drive D:
- Example: RT#1168129
- windows-salt-minion scslt385.cs.uwaterloo.ca m67hasan
- The installer fwill ask to install other dependencies - allow this and keep pressing Next when prompted
- Proceed to Salt Master section
Salt Master
- Log onto salt-rsg-2004.cscf.uwaterloo.ca as root using SSH key
- Ask Lori to add your account SSH key to the Salt Master
- List minion keys waiting to accept: salt-key -l un
- we have to wait until we see the new minion (example scslt385)
- rerun the commend until you do see it
-
- Example
- root@salt-rsg-2004:~# salt-key -l un
Unaccepted Keys: angus.cs.uwaterloo.ca scslt426-ThinkPad-P14s-Gen-1 tuna.cs.uwaterloo.ca scslt385.cs.uwaterloo.ca
- root@salt-rsg-2004:~# salt-key -l un
- Example
- Accept the Key on the Salt master using salt-key -a hostname
- Example: salt-key -a scslt385.cs.uwaterloo.ca
- Apply the Salt Windows 10 Packages state to Laptop on the Salt Master
- Example: salt -t 600 scslt385.cs.uwaterloo.ca state.apply 2004-scslt-packages-win10
- -t 600 timeout of 10 minutes
- state.apply apply a state that follows
- 2004-scslt-packages-win10 the windows packages we want
- Example: salt -t 600 scslt385.cs.uwaterloo.ca state.apply 2004-scslt-packages-win10
- Notes:
- If this finishes with just a Team viewer error proceed to Configuration step
- If this does not finish or times out reboot laptop and run the Salt Windows 10 Packages stae again as abouve until it finishes
- This happens rather often
- Apply the Salt Windows 10 Configuration state to Laptop on Salt Master
-
- Example: salt scslt385.cs.uwaterloo.ca state.apply 2004-scslt-config-win10
- -t 600 timeout of 10 minutes
- state.apply apply a state that follows
- 2004-scslt-config-win10 the windows configuration we want
- This will reboot the machine when done
- Example: salt scslt385.cs.uwaterloo.ca state.apply 2004-scslt-config-win10
Salt troubleshooting
- If salt master state apply packages command fails with a timeout: salt -t 600 yourhostname state.apply 2004-scslt-packages-win10
- Just rerun the command
- If salt master packages command fails only for teamviewer then ignore the error and continue - its bogus
- If some other packages do not install try running the command again
- If salt master config state apply command fails salt -t 600 yourhostname state.apply 2004-scslt-config-win10
- Note: ignore any timezone related errors
- If minion does not reboot try running the config state apply again - however if this this fails:
- 1 - try restarting the minion service - see steps below
- 2 - if the service is not installed just start over from scratch packages already installed will be left alone
- Starting minion service after final config state apply has been done
- Search bar -> services -> Open Services -> Locate salt minion service -> Enable > Apply -> Start -> OK
- Now you can run salt commands for the minion on the salt master
- If the minion service is not installed on the client just start over from scratch packages already installed will be left alone
- Starting minion service at boot time if its still installed - when first user setup questions appear
- Open command prompt with SHIFT F10 and run command \windows\system32services.msc
- Locate salt minion service -> Enable > Apply -> Start -> OK
- If the service is not installed just start over from scratch packages already installed will be left alone
- Now you can run salt commands for the minion on the salt master
Salt cheat sheet
Example output from a working session on Salt master
Example output of state.apply state.apply 2004-scslt-packages-win10
- Note that Team viewer failure is OK
root@salt-rsg-2004:~# salt -t 1200 "dell-laptop2" state.apply 2004-scslt-packages-win10 dell-laptop2: ---------- ID: win10.packages Function: pkg.installed Result: False Comment: The following packages failed to install/update: teamviewer 5 targeted packages were installed/updated. The following packages were already installed: 7zip, adobereader-xi, chrome, git, gvim, putty, smartmontools, thunderbird, vlc Started: 00:40:37.033829 Duration: 221785.674 ms Changes: ---------- Mozilla Firefox (x64 en-US): ---------- new: old: 90.0.2 Mozilla Maintenance Service: ---------- new: 88.0.1 old: 78.4.2 TAP-Windows 9.24.2: ---------- new: 9.24.2 old: TeamViewer: ---------- new: 15.21.8 old: firefox_x64: ---------- new: 88.0.1 old: nextcloud-client: ---------- new: 3.0.3.16037 old: openvpn: ---------- new: 2.4.10-I601-Win10 old: teamviewer: ---------- install status: success texworks: ---------- new: 0.6.1 old: zoom: ---------- new: 5.7.1247 old: ---------- ID: get_o365 Function: file.managed Name: C:\Users\Public\Desktop\officedeploymenttool_13929-20296.exe Result: True Comment: File C:\Users\Public\Desktop\officedeploymenttool_13929-20296.exe updated Started: 00:44:18.944502 Duration: 1781.249 ms Changes: ---------- diff: New file ---------- ID: get_vpn Function: file.managed Name: C:\Users\Public\Desktop\anyconnect-win-4.9.06037-core-vpn-webdeploy-k9.msi Result: True Comment: File C:\Users\Public\Desktop\anyconnect-win-4.9.06037-core-vpn-webdeploy-k9.msi updated Started: 00:44:20.725751 Duration: 4268.949 ms Changes: ---------- diff: New file ---------- ID: get_scs_vpn Function: file.managed Name: C:\Program Files\OpenVPN\config\scs-openvpn-client.ovpn Result: True Comment: File C:\Program Files\OpenVPN\config\scs-openvpn-client.ovpn updated Started: 00:44:24.994700 Duration: 140.624 ms Changes: ---------- diff: New file Summary for dell-laptop2 ------------ Succeeded: 3 (changed=4) Failed: 1 ------------ Total states run: 4 Total run time: 227.976 s
Example output of state.apply state.apply 2004-scslt-config-win10
- Note: The system will reboot when finished
root@salt-rsg-2004:/srv/saltstack/states# salt -t 1200 "dell-laptop2" state.apply 2004-scslt-config-win10 dell-laptop2: ---------- ID: America/New_York Function: timezone.system Result: False Comment: Failed to set UTC to True Started: 01:08:47.912032 Duration: 46.877 ms Changes: ---------- ID: install_site_key Function: cmd.run Name: powershell "changepk.exe /ProductKey NW6C2-QMPVW-D7KKK-3GKT6-VCFB2" Result: True Comment: Command "powershell "changepk.exe /ProductKey NW6C2-QMPVW-D7KKK-3GKT6-VCFB2"" run Started: 01:08:47.974536 Duration: 27823.491 ms Changes: ---------- pid: 4776 retcode: 0 stderr: stdout: ---------- ID: install_site_key Function: cmd.run Name: powershell "cscript C:\Windows\System32\slmgr.vbs /skms officelic.uwaterloo.ca" Result: True Comment: Command "powershell "cscript C:\Windows\System32\slmgr.vbs /skms officelic.uwaterloo.ca"" run Started: 01:09:15.798027 Duration: 671.399 ms Changes: ---------- pid: 452 retcode: 0 stderr: stdout: Microsoft (R) Windows Script Host Version 5.812 Copyright (C) Microsoft Corporation. All rights reserved. Key Management Service machine name set to officelic.uwaterloo.ca successfully. ---------- ID: install_site_key Function: cmd.run Name: powershell "cscript C:\Windows\System32\slmgr.vbs /ato" Result: True Comment: Command "powershell "cscript C:\Windows\System32\slmgr.vbs /ato"" run Started: 01:09:16.485051 Duration: 10047.854 ms Changes: ---------- pid: 8840 retcode: 0 stderr: stdout: Microsoft (R) Windows Script Host Version 5.812 Copyright (C) Microsoft Corporation. All rights