Add ansible-skylight style classroom
Supports an Ansible for Windows classroom based off the skylight architecture.
Resolves issue #1024.
76 files added
4 files modified
New file |
| | |
| | | = ansible-skylight config |
| | | |
| | | Author: Jim Rigsbee, jrigsbee@redhat.com |
| | | |
| | | == Overview |
| | | |
| | | Currently the ansible-skylight is used to deploy a classroom based on the |
| | | skylight classroom created by the SA Tiger team: |
| | | https://github.com/mgmt-sa-tiger-team/skylight.git |
| | | |
| | | == NOTES |
| | | |
| | | To be documented |
| | | |
| | | == Review the Env_Type variable file |
| | | |
| | | * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you |
| | | need to define to control, or customize, the deployment of your environment. In |
| | | normal usage this should not need to be touched or ammended and one-off changes |
| | | can be tested by passing vars or var files with `-e` or `-e @my_version_vars.yml`. |
| | | |
| | | == Secrets |
| | | |
| | | To be documented |
| | | |
| | | |
| | | == Running Ansible Playbook |
| | | |
| | | You can run the playbook with the following arguments to overwrite the default variable values: |
| | | From the `ansible_agnostic_deployer/ansible` directory run |
| | | ` |
| | | [source,bash] |
| | | ---- |
| | | ENVTYPE=ansible-skylight |
| | | GUID=test02 |
| | | CLOUDPROVIDER=ec2 |
| | | REGION=us-east-1 |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | KEYNAME=awskey |
| | | |
| | | ansible-playbook main.yml \ |
| | | -e "guid=${GUID}" \ |
| | | -e "env_type=${ENVTYPE}" \ |
| | | -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "email=name@example.com" \ |
| | | -e "output_dir=/tmp/workdir" \ |
| | | -e @~/secret.yml \ |
| | | -e @~/my_env_vars.yml |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | |
| | | [source,bash] |
| | | ---- |
| | | |
| | | REGION=us-east-1 |
| | | KEYNAME=awskey |
| | | GUID=test02 |
| | | ENVTYPE=ansible-skylight |
| | | CLOUDPROVIDER=ec2 |
| | | |
| | | ansible-playbook configs/${ENVTYPE}/destroy_env.yml \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" -e "key_name=${KEYNAME}" \ |
| | | -e @~/secret.yml \ |
| | | -e @~/my_env_vars.yml |
| | | ---- |
New file |
| | |
| | | --- |
| | | - import_playbook: ../../include_vars.yml |
| | | |
| | | - name: Delete Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | tasks: |
| | | - name: Run infra-ec2-template-destroy |
| | | include_role: |
| | | name: "infra-{{cloud_provider}}-template-destroy" |
| | | when: cloud_provider == 'ec2' |
| | | |
| | | - name: Run infra-azure-template-destroy |
| | | include_role: |
| | | name: "infra-{{cloud_provider}}-template-destroy" |
| | | when: cloud_provider == 'azure' |
New file |
| | |
| | | --- |
| | | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | |
| | | ### Common Host settings |
| | | |
| | | repo_method: file # Other Options are: file, satellite and rhn |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | # satellite_url: satellite.example.com |
| | | # satellite_org: Sat_org_name |
| | | # satellite_activationkey: "rhel7basic" |
| | | |
| | | # Do you want to run a full yum update |
| | | update_packages: false |
| | | |
| | | install_bastion: false |
| | | install_common: true |
| | | install_courseware: true |
| | | |
| | | # Indicate whether status will be reported to status API service on Bastion |
| | | # Also, indicates whether the status API will be installed on Bastion |
| | | report_status: true |
| | | |
| | | # Defines the version of the Ansible Tower installer. |
| | | # The version should match a file available here: |
| | | # https://releases.ansible.com/ansible-tower/setup/ |
| | | towerversion: "3.5.2-1" |
| | | tower_admin_password: changeme |
| | | |
| | | ## guid is the deployment unique identifier, it will be appended to all tags, |
| | | ## files and anything that identifies this environment from another "just like it" |
| | | guid: defaultguid |
| | | course_name: default |
| | | platform: opentlc |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | |
| | | ### If you want a Key Pair name created and injected into the hosts, |
| | | # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` |
| | | # you can use the key used to create the environment or use your own self generated key |
| | | # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) |
| | | use_own_key: true |
| | | env_authorized_key: "{{guid}}key" |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}} |
| | | set_env_authorized_key: true |
| | | win_connect_method: psrp |
| | | |
| | | ### AWS EC2 Environment settings |
| | | |
| | | ### Route 53 Zone ID (AWS) |
| | | # This is the Route53 HostedZoneId where you will create your Public DNS entries |
| | | # This only needs to be defined if your CF template uses route53 |
| | | HostedZoneId: Z3IHLWJZOU9SRT |
| | | # The region to be used, if not specified by -e in the command line |
| | | aws_region: us-east-1 |
| | | # The key that is used to |
| | | key_name: "default_key_name" |
| | | |
| | | ## Networking (AWS) |
| | | subdomain_base_short: "{{ guid }}" |
| | | subdomain_base_suffix: ".{{ course_name }}.opentlc.com" |
| | | subdomain_base: "{{ subdomain_base_short }}{{ subdomain_base_suffix }}" |
| | | |
| | | zone_internal_dns: "{{guid}}.{{course_name}}.internal." |
| | | chomped_zone_internal_dns: "{{guid}}.{{course_name}}.internal" |
| | | |
| | | vpcid_cidr_block: "172.25.0.0/16" |
| | | vpcid_name_tag: "{{subdomain_base}}" |
| | | |
| | | aws_availability_zone: "{{ aws_region }}a" |
| | | aws_private_subnet_cidr: "172.25.250.0/24" |
| | | aws_public_subnet_cidr: "172.25.251.0/24" |
| | | aws_vpc_name: "{{course_name}}-{{guid}}-vpc" |
| | | |
| | | cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " |
| | | |
| | | ## Environment Sizing |
| | | |
| | | bastion_instance_type: "t2.medium" |
| | | tower_instance_type: "t2.medium" |
| | | gitlab_instance_type: "t2.medium" |
| | | |
| | | windows_instance_count: 2 |
| | | windows_instance_type: "t3.medium" |
| | | |
| | | windows_workstation_instance_type: "t3.large" |
| | | |
| | | activedirectory_instance_count: 1 |
| | | activedirectory_instance_type: "t3.medium" |
| | | |
| | | # Windows Domain Settings |
| | | dns_domain_name: "example.com" |
| | | dns_domain_name_short: "example" |
| | | ldap_basedn: "DC=example,DC=com" |
| | | ldap_search_base: "{{ ldap_basedn }}" |
| | | ldap_access_filter: "(&(objectClass=user)(memberOf=CN=Ansible Users,CN=Users,{{ ldap_search_base }}))" |
| | | tower_ldap_search_dn: "CN=Users,{{ ldap_search_base }}" |
| | | |
| | | security_groups: |
| | | - name: BastionSG |
| | | rules: |
| | | - name: SSHBastion |
| | | description: "SSH public" |
| | | from_port: 22 |
| | | to_port: 22 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: HttpBastion |
| | | description: "Http public" |
| | | from_port: 80 |
| | | to_port: 80 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: NginxBastion |
| | | description: "Http public" |
| | | from_port: 30904 |
| | | to_port: 30904 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: TowerSG |
| | | rules: |
| | | - name: InternalNetworkTowerTcp |
| | | description: "All internal TCP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: InternalNetworkTowerUdp |
| | | description: "All internal UDP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: udp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: GitlabSG |
| | | rules: |
| | | - name: InternalNetworkGitlabTcp |
| | | description: "All internal TCP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: InternalNetworkGitlabUdp |
| | | description: "All internal UDP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: udp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: WinDCSG |
| | | rules: |
| | | - name: InternalNetworkWinTcp |
| | | description: "All internal TCP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: InternalNetworkWinUdp |
| | | description: "All internal UDP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: udp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: WinSG |
| | | rules: |
| | | - name: InternalNetworkWinTcp |
| | | description: "All internal TCP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: InternalNetworkWinUdp |
| | | description: "All internal UDP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: udp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: WorkstationSG |
| | | rules: |
| | | - name: HTTPWin |
| | | description: "HTTP public" |
| | | from_port: 80 |
| | | to_port: 80 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: HTTPSWin |
| | | description: "HTTPS public" |
| | | from_port: 443 |
| | | to_port: 443 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: WinRDP |
| | | description: "Win RDP public" |
| | | from_port: 3389 |
| | | to_port: 3389 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: InternalNetworkWinTcp |
| | | description: "All internal TCP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | - name: InternalNetworkWinUdp |
| | | description: "All internal UDP traffic" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: udp |
| | | cidr: "{{ vpcid_cidr_block }}" |
| | | rule_type: Ingress |
| | | |
| | | instances: |
| | | - name: "bastion" |
| | | count: 1 |
| | | unique: true |
| | | security_group: "BastionSG" |
| | | public_dns: true |
| | | flavor: |
| | | "ec2": "{{bastion_instance_type}}" |
| | | image_id: RHEL76GOLD |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "bastions" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | |
| | | - name: "tower" |
| | | count: 1 |
| | | unique: true |
| | | security_group: "TowerSG" |
| | | public_dns: false |
| | | flavor: |
| | | "ec2": "{{tower_instance_type}}" |
| | | image_id: RHEL76GOLD |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "towers" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | #TODO is this needed? it doesn't work like this |
| | | # UserData: | |
| | | # UserData: |
| | | # hostname: tower |
| | | # fqdn: "tower.{{dns_domain_name}}" |
| | | # manage_etc_hosts: true |
| | | # chpasswd: { expire: False } |
| | | # ssh_pwauth: True |
| | | |
| | | - name: "gitlab" |
| | | count: 1 |
| | | unique: true |
| | | security_group: "GitlabSG" |
| | | public_dns: false |
| | | flavor: |
| | | "ec2": "{{gitlab_instance_type}}" |
| | | image_id: RHEL76GOLD |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "gitlab" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | |
| | | - name: "windc" |
| | | count: "{{activedirectory_instance_count}}" |
| | | public_dns: false |
| | | unique: "{{ true if activedirectory_instance_count | int <= 1 else false }}" |
| | | security_group: "WinDCSG" |
| | | flavor: |
| | | "ec2": "{{activedirectory_instance_type}}" |
| | | image_id: WIN2019FULL |
| | | UserData: "{{ lookup('template', '../configs/{{ env_type }}/templates/win_ec2_userdata.j2') }}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "activedirectories" |
| | | - key: "ostype" |
| | | value: "windows" |
| | | |
| | | - name: "win" |
| | | count: "{{windows_instance_count}}" |
| | | unique: "{{ true if windows_instance_count | int <= 1 else false }}" |
| | | public_dns: false |
| | | security_group: "WinSG" |
| | | flavor: |
| | | "ec2": "{{windows_instance_type}}" |
| | | image_id: WIN2019FULL |
| | | UserData: "{{ lookup('template', '../configs/{{ env_type }}/templates/win_ec2_userdata.j2') }}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "windows_servers" |
| | | - key: "ostype" |
| | | value: "windows" |
| | | volumes: |
| | | - device_name: "/dev/xvdf" |
| | | size: 5 |
| | | |
| | | - name: "workstation" |
| | | count: 1 |
| | | unique: true |
| | | public_dns: true |
| | | security_group: "WorkstationSG" |
| | | flavor: |
| | | "ec2": "{{windows_workstation_instance_type}}" |
| | | image_id: WIN2016FULL |
| | | UserData: "{{ lookup('template', '../configs/{{ env_type }}/templates/win_ec2_userdata.j2') }}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "workstations" |
| | | - key: "ostype" |
| | | value: "windows" |
| | | |
| | | install_win_ssh: false |
| | | |
| | | ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYMENT |
| | | ###### You can, but you usually wouldn't need to. |
| | | |
| | | # The following interfere with Windows servers which use Administrator |
| | | #ansible_user: ec2-user |
| | | #remote_user: ec2-user |
| | | |
| | | common_packages: |
| | | - python |
| | | - unzip |
| | | - bash-completion |
| | | - tmux |
| | | - bind-utils |
| | | - wget |
| | | - git |
| | | - vim-enhanced |
| | | - at |
| | | - python2-pip |
| | | - gcc |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | |
| | | disable_default_repos: true |
| | | |
| | | enable_epel: true |
| | | |
| | | # Needed for reverse lookup DNS setup |
| | | ptr_zone_name: "250.25.172.in-addr.arpa" |
| | | ptr_zone_cidr: "172.25.250.0/24" |
| | | |
| | | # Windows Default account |
| | | user_prefix: student |
| | | workstation_user: training |
| | | |
| | | ###################### GITLAB INFO ####################### |
| | | # Gitlab variables |
| | | gitlab_external_url: "https://gitlab.{{ dns_domain_name }}/" |
| | | gitlab_git_data_dir: "/var/opt/gitlab/git-data" |
| | | gitlab_backup_path: "/var/opt/gitlab/backups" |
| | | gitlab_edition: "gitlab-ce" |
| | | |
| | | # SSL Config |
| | | gitlab_redirect_http_to_https: "true" |
| | | gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt" |
| | | gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key" |
| | | |
| | | # SSL Self-signed Certificate Configuration |
| | | gitlab_create_self_signed_cert: "true" |
| | | gitlab_self_signed_cert_subj: "/C=US/ST=North Carolina/L=Raleigh/O=Ansible/CN=gitlab.{{ dns_domain_name }}" |
| | | |
| | | # LDAP Configuration |
| | | gitlab_ldap_enabled: "true" |
| | | gitlab_ldap_host: "windc.{{ dns_domain_name }}" |
| | | gitlab_ldap_port: "389" |
| | | gitlab_ldap_uid: "sAMAccountName" |
| | | gitlab_ldap_method: "plain" |
| | | gitlab_ldap_bind_dn: "CN=Admin,CN=Users,{{ ldap_basedn }}" |
| | | gitlab_ldap_password: "{{ windows_password }}" |
| | | gitlab_ldap_base: "{{ ldap_basedn }}" |
| | | |
| | | # General Config |
| | | gitlab_time_zone: "UTC" |
| | | gitlab_backup_keep_time: "604800" |
| | | gitlab_download_validate_certs: yes |
| | | gitlab_version: "10.0.6-ce.0.el7" |
| | | |
| | | # Email configuration. |
| | | gitlab_email_enabled: "false" |
| | | gitlab_smtp_enable: "false" |
| | | |
| | | git_lab: false |
| | | advanced_lab: false |
New file |
| | |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: {{ aws_ami_region_mapping | to_json }} |
| | | |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "{{vpcid_cidr_block}}" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | Properties: |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | {% if aws_availability_zone is defined %} |
| | | AvailabilityZone: "{{ aws_availability_zone }}" |
| | | {% endif %} |
| | | CidrBlock: "{{ aws_public_subnet_cidr }}" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}-public" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: false |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | |
| | | PrivateRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}-private" |
| | | |
| | | PrivateRouteNatGateway: |
| | | DependsOn: |
| | | - NatGateway |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | NatGatewayId: |
| | | Ref: NatGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: PrivateRouteTable |
| | | |
| | | PrivateSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | {% if aws_availability_zone is defined %} |
| | | AvailabilityZone: "{{ aws_availability_zone }}" |
| | | {% endif %} |
| | | CidrBlock: "{{ aws_private_subnet_cidr }}" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{ vpcid_name_tag }}-private" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: false |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | PrivateSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: PrivateRouteTable |
| | | SubnetId: |
| | | Ref: PrivateSubnet |
| | | |
| | | NatGatewayEIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | Domain: vpc |
| | | |
| | | NatGateway: |
| | | Type: "AWS::EC2::NatGateway" |
| | | DependsOn: |
| | | - NatGatewayEIP |
| | | - PublicSubnet |
| | | Properties: |
| | | AllocationId: |
| | | Fn::GetAtt: |
| | | - NatGatewayEIP |
| | | - AllocationId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | |
| | | |
| | | {% for security_group in security_groups %} |
