Problem: One business critical application is not linux compatible
Solution: Run a VM on Linux host until application is natively written for Linux
Tools used: VMWare Workstation and VMWare Player
What to do:
Use VMWare to create a windows image. This image is locked down using the Windows XP ‘Group Policy Editor‘. Having Windows inside the VM leaves two administrative tasks which are not easily manageable right off the bat: Software Distribution and System Maintenance.
Using Python and Batch files we are able to manage this system using .deb files or .rpm files. To unlock the system, we will be using web services.
Using batch files, I make sure that, with samba presenting a CIFS share on the host, that the VM can mount this share:
shares.bat:
net use s: \\vmware-shared\software-update /USER:vmware-user ourpassword < C:\shares.rsp
shares.rsp:
Y
This will make sure at boot that our shared drive is mounted. Now the goal is to install arbitrary updates on the VM that we approve. We will package any updates using the NSIS Windows installer. These updates should only be ran once, at boot. To make sure they are ran only once, we use Python in combination with Py2Exe to make it an executable:
ProgramRunner.py:
import shelve
import glob
import os
import sets
import logging
import dbhash
def initShelve(filename = 'c:\\programrunner.db'):
handle = shelve.open(filename, writeback=True)
return handle
def initLogging():
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s',
filename="c:\\programrunner.log",
filemode='w')
def retrieveExes(filePath):
return glob.glob(filePath + "*.exe")
def retrieveBats(filePath):
return glob.glob(filePath + "*.bat")
def executeProgram(fileName):
os.system(fileName)
def removeDuplicates(ourList):
return list(sets.Set(ourList))
# Returns list of .bat and .exe files at filePath without duplicates (how are there duplicates.. I dont know, remove that part?)
def retrieveFiles(filePath):
filesToProcess = []
for file in retrieveExes(filePath):
filesToProcess.append(file)
for file in retrieveBats(filePath):
filesToProcess.append(file)
return removeDuplicates(filesToProcess)
initLogging()
filePath = """S:\\"""
logging.debug('filePath is: ' + filePath)
filesToProcess = retrieveFiles(filePath)
for file in filesToProcess:
logging.debug('filesToProcess: ' + str(file))
executed = initShelve()
# If filelist doesn't exist in shelve yet, make it so #1
try:
if executed["filelist"]:
logging.debug('filelist exists in shelve.')
except KeyError:
executed["filelist"] = []
logging.debug('filelist did not exist in shelve. Creating.')
for file in filesToProcess:
logging.debug('Now processing: ' + str(file))
if file in executed["filelist"]:
print str(file) + " has already been executed."
logging.info(str(file) + " has already been executed.")
else:
executeProgram(file)
executed["filelist"].append(file)
print "Executing: " + str(file)
logging.info("Executing: " + str(file))
logging.debug('Closing shelve. Program has ended.')
executed.close()
So this will now run any installer we make once it is installed via RPM or DEB into our S: shared drive. Should we need to go in for maintenance, there are 2 .bat scripts:
disablepolicy.bat:
echo Disabling group policy
xcopy /E /H /I /K /Y c:\windows\system32\grouppolicy c:\grouppolicy
rmdir /S /Q c:\windows\system32\grouppolicy
enablepolicy.bat:
echo Enabling group policy
xcopy /E /H /I /K /Y c:\grouppolicy c:\windows\system32\grouppolicy
Now just create a python program at startup (this will vary based on your management web interface) that downloads it's settings from your server, and if the server says to disable policy just run it.
The only caveat with this strategy is that you will need to review your Microsoft Windows Licenses and make sure you are allowed to run them in a VM.
Related posts: