How to automate VM deployment + configuration without too much overhead

Question

This question is more intended to get some advice. I'm sure there's no straight answer to it.

Situation

Our internal IT department is responsible for the creation of VMs (mainly Windows Server) that are requested by the business. What happens inside the VMs is not our concern, but we are responsible up to the OS level; we just deploy it as a black box and deliver it to the business (a bit like a hosting company) and they will install applications on it. However, we do require some agents and basic configurations to be done on every VM that we deploy (e.g. anti-virus installation, monitoring agent, domain joining etc). Most of the VMs are totally unrelated. We deploy about 5 of them per month.

Currently we use Azure ARM templates to deploy the VMs on Azure (using Az CLI), which is already a nice time saver, but the configuration afterwards is just some repetitive boring manual work. We need to domain join, reboot, manually copy the installers, run them, next/next/finish... I feel like there's some optimization possible here :)

Sometimes we also still need to deploy VMs on-prem on VMware, so the same manual tasks are applicable there as well, except for the VM deployment itself which is done via VM templates.

Goal

I was looking for a way to automate all of this and was thinking about using Ansible. But before really digging into this, I'd like to hear from the experienced Ansible users if that would be the tool for our job.

In an ideal world, I would just like to deploy the ARM template or the VMware VM template and let everything else inside the VM be handled automatically. This would domain join the VM, add an AD group to the local administrators group, install all agents and so on. To extend this even further, it would be nice to add the server automatically to our CMDB and add the IP address to our IPDB for example using a REST API.

Would this be feasible with Ansible or am I looking at the wrong tool? Is it even worth the effort for roughly 5 VMs/month? I'm not in favor of working with Powershell DSC, since we also need to deploy Linux more often.

Of course, I could start writing PowerShell scripts that will handle all of this, but it feels like I'm reinventing the wheel then.

Answer 1

Saving 5 minutes per week is an automation budget of 4 hours per year. Perhaps more importantly, automation is more consistent, and might enable self-service provisioning workflows. And replaces tedious toil with more interesting automation work.

Write scripts regardless of how the automation is implemented, hopefully making reuse possible. In theory, the same script could be called from ARM template custom script extensions, Azure image builder, Ansible playbooks, VMWare templates, manually ad-hoc, wherever.

Ansible is a means to remote into hosts and run scripts. ssh and run Python, winrm and run PowerShell. While it has a handful of useful (Windows) modules, writing a script will be necessary if a module does not exist. Further, Ansible doesn't run on Windows, so a management node would need to be some other OS. This complicates things if you want to control provisioning mostly via Azure workflows.

Easier of the tasks would be domain joining, Microsoft has provisioning tools to do that unattended.

If agents and other installed software break when the VM is generalized, that makes creating template images problematic. Investigate if the software can be made to detect new host details, or if once installed it relies exclusively on the config file. Or if the software install can be automated at instance provision time. Show the software's support a generalized OS and ask for guidance.