| | | {{security_group['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{course_name}}-{{guid}}-{{security_group['name']}}" |
| | | {% endfor %} |
| | | |
| | | {% for security_group in security_groups %} |
| | | {% for rule in security_group['rules'] %} |
| | | {{security_group['name']}}{{rule['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup{{rule['rule_type']}}" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "{{security_group['name']}}" |
| | | - GroupId |
| | | IpProtocol: {{rule['protocol']}} |
| | | FromPort: {{rule['from_port']}} |
| | | ToPort: {{rule['to_port']}} |
| | | {% if rule['cidr'] is defined %} |
| | | CidrIp: "{{rule['cidr']}}" |
| | | {% endif %} |
| | | {% if rule['group'] is defined %} |
| | | SourceSecurityGroupId: |
| | | Fn::GetAtt: |
| | | - "{{rule['group']}}" |
| | | - GroupId |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | zoneinternalidns: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ zone_internal_dns }}" |
| | | VPCs: |
| | | - VPCId: |
| | | Ref: Vpc |
| | | VPCRegion: |
| | | Ref: "AWS::Region" |
| | | HostedZoneConfig: |
| | | Comment: "Created By ansible agnostic deployer" |
| | | |
| | | |
| | | {% for instance in instances %} |
| | | {% for c in range(1,(instance['count'] |int)+1) %} |
| | | {% set instancecount = loop %} |
| | | #this is host {{instance['name']}}{{loop.index}} |
| | | |
| | | {{instance['name']}}{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | DependsOn: |
| | | - PrivateRouteNatGateway |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - {{ instance['image_id'] | default(aws_default_image) }} |
| | | |
| | | InstanceType: "{{instance['flavor'][cloud_provider]}}" |
| | | KeyName: "{{instance['key_name'] | default(key_name)}}" |
| | | {% if instance['UserData'] is defined %} |
| | | {{instance['UserData']}} |
| | | {% endif %} |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - {{instance['security_group']}} |
| | | - GroupId |
| | | SubnetId: |
| | | {% if instance['public_dns'] %} |
| | | Ref: PublicSubnet |
| | | {% else %} |
| | | Ref: PrivateSubnet |
| | | {% endif %} |
| | | Tags: |
| | | {% if instance['unique'] | default(false) %} |
| | | - Key: Name |
| | | Value: {{course_name}}-{{guid}}-{{instance['name']}} |
| | | - Key: internaldns |
| | | Value: {{instance['name']}}.{{chomped_zone_internal_dns}} |
| | | {% else %} |
| | | - Key: Name |
| | | Value: {{course_name}}-{{guid}}-{{instance['name']}}{{instancecount.index}} |
| | | - Key: internaldns |
| | | Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}} |
| | | {% endif %} |
| | | - Key: "owner" |
| | | Value: "{{ email | default('unknownuser') }}" |
| | | - Key: "Project" |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: "{{ instance['name'] }}" |
| | | {% if instance['unique'] | default(false) %} |
| | | - Key: "instance_name" |
| | | Value: "{{ instance['name'] }}" |
| | | {% else %} |
| | | - Key: "instance_name" |
| | | Value: "{{ instance['name'] }}{{instancecount.index}}" |
| | | {% endif %} |
| | | - Key: "env_type" |
| | | Value: "{{ env_type }}" |
| | | - Key: "guid" |
| | | Value: "{{ guid }}" |
| | | {% for tag in instance['tags'] %} |
| | | - Key: {{tag['key']}} |
| | | Value: {{tag['value']}} |
| | | {% endfor %} |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: 30 |
| | | {% for vol in instance.volumes|default([]) if vol.enable|d(true) %} |
| | | - DeviceName: "{{ vol.name | default(vol.device_name) }}" |
| | | Ebs: |
| | | {% if cloud_provider in vol and 'type' in vol.ec2 %} |
| | | VolumeType: "{{ vol[cloud_provider].type }}" |
| | | {% else %} |
| | | VolumeType: "{{ aws_default_volume_type }}" |
| | | {% endif %} |
| | | VolumeSize: "{{ vol.size }}" |
| | | DeleteOnTermination: true |
| | | {% endfor %} |
| | | {{instance['name']}}{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | {% if instance['unique'] | default(false) %} |
| | | - Name: "{{instance['name']}}.{{zone_internal_dns}}" |
| | | {% else %} |
| | | - Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}" |
| | | {% endif %} |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PrivateIp |
| | | {% if instance['public_dns'] %} |
| | | {{instance['name']}}{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: {{instance['name']}}{{loop.index}} |
| | | {{instance['name']}}{{loop.index}}PublicDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - {{instance['name']}}{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | {% if instance['unique'] | default(false) %} |
| | | - Name: "{{instance['name']}}.{{subdomain_base}}." |
| | | {% else %} |
| | | - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}." |
| | | {% endif %} |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PublicIp |
| | | {% endif %} |
| | | |
| | | {% endfor %} |
| | | {% endfor %} |
New file |
| | |
| | | [windows_hosts] |
| | | {% for host in hostvars %} |
| | | {% if "win1" in host %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }} |
| | | {% elif "win2" in host %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }} |
| | | {% elif "workstation" in host %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ workstation_password }}" private_ip={{ hostvars[host].private_ip_address }} |
| | | {% endif %} |
| | | {% endfor %} |
| | | |
| | | {% for group in groups %} |
| | | {% if 'tag' not in group and 'unknowns' not in group and 'ungrouped' not in group and 'linux' not in group and 'towers' not in group and 'gitlab' not in group and 'bastions' not in group %} |
| | | |
| | | [{{group}}] |
| | | {% for entry in groups[group] %} |
| | | {% for host in hostvars %} |
| | | {% if entry == host and 'bastion' not in entry %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | {% endif %} |
| | | {% endfor %} |
| | | |
| | | [windows_hosts:vars] |
| | | ansible_connection=winrm |
| | | ansible_winrm_transport=credssp |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_port=5986 |
| | | |
| | | [workstations:vars] |
| | | ansible_connection=winrm |
| | | ansible_winrm_transport=credssp |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_port=5986 |
| | | |
| | | [activedirectories:vars] |
| | | ansible_connection=winrm |
| | | ansible_winrm_transport=credssp |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_port=5986 |
| | | ansible_user=Administrator |
| | | ansible_password="{{ windows_password }}" |
New file |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{ own_repo_path }}/ocp/common/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl={{ own_repo_path }}/ocp/common/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl={{ own_repo_path }}/ocp/common/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl={{ own_repo_path }}/ocp/common/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-server-rhscl-7-rpms] |
| | | name=Red Hat Enterprise Linux 7 Software Collections |
| | | baseurl={{ own_repo_path}}/ocp/common/rhel-server-rhscl-7-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [pinned-epel-rpms] |
| | | name=EPEL Pinned (RPMs) |
| | | baseurl={{own_repo_path}}/epel |
| | | enabled=1 |
| | | gpgcheck=0 |
New file |
| | |
| | | {{ "%-60s" | format('Instance') }} State Type |
| | | ---------------------------------------------------------------- |
| | | {% for instance in r_instances.instances %} |
| | | {{ "%-60s" | format(instance.tags.Name) }} {{ "%-10s" | format(instance.state.name) }} {{ instance.instance_type }} |
| | | {% endfor %} |
New file |
| | |
| | | [GenericExample:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | [all:vars] |
| | | ansible_become=true |
| | | admin_password="{{tower_admin_password}}" |
| | | |
| | | pg_host='support1.{{chomped_zone_internal_dns}}' |
| | | pg_port='5432' |
| | | |
| | | pg_database='awx' |
| | | pg_username='awx' |
| | | pg_password="{{tower_admin_password}}" |
| | | |
| | | rabbitmq_port=5672 |
| | | rabbitmq_vhost=tower |
| | | |
| | | rabbitmq_username=tower |
| | | rabbitmq_password="{{tower_admin_password}}" |
| | | rabbitmq_cookie=cookiemonster |
| | | |
| | | rabbitmq_use_long_name=true |
| | | |
| | | [GenericExample:children] |
| | | # These |
| | | tower |
| | | database |
| | | |
| | | [tower] |
| | | ## These are the towers |
| | | {% for host in groups['towers'] %} |
| | | tower{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=tower{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}} |
| | | {% endfor %} |
| | | |
| | | ## These are the supporthosts |
| | | [database] |
| | | support1.{{chomped_zone_internal_dns}} |
New file |
| | |
| | | --- |
| | | # Start / Stop Logic for OCP 4 Clusters |
| | | |
| | | - import_playbook: ../../setup_runtime.yml |
| | | |
| | | - name: Build inventory |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tasks: |
| | | - when: cloud_provider == 'ec2' |
| | | block: |
| | | - name: Run infra-ec2-create-inventory Role |
| | | include_role: |
| | | name: infra-ec2-create-inventory |
| | | |
| | | - name: Run Common SSH Config Generator Role |
| | | include_role: |
| | | name: infra-common-ssh-config-generate |
| | | when: "'bastions' in groups" |
| | | |
| | | - name: Set ansible_ssh_extra_args |
| | | hosts: |
| | | - all:!windows:!network |
| | | gather_facts: false |
| | | any_errors_fatal: true |
| | | ignore_errors: false |
| | | tasks: |
| | | - name: Set facts for remote access |
| | | set_fact: |
| | | ansible_ssh_extra_args: >- |
| | | {{ ansible_ssh_extra_args|d() }} |
| | | -F {{hostvars.localhost.output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf |
| | | |
| | | - name: Run stop/start/status/... actions |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | tasks: |
| | | - name: Check for project_tag |
| | | when: project_tag is not defined or project_tag == '' |
| | | fail: |
| | | msg: "project_tag is not defined" |
| | | |
| | | - name: Check for ACTION |
| | | when: ACTION is not defined |
| | | fail: |
| | | msg: "ACTION is not defined" |
| | | |
| | | - name: Start / Stop VMs on AWS |
| | | when: |
| | | - cloud_provider == 'ec2' |
| | | - guid is defined |
| | | - guid != '' |
| | | - guid != '*' |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" |
| | | block: |
| | | - name: Stop instances by (guid,env_type) tags |
| | | when: ACTION == 'stop' |
| | | ec2_instance: |
| | | state: stopped |
| | | wait: no |
| | | filters: |
| | | "tag:guid": "{{ guid }}" |
| | | "tag:env_type": "{{ env_type }}" |
| | | instance-state-name: running |
| | | |
| | | - name: Start instances by (guid, env_type) tags |
| | | when: ACTION == 'start' |
| | | ec2_instance: |
| | | state: started |
| | | wait: true |
| | | filters: |
| | | "tag:guid": "{{ guid }}" |
| | | "tag:env_type": "{{ env_type }}" |
| | | instance-state-name: stopped |
| | | ignore_errors: true |
| | | |
| | | - when: ACTION == 'status' |
| | | block: |
| | | - name: Get EC2 facts using (guid, env_type) tag |
| | | ec2_instance_facts: |
| | | filters: |
| | | "tag:guid": "{{ guid }}" |
| | | "tag:env_type": "{{ env_type }}" |
| | | register: r_instances |
| | | |
| | | - name: Print status information to a file |
| | | template: |
| | | dest: "{{ output_dir }}/status.txt" |
| | | src: files/status.j2 |
New file |
| | |
| | | - name: Step 002 Post Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | - debug: |
| | | msg: Post Infrastructure Completed |
New file |
| | |
| | | - name: Step 00xxxxx post software |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software tasks Started" |
| | | |
| | | - name: Copy files to workstation |
| | | hosts: workstations |
| | | tasks: |
| | | - name: Copy Ansible Inventory for this environment |
| | | win_copy: |
| | | src: "{{output_dir}}/hosts-{{ env_type }}-{{ guid }}" |
| | | dest: "C:\\inventory.ini" |
| | | |
| | | - name: PostSoftware flight-check |
| | | hosts: towers |
| | | gather_facts: false |
| | | become: yes |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - name: See if virtualenv is installed |
| | | stat: |
| | | path: venv |
| | | register: virtualenv |
| | | |
| | | - name: Setup python virtualenv |
| | | shell: | |
| | | virtualenv venv |
| | | source venv/bin/activate |
| | | pip install ansible requests-credssp pywinrm |
| | | deactivate |
| | | exit 0 |
| | | when: not virtualenv.stat.exists |
| | | |
| | | - name: Test Ansible connectivity to Windows servers |
| | | shell: | |
| | | source venv/bin/activate |
| | | ansible windows -m win_ping |
| | | register: ansible_check |
| | | ignore_errors: true |
| | | |
| | | - debug: |
| | | var: ansible_check |
| | | |
| | | - fail: |
| | | msg: "Ansible test of tower environment failed" |
| | | when: ansible_check is failed |
| | | |
| | | - debug: |
| | | msg: "Post-Software checks completed successfully" |
| | | |
| | | - name: Provisioning final tasks |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Classroom ready" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | - name: Stop SSH/Socks proxy for Windows proxying through bastion |
| | | shell: | |
| | | ssh -i {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) | default(default_key_name)}} -o "ControlPath=~/.ssh/cp/ssh-%r@%h:%p" -O exit -p 22 {{hostvars[bastion_hostname].ansible_user}}@{{hostvars[bastion_hostname].public_ip_address}} |
| | | when: win_connect_method | d('winrm') == 'psrp' |
New file |
| | |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | tags: |
| | | - step001 |
| | | - pre_infrastructure |
| | | tasks: |
| | | - name: if windows_password is not defined, generate one |
| | | when: windows_password is not defined |
| | | block: |
| | | - name: Stat workdir/[...]_windows_password.txt file |
| | | stat: |
| | | path: "{{output_dir}}/{{ env_type }}_{{guid}}_windows_password.txt" |
| | | register: passwordfile |
| | | # This task needs to be "ansibled", we cannot assume tr exists |
| | | # This also doesn't work on MAC, that does have tr. |
| | | - name: Generate windows Administrator password if not already defined |
| | | command: openssl rand -base64 25 |
| | | register: password_gen_r |
| | | when: not passwordfile.stat.exists |
| | | |
| | | # TODO: use slurp |
| | | - name: Read windows password from workdir/[...]_windows_password.txt file |
| | | command: "cat '{{output_dir}}/{{ env_type }}_{{guid}}_windows_password.txt'" |
| | | register: password_get_r |
| | | changed_when: false |
| | | when: passwordfile.stat.exists |
| | | |
| | | - name: set_fact windows_password (just generated) |
| | | set_fact: |
| | | generated_windows_password: "{{ password_gen_r.stdout }}" |
| | | windows_password: "{{ password_gen_r.stdout }}" |
| | | when: not passwordfile.stat.exists |
| | | |
| | | - name: set_fact windows_password (previously generated) |
| | | set_fact: |
| | | generated_windows_password: "{{ password_get_r.stdout }}" |
| | | when: passwordfile.stat.exists |
| | | |
| | | - name: Save windows_password or generated_windows_password into workdir/ |
| | | copy: |
| | | content: "{{ windows_password | default(generated_windows_password) }}" |
| | | dest: "{{output_dir}}/{{ env_type }}_{{guid}}_windows_password.txt" |
| | | mode: 0600 |
| | | |
New file |
| | |
| | | --- |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - step003 |
| | | - generate_env_keys |
| | | tasks: |
| | | - name: Generate SSH keys |
| | | shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N "" |
| | | args: |
| | | creates: "{{output_dir}}/{{env_authorized_key}}" |
| | | when: set_env_authorized_key | bool |
| | | |
| | | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| | | |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: |
| | | - all:!windows |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | roles: |
| | | - { role: "set-repositories", when: 'repo_method is defined' } |
| | | - { role: "common", when: 'install_common' } |
| | | - { role: "set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
| | | roles: |
| | | - { role: "bastion", when: 'install_bastion' } |
| | | - { role: "status-report-install", when: 'report_status | d(false)' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | # - name: Inject and configure FTL on bastion as grader host |
| | | # hosts: bastions |
| | | # become: true |
| | | # tasks: |
| | | # - name: Setup FTL |
| | | # include_role: |
| | | # name: ftl-injector |
| | | # tags: |
| | | # - step004 |
| | | # - ftl-injector |
| | | |
| | | - name: Configure windows machines |
| | | hosts: |
| | | - windows |
| | | gather_facts: False |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | - windows_tasks |
| | | roles: |
| | | - role: windows-common |
| | | when: hostvars.localhost.install_win_ssh |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | # External role to setup grader host virtualenv and FTL grading infra |
| | | |
| | | - src: https://github.com/redhat-gpte-devopsautomation/ftl-injector |
| | | name: ftl-injector |
| | | version: v0.7 |
| | | |
| | | # From 'Stouts.wsgi' |
| | | - src: https://github.com/Stouts/Stouts.wsgi |
| | | version: 2.1.4 |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Report Provisioning Status |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Servers provisioned 1 of 6" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | |
| | | - name: Step 001 software - Configure Active Directory DC |
| | | hosts: activedirectories |
| | | gather_facts: true |
| | | tags: |
| | | - windows-ad-controller |
| | | roles: |
| | | - skylight-windows-ad |
| | | |
| | | - name: Report Provisioning Status |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Active Directory configured 2 of 6" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | |
| | | - name: Step 002 software - Configure Windows Servers |
| | | hosts: |
| | | - windows_servers |
| | | - workstations |
| | | gather_facts: true |
| | | tags: |
| | | - windows-servers |
| | | roles: |
| | | - skylight-windows-common |
| | | |
| | | - name: Report Provisioning Status |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Windows servers configured 3 of 6" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | |
| | | - name: Step 003.1 software - Configure GitLab Host |
| | | hosts: gitlab |
| | | become: true |
| | | gather_facts: true |
| | | tags: |
| | | - gitlab |
| | | roles: |
| | | - skylight-linux-common |
| | | - geerlingguy.gitlab |
| | | |
| | | - name: Step 003.2 software - Configure Gitlab Environment |
| | | hosts: gitlab |
| | | become: true |
| | | gather_facts: true |
| | | tags: |
| | | - gitlab |
| | | roles: |
| | | - skylight-gitlab-env |
| | | |
| | | - name: Step 003.3 software - Configure DO417 repos |
| | | hosts: gitlab |
| | | become: False |
| | | gather_facts: False |
| | | tags: |
| | | - gitlab |
| | | roles: |
| | | - skylight-do417-repos |
| | | |
| | | - name: Report Provisioning Status |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Gitlab configured 4 of 6" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | |
| | | - name: Step 004 software - Configure Ansible Tower |
| | | hosts: towers |
| | | become: true |
| | | gather_facts: true |
| | | tags: |
| | | - ansible-tower |
| | | roles: |
| | | - skylight-linux-common |
| | | - skylight-ansible-tower |
| | | |
| | | - name: Report Provisioning Status |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Ansible Tower configured 5 of 6" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | |
| | | - name: Step 005 software - Configure Windows Workstation |
| | | hosts: workstations |
| | | gather_facts: true |
| | | tags: |
| | | - windows-workstation |
| | | roles: |
| | | - skylight-windows-workstation |
| | | |
| | | - name: Report Provisioning Status |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: no |
| | | tasks: |
| | | - name: Report provisioning status |
| | | include_role: |
| | | name: status-report |
| | | vars: |
| | | classroom_status: "Windows Workstation configured 6 of 6" |
| | | status_json: "{{ lookup('template', 'report.j2') }}" |
| | | when: report_status |
| | | |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Ended" |
New file |
| | |
| | | { "workstation_username": "{{ workstation_user }}", "workstation_password": "{{ workstation_password }}", "workstation_hostname": "workstation.{{ guid }}{{subdomain_base_suffix}}", "classroom_identifier": "{{ guid }}", "classroom_type": "{{ env_type }}", "classroom_region": "{{ aws_region }}", "status": "{{ classroom_status | d('unknown') }}" } |
New file |
| | |
| | | UserData: |
| | | "Fn::Base64": |
| | | "Fn::Join": |
| | | - "" |
| | | - - "<powershell>\n" |
| | | - "Get-ScheduledTask *ngen* | Disable-ScheduledTask\n" |
| | | - "reg add 'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update' /v AUOptions /t REG_DWORD /d 1 /f\n" |
| | | - "net stop wuauserv\n" |
| | | - "net start wuauserv\n" |
| | | - "Set-MpPreference -DisableRealtimeMonitoring $true\n" |
| | | - "$admin = [adsi]('WinNT://./administrator, user')\n" |
| | | - "$admin.PSBase.Invoke('SetPassword', '{{windows_password}}')\n" |
| | | - "Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile C:\\ConfigureRemotingForAnsible.ps1\n" |
| | | - "C:\\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP -GlobalHttpFirewallAccess\n" |
| | | - "</powershell>" |
| | |
| | | #vim: set ft=ansible: |
| | | --- |
| | | ######################### Install Basic Packages |
| | | - name: Install DNF backend for Yum |
| | | yum: |
| | | state: present |
| | | name: python2-dnf |
| | | register: dnf |
| | | until: dnf is succeeded |
| | | retries: 10 |
| | | delay: 10 |
| | | tags: |
| | | - install_common_packages |
| | | |
| | | - name: install basic packages |
| | | yum: |
| | | state: present |
| | | name: "{{common_packages}}" |
| | | use_backend: dnf |
| | | register: yumr |
| | | until: yumr is succeeded |
| | | retries: "{{ common_install_basic_packages_retries }}" |
New file |
| | |
| | | skip_list: |
| | | - '602' |
New file |
| | |
| | | *.retry |
| | | */__pycache__ |
| | | *.pyc |
New file |
| | |
| | | --- |
| | | language: python |
| | | services: docker |
| | | |
| | | env: |
| | | global: |
| | | - ROLE_NAME: gitlab |
| | | matrix: |
| | | - MOLECULE_DISTRO: centos7 |
| | | - MOLECULE_DISTRO: ubuntu1804 |
| | | - MOLECULE_DISTRO: debian9 |
| | | - MOLECULE_DISTRO: centos7 |
| | | MOLECULE_PLAYBOOK: playbook-version.yml |
| | | - MOLECULE_DISTRO: ubuntu1804 |
| | | MOLECULE_PLAYBOOK: playbook-version.yml |
| | | |
| | | install: |
| | | # Install test dependencies. |
| | | - pip install molecule docker |
| | | |
| | | before_script: |
| | | # Use actual Ansible Galaxy role name for the project directory. |
| | | - cd ../ |
| | | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME |
| | | - cd geerlingguy.$ROLE_NAME |
| | | |
| | | script: |
| | | # Run tests. |
| | | - molecule test |
| | | |
| | | notifications: |
| | | webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
New file |
| | |
| | | The MIT License (MIT) |
| | | |
| | | Copyright (c) 2017 Jeff Geerling |
| | | |
| | | Permission is hereby granted, free of charge, to any person obtaining a copy of |
| | | this software and associated documentation files (the "Software"), to deal in |
| | | the Software without restriction, including without limitation the rights to |
| | | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of |
| | | the Software, and to permit persons to whom the Software is furnished to do so, |
| | | subject to the following conditions: |
| | | |
| | | The above copyright notice and this permission notice shall be included in all |
| | | copies or substantial portions of the Software. |
| | | |
| | | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| | | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS |
| | | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
| | | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER |
| | | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| | | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
New file |
| | |
| | | # Ansible Role: GitLab |
| | | |
| | | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-gitlab.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-gitlab) |
| | | |
| | | Installs GitLab, a Ruby-based front-end to Git, on any RedHat/CentOS or Debian/Ubuntu linux system. |
| | | |
| | | GitLab's default administrator account details are below; be sure to login immediately after installation and change these credentials! |
| | | |
| | | root |
| | | 5iveL!fe |
| | | |
| | | ## Requirements |
| | | |
| | | None. |
| | | |
| | | ## Role Variables |
| | | |
| | | Available variables are listed below, along with default values (see `defaults/main.yml`): |
| | | |
| | | gitlab_external_url: "https://gitlab/" |
| | | |
| | | The URL at which the GitLab instance will be accessible. This is set as the `external_url` configuration setting in `gitlab.rb`, and if you want to run GitLab on a different port (besides 80/443), you can specify the port here (e.g. `https://gitlab:8443/` for port 8443). |
| | | |
| | | gitlab_git_data_dir: "/var/opt/gitlab/git-data" |
| | | |
| | | The `gitlab_git_data_dir` is the location where all the Git repositories will be stored. You can use a shared drive or any path on the system. |
| | | |
| | | gitlab_backup_path: "/var/opt/gitlab/backups" |
| | | |
| | | The `gitlab_backup_path` is the location where Gitlab backups will be stored. |
| | | |
| | | gitlab_edition: "gitlab-ce" |
| | | |
| | | The edition of GitLab to install. Usually either `gitlab-ce` (Community Edition) or `gitlab-ee` (Enterprise Edition). |
| | | |
| | | gitlab_version: '' |
| | | |
| | | If you'd like to install a specific version, set the version here (e.g. `11.4.0-ce.0` for Debian/Ubuntu, or `11.4.0-ce.0.el7` for RedHat/CentOS). |
| | | |
| | | gitlab_config_template: "gitlab.rb.j2" |
| | | |
| | | The `gitlab.rb.j2` template packaged with this role is meant to be very generic and serve a variety of use cases. However, many people would like to have a much more customized version, and so you can override this role's default template with your own, adding any additional customizations you need. To do this: |
| | | |
| | | - Create a `templates` directory at the same level as your playbook. |
| | | - Create a `templates\mygitlab.rb.j2` file (just choose a different name from the default template). |
| | | - Set the variable like: `gitlab_config_template: mygitlab.rb.j2` (with the name of your custom template). |
| | | |
| | | ### SSL Configuration. |
| | | |
| | | gitlab_redirect_http_to_https: "true" |
| | | gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt" |
| | | gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key" |
| | | |
| | | GitLab SSL configuration; tells GitLab to redirect normal http requests to https, and the path to the certificate and key (the default values will work for automatic self-signed certificate creation, if set to `true` in the variable below). |
| | | |
| | | # SSL Self-signed Certificate Configuration. |
| | | gitlab_create_self_signed_cert: "true" |
| | | gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN=gitlab" |
| | | |
| | | Whether to create a self-signed certificate for serving GitLab over a secure connection. Set `gitlab_self_signed_cert_subj` according to your locality and organization. |
| | | |
| | | # LDAP Configuration. |
| | | gitlab_ldap_enabled: "false" |
| | | gitlab_ldap_host: "example.com" |
| | | gitlab_ldap_port: "389" |
| | | gitlab_ldap_uid: "sAMAccountName" |
| | | gitlab_ldap_method: "plain" |
| | | gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com" |
| | | gitlab_ldap_password: "password" |
| | | gitlab_ldap_base: "DC=example,DC=com" |
| | | |
| | | GitLab LDAP configuration; if `gitlab_ldap_enabled` is `true`, the rest of the configuration will tell GitLab how to connect to an LDAP server for centralized authentication. |
| | | |
| | | gitlab_time_zone: "UTC" |
| | | |
| | | Gitlab timezone. |
| | | |
| | | gitlab_backup_keep_time: "604800" |
| | | |
| | | How long to keep local backups (useful if you don't want backups to fill up your drive!). |
| | | |
| | | gitlab_download_validate_certs: true |
| | | |
| | | Controls whether to validate certificates when downloading the GitLab installation repository install script. |
| | | |
| | | # Email configuration. |
| | | gitlab_email_enabled: "false" |
| | | gitlab_email_from: "gitlab@example.com" |
| | | gitlab_email_display_name: "Gitlab" |
| | | gitlab_email_reply_to: "gitlab@example.com" |
| | | |
| | | Gitlab system mail configuration. Disabled by default; set `gitlab_email_enabled` to `true` to enable, and make sure you enter valid from/reply-to values. |
| | | |
| | | # SMTP Configuration |
| | | gitlab_smtp_enable: "false" |
| | | gitlab_smtp_address: "smtp.server" |
| | | gitlab_smtp_port: "465" |
| | | gitlab_smtp_user_name: "smtp user" |
| | | gitlab_smtp_password: "smtp password" |
| | | gitlab_smtp_domain: "example.com" |
| | | gitlab_smtp_authentication: "login" |
| | | gitlab_smtp_enable_starttls_auto: "true" |
| | | gitlab_smtp_tls: "false" |
| | | gitlab_smtp_openssl_verify_mode: "none" |
| | | gitlab_smtp_ca_path: "/etc/ssl/certs" |
| | | gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt" |
| | | |
| | | Gitlab SMTP configuration; of `gitlab_smtp_enable` is `true`, the rest of the configuration will tell GitLab how to send mails using an smtp server. |
| | | |
| | | gitlab_nginx_listen_port: 8080 |
| | | |
| | | If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else. |
| | | |
| | | gitlab_nginx_listen_https: "false" |
| | | |
| | | If you are running GitLab behind a reverse proxy, you may wish to terminate SSL at another proxy server or load balancer |
| | | |
| | | gitlab_nginx_ssl_verify_client: "" |
| | | gitlab_nginx_ssl_client_certificate: "" |
| | | |
| | | If you want to enable [2-way SSL Client Authentication](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-2-way-ssl-client-authentication), set `gitlab_nginx_ssl_verify_client` and add a path to the client certificate in `gitlab_nginx_ssl_client_certificate`. |
| | | |
| | | gitlab_default_theme: 2 |
| | | |
| | | GitLab includes a number of themes, and you can set the default for all users with this variable. See [the included GitLab themes to choose a default](https://github.com/gitlabhq/gitlabhq/blob/master/config/gitlab.yml.example#L79-L85). |
| | | |
| | | ## Dependencies |
| | | |
| | | None. |
| | | |
| | | ## Example Playbook |
| | | |
| | | - hosts: servers |
| | | vars_files: |
| | | - vars/main.yml |
| | | roles: |
| | | - { role: geerlingguy.gitlab } |
| | | |
| | | *Inside `vars/main.yml`*: |
| | | |
| | | gitlab_external_url: "https://gitlab.example.com/" |
| | | |
| | | ## License |
| | | |
| | | MIT / BSD |
| | | |
| | | ## Author Information |
| | | |
| | | This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). |
New file |
| | |
| | | --- |
| | | # General config. |
| | | gitlab_external_url: "https://gitlab/" |
| | | gitlab_git_data_dir: "/var/opt/gitlab/git-data" |
| | | gitlab_edition: "gitlab-ce" |
| | | gitlab_version: '' |
| | | gitlab_backup_path: "/var/opt/gitlab/backups" |
| | | gitlab_config_template: "gitlab.rb.j2" |
| | | |
| | | # SSL Configuration. |
| | | gitlab_redirect_http_to_https: "true" |
| | | gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt" |
| | | gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key" |
| | | |
| | | # SSL Self-signed Certificate Configuration. |
| | | gitlab_create_self_signed_cert: "true" |
| | | gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN=gitlab" |
| | | |
| | | # LDAP Configuration. |
| | | gitlab_ldap_enabled: "false" |
| | | gitlab_ldap_host: "example.com" |
| | | gitlab_ldap_port: "389" |
| | | gitlab_ldap_uid: "sAMAccountName" |
| | | gitlab_ldap_method: "plain" |
| | | gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com" |
| | | gitlab_ldap_password: "password" |
| | | gitlab_ldap_base: "DC=example,DC=com" |
| | | |
| | | # SMTP Configuration |
| | | gitlab_smtp_enable: "false" |
| | | gitlab_smtp_address: "smtp.server" |
| | | gitlab_smtp_port: "465" |
| | | gitlab_smtp_user_name: "smtp user" |
| | | gitlab_smtp_password: "smtp password" |
| | | gitlab_smtp_domain: "example.com" |
| | | gitlab_smtp_authentication: "login" |
| | | gitlab_smtp_enable_starttls_auto: "true" |
| | | gitlab_smtp_tls: "false" |
| | | gitlab_smtp_openssl_verify_mode: "none" |
| | | gitlab_smtp_ca_path: "/etc/ssl/certs" |
| | | gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt" |
| | | |
| | | # 2-way SSL Client Authentication support. |
| | | gitlab_nginx_ssl_verify_client: "" |
| | | gitlab_nginx_ssl_client_certificate: "" |
| | | |
| | | # Probably best to leave this as the default, unless doing testing. |
| | | gitlab_restart_handler_failed_when: 'gitlab_restart.rc != 0' |
| | | |
| | | # Optional settings. |
| | | gitlab_time_zone: "UTC" |
| | | gitlab_backup_keep_time: "604800" |
| | | gitlab_download_validate_certs: true |
| | | gitlab_default_theme: '2' |
| | | |
| | | # Email configuration. |
| | | gitlab_email_enabled: "false" |
| | | gitlab_email_from: "gitlab@example.com" |
| | | gitlab_email_display_name: "Gitlab" |
| | | gitlab_email_reply_to: "gitlab@example.com" |
New file |
| | |
| | | --- |
| | | - name: restart gitlab |
| | | command: gitlab-ctl reconfigure |
| | | register: gitlab_restart |
| | | failed_when: gitlab_restart_handler_failed_when | bool |
New file |
| | |
| | | --- |
| | | dependencies: [] |
| | | |
| | | galaxy_info: |
| | | author: geerlingguy |
| | | description: GitLab Git web interface |
| | | company: "Midwestern Mac, LLC" |
| | | license: "license (BSD, MIT)" |
| | | min_ansible_version: 2.0 |
| | | platforms: |
| | | - name: EL |
| | | versions: |
| | | - 6 |
| | | - 7 |
| | | - name: Debian |
| | | versions: |
| | | - all |
| | | - name: Ubuntu |
| | | versions: |
| | | - all |
| | | galaxy_tags: |
| | | - development |
| | | - web |
| | | - gitlab |
| | | - git |
| | | - repository |
| | | - ci |
| | | - integration |
New file |
| | |
| | | --- |
| | | dependency: |
| | | name: galaxy |
| | | driver: |
| | | name: docker |
| | | lint: |
| | | name: yamllint |
| | | options: |
| | | config-file: molecule/default/yaml-lint.yml |
| | | platforms: |
| | | - name: instance |
| | | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" |
| | | command: ${MOLECULE_DOCKER_COMMAND:-""} |
| | | volumes: |
| | | - /sys/fs/cgroup:/sys/fs/cgroup:ro |
| | | privileged: true |
| | | pre_build_image: true |
| | | provisioner: |
| | | name: ansible |
| | | lint: |
| | | name: ansible-lint |
| | | playbooks: |
| | | converge: ${MOLECULE_PLAYBOOK:-playbook.yml} |
| | | scenario: |
| | | name: default |
| | | verifier: |
| | | name: testinfra |
| | | lint: |
| | | name: flake8 |
New file |
| | |
| | | --- |
| | | - name: Converge |
| | | hosts: all |
| | | become: true |
| | | |
| | | vars: |
| | | gitlab_restart_handler_failed_when: false |
| | | |
| | | pre_tasks: |
| | | - name: Update apt cache. |
| | | apt: update_cache=true cache_valid_time=600 |
| | | when: ansible_os_family == 'Debian' |
| | | changed_when: false |
| | | |
| | | - name: Remove the .dockerenv file so GitLab Omnibus doesn't get confused. |
| | | file: |
| | | path: /.dockerenv |
| | | state: absent |
| | | |
| | | - name: Set the test GitLab version number for Debian. |
| | | set_fact: |
| | | gitlab_version: '11.4.0-ce.0' |
| | | when: ansible_os_family == 'Debian' |
| | | |
| | | - name: Set the test GitLab version number for RedHat. |
| | | set_fact: |
| | | gitlab_version: '11.4.0-ce.0.el7' |
| | | when: ansible_os_family == 'RedHat' |
| | | |
| | | roles: |
| | | - role: geerlingguy.gitlab |
New file |
| | |
| | | --- |
| | | - name: Converge |
| | | hosts: all |
| | | become: true |
| | | |
| | | vars: |
| | | gitlab_restart_handler_failed_when: false |
| | | |
| | | pre_tasks: |
| | | - name: Update apt cache. |
| | | apt: update_cache=true cache_valid_time=600 |
| | | when: ansible_os_family == 'Debian' |
| | | changed_when: false |
| | | |
| | | - name: Remove the .dockerenv file so GitLab Omnibus doesn't get confused. |
| | | file: |
| | | path: /.dockerenv |
| | | state: absent |
| | | |
| | | roles: |
| | | - role: geerlingguy.gitlab |
New file |
| | |
| | | --- |
| | | extends: default |
| | | rules: |
| | | line-length: |
| | | max: 140 |
| | | level: warning |
New file |
| | |
| | | --- |
| | | - name: Include OS-specific variables. |
| | | include_vars: "{{ ansible_os_family }}.yml" |
| | | |
| | | - name: Check if GitLab configuration file already exists. |
| | | stat: path=/etc/gitlab/gitlab.rb |
| | | register: gitlab_config_file |
| | | |
| | | - name: Check if GitLab is already installed. |
| | | stat: path=/usr/bin/gitlab-ctl |
| | | register: gitlab_file |
| | | |
| | | # Install GitLab and its dependencies. |
| | | - name: Install GitLab dependencies. |
| | | package: |
| | | name: |
| | | - openssh-server |
| | | - postfix |
| | | - curl |
| | | - openssl |
| | | - tzdata |
| | | state: present |
| | | |
| | | - name: Download GitLab repository installation script. |
| | | get_url: |
| | | url: "{{ gitlab_repository_installation_script_url }}" |
| | | dest: /tmp/gitlab_install_repository.sh |
| | | validate_certs: "{{ gitlab_download_validate_certs }}" |
| | | when: not gitlab_file.stat.exists |
| | | |
| | | - name: Install GitLab repository. |
| | | command: bash /tmp/gitlab_install_repository.sh |
| | | when: not gitlab_file.stat.exists |
| | | |
| | | - name: Define the Gitlab package name. |
| | | set_fact: |
| | | gitlab_package_name: "{{ gitlab_edition }}{{ gitlab_package_version_separator }}{{ gitlab_version }}" |
| | | when: gitlab_version != '' |
| | | |
| | | - name: Install GitLab |
| | | package: |
| | | name: "{{ gitlab_package_name | default(gitlab_edition) }}" |
| | | state: present |
| | | when: not gitlab_file.stat.exists |
| | | |
| | | # Start and configure GitLab. Sometimes the first run fails, but after that, |
| | | # restarts fix problems, so ignore failures on this run. |
| | | - name: Reconfigure GitLab (first run). |
| | | command: > |
| | | gitlab-ctl reconfigure |
| | | creates=/var/opt/gitlab/bootstrapped |
| | | failed_when: false |
| | | |
| | | - name: Create GitLab SSL configuration folder. |
| | | file: |
| | | path: /etc/gitlab/ssl |
| | | state: directory |
| | | owner: root |
| | | group: root |
| | | mode: 0700 |
| | | when: gitlab_create_self_signed_cert | bool |
| | | |
| | | - name: Create self-signed certificate. |
| | | command: > |
| | | openssl req -new -nodes -x509 -subj "{{ gitlab_self_signed_cert_subj }}" |
| | | -days 3650 -keyout {{ gitlab_ssl_certificate_key }} -out {{ gitlab_ssl_certificate }} -extensions v3_ca |
| | | creates={{ gitlab_ssl_certificate }} |
| | | when: gitlab_create_self_signed_cert | bool |
| | | |
| | | - name: Copy GitLab configuration file. |
| | | template: |
| | | src: "{{ gitlab_config_template }}" |
| | | dest: /etc/gitlab/gitlab.rb |
| | | owner: root |
| | | group: root |
| | | mode: 0600 |
| | | notify: restart gitlab |
New file |
| | |
| | | # The URL through which GitLab will be accessed. |
| | | external_url "{{ gitlab_external_url }}" |
| | | |
| | | # gitlab.yml configuration |
| | | gitlab_rails['time_zone'] = "{{ gitlab_time_zone }}" |
| | | gitlab_rails['backup_keep_time'] = {{ gitlab_backup_keep_time }} |
| | | gitlab_rails['gitlab_email_enabled'] = {{ gitlab_email_enabled }} |
| | | {% if gitlab_email_enabled == "true" %} |
| | | gitlab_rails['gitlab_email_from'] = "{{ gitlab_email_from }}" |
| | | gitlab_rails['gitlab_email_display_name'] = "{{ gitlab_email_display_name }}" |
| | | gitlab_rails['gitlab_email_reply_to'] = "{{ gitlab_email_reply_to }}" |
| | | {% endif %} |
| | | |
| | | # Default Theme |
| | | gitlab_rails['gitlab_default_theme'] = "{{ gitlab_default_theme }}" |
| | | |
| | | # Whether to redirect http to https. |
| | | nginx['redirect_http_to_https'] = {{ gitlab_redirect_http_to_https }} |
| | | nginx['ssl_certificate'] = "{{ gitlab_ssl_certificate }}" |
| | | nginx['ssl_certificate_key'] = "{{ gitlab_ssl_certificate_key }}" |
| | | |
| | | # The directory where Git repositories will be stored. |
| | | git_data_dirs({"default" => {"path" => "{{ gitlab_git_data_dir }}"} }) |
| | | |
| | | # The directory where Gitlab backups will be stored |
| | | gitlab_rails['backup_path'] = "{{ gitlab_backup_path }}" |
| | | |
| | | # These settings are documented in more detail at |
| | | # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example#L118 |
| | | gitlab_rails['ldap_enabled'] = {{ gitlab_ldap_enabled }} |
| | | gitlab_rails['ldap_host'] = '{{ gitlab_ldap_host }}' |
| | | gitlab_rails['ldap_port'] = {{ gitlab_ldap_port }} |
| | | gitlab_rails['ldap_uid'] = '{{ gitlab_ldap_uid }}' |
| | | gitlab_rails['ldap_method'] = '{{ gitlab_ldap_method}}' # 'ssl' or 'plain' |
| | | gitlab_rails['ldap_bind_dn'] = '{{ gitlab_ldap_bind_dn }}' |
| | | gitlab_rails['ldap_password'] = '{{ gitlab_ldap_password }}' |
| | | gitlab_rails['ldap_allow_username_or_email_login'] = true |
| | | gitlab_rails['ldap_base'] = '{{ gitlab_ldap_base }}' |
| | | |
| | | # GitLab Nginx |
| | | ## See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md |
| | | {% if gitlab_nginx_listen_port is defined %} |
| | | nginx['listen_port'] = "{{ gitlab_nginx_listen_port }}" |
| | | {% endif %} |
| | | {% if gitlab_nginx_listen_https is defined %} |
| | | nginx['listen_https'] = {{ gitlab_nginx_listen_https }} |
| | | {% endif %} |
| | | |
| | | # Use smtp instead of sendmail/postfix |
| | | # More details and example configuration at |
| | | # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/smtp.md |
| | | gitlab_rails['smtp_enable'] = {{ gitlab_smtp_enable }} |
| | | gitlab_rails['smtp_address'] = '{{ gitlab_smtp_address }}' |
| | | gitlab_rails['smtp_port'] = {{ gitlab_smtp_port }} |
| | | gitlab_rails['smtp_user_name'] = '{{ gitlab_smtp_user_name }}' |
| | | gitlab_rails['smtp_password'] = '{{ gitlab_smtp_password }}' |
| | | gitlab_rails['smtp_domain'] = '{{ gitlab_smtp_domain }}' |
| | | gitlab_rails['smtp_authentication'] = '{{ gitlab_smtp_authentication }}' |
| | | gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab_smtp_enable_starttls_auto }} |
| | | gitlab_rails['smtp_tls'] = {{ gitlab_smtp_tls }} |
| | | gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab_smtp_openssl_verify_mode }}' |
| | | gitlab_rails['smtp_ca_path'] = '{{ gitlab_smtp_ca_path }}' |
| | | gitlab_rails['smtp_ca_file'] = '{{ gitlab_smtp_ca_file }}' |
| | | |
| | | # 2-way SSL Client Authentication. |
| | | {% if gitlab_nginx_ssl_verify_client %} |
| | | nginx['ssl_verify_client'] = "{{ gitlab_nginx_ssl_verify_client }}" |
| | | {% endif %} |
| | | {% if gitlab_nginx_ssl_client_certificate %} |
| | | nginx['ssl_client_certificate'] = "{{ gitlab_nginx_ssl_client_certificate }}" |
| | | {% endif %} |
| | | |
| | | # To change other settings, see: |
| | | # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#changing-gitlab-yml-settings |
New file |
| | |
| | | --- |
| | | gitlab_package_version_separator: '=' |
| | | gitlab_repository_installation_script_url: "https://packages.gitlab.com/install/repositories/gitlab/{{ gitlab_edition }}/script.deb.sh" |
New file |
| | |
| | | --- |
| | | gitlab_package_version_separator: '-' |
| | | gitlab_repository_installation_script_url: "https://packages.gitlab.com/install/repositories/gitlab/{{ gitlab_edition }}/script.rpm.sh" |
| | |
| | | |
| | | aws_ami_region_mapping: |
| | | ap-south-1: |
| | | RHEL76GOLD: ami-0656c5f7881490f7a # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0c6ec6988a8df3acc # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-952879fa # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0aa4317636e016115 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-5c2f7e33 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-03087b28576b37511 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0dfd6c47961875b86 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-069b8cf30ef60e8aa # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0d08c1bf7e46a5840 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-01d03db4f15785967 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-0f081411c04e148ab # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | eu-west-3: |
| | | RHEL76GOLD: ami-0a74212566be8f9e2 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0a0167e3e2a1d1d9b # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-69d06614 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-039346fed23fb53ad # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-66d0661b # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-080d3d8def91e4f44 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0b9d191a8259d92e2 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-08075bd104313685c # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-072e7e4e02eeb267d # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-013d8e43691bee8e8 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-01ce756cc8a299d0a # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | eu-west-2: |
| | | RHEL76GOLD: ami-051fb39c3a16c8a85 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-01f010afd559615b9 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-55bca731 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0ac5fae255ddac6f6 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-b4b3a8d0 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0699aabf510a3f2f8 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0964d8bb6ca66d551 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-055831cb3e2a3fb18 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0d3900ac08ee9aa1c # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0f7dea7db52f4eddb # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-01ce80a64fb8cb5e9 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | eu-west-1: |
| | | RHEL76GOLD: ami-02a1dcbcc4f50bdb9 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0c51cd02617947143 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-b7b6d3ce # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-092acf20fad7f7795 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-ccb7d2b5 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0370c806916d2a17f # Windows_Server-2012-R2_RTM-English-64Bit-HyperV-2018.09.15 |
| | | RHEL81: ami-0534d3148e3ce93d7 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-09eb28f10d99d7ef7 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0737ec3d03742d38c # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0e4373deed7b23043 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-00f8336af4b6b40bf # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | ap-northeast-2: |
| | | RHEL76GOLD: ami-0983c35dbbdd0f69e # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-031161cd3182e012a # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-9fa201f1 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0d226f15e3e46903a # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-90a201fe # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-02ee840e33e7c2244 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0dbadd8c47cf535fd # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-0e0539efa8c604e98 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-00ca4e793a7f026d7 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0dff19cc751766905 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-07b58618e45d4362d # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | ap-northeast-1: |
| | | RHEL76GOLD: ami-0b1fa7354371d3331 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0bf9ecb88f5719e17 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-ccf695aa # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0b517025bb2f0ad4a # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-36f09350 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-08e310c576c077de1 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0302fadfb901ae198 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-003d54e8a61bf0615 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0f8870c207dc4af69 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0109f4d579a89a0b6 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-0c63fb8188f151fb7 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | sa-east-1: |
| | | RHEL76GOLD: ami-06addb952810f166b # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-93b693ff # RHEL-7.5_HVM_GA-JBEAP-7.1.2-20180629-x86_64-1-Access2-GP2 |
| | | RHEL74GOLD: ami-dc014db0 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-01c56172f9db84834 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-1a064a76 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-079f7c686ba77c199 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0bac1917c46ed1418 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-008a45dbdbd743c04 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0f06dcfea3d436659 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0cf0e7fb5d2493b57 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-0b27170c41289fc50 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | ca-central-1: |
| | | RHEL76GOLD: ami-0ed2e023e005c9178 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-e320ad87 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-2a00854e # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-fc20ad98 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-71018415 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-020be7519c99e8064 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0eec8704b9b12656a # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-0a633699f800842b7 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-07cf57bc6e0b66c11 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-08673d963f6845dad # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-07d23537f44fe67c1 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | ap-southeast-1: |
| | | RHEL76GOLD: ami-070467cd1ef12f289 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0f44e46fa59e902b6 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-8193eafd # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-09fc728e15fbfb535 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-8d90e9f1 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0906117a55c70d5e7 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-00d042f59a75c06e7 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-07de3a63467109bd0 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-09082d40574490760 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-04666e19c9439a2e3 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-007e1dbff2381b636 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | ap-southeast-2: |
| | | RHEL76GOLD: ami-0499d01ff89fea5e6 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0066ef2f9c72fad96 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-dd9668bf # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0a61d60bde3940420 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-e1996783 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-09fb195e1d6625aab # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-0e3696cc3d156dd22 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-02ed9c9708d50eb1a # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0202f51d204a8428f # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0416c5cd08406d47d # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-0fb8890c7a7ca1457 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | eu-central-1: |
| | | RHEL76GOLD: ami-012838bc227c83b03 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-07d3f0705bebac978 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-b3d841dc # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-05ba90b00a46d83fa # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-8a21bfe5 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-07b8613a03480d559 # Windows_Server-2012-R2_RTM-English-64Bit-HyperV-2018.09.15 |
| | | RHEL81: ami-067e4f6fa56351e07 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-0d3fa57abf075dc09 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-02a6791b44938cfcd # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-02008f43af65efe69 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-09fe2745618d2af42 # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | us-east-1: |
| | | RHEL76GOLD: ami-0f83261cb7d041a1b #RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0456c465f72bd0c95 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-c5a094bf # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0394fe9914b475c53 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-76a3970c # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-003027603b9c132b3 # Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2016_SP1_Express-2018.09.15 |
| | | RHEL81: ami-09b947b170ccd0dbc # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | # WIN2016CORE: ami-0e7c21400e27171b2 # Windows_Server-2016-English-Core-Base Custom (2019.11) |
| | | # WIN2016FULL: ami-09bdbb4e91a102190 # Windows_Server-2016-English-Full-Base Custom (2019.11) |
| | | # WIN2019CORE: ami-08086d73e6b1b76d8 # Windows_Server-2019-English-Core-Base Custom (2019.11) |
| | | # WIN2019FULL: ami-0cb644506ed6091c9 # Windows_Server-2019-English-Full-Base Custom (2019.11) |
| | | WIN2016CORE: ami-020cff55b06f0b7c0 # Windows_Server-2016-English-Core-Base (2019.11) |
| | | WIN2016FULL: ami-08c7081300f7d9abb # Windows_Server-2016-English-Full-Base (2019.11) |
| | | WIN2019CORE: ami-0cce25b71e3c7c00f # Windows_Server-2019-English-Core-Base (2019.11) |
| | | WIN2019FULL: ami-08b11fc5bd2026dee # Windows_Server-2019-English-Full-Base (2019.11) |
| | | us-east-2: |
| | | RHEL76GOLD: ami-0bdf2c4eae6c71d2b # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-04268981d7c33264d # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-9db09af8 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0376bbf9be9eac670 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-cebe94ab # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-02fa46b8e1a36044b # Windows_Server-2012-R2_RTM-English-P3-2018.09.15 |
| | | RHEL81: ami-0fdea47967124a409 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-0cad7ba8362fdf600 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-02dca99d899d09cb3 # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-06ed2e6548512523c # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-01b9e78fb84ac8b2f # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | us-west-1: |
| | | RHEL76GOLD: ami-00ef21b27071fe235 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-02574210e91c38419 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-6f030e0f # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0bdc0ff10fb093057 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-c8020fa8 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0f9c4789993c313f7 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | RHEL81: ami-008d471ffd812f4b8 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-0a571fc3ce06e3517 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-0255ad7855945d5ef # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0f93e82396e11a3ef # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-0052629573c8e3eda # Windows_Server-2019-English-Full-Base-2019.11.13 |
| | | us-west-2: |
| | | RHEL76GOLD: ami-0fae471393c00f216 # RHEL-7.6_HVM-20190618-x86_64-0-Access2-GP2 |
| | | RHEL75GOLD: ami-0e6bab6682ec471c0 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-c405b8bc # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-096510cab1b6b2c6d # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-1607ba6e # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0d786d5cc800b2456 # Windows_Server-2012-R2_RTM-English-64Bit-HyperV-2018.09.15 |
| | | RHEL81: ami-0ae93796700af07d3 # RHEL-8.1.0_HVM-20191029-x86_64-0-Hourly2-GP2 |
| | | WIN2016CORE: ami-01128dbe7ee60f431 # Windows_Server-2016-English-Core-Base-2019.11.13 |
| | | WIN2016FULL: ami-000bf92d1a21bf9ac # Windows_Server-2016-English-Full-Base-2019.11.13 |
| | | WIN2019CORE: ami-0a9cf554fc5042df7 # Windows_Server-2019-English-Core-Base-2019.11.13 |
| | | WIN2019FULL: ami-0d5ab31b93c643ca8 # Windows_Server-2019-English-Full-Base-2019.11.13 |
New file |
| | |
| | | --- |
| | | - name: Drop EPEL repo file |
| | | template: |
| | | src: epel_template.j2 |
| | | dest: /etc/yum.repos.d/epel.repo |
| | | |
| | |
| | | - name: Configure Repository File |
| | | import_tasks: ./file-repos.yml |
| | | when: repo_method == "file" |
| | | |
| | | - name: Configure EPEL |
| | | import_tasks: ./epel-repo.yml |
| | | when: enable_epel | d(false) | bool |
| | |
| | | pool_ids: "{{ rhsm_pool_ids }}" |
| | | auto_attach: false |
| | | |
| | | - name: "Run 'subscription-manager to disable/enable repos" |
| | | # TODO: should take pool ids from a var |
| | | - name: get product pool id |
| | | shell: /usr/bin/subscription-manager list --all --available --matches="*{{rhn_pool_id_string}}*" | awk '/Pool ID/ {print $3}' | head -1 |
| | | # command: subscription-manager list --all --available --matches="OpenShift Container Platform" | awk '/Pool ID/ {print $3}' | head -1 |
| | | register: pool_id |
| | | until: pool_id is succeeded |
| | | retries: 10 |
| | | delay: 5 |
| | | |
| | | - name: attach host to subscription pool |
| | | shell: /usr/bin/subscription-manager attach --pool={{ pool_id.stdout }} |
| | | register: task_result |
| | | until: task_result.rc == 0 |
| | | retries: 10 |
| | | delay: 5 |
| | | |
| | | - name: "Run subscription-manager to disable all repos" |
| | | command: subscription-manager repos --disable "*" |
| | | when: disable_default_repos | d(false) |
| | | |
| | | - name: "Run subscription-manager to enable repos" |
| | | command: >- |
| | | subscription-manager repos {% for repo in rhel_repos %} |
| | | --enable={{ repo }} |
New file |
| | |
| | | [epel] |
| | | name=Extra Packages for Enterprise Linux 7 - $basearch |
| | | baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch |
| | | mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch |
| | | failovermethod=priority |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 |
New file |
| | |
| | | --- |
| | | # defaults file for ansible-tower |
| | | ansible_devel: false |
| | | dns_domain_name: "example.com" |
| | | |
| | | # AD login info |
| | | authconfig_options: |
| | | - "--enablesssd" |
| | | - "--enablesssdauth" |
| | | - "--enablemkhomedir" |
| | | - "--enablelocauthorize" |
| | | - "--update" |
| | | - "--nostart" |
| | | ldap_search_base: "DC=example,DC=com" |
| | | ldap_access_filter: "(&(objectClass=user)(memberOf=CN=LinuxServers,CN=Users,DC=example,DC=com))" |
| | | #ldap_access_filter: "(&(objectClass=user)(|(memberOf=CN=OSunix,OU=UnixServers,DC=example,DC=com)(memberOf=CN=DBAunix,OU=UnixServers,DC=example,DC=com)))" |
| | | #ldap_access_filter: "(&(objectClass=user)(|(sAMAccountName=john)(sAMAccountName=merry)))" |
| | | |
| | | towerchk: undefined |
New file |
| | |
| | | { |
| | | "name": "Classroom inventory", |
| | | "description": "This is the classroom inventory", |
| | | "organization": 1, |
| | | "kind": "", |
| | | "host_filter": null, |
| | | "variables": "ansible_connection: local\n", |
| | | "insights_credential": null |
| | | } |
New file |
| | |
| | | { |
| | | "name": "Default inventory", |
| | | "description": "This is the default inventory", |
| | | "organization": 1, |
| | | "kind": "", |
| | | "host_filter": null, |
| | | "variables": "ansible_port: 5986\nansible_connection: winrm\nansible_winrm_server_cert_validation: ignore\nansible_winrm_transport: credssp", |
| | | "insights_credential": null |
| | | } |
New file |
| | |
| | | --- |
| | | - name: restart sssd |
| | | service: |
| | | name: sssd |
| | | state: restarted |
| | | |
| | | - name: restart tower |
| | | command: ansible-tower-service restart |
New file |
| | |
| | | --- |
| | | - name: Remove repo directory |
| | | file: |
| | | path: /tmp/do417 |
| | | state: absent |
| | | |
| | | - name: Get ssh key for Github |
| | | copy: |
| | | src: "{{ github_ssh_key }}" |
| | | dest: /tmp/github_ssh_key |
| | | mode: 0400 |
| | | owner: "{{ ansible_user }}" |
| | | |
| | | - name: Get lab source code |
| | | git: |
| | | clone: yes |
| | | force: yes |
| | | dest: "/tmp/do417" |
| | | repo: "git@github.com:RedHatTraining/do417.git" |
| | | key_file: /tmp/github_ssh_key |
| | | accept_hostkey: true |
| | | |
| | | - name: Remove ssh key for Github |
| | | file: |
| | | path: /tmp/github_ssh_key |
| | | state: absent |
| | | |
| | | - name: Remove .git directory |
| | | file: |
| | | path: /tmp/do417/.git |
| | | state: absent |
| | | |
| | | - name: Determining material directories |
| | | command: find /tmp/do417/classroom/infrastructure/playbooks/files/src -maxdepth 1 -mindepth 1 -type d -printf '%f\n' |
| | | register: repos_name |
| | | |
| | | - name: Wait for Tower to be reachable |
| | | wait_for: |
| | | port: 443 |
| | | delay: 5 |
| | | |
| | | - name: Retrieve default organization ID |
| | | uri: |
| | | url: "https://localhost/api/v2/organizations/?name=Default" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: organization_id |
| | | |
| | | - name: Retrieve default inventory ID |
| | | uri: |
| | | url: "https://localhost/api/v2/inventories/?name=Default+inventory" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: inventory_id |
| | | |
| | | - name: Create GitLab credentials |
| | | uri: |
| | | url: "https://localhost/api/v2/credentials/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','gitlab-creds.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve credentials ID |
| | | uri: |
| | | url: "https://localhost/api/v2/credentials/?name=GitLab" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: gitlab_credentials_id |
| | | |
| | | - name: Create DevOps credentials |
| | | uri: |
| | | url: "https://localhost/api/v2/credentials/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','devops-creds.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve credentials ID |
| | | uri: |
| | | url: "https://localhost/api/v2/credentials/?name=DevOps" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: devops_credentials_id |
| | | |
| | | - name: Create Tower credentials |
| | | uri: |
| | | url: "https://localhost/api/v2/credentials/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','tower-creds.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Create Git projects |
| | | uri: |
| | | url: "https://localhost/api/v2/projects/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: |
| | | name: "{{Â item }} repository" |
| | | description: "{{Â item }} project" |
| | | local_path: "" |
| | | scm_type: "git" |
| | | scm_url: "https://gitlab.{{ dns_domain_name }}/student/{{Â item }}.git" |
| | | scm_branch: "master" |
| | | scm_clean: false |
| | | scm_delete_on_update: false |
| | | credential: "{{ gitlab_credentials_id.json.results[0].id }}" |
| | | timeout: 0 |
| | | organization: "{{ organization_id.json.results[0].id }}" |
| | | scm_update_on_launch: true |
| | | scm_update_cache_timeout: 0 |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | |
| | | - name: Retrieve projects ID |
| | | uri: |
| | | url: "https://localhost/api/v2/projects/?name={{Â item }}+repository" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | register: projects_id |
| | | |
| | | - name: Create job templates |
| | | uri: |
| | | url: "https://localhost/api/v2/job_templates/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: |
| | | name: "Run {{Â item.json.results[0].description }}" |
| | | description: Use this job template to run your playbooks |
| | | job_type: run |
| | | inventory: "{{ inventory_id.json.results[0].id }}" |
| | | project: "{{ item.json.results[0].id }}" |
| | | playbook: dummy.yml |
| | | forks: 0 |
| | | verbosity: 0 |
| | | force_handlers: false |
| | | timeout: 0 |
| | | use_fact_cache: false |
| | | ask_diff_mode_on_launch: false |
| | | ask_variables_on_launch: false |
| | | ask_limit_on_launch: false |
| | | ask_tags_on_launch: false |
| | | ask_skip_tags_on_launch: false |
| | | ask_job_type_on_launch: false |
| | | ask_verbosity_on_launch: false |
| | | ask_inventory_on_launch: false |
| | | ask_credential_on_launch: false |
| | | survey_enabled: true |
| | | become_enabled: false |
| | | diff_mode: false |
| | | allow_simultaneous: false |
| | | custom_virtualenv: |
| | | job_slice_count: 1 |
| | | credential: "{{ devops_credentials_id.json.results[0].id }}" |
| | | vault_credential: |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | with_items: "{{Â projects_id.results }}" |
New file |
| | |
| | | --- |
| | | - name: Add Ansible repo - transition to engine... |
| | | yum_repository: |
| | | name: ansible |
| | | description: Ansible for Enterprise Linux 7 |
| | | baseurl: http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ |
| | | enabled: yes |
| | | gpgcheck: no |
| | | |
| | | - name: Install packages |
| | | yum: |
| | | name: |
| | | - vim |
| | | - git |
| | | - sshpass |
| | | - ansible |
| | | - nano |
| | | - bind-utils |
| | | - python-pip |
| | | - python-ldap3 |
| | | state: present |
| | | use_backend: dnf |
| | | |
| | | #- name: Install devel branch |
| | | # pip: |
| | | # name: git+https://github.com/ansible/ansible.git@devel#egg=ansible |
| | | # when: ansible_devel | bool |
| | | |
| | | - name: Create /etc/ansible directory |
| | | file: |
| | | path: /etc/ansible |
| | | state: directory |
| | | mode: 0755 |
| | | |
| | | - name: Create /etc/ansible/ansible.cfg |
| | | template: |
| | | src: ansible.cfg.j2 |
| | | dest: /etc/ansible/ansible.cfg |
| | | owner: root |
| | | group: root |
| | | mode: 0644 |
| | | |
| | | - name: install the last version of OpenSSL |
| | | pip: |
| | | name: pyOpenSSL |
| | | state: latest |
| | | |
| | | - name: Install dependencies for Kerberos auth |
| | | yum: |
| | | name: |
| | | - python-devel |
| | | - krb5-devel |
| | | - krb5-libs |
| | | - krb5-workstation |
| | | - python-kerberos |
| | | - gcc |
| | | state: present |
| | | use_backend: dnf |
| | | |
| | | - name: Install pywinrm for connecting to windows hosts |
| | | pip: |
| | | name: |
| | | - pywinrm>=0.2.2 |
| | | - pywinrm[kerberos] |
| | | - pywinrm[credssp] |
| | | |
| | | #- name: Install requests-credssp for Tower 3.2 |
| | | # pip: |
| | | # name: requests-credssp |
| | | # when: towerversion < 3.3 |
| | | |
| | | - name: Configure KRB5.conf file |
| | | template: |
| | | src: krb5.conf.j2 |
| | | dest: /etc/krb5.conf |
| | | owner: root |
| | | group: root |
| | | mode: 0604 |
| | | |
| | | #- name: Install dependencies for domain join |
| | | # package: |
| | | # name: |
| | | # - oddjob |
| | | # - oddjob-mkhomedir |
| | | # - openldap-clients |
| | | # - realmd |
| | | # - sssd |
| | | # - samba-common-tools |
| | | # - authconfig |
| | | # state: present |
| | | |
| | | ### Add something to check if it is already in a domain? |
| | | |
| | | #- name: Install pexpect using pip |
| | | # pip: |
| | | # name: pexpect |
| | | |
| | | #- name: Check if machine is bound |
| | | # shell: "realm list | grep sssd" |
| | | # register: realmd_bound |
| | | # changed_when: false |
| | | # ignore_errors: true |
| | | |
| | | #- name: Join the Domain |
| | | # expect: |
| | | # command: "realm join -U Admin@{{ dns_domain_name }} {{ dns_domain_name | upper }}" |
| | | # responses: |
| | | # Password for *: "{{ windows_password }}" |
| | | # register: realm_join_cmd_result |
| | | # #no_log: true # Uncomment this when in prod... (clear text) |
| | | # #changed_when: realm_join_cmd_result.rc != 100 |
| | | # #failed_when: realm_join_cmd_result.rc not in [0, 100] |
| | | # when: realmd_bound is failed |
| | | |
| | | #- name: Add ad group to sudoers |
| | | # lineinfile: |
| | | # dest: /etc/sudoers |
| | | # line: "%Ansible\\ Users ALL=(ALL) NOPASSWD: ALL" |
| | | # insertafter: "^%wheel" |
| | | # when: realmd_bound is failed |
| | | |
| | | #- name: Get Kerberos Ticket |
| | | # command: echo -n "{{ domain_admin_password }}" | kinit Admin@{{ dns_domain_name | upper }} |
| | | # #command: kinit -k -t /etc/krb5.keytab {{ ansible_hostname | upper }}$\@{{ adauth_realm }} |
| | | # args: |
| | | # creates: /tmp/krb5cc_0 |
| | | |
| | | #- name: Check if authconfig ran before |
| | | # command: "/bin/egrep '^auth.*sufficient.*pam_sss.so' /etc/pam.d/system-auth" |
| | | # register: authconfig_run |
| | | # failed_when: False |
| | | # changed_when: False |
| | | |
| | | #- name: Configure Server to use SSSD for auth |
| | | # command: /usr/sbin/authconfig {{ authconfig_options | join(" ") }} |
| | | # when: authconfig_run.rc != 0 |
| | | |
| | | #- name: Configure SSSD to use AD for authentication |
| | | # template: |
| | | # src: sssd.conf.j2 |
| | | # dest: /etc/sssd/sssd.conf |
| | | # owner: root |
| | | # group: root |
| | | # mode: 0600 |
| | | # notify: restart sssd |
| | | |
| | | #- name: Ensure SSSD is started and enabled on boot |
| | | # service: |
| | | # name: sssd |
| | | # state: started |
| | | # enabled: yes |
| | | |
| | | #- name: Ensure oddjobd for mkhomedir is started and enabled on boot |
| | | # service: |
| | | # name: oddjobd |
| | | # state: started |
| | | # enabled: yes |
| | | |
| | | - name: Copy student inventory to host |
| | | template: |
| | | src: host_inventory.j2 |
| | | dest: /etc/ansible/hosts |
| | | owner: root |
| | | group: root |
| | | mode: 0644 |
| | | backup: yes |
| | | |
| | | - name: Allow insecure git repos for self signed certificates |
| | | command: git config --global http.sslVerify "false" |
| | | |
| | | - name: Set git user |
| | | command: git config --global user.name "{{ user_prefix }}{{ inventory_hostname | regex_replace('\\D') }}" |
| | | |
| | | - name: Set git user email |
| | | command: git config --global user.email "{{ user_prefix }}{{ inventory_hostname | regex_replace('\\D') }}@{{ dns_domain_name }}" |
| | | |
| | | - name: Set git to cache credentials |
| | | command: git config --global credential.helper cache |
| | | |
| | | - name: Update git to credential timeout after 1 day |
| | | command: git config --global credential.helper 'cache --timeout=86400' |
| | | |
| | | - include_tasks: setup.yml |
| | | |
| | | # Creation of custom DO417 resources |
| | | # TODO: where to get these from? |
| | | - include_tasks: create-resources.yml |
New file |
| | |
| | | --- |
| | | - name: Check if we need to do installer things |
| | | uri: |
| | | url: https://localhost/api/v1/ping/ |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | validate_certs: False |
| | | register: checkout |
| | | ignore_errors: True |
| | | |
| | | - name: Set condtional if the above didn't error |
| | | set_fact: |
| | | towerchk: "{{ checkout.json.version }}" |
| | | when: checkout.json is defined |
| | | |
| | | - name: Download tower installer |
| | | get_url: |
| | | url: https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-{{ towerversion }}.tar.gz |
| | | dest: /tmp/ansible-tower-setup-{{ towerversion }}.tar.gz |
| | | mode: 0640 |
| | | when: towerchk not in towerversion |
| | | |
| | | - name: Extract installer |
| | | unarchive: |
| | | src: /tmp/ansible-tower-setup-{{ towerversion }}.tar.gz |
| | | dest: /tmp/ |
| | | remote_src: True |
| | | when: towerchk not in towerversion |
| | | |
| | | - name: Template inventory file |
| | | template: |
| | | src: inventory |
| | | dest: /tmp/ansible-tower-setup-{{ towerversion }}/inventory |
| | | when: towerchk != towerversion |
| | | |
| | | - name: Create the environment file (fixes the incorrect repository lookup) |
| | | copy: |
| | | dest: /tmp/ansible-tower-setup-{{ towerversion }}/install_vars.yml |
| | | content: | |
| | | redhat_aws_rhui_repos: |
| | | - rhel-server-rhui-rhscl-7-rpms |
| | | - rhel-7-server-rhui-extras-rpms |
| | | |
| | | - name: Run the tower installer |
| | | shell: ./setup.sh -e "@install_vars.yml" |
| | | args: |
| | | chdir: /tmp/ansible-tower-setup-{{ towerversion }} |
| | | when: towerchk not in towerversion |
| | | |
| | | - name: Wait for tower to be up |
| | | uri: |
| | | url: https://localhost/api/v1/ping/ |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | register: check2 |
| | | until: check2.json is defined and check2.json.version in towerversion |
| | | retries: 10 |
| | | delay: 30 |
| | | when: towerchk not in towerversion |
| | | |
| | | - name: Post license key |
| | | uri: |
| | | url: https://localhost/api/v1/config/ |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ tower_license }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | ignore_errors: True |
| | | |
| | | - name: Add LDAP Config |
| | | uri: |
| | | url: https://localhost/api/v2/settings/ldap/ |
| | | method: PATCH |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','ldap_conf.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | |
| | | - set_fact: |
| | | userid: "{{ inventory_hostname | regex_replace('[^0-9]', '') }}" |
| | | |
| | | - name: Delete demo inventory |
| | | uri: |
| | | url: https://localhost/api/v2/inventories/1/ |
| | | method: DELETE |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 202 |
| | | - 204 |
| | | - 400 |
| | | - 404 |
| | | register: response |
| | | changed_when: response.status == 204 |
| | | |
| | | - name: Delete demo project |
| | | uri: |
| | | url: https://localhost/api/v2/projects/4/ |
| | | method: DELETE |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 202 |
| | | - 204 |
| | | - 400 |
| | | - 404 |
| | | register: response |
| | | changed_when: response.status == 204 |
| | | |
| | | - name: Delete demo template |
| | | uri: |
| | | url: https://localhost/api/v2/job_templates/5/ |
| | | method: DELETE |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 202 |
| | | - 204 |
| | | - 400 |
| | | - 404 |
| | | register: response |
| | | changed_when: response.status == 204 |
| | | |
| | | - name: Delete demo credential |
| | | uri: |
| | | url: https://localhost/api/v2/credentials/1/ |
| | | method: DELETE |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 202 |
| | | - 204 |
| | | - 400 |
| | | - 404 |
| | | register: response |
| | | changed_when: response.status == 204 |
| | | |
| | | - name: Create default inventory |
| | | uri: |
| | | url: https://localhost/api/v2/inventories/ |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('file','default_inventory.json') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve default inventory ID |
| | | uri: |
| | | url: "https://localhost/api/v2/inventories/?name=Default+inventory" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: default_inventory_id |
| | | |
| | | - name: Create group in default inventory |
| | | uri: |
| | | url: "https://localhost/api/v2/groups/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: |
| | | name: "Windows" |
| | | description: "" |
| | | inventory: "{{ default_inventory_id.json.results[0].id }}" |
| | | variables: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve default group ID |
| | | uri: |
| | | url: "https://localhost/api/v2/groups/?name=Windows" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: group_id |
| | | |
| | | - name: Create host in default group |
| | | uri: |
| | | url: https://localhost/api/v2/hosts/ |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','win1_host.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve host ID |
| | | uri: |
| | | url: "https://localhost/api/v2/hosts/?name=win1.{{ dns_domain_name }}" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: host_id |
| | | |
| | | - name: Associate host to group |
| | | uri: |
| | | url: "https://localhost/api/v2/groups/{{ group_id.json.results[0].id }}/hosts/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: |
| | | '{ "id": {{ host_id.json.results[0].id | int }} }' |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 204 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 204 |
| | | |
| | | - name: Create classroom inventory |
| | | uri: |
| | | url: https://localhost/api/v2/inventories/ |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('file','classroom_inventory.json') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve classroom inventory ID |
| | | uri: |
| | | url: "https://localhost/api/v2/inventories/?name=Classroom+inventory" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: classroom_inventory_id |
| | | |
| | | - name: Create group in classroom inventory |
| | | uri: |
| | | url: "https://localhost/api/v2/groups/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: |
| | | name: "Tower" |
| | | description: "" |
| | | inventory: "{{ classroom_inventory_id.json.results[0].id }}" |
| | | variables: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve classroom group ID |
| | | uri: |
| | | url: "https://localhost/api/v2/groups/?name=Tower" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: group_id |
| | | |
| | | - name: Create host in tower group |
| | | uri: |
| | | url: https://localhost/api/v2/hosts/ |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','tower_host.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 201 |
| | | |
| | | - name: Retrieve tower host ID |
| | | uri: |
| | | url: "https://localhost/api/v2/hosts/?name=tower" |
| | | method: GET |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | register: host_id |
| | | |
| | | - name: Associate host to group |
| | | uri: |
| | | url: "https://localhost/api/v2/groups/{{ group_id.json.results[0].id }}/hosts/" |
| | | method: POST |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: |
| | | '{ "id": {{ host_id.json.results[0].id | int }} }' |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 204 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 204 |
| | | |
| | | - name: Add win_shell/win_feature/win_reboot to allowed adhoc modules |
| | | uri: |
| | | url: https://localhost/api/v2/settings/all/ |
| | | method: PATCH |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: "{{ lookup('template','tower_config_adhoc.json.j2') }}" |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 204 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 200 |
| | | |
| | | - name: Set Base URL of Tower to resolve issues with websocket |
| | | uri: |
| | | url: https://localhost/api/v2/settings/system/ |
| | | method: PATCH |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: '{ "TOWER_URL_BASE": "https://tower.{{ dns_domain_name }}" }' |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 204 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 200 |
| | | |
| | | - name: Change timeout default value |
| | | uri: |
| | | url: "https://localhost/api/v2/settings/authentication/" |
| | | method: PATCH |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: '{ "SESSION_COOKIE_AGE": 14400 }' |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 204 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 200 |
| | | |
| | | - name: Change Tower settings for Git and Galaxy SSL validation |
| | | uri: |
| | | url: "https://localhost/api/v2/settings/jobs/" |
| | | method: PATCH |
| | | user: admin |
| | | password: "{{ tower_admin_password }}" |
| | | body: '{"AWX_TASK_ENV": {"GALAXY_IGNORE_CERTS": "TRUE","GIT_SSL_NO_VERIFY": "TRUE"}}' |
| | | body_format: json |
| | | validate_certs: False |
| | | force_basic_auth: yes |
| | | status_code: |
| | | - 200 |
| | | - 204 |
| | | - 400 |
| | | register: response |
| | | changed_when: response.status == 200 |
| | | |
| | | # RM: Manual restart since we need the next playbook to |
| | | # to be able to clone the repos |
| | | - name: restart tower |
| | | command: ansible-tower-service restart |
New file |
| | |
| | | {% for item in groups %}
|
| | |
|
| | | [{{item}}]
|
| | | {% for entry in groups[item] %}
|
| | | {{ entry }} ansible_ssh_host={{hostvars[entry]["ansible_ssh_host"]}} ansible_ssh_port={{hostvars[entry]["ansible_ssh_port"]|default("22")}} ansible_ssh_user={{hostvars[entry]["ansible_ssh_user"]}} ansible_ssh_pass={{hostvars[entry]["ansible_ssh_pass"]}} ansible_ssh_connection={{hostvars[entry]["ansible_ssh_connection"]}}
|
| | | {% endfor %}
|
| | | {% endfor %}
|
New file |
| | |
| | | [defaults]
|
| | | connection = smart
|
| | | timeout = 60
|
| | | forks = 10
|
| | | inventory = /etc/ansible/hosts
|
| | | host_key_checking = False
|
| | |
|
New file |
| | |
| | | { |
| | | "name": "DevOps", |
| | | "description": "DevOps Credentials", |
| | | "organization": 1, |
| | | "credential_type": 1, |
| | | "inputs": { |
| | | "username": "devops", |
| | | "password": "{{ windows_password }}" |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "name": "GitLab", |
| | | "description": "GitLab Credentials", |
| | | "organization": 1, |
| | | "credential_type": 2, |
| | | "inputs": { |
| | | "username": "{{ user_prefix }}", |
| | | "password": "{{ windows_password }}" |
| | | } |
| | | } |
New file |
| | |
| | | [windows_hosts] |
| | | {% for host in hostvars %} |
| | | {% if "win1" in host %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }} |
| | | {% elif "win2" in host %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }} |
| | | {% elif "workstation" in host %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ workstation_password }}" private_ip={{ hostvars[host].private_ip_address }} |
| | | {% endif %} |
| | | {% endfor %} |
| | | |
| | | {% for group in groups %} |
| | | {% if 'tag' not in group and 'unknowns' not in group and 'ungrouped' not in group and 'linux' not in group and 'towers' not in group and 'gitlab' not in group and 'bastions' not in group %} |
| | | |
| | | [{{group}}] |
| | | {% for entry in groups[group] %} |
| | | {% for host in hostvars %} |
| | | {% if entry == host and 'bastion' not in entry %} |
| | | {{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | {% endif %} |
| | | {% endfor %} |
| | | |
| | | [windows_hosts:vars] |
| | | ansible_connection=winrm |
| | | ansible_winrm_transport=credssp |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_port=5986 |
| | | |
| | | [workstations:vars] |
| | | ansible_connection=winrm |
| | | ansible_winrm_transport=credssp |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_port=5986 |
| | | |
| | | [activedirectories:vars] |
| | | ansible_connection=winrm |
| | | ansible_winrm_transport=credssp |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_port=5986 |
| | | ansible_user=Administrator |
| | | ansible_password="{{ windows_password }}" |
New file |
| | |
| | | [tower] |
| | | localhost ansible_connection=local |
| | | |
| | | [database] |
| | | |
| | | [all:vars] |
| | | admin_password='{{tower_admin_password}}' |
| | | |
| | | pg_host='' |
| | | pg_port='' |
| | | |
| | | pg_database='awx' |
| | | pg_username='awx' |
| | | pg_password='{{ pgpass }}' |
| | | |
| | | rabbitmq_port=5672 |
| | | rabbitmq_vhost=tower |
| | | rabbitmq_username=tower |
| | | rabbitmq_password='{{ rabbitpass }}' |
| | | rabbitmq_cookie=cookiemonster |
| | | |
| | | # Needs to be true for fqdns and ip addresses |
| | | rabbitmq_use_long_name=false |
New file |
| | |
| | | # Configuration snippets may be placed in this directory as well |
| | | includedir /etc/krb5.conf.d/ |
| | | |
| | | [logging] |
| | | default = FILE:/var/log/krb5libs.log |
| | | kdc = FILE:/var/log/krb5kdc.log |
| | | admin_server = FILE:/var/log/kadmind.log |
| | | |
| | | [libdefaults] |
| | | dns_lookup_realm = false |
| | | ticket_lifetime = 24h |
| | | renew_lifetime = 7d |
| | | forwardable = true |
| | | rdns = false |
| | | default_realm = {{ dns_domain_name | upper }} |
| | | default_ccache_name = KEYRING:persistent:%{uid} |
| | | |
| | | [realms] |
| | | {{ dns_domain_name | upper }} = { |
| | | kdc = windc.{{ dns_domain_name }}:88 |
| | | } |
| | | |
| | | [domain_realm] |
| | | {{ dns_domain_name }} = {{ dns_domain_name | upper }} |
| | | |
New file |
| | |
| | | { |
| | | "AUTH_LDAP_SERVER_URI": "ldap://windc.{{ dns_domain_name }}:389", |
| | | "AUTH_LDAP_BIND_DN": "Admin@{{ dns_domain_name }}", |
| | | "AUTH_LDAP_BIND_PASSWORD": "{{ windows_password }}", |
| | | "AUTH_LDAP_START_TLS": false, |
| | | "AUTH_LDAP_CONNECTION_OPTIONS": { |
| | | "OPT_NETWORK_TIMEOUT": 30, |
| | | "OPT_REFERRALS": 0 |
| | | }, |
| | | "AUTH_LDAP_USER_SEARCH": [ |
| | | "{{ tower_ldap_search_dn }}", |
| | | "SCOPE_SUBTREE", |
| | | "(sAMAccountName=%(user)s)" |
| | | ], |
| | | "AUTH_LDAP_USER_DN_TEMPLATE": null, |
| | | "AUTH_LDAP_USER_ATTR_MAP": { |
| | | "first_name": "givenName", |
| | | "last_name": "sn", |
| | | "email": "mail" |
| | | }, |
| | | "AUTH_LDAP_GROUP_SEARCH": [ |
| | | "{{ tower_ldap_search_dn }}", |
| | | "SCOPE_SUBTREE", |
| | | "(objectClass=group)" |
| | | ], |
| | | "AUTH_LDAP_GROUP_TYPE": "MemberDNGroupType", |
| | | "AUTH_LDAP_REQUIRE_GROUP": "", |
| | | "AUTH_LDAP_DENY_GROUP": null, |
| | | "AUTH_LDAP_USER_FLAGS_BY_GROUP": { |
| | | }, |
| | | "AUTH_LDAP_ORGANIZATION_MAP": { |
| | | "Default": { |
| | | "admins": "CN=Ansible Users,CN=Users,{{ ldap_basedn }}", |
| | | "remove_admins": true |
| | | } |
| | | }, |
| | | "AUTH_LDAP_TEAM_MAP": { |
| | | } |
| | | } |
New file |
| | |
| | | [domain/{{ dns_domain_name }}]
|
| | | debug_level = 2
|
| | | auth_provider = ad
|
| | | chpass_provider = ad
|
| | | id_provider = ad
|
| | |
|
| | | cache_credentials = true
|
| | | krb5_canonicalize = false
|
| | | krb5_kpasswd = windc.{{ dns_domain_name }}
|
| | | krb5_realm = {{ dns_domain_name | upper }}
|
| | | krb5_server = windc.{{ dns_domain_name }}
|
| | |
|
| | | #ldap_disable_referrals = true
|
| | | ldap_force_upper_case_realm = true
|
| | | ldap_id_mapping = True
|
| | |
|
| | | ldap_sasl_authid = {{ ansible_hostname | upper }}$@{{ dns_domain_name | upper }}
|
| | | ldap_sasl_mech = GSSAPI
|
| | |
|
| | | ldap_schema = ad
|
| | | ldap_search_base = {{ ldap_search_base }}
|
| | | ad_server = windc.{{ dns_domain_name }}
|
| | | #ad_backup_server = |
| | |
|
| | | access_provider = ldap
|
| | | ldap_access_order = filter, expire
|
| | | ldap_account_expire_policy = ad
|
| | | ldap_access_filter = {{ ldap_access_filter }}
|
| | |
|
| | | min_id = 2000
|
| | |
|
| | | [sssd]
|
| | | services = nss, pam
|
| | | config_file_version = 2
|
| | | debug_level = 2
|
| | | domains = {{ dns_domain_name }}
|
| | |
|
| | | [nss]
|
| | | debug_level = 2
|
| | | fallback_homedir = /home/%d/%u
|
| | | default_shell = /bin/bash
|
| | | filter_users = root
|
| | | filter_groups = root
|
| | |
|
| | | [pam]
|
New file |
| | |
| | | { |
| | | "name": "Tower", |
| | | "description": "Tower Credentials", |
| | | "organization": 1, |
| | | "credential_type": 1, |
| | | "inputs": { |
| | | "username": "root", |
| | | "password": "redhat" |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "AD_HOC_COMMANDS":["command","shell","yum","apt","apt_key","apt_repository","apt_rpm","service","group","user","mount","ping","selinux","setup","win_ping","win_service","win_updates","win_group","win_user","win_shell","win_feature","win_reboot"] |
| | | } |
New file |
| | |
| | | { |
| | | "name": "Windows", |
| | | "description": "", |
| | | "inventory": 2, |
| | | "variables": "" |
| | | } |
New file |
| | |
| | | { |
| | | "name": "tower", |
| | | "description": "", |
| | | "inventory": "{{ classroom_inventory_id.json.results[0].id }}", |
| | | "enabled": true, |
| | | "instance_id": "", |
| | | "variables": "" |
| | | } |
New file |
| | |
| | | { |
| | | "name": "win1.{{ dns_domain_name }}", |
| | | "description": "", |
| | | "inventory": "{{ default_inventory_id.json.results[0].id }}", |
| | | "enabled": true, |
| | | "instance_id": "", |
| | | "variables": "" |
| | | } |
New file |
| | |
| | | --- |
| | | - name: Remove repo directory |
| | | file: |
| | | path: /tmp/do417 |
| | | state: absent |
| | | |
| | | - name: Install acl |
| | | yum: |
| | | name: acl |
| | | state: present |
| | | use_backend: dnf |
| | | become: true |
| | | |
| | | - name: Get ssh key for Github |
| | | copy: |
| | | src: "{{ github_ssh_key }}" |
| | | dest: /tmp/github_ssh_key |
| | | mode: 0400 |
| | | owner: "{{ ansible_user }}" |
| | | |
| | | - name: Get lab source code |
| | | git: |
| | | clone: yes |
| | | force: yes |
| | | dest: "/tmp/do417" |
| | | repo: "git@github.com:RedHatTraining/do417.git" |
| | | key_file: /tmp/github_ssh_key |
| | | accept_hostkey: true |
| | | |
| | | - name: Remove ssh key for Github |
| | | file: |
| | | path: /tmp/github_ssh_key |
| | | state: absent |
| | | |
| | | - name: Remove .git directory |
| | | file: |
| | | path: /tmp/do417/.git |
| | | state: absent |
| | | |
| | | - name: Determining material directories |
| | | command: find /tmp/do417/classroom/infrastructure/playbooks/files/src -maxdepth 1 -mindepth 1 -type d -printf '%f\n' |
| | | register: repos_name |
| | | |
| | | - name: Retrieve access token |
| | | uri: |
| | | url: "https://localhost/oauth/token" |
| | | method: POST |
| | | validate_certs: no |
| | | status_code: 200 |
| | | body_format: json |
| | | headers: |
| | | Content-Type: application/json |
| | | body: > |
| | | { |
| | | "grant_type": "password", |
| | | "username": "root", |
| | | "password": "{{ windows_password }}" |
| | | } |
| | | register: gitlab_access_token |
| | | |
| | | - name: Retrieve local user information via API |
| | | uri: |
| | | url: https://localhost/api/v4/users?username={{ user_prefix }} |
| | | method: GET |
| | | validate_certs: no |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | headers: |
| | | Content-Type: application/json |
| | | Authorization: Bearer {{ gitlab_access_token.json.access_token }} |
| | | register: gitlab_local_users |
| | | |
| | | - name: Create projects via API |
| | | uri: |
| | | url: https://localhost/api/v4/projects/user/{{ gitlab_local_users.json[0].id }} |
| | | method: POST |
| | | validate_certs: no |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 409 |
| | | - 400 |
| | | body_format: json |
| | | headers: |
| | | Content-Type: application/json |
| | | Authorization: Bearer {{ gitlab_access_token.json.access_token }} |
| | | body: > |
| | | { |
| | | "name": "{{ item }}", |
| | | "group": "{{ gitlab_local_users.json[0].name }}", |
| | | "issues_enabled": false, |
| | | "wiki_enabled": true, |
| | | "snippets_enabled": true |
| | | } |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | when: gitlab_local_users.json[0].id is defined |
| | | |
| | | - name: Configure local account |
| | | shell: | |
| | | git config --global http.sslVerify false |
| | | git config --global user.email student@example.com |
| | | git config --global user.name student |
| | | |
| | | - name: Delete previous directories if present |
| | | file: |
| | | path: "/tmp/{{Â item }}" |
| | | state: absent |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | |
| | | - name: Clone repositories |
| | | git: |
| | | repo: https://{{ user_prefix | urlencode }}:{{ windows_password | urlencode }}@localhost/student/{{Â item }}.git |
| | | dest: "/tmp/{{Â item }}/" |
| | | clone: yes |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | ignore_errors: true |
| | | |
| | | - name: Copying files for repositories |
| | | copy: |
| | | src: "/tmp/do417/classroom/infrastructure/playbooks/files/src/{{ item }}/" |
| | | dest: "/tmp/{{ item }}/" |
| | | remote_src: true |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | |
| | | - name: ({{ repo_name }}) - Creating dummy file |
| | | copy: |
| | | dest: "/tmp/{{ item }}/dummy.yml" |
| | | content: | |
| | | --- |
| | | - name: Dummy playbook |
| | | hosts: all |
| | | tasks: |
| | | - name: Print Hello World |
| | | debug: |
| | | msg: 'Hello World' |
| | | with_items: "{{ repos_name.stdout_lines }}" |
| | | |
| | | - name: Load files into repositories |
| | | shell: | |
| | | git init |
| | | git remote add origin https://{{ user_prefix | urlencode }}:{{ windows_password | urlencode }}@localhost/student/{{Â item }}.git |
| | | git add . |
| | | git commit -m 'Establish initial {{ item }} repository' |
| | | git push -u origin HEAD:master |
| | | exit 0 |
| | | args: |
| | | chdir: "/tmp/{{ item }}" |
| | | with_items: "{{Â repos_name.stdout_lines }}" |
New file |
| | |
| | | ---
|
| | | # defaults file for gitlab-postconfig
|
| | |
|
| | | # defaults file for windows-ad-controller
|
| | | dns_domain_name: "example.com"
|
| | |
|
| | | # Users and Password to Create
|
| | | windows_password: "MySecureP@ssword1" # MUST FOLLOW WINDOWS AD PASSWORD RULES
|
| | | users:
|
| | | - user1
|
| | | - user2
|
New file |
| | |
| | | --- |
| | | |
| | | - name: GitLab Post | Obtain Access Token |
| | | uri: |
| | | url: https://gitlab.{{ dns_domain_name }}/oauth/token |
| | | method: POST |
| | | validate_certs: no |
| | | status_code: 200 |
| | | body_format: json |
| | | headers: |
| | | Content-Type: application/json |
| | | body: > |
| | | { |
| | | "grant_type": "password", |
| | | "username": "root", |
| | | "password": "{{ windows_password }}" |
| | | } |
| | | register: gitlab_access_token |
| | | |
| | | - name: GitLab Post | Create local users via API |
| | | uri: |
| | | url: https://gitlab.{{ dns_domain_name }}/api/v4/users |
| | | method: POST |
| | | validate_certs: no |
| | | status_code: |
| | | - 200 |
| | | - 201 |
| | | - 409 |
| | | body_format: json |
| | | headers: |
| | | Content-Type: application/json |
| | | Authorization: Bearer {{ gitlab_access_token.json.access_token }} |
| | | body: > |
| | | { |
| | | "username": "{{ user_prefix }}", |
| | | "password": "{{ windows_password }}", |
| | | "name": "{{ user_prefix }}", |
| | | "email": "{{ user_prefix }}@{{ dns_domain_name }}", |
| | | "skip_confirmation": true |
| | | } |
| | | |
| | | # - name: GitLab Post | Get local user information via API |
| | | # uri: |
| | | # url: https://gitlab.{{ dns_domain_name }}/api/v4/users?username={{ user_prefix }} |
| | | # method: GET |
| | | # validate_certs: no |
| | | # status_code: |
| | | # - 200 |
| | | # - 201 |
| | | # headers: |
| | | # Content-Type: application/json |
| | | # Authorization: Bearer {{ gitlab_access_token.json.access_token }} |
| | | # register: gitlab_local_users |
| | | # |
| | | # - name: debug |
| | | # debug: |
| | | # var: gitlab_local_users |
| | | # |
| | | # - name: GitLab Post | Create Projects via API |
| | | # uri: |
| | | # url: https://gitlab.{{ dns_domain_name }}/api/v4/projects/user/{{ item.id }} |
| | | # method: POST |
| | | # validate_certs: no |
| | | # status_code: |
| | | # - 200 |
| | | # - 201 |
| | | # - 409 |
| | | # - 400 |
| | | # body_format: json |
| | | # headers: |
| | | # Content-Type: application/json |
| | | # Authorization: Bearer {{ gitlab_access_token.json.access_token }} |
| | | # body: > |
| | | # { |
| | | # "name": "{{ item.name }}", |
| | | # "group": "{{ item.name }}", |
| | | # "issues_enabled": false, |
| | | # "wiki_enabled": false, |
| | | # "snippets_enabled": false |
| | | # } |
| | | # with_items: |
| | | # - "{{ gitlab_local_users.json }}" |
| | | # when: item.id is defined |
New file |
| | |
| | | --- |
| | | - name: GitLab Post | Install pip |
| | | yum: |
| | | name: python-pip |
| | | state: present |
| | | |
| | | - name: GitLab Post | Install pyapi-gitlab |
| | | pip: |
| | | name: pyapi-gitlab |
| | | |
| | | - name: GitLab Post | Repos to create |
| | | debug: |
| | | msg: "https://gitlab.{{ dns_domain_name }}/{{ user_prefix }}/ansible-playbooks" |
| | | |
| | | - name: GitLab Post | copy root password script to host |
| | | template: |
| | | src: set_root_pw.sh.j2 |
| | | dest: /root/set_root_pw.sh |
| | | owner: root |
| | | group: root |
| | | mode: 0700 |
| | | |
| | | - name: GitLab Post | Execute set root password |
| | | command: ./set_root_pw.sh |
| | | args: |
| | | chdir: /root |
| | | |
| | | - name: GitLab Post | Remove set root password script |
| | | file: |
| | | path: /root/set_root_pw.sh |
| | | state: absent |
| | | |
| | | #TODO try new way from RM |
| | | - name: sleep 2 minute to allow root to initialize after password set |
| | | pause: |
| | | minutes: 2 |
| | | |
| | | ### Gitlab workaround |
| | | ### Users are not populated from AD until login from Web UI |
| | | ### I haven't found an automated workaround... |
| | | |
| | | - block: |
| | | |
| | | - name: GitLab Post | Create local users |
| | | gitlab_user: |
| | | server_url: https://gitlab.{{ dns_domain_name }} |
| | | validate_certs: False |
| | | login_user: root |
| | | login_password: "{{ windows_password }}" |
| | | name: "{{ user_prefix }}" |
| | | username: "{{ user_prefix }}" |
| | | password: "{{ windows_password }}" |
| | | email: "{{ user_prefix }}@{{ dns_domain_name }}" |
| | | confirm: False |
| | | state: present |
| | | |
| | | # - name: GitLab Post | Create Projects in GitLab |
| | | # gitlab_project: |
| | | # server_url: https://gitlab.{{ dns_domain_name }} |
| | | # validate_certs: False |
| | | # login_user: root |
| | | # login_password: "{{ windows_password }}" |
| | | # name: "{{ user_prefix }}" |
| | | # group: "{{ user_prefix }}" |
| | | # issues_enabled: False |
| | | # wiki_enabled: False |
| | | # snippets_enabled: False |
| | | # state: present |
| | | # ignore_errors: true |
| | | |
| | | when: ansible_version.full is version_compare('2.8', '<') |
| | | |
| | | # There seems to be an issue with using basic auth when using ansible 2.8 |
| | | # Create users and projects with uri module using API endpoint |
| | | - include_tasks: api.yml |
| | | when: ansible_version.full is version_compare('2.8', '>=') |
New file |
| | |
| | | #!/bin/bash
|
| | | echo "user = User.where(id: 1).first
|
| | | user.password = '{{ windows_password }}'
|
| | | user.password_confirmation = '{{ windows_password }}'
|
| | | user.password_automatically_set = false
|
| | | user.reset_password_token = nil
|
| | | user.reset_password_sent_at = nil
|
| | | user.save!
|
| | | user.unlock_access!
|
| | | quit
|
| | | " | gitlab-rails console production
|
New file |
| | |
| | | --- |
| | | - name: Install packages |
| | | yum: |
| | | name: |
| | | - NetworkManager |
| | | state: present |
| | | use_backend: dnf |
| | | |
| | | - name: Set hostname |
| | | hostname: |
| | | name: "{{Â hostvars[inventory_hostname].instance_name}}.{{ dns_domain_name }}" |
| | | |
| | | - name: Create dhclient.conf |
| | | file: |
| | | path: /etc/dhcp/dhclient.conf |
| | | state: touch |
| | | owner: root |
| | | group: root |
| | | mode: 0644 |
| | | |
| | | - name: Discover domain controller host |
| | | set_fact: |
| | | dc_host: "{{groups['activedirectories'][0]}}" |
| | | |
| | | - name: Set custom DNS server |
| | | blockinfile: |
| | | dest: /etc/dhcp/dhclient.conf |
| | | block: | |
| | | prepend domain-name-servers {{ hostvars[dc_host].private_ip_address }}; |
| | | prepend domain-search "{{ dns_domain_name }}", "ec2.internal"; |
| | | state: present |
| | | register: dnschange |
| | | |
| | | - name: Restart NetworkManager |
| | | service: |
| | | name: NetworkManager |
| | | state: restarted |
| | | when: dnschange.changed |
New file |
| | |
| | | ---
|
| | | # defaults file for windows-ad-controller
|
| | | dns_domain_name: "example.com"
|
| | | domain_admin_password: "Micr0soft!"