reserved. Activating Windows(R), Education edition (e0c42288-980c-4788-a014-c080d2e1926e) ... Product activated successfully. Name: cscf-adm - Function: user.present - Result: Clean Started: - 01:09:26.548528 Duration: 10503.29 ms Name: cscf-op - Function: user.present - Result: Clean Started: - 01:09:37.051818 Duration: 326.13 ms ---------- ID: create_user_account Function: user.present Name: test Result: True Comment: New user test created Started: 01:09:37.377948 Duration: 500.004 ms Changes: ---------- account_disabled: False account_locked: False active: True comment: description: disallow_change_password: False expiration_date: 2106-02-07 01:28:15 expired: False failed_logon_attempts: 0 fullname: test gid: groups: - Users - Administrators - Remote Desktop Users home: homedrive: last_logon: Never logonscript: name: test passwd: XXX-REDACTED-XXX password_changed: 2021-09-22 01:09:37 password_never_expires: False profile: None successful_logon_attempts: 0 uid: S-1-5-21-368724430-2887611944-2678031339-1004 Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE - Function: reg.present - Result: Clean Started: - 01:09:37.877952 Duration: 15.623 ms Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - Function: reg.present - Result: Clean Started: - 01:09:37.893575 Duration: 0.0 ms Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP - Function: reg.present - Result: Clean Started: - 01:09:37.893575 Duration: 0.0 ms ---------- ID: allow_rdp Function: module.run Name: rdp.enable Result: True Comment: Module function rdp.enable executed Started: 01:09:37.893575 Duration: 1109.379 ms Changes: ---------- ret: True ---------- ID: txfr_set_name.ps1 Function: file.managed Name: C:\salt\conf\set_name.ps1 Result: True Comment: File C:\salt\conf\set_name.ps1 updated Started: 01:09:39.002954 Duration: 296.875 ms Changes: ---------- diff: New file ---------- ID: turn_off_ps_security Function: cmd.run Name: Set-ExecutionPolicy Unrestricted Result: True Comment: Command "Set-ExecutionPolicy Unrestricted" run Started: 01:09:39.299829 Duration: 1222.8 ms Changes: ---------- pid: 2452 retcode: 0 stderr: stdout: ---------- ID: set_machine_name Function: cmd.run Name: C:\salt\conf\set_name.ps1 Result: True Comment: Command "C:\salt\conf\set_name.ps1" run Started: 01:09:40.522629 Duration: 1359.38 ms Changes: ---------- pid: 5108 retcode: 0 stderr: Rename-Computer : Skip computer 'DELL-LAPTOP2' with new name 'dell-laptop2' because the new name is the same as the current name. At C:\salt\conf\set_name.ps1:5 char:1 + Rename-Computer -NewName $name -Force + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (dell-laptop2:String) [Rename-Computer], InvalidOperationException + FullyQualifiedErrorId : NewNameIsOldName,Microsoft.PowerShell.Commands.RenameComputerCommand stdout: Setting name to: dell-laptop2 ---------- ID: disable_minion_on_boot Function: cmd.run Name: sc config "salt-minion" start= disabled Result: True Comment: Command "sc config "salt-minion" start= disabled" run Started: 01:09:41.882009 Duration: 46.871 ms Changes: ---------- pid: 5808 retcode: 0 stderr: stdout: [SC] ChangeServiceConfig SUCCESS ---------- ID: reboot_machine Function: cmd.run Name: Restart-Computer -Force Result: True Comment: Command "Restart-Computer -Force" run Started: 01:09:41.928880 Duration: 1046.876 ms Changes: ---------- pid: 2192 retcode: 0 stderr: stdout: Summary for dell-laptop2 ------------- Succeeded: 15 (changed=10) Failed: 1 ------------- Total states run: 16 Total run time: 55.017 s ERROR: Minions returned with non-zero exit code
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback