- Updated SQL download link to SQL Server 2022 Eval due to breaks in Takeover 1 authentication
- To update your cache, please remove "enu_sql_server_2022_standard_edition_x64_dvd_43079f69.iso" from the directory at /opt/ludus/resources/sccm/ on your Ludus host, destroy, and rebuild the lab
SCCM Collection for Ansible and Ludus
This collection includes Ansible roles to install and configure SCCM. For a good example of the collection's usage, see the sccm-range-config.yml.
Roles included in this collection:
synzack.ludus_sccm.disable_firewallsynzack.ludus_sccm.enable_webdavsynzack.ludus_sccm.install_adcssynzack.ludus_sccm.ludus_sccm_distrosynzack.ludus_sccm.ludus_sccm_mgmtsynzack.ludus_sccm.ludus_sccm_siteserversynzack.ludus_sccm.ludus_sccm_sql
Installation in Ludus
Install via Ansible Galaxy:
ludus ansible collection add synzack.ludus_sccm
None
- Due to unknown issues with SCCM, .local domain suffixes will not work properly. We recommend using something else such as .domain or .lab for your domain suffix
- If you wish to add client push to the DC, you will need to add Remote Scheduled Tasks Management firewall rules or use the disable_firewall role
- At this time, all 4 site server roles are needed to deploy SCCM, there is no standalone option yet
Warning
All SCCM VM hostnames MUST be <= 15 characters
Here's an example Ludus configuration that uses this module to set up a full SCCM deployment, along with default values:
ludus:
- vm_name: "{{ range_id }}-DC01"
hostname: "DC01"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 10
ram_gb: 4
ram_min_gb: 1
cpus: 2
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: primary-dc
roles:
- synzack.ludus_sccm.install_adcs
- synzack.ludus_sccm.disable_firewall
- vm_name: "{{ range_id }}-Workstation"
hostname: "Workstation"
template: win11-22h2-x64-enterprise-template
vlan: 10
ip_last_octet: 11
ram_gb: 4
ram_min_gb: 1
cpus: 2
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.disable_firewall
- vm_name: "{{ range_id }}-sccm-distro"
hostname: "sccm-distro"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 12
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_distro
role_vars:
ludus_sccm_site_server_hostname: 'sccm-sitesrv'
- vm_name: "{{ range_id }}-sccm-sql"
hostname: "sccm-sql"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 13
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_sql
role_vars:
ludus_sccm_site_server_hostname: 'sccm-sitesrv'
ludus_sccm_sql_server_hostname: 'sccm-sql'
ludus_sccm_sql_svc_account_username: 'sqlsccmsvc'
ludus_sccm_sql_svc_account_password: 'Password123'
- vm_name: "{{ range_id }}-sccm-mgmt"
hostname: "sccm-mgmt"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 14
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_mgmt
role_vars:
ludus_sccm_site_server_hostname: "sccm-sitesrv"
- vm_name: "{{ range_id }}-sccm-sitesrv"
hostname: "sccm-sitesrv"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 15
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_siteserver
- synzack.ludus_sccm.enable_webdav
role_vars:
ludus_sccm_sitecode: 123
ludus_sccm_sitename: Primary Site
ludus_sccm_site_server_hostname: 'sccm-sitesrv'
ludus_sccm_distro_server_hostname: 'sccm-distro'
ludus_sccm_mgmt_server_hostname: 'sccm-mgmt'
ludus_sccm_sql_server_hostname: 'sccm-sql'
# --------------------------NAA Account-------------------------------------------------
ludus_sccm_configure_naa: true
ludus_sccm_naa_username: 'sccm_naa'
ludus_sccm_naa_password: 'Password123'
# --------------------------Client Push Account-----------------------------------------
ludus_sccm_configure_client_push: true
ludus_sccm_client_push_username: 'sccm_push'
ludus_sccm_client_push_password: 'Password123'
ludus_sccm_enable_automatic_client_push_installation: true
ludus_sccm_enable_system_type_configuration_manager: true
ludus_sccm_enable_system_type_server: true
ludus_sccm_enable_system_type_workstation: true
ludus_sccm_install_client_to_domain_controller: false #"True" Requires Remote Scheduled Tasks Managmenet firewall rules enabled (or no firewall)
ludus_sccm_allow_NTLM_fallback: true
# ---------------------------Discovery Methods------------------------------------------
ludus_sccm_enable_active_directory_forest_discovery: true
ludus_sccm_enable_active_directory_boundary_creation: true
ludus_sccm_enable_subnet_boundary_creation: true
ludus_sccm_enable_active_directory_group_discovery: true
ludus_sccm_enable_active_directory_system_discovery: true
ludus_sccm_enable_active_directory_user_discovery: true
# ----------------------------------PXE-------------------------------------------------
ludus_sccm_enable_pxe: true
ludus_enable_pxe_password: false
ludus_pxe_password: 'Password123'
ludus_domain_join_account: domainadmin
ludus_domain_join_password: 'password'Then set the config and deploy it
ludus range config set -f sccm-range-config.yml
ludus range deploy
git clone https://github.com/Synzack/ludus_sccm
ansible-galaxy collection build
via Ludus ansible collection
python3 -m http.server 80
ludus ansible collection add http://<network ip>/synzack-ludus_sccm-1.0.0.tar.gz
via scp
export LUDUS_USER_NAME=$(ludus user list --json | jq -r '.[].proxmoxUsername')
ssh root@<ludus-host> "mkdir -r /opt/ludus/users/$LUDUS_USER_NAME/.ansible/collections/ansible_collections/synzack/ludus_sccm"
rsync -av --exclude .git/ ./ root@<ludus-host>:/opt/ludus/users/$LUDUS_USER_NAME/.ansible/collections/ansible_collections/synzack/ludus_sccm/
GPLv3
This collection was created by Zach Stein and Erik Hunstad, for Ludus.