|
| | |
|
| | | # Users and Password to Create
|
| | | users:
|
| | | - user1
|
| | | - user2
|
| | |
|
| | | # Details for reverse DNS lookup
|
| | | ptr_zone_name: "0.168.192.in-addr.arpa"
|
| | | ptr_zone_cidr: "192.168.0.0/24"
|
New file |
| | |
| | | #!powershell |
| | | # This file is part of Ansible |
| | | # |
| | | # Copyright 2018, Jimmy Conner <jconner@redhat.com> |
| | | # |
| | | # Ansible is free software: you can redistribute it and/or modify |
| | | # it under the terms of the GNU General Public License as published by |
| | | # the Free Software Foundation, either version 3 of the License, or |
| | | # (at your option) any later version. |
| | | # |
| | | # Ansible is distributed in the hope that it will be useful, |
| | | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | # GNU General Public License for more details. |
| | | # |
| | | # You should have received a copy of the GNU General Public License |
| | | # along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
| | | |
| | | # WANT_JSON |
| | | # POWERSHELL_COMMON |
| | | |
| | | $params = Parse-Args $args -supports_check_mode $true |
| | | |
| | | $hostname = Get-AnsibleParam -obj $params -name "hostname" -type "str" -failifempty $true |
| | | $zone = Get-AnsibleParam -obj $params -name "zone" -type "str" -failifempty $true |
| | | $ipaddr = Get-AnsibleParam -obj $params -name "ipaddr" -type "str" -default "" |
| | | $timetolive = Get-AnsibleParam -obj $params -name "timetolive" -type "str" -default "01:00:00" |
| | | $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "present","absent" -default "present" |
| | | |
| | | $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false |
| | | |
| | | $result = @{ |
| | | changed = $false |
| | | msg = "" |
| | | } |
| | | |
| | | # Determine if AD Domain is setup |
| | | try { |
| | | $domain = get-addomain |
| | | } catch { |
| | | $errormsg = $_.Exception.Message |
| | | Fail-Json $result "AD Domain not setup: $errormsg" |
| | | } |
| | | |
| | | if ($state -eq 'present' -and $ipaddr -eq "") { |
| | | Fail-Json $result "ipaddr can not be blank if state = present" |
| | | } |
| | | |
| | | try { |
| | | $exists = Get-DnsServerResourceRecord -ZoneName $zone -Name $hostname -ErrorAction SilentlyContinue |
| | | if ($state -eq 'present') { |
| | | if ($exists) { |
| | | $ip = $exists.RecordData.IPv4Address.IPAddressToString |
| | | # Check if we need to update the Entry |
| | | if ($ip -ne $ipaddr) { |
| | | if (-not $check_mode) { |
| | | Remove-DnsServerResourceRecord -ZoneName $zone -RRType "A" -Name $hostname -Force |
| | | Add-DnsServerResourceRecordA -Name "$hostname" ` |
| | | -ZoneName "$zone" ` |
| | | -IPv4Address "$ipaddr" ` |
| | | -AllowUpdateAny ` |
| | | -AgeRecord ` |
| | | -TimeToLive $timetolive |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "DNS A Record: Updated: ($ip) >> ($ipaddr)" |
| | | } else { |
| | | # Record exists and doesn't need to be updated |
| | | $result.msg = "DNS A Record: Present: $hostname ($ipaddr)" |
| | | } |
| | | } else { |
| | | if (-not $check_mode) { |
| | | Add-DnsServerResourceRecordA -Name "$hostname" ` |
| | | -ZoneName "$zone" ` |
| | | -IPv4Address "$ipaddr" ` |
| | | -AllowUpdateAny ` |
| | | -AgeRecord ` |
| | | -TimeToLive $timetolive |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "DNS A Record: Added: $hostname ($ipaddr)" |
| | | } |
| | | } else { |
| | | if ($exists) { |
| | | if (-not $check_mode) { |
| | | Remove-DnsServerResourceRecord -ZoneName $zone -RRType "A" -Name $hostname -Force |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "DNS A Record: Removed: $hostname ($ipaddr)" |
| | | } else { |
| | | $result.msg = "DNS A Record: Absent: $hostname ($ipaddr)" |
| | | } |
| | | } |
| | | } |
| | | catch { |
| | | Fail-Json $result $_.Exception.Message |
| | | } |
| | | |
| | | Exit-Json $result |
New file |
| | |
| | | #!/usr/bin/python |
| | | # -*- coding: utf-8 -*- |
| | | |
| | | # This file is part of Ansible |
| | | # |
| | | # Copyright 2018, Jimmy Conner <jconner@redhat.com> |
| | | # |
| | | # Ansible is free software: you can redistribute it and/or modify |
| | | # it under the terms of the GNU General Public License as published by |
| | | # the Free Software Foundation, either version 3 of the License, or |
| | | # (at your option) any later version. |
| | | # |
| | | # Ansible is distributed in the hope that it will be useful, |
| | | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | # GNU General Public License for more details. |
| | | # |
| | | # You should have received a copy of the GNU General Public License |
| | | # along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
| | | |
| | | # this is a windows documentation stub. actual code lives in the .ps1 |
| | | # file of the same name |
| | | |
| | | DOCUMENTATION = ''' |
| | | --- |
| | | module: win_ad_dnsrecord |
| | | version_added: "2.6" |
| | | short_description: Manages DNS A Record on Windows DNS Server |
| | | description: |
| | | - Manages DNS A Record on Windows DNS Server |
| | | options: |
| | | hostname: |
| | | description: Specifies a host name |
| | | required: yes |
| | | zone: |
| | | description: Specifies the name of a DNS zone |
| | | required: yes |
| | | ipaddr: |
| | | description: Specifies an IPv4 address (required if state = present) |
| | | required: no |
| | | timetolive: |
| | | description: Specifies the Time to Live (TTL) value, in seconds, for a resource record. Specified in Time Format ex: 01:00:00 |
| | | required: no |
| | | default: 01:00:00 |
| | | state: |
| | | description: If present then a DNS record is created. If absent the DNS record is deleted |
| | | choices: ['present', 'absent'] |
| | | default: 'present' |
| | | author: Jimmy Conner (jconner@redhat.com) |
| | | ''' |
| | | |
| | | EXAMPLES = r''' |
| | | - name: Create / Update DNS A Record |
| | | win_ad_dnsrecord: |
| | | hostname: myserver1 |
| | | zone: mydomain.pvt |
| | | ipaddr: 192.168.0.2 |
| | | timetolive: 01:00:00 |
| | | state: present |
| | | |
| | | - name: Remove DNS A Record |
| | | win_ad_dnsrecord: |
| | | hostname: myserver1 |
| | | zone: mydomain.pvt |
| | | state: absent |
| | | ''' |
New file |
| | |
| | | #!powershell |
| | | # This file is part of Ansible |
| | | # |
| | | # Copyright 2018, Jimmy Conner <jconner@redhat.com> |
| | | # |
| | | # Ansible is free software: you can redistribute it and/or modify |
| | | # it under the terms of the GNU General Public License as published by |
| | | # the Free Software Foundation, either version 3 of the License, or |
| | | # (at your option) any later version. |
| | | # |
| | | # Ansible is distributed in the hope that it will be useful, |
| | | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | # GNU General Public License for more details. |
| | | # |
| | | # You should have received a copy of the GNU General Public License |
| | | # along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
| | | |
| | | # WANT_JSON |
| | | # POWERSHELL_COMMON |
| | | |
| | | $params = Parse-Args $args -supports_check_mode $true |
| | | |
| | | $subnet = Get-AnsibleParam -obj $params -name "subnet" -type "str" -failifempty $true |
| | | $zonename = Get-AnsibleParam -obj $params -name "zonename" -type "str" -failifempty $true |
| | | $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "present","absent" -default "present" |
| | | |
| | | $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false |
| | | |
| | | $result = @{ |
| | | changed = $false |
| | | msg = "" |
| | | } |
| | | |
| | | # Determine if AD Domain is setup |
| | | try { |
| | | $domain = get-addomain |
| | | } catch { |
| | | $errormsg = $_.Exception.Message |
| | | Fail-Json $result "AD Domain not setup: $errormsg" |
| | | } |
| | | |
| | | try { |
| | | $exists = $false |
| | | $zones = Get-DnsServerZone |
| | | foreach ($zone in $zones) { |
| | | if ($zone.ZoneName -eq $zonename) { |
| | | $exists = $true |
| | | } |
| | | } |
| | | |
| | | if ($state -eq "present") { |
| | | if ($exists) { |
| | | # Record exists and doesn't need to be updated |
| | | $result.msg = "DNS Zone: Present: $zonename" |
| | | } else { |
| | | if (-not $check_mode) { |
| | | Add-DnsServerPrimaryZone -NetworkId "$subnet" -DynamicUpdate Secure -ReplicationScope Domain |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "DNS Zone: Added: $zonename ($subnet)" |
| | | } |
| | | } else { |
| | | if ($exists) { |
| | | if (-not $check_mode) { |
| | | Remove-DnsServerZone -Name "$zonename" -Force |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "DNS Zone: Removed: $zonename" |
| | | } else { |
| | | $result.msg = "DNS Zone: Absent: $zonename" |
| | | } |
| | | } |
| | | } catch { |
| | | Fail-Json $result $_.Exception.Message |
| | | } |
| | | |
| | | Exit-Json $result |
New file |
| | |
| | | #!powershell |
| | | # This file is part of Ansible |
| | | # |
| | | # Copyright 2018, Jimmy Conner <jconner@redhat.com> |
| | | # |
| | | # Ansible is free software: you can redistribute it and/or modify |
| | | # it under the terms of the GNU General Public License as published by |
| | | # the Free Software Foundation, either version 3 of the License, or |
| | | # (at your option) any later version. |
| | | # |
| | | # Ansible is distributed in the hope that it will be useful, |
| | | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | # GNU General Public License for more details. |
| | | # |
| | | # You should have received a copy of the GNU General Public License |
| | | # along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
| | | |
| | | # WANT_JSON |
| | | # POWERSHELL_COMMON |
| | | |
| | | $params = Parse-Args $args -supports_check_mode $true |
| | | |
| | | $suffixes = (Get-AnsibleParam -obj $params -name "suffixes" -type "list" -failifempty $true) -join "," |
| | | $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false |
| | | |
| | | $result = @{ |
| | | changed = $false |
| | | msg = "" |
| | | } |
| | | |
| | | try { |
| | | $current = ((Get-DnsClientGlobalSetting | Select SuffixSearchList).SuffixSearchList) -join "," |
| | | if ($suffixes -eq $current) { |
| | | $result.msg = "Suffixes are present" |
| | | } else { |
| | | if (-not $check_mode) { |
| | | Set-DnsClientGlobalSetting -SuffixSearchList $suffixes |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "Updated Suffixes: Original: ($current) -- New: ($suffixes)" |
| | | } |
| | | } |
| | | catch { |
| | | Fail-Json $result $_.Exception.Message |
| | | } |
| | | |
| | | Exit-Json $result |
New file |
| | |
| | | --- |
| | | - name: Disable firewall for Domain, Public, and Private profiles |
| | | win_firewall: |
| | | state: disabled |
| | | profiles: |
| | | - Domain |
| | | - Private |
| | | - Public |
| | | |
| | | - name: Set hostname |
| | | win_hostname: |
| | | name: "{{ hostvars[inventory_hostname].instance_name }}" |
| | | register: win_hostname |
| | | |
| | | - name: Reboot if required |
| | | win_reboot: |
| | | when: win_hostname.reboot_required |
| | | |
| | | - name: Install AD-Domain-Services |
| | | win_feature: |
| | | name: AD-Domain-Services |
| | | state: present |
| | | include_management_tools: True |
| | | include_sub_features: True |
| | | register: winfeature |
| | | |
| | | - name: Reboot if needed |
| | | win_reboot: |
| | | when: winfeature.changed |
| | | |
| | | - name: Create DNS Domain |
| | | win_domain: |
| | | dns_domain_name: "{{ dns_domain_name }}" |
| | | safe_mode_password: "{{ windows_password }}" |
| | | register: windomain |
| | | |
| | | - name: Reboot if needed |
| | | win_reboot: |
| | | when: |
| | | - windomain.reboot_required |
| | | |
| | | - name: Wait for Active Directory Web Services port |
| | | win_wait_for: |
| | | host: localhost |
| | | port: 9389 |
| | | timeout: 600 |
| | | |
| | | - name: Ensure AD Services are started |
| | | win_service: |
| | | name: "{{ item }}" |
| | | state: started |
| | | start_mode: auto |
| | | with_items: |
| | | - dns |
| | | - adws |
| | | |
| | | - name: Set Reverse Lookup Zone |
| | | win_ad_reverse_dnszone: |
| | | subnet: "{{ ptr_zone_cidr }}" |
| | | zonename: "{{ ptr_zone_name }}" |
| | | state: present |
| | | register: reverse |
| | | until: reverse is not failed |
| | | retries: 100 |
| | | |
| | | - name: Create DNS A records |
| | | win_ad_dnsrecord: |
| | | hostname: "{{ hostvars[item]['instance_name'] }}" |
| | | zone: "{{ dns_domain_name }}" |
| | | ipaddr: "{{ hostvars[item]['private_ip_address'] }}" |
| | | state: present |
| | | with_items: |
| | | - "gitlab.{{ chomped_zone_internal_dns }}" |
| | | - "tower.{{ chomped_zone_internal_dns }}" |
| | | - "win1.{{ chomped_zone_internal_dns }}" |
| | | - "win2.{{ chomped_zone_internal_dns }}" |
| | | |
| | | - name: Add windows group |
| | | win_domain_group: |
| | | name: Ansible Users |
| | | scope: global |
| | | |
| | | - name: Add windows domain admin |
| | | win_domain_user: |
| | | name: "Admin" |
| | | upn: "Admin@{{ dns_domain_name }}" |
| | | state: present |
| | | enabled: yes |
| | | account_locked: no |
| | | groups: |
| | | - Domain Admins |
| | | password: "{{ windows_password }}" |
| | | update_password: on_create |
| | | password_expired: false |
| | | firstname: admin |
| | | surname: user |
| | | company: Training |
| | | email: "Admin@{{ dns_domain_name }}" |
| | | |
| | | - name: Add windows AD users |
| | | win_domain_user: |
| | | name: "{{ user_prefix }}" |
| | | upn: "{{ user_prefix }}@{{ dns_domain_name }}" |
| | | state: present |
| | | enabled: yes |
| | | account_locked: no |
| | | groups: |
| | | - Ansible Users |
| | | password: "{{ windows_password }}" |
| | | update_password: on_create |
| | | password_expired: false |
| | | firstname: "{{ user_prefix }}" |
| | | surname: "student" |
| | | company: Training |
| | | email: "{{ user_prefix }}@{{ dns_domain_name }}" |
| | | |
| | | - name: Set DNS search string |
| | | win_dns_searchsuffix: |
| | | suffixes: |
| | | - "{{ dns_domain_name }}" |
| | | |
| | | - name: Install RSAT feature |
| | | win_feature: |
| | | name: RSAT-AD-PowerShell |
| | | state: present |
| | | include_management_tools: yes |
| | | |
| | | - name: Extend password expiry |
| | | win_shell: | |
| | | import-module ActiveDirectory |
| | | $admin_passwd = ConvertTo-SecureString "{{ windows_password }}" -AsPlainText -Force |
| | | $admin_creds = New-Object System.Management.Automation.PSCredential ("EXAMPLE\Administrator", $admin_passwd) |
| | | Set-ADDefaultDomainPasswordPolicy -Identity example.com -Credential $admin_creds -MaxPasswordAge 90.00:00:00 |
| | | |
| | | # - name: Remove RSAT feature |
| | | # win_feature: |
| | | # name: RSAT-AD-PowerShell |
| | | # state: absent |
New file |
| | |
| | | --- |
| | | # defaults file for windows-common |
| | | dns_domain_name: "example.com" |
| | | domain_admin_password: "Micr0soft!" |
| | | # Grab the private IP of your windows DNS for your lab dns server |
| | | dns_servers: |
| | | - "{{ hostvars['windc'].ansible_host }}" |
| | | - 8.8.8.8 |
| | | |
New file |
| | |
| | | #!powershell |
| | | # This file is part of Ansible |
| | | # |
| | | # Copyright 2018, Jimmy Conner <jconner@redhat.com> |
| | | # |
| | | # Ansible is free software: you can redistribute it and/or modify |
| | | # it under the terms of the GNU General Public License as published by |
| | | # the Free Software Foundation, either version 3 of the License, or |
| | | # (at your option) any later version. |
| | | # |
| | | # Ansible is distributed in the hope that it will be useful, |
| | | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | # GNU General Public License for more details. |
| | | # |
| | | # You should have received a copy of the GNU General Public License |
| | | # along with Ansible. If not, see <http://www.gnu.org/licenses/>. |
| | | |
| | | # WANT_JSON |
| | | # POWERSHELL_COMMON |
| | | |
| | | $params = Parse-Args $args -supports_check_mode $true |
| | | |
| | | $suffixes = (Get-AnsibleParam -obj $params -name "suffixes" -type "list" -failifempty $true) -join "," |
| | | $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false |
| | | |
| | | $result = @{ |
| | | changed = $false |
| | | msg = "" |
| | | } |
| | | |
| | | try { |
| | | $current = ((Get-DnsClientGlobalSetting | Select SuffixSearchList).SuffixSearchList) -join "," |
| | | if ($suffixes -eq $current) { |
| | | $result.msg = "Suffixes are present" |
| | | } else { |
| | | if (-not $check_mode) { |
| | | Set-DnsClientGlobalSetting -SuffixSearchList $suffixes |
| | | } |
| | | $result.changed = $true |
| | | $result.msg = "Updated Suffixes: Original: ($current) -- New: ($suffixes)" |
| | | } |
| | | } |
| | | catch { |
| | | Fail-Json $result $_.Exception.Message |
| | | } |
| | | |
| | | Exit-Json $result |
New file |
| | |
| | | --- |
| | | - name: Discover domain controller host |
| | | set_fact: |
| | | dc_host: "{{groups['activedirectories'][0]}}" |
| | | |
| | | - name: Add domain controller private IP as DNS server |
| | | win_dns_client: |
| | | adapter_names: "*" |
| | | ipv4_addresses: "{{ hostvars[dc_host]['private_ip_address'] }}" |
| | | |
| | | - name: Set hostname |
| | | win_hostname: |
| | | name: "{{ hostvars[inventory_hostname].instance_name }}" |
| | | register: win_hostname |
| | | |
| | | - name: Reboot if required |
| | | win_reboot: |
| | | when: win_hostname.reboot_required |
| | | |
| | | - name: Set DNS search suffix to {{ dns_domain }} |
| | | win_dns_searchsuffix: |
| | | suffixes: |
| | | - "{{ dns_domain_name }}" |
| | | |
| | | - name: Add devops user in Administrators group |
| | | win_user: |
| | | account_locked: no |
| | | description: "{{Â item }} user" |
| | | fullname: "{{Â item }}" |
| | | groups: |
| | | - Administrators |
| | | - "Remote Management Users" |
| | | name: "{{Â item }}" |
| | | password: "{{ windows_password }}" |
| | | state: present |
| | | user_cannot_change_password: yes |
| | | with_items: |
| | | - 'devops' |
| | | |
| | | - name: Join Domain |
| | | block: |
| | | - name: Join Domain |
| | | win_domain_membership: |
| | | dns_domain_name: "{{ dns_domain_name }}" |
| | | domain_admin_user: "admin@{{ dns_domain_name }}" |
| | | domain_admin_password: "{{ windows_password }}" |
| | | state: domain |
| | | register: windomain |
| | | |
| | | - name: Reboot if needed |
| | | win_reboot: |
| | | when: windomain.reboot_required |
| | | |
| | | - name: Add Ansible group to a local Administrators |
| | | win_group_membership: |
| | | name: Administrators |
| | | members: |
| | | - "{{ dns_domain_name_short }}\\Ansible Users" |
| | | state: present |
| | | |
| | | - name: Add Ansible group to a local Remote Management Users |
| | | win_group_membership: |
| | | name: Remote Management Users |
| | | members: |
| | | - "{{ dns_domain_name_short }}\\Ansible Users" |
| | | state: present |
| | | |
| | | # We don't want win2 to join the main domain. |
| | | when: "'win2' not in inventory_hostname" |
New file |
| | |
| | | { |
| | | "git.enableSmartCommit": true, |
| | | "git.confirmSync": false, |
| | | "http.proxyStrictSSL": false |
| | | } |
New file |
| | |
| | | |
| | | - block: |
| | | - name: Create an shortcut to Advanced Docs site |
| | | win_shortcut: |
| | | src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe' |
| | | dest: '%UserProfile%\Desktop\Advanced Workshop Docs.lnk' |
| | | args: --new-window http://docs.{{ dns_domain_name }}/advanced/ |
| | | directory: '%ProgramFiles(x86)%\Google\Chrome\Application' |
| | | icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0' |
| | | |
| | | become: yes |
| | | become_user: "{{ dns_domain_name_short }}\\{{ user_prefix }}" |
| | | become_method: runas |
New file |
| | |
| | | |
| | | - block: |
| | | - name: Create an shortcut to GIT Docs site |
| | | win_shortcut: |
| | | src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe' |
| | | dest: '%UserProfile%\Desktop\GIT Workshop Docs.lnk' |
| | | args: --new-window http://docs.{{ dns_domain_name }}/git/ |
| | | directory: '%ProgramFiles(x86)%\Google\Chrome\Application' |
| | | icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0' |
| | | |
| | | become: yes |
| | | become_user: "{{ dns_domain_name_short }}\\{{ user_prefix }}" |
| | | become_method: runas |
New file |
| | |
| | | --- |
| | | - name: Change workstation administrator password |
| | | win_user: |
| | | account_locked: no |
| | | name: Administrator |
| | | password: "{{ workstation_password }}" |
| | | password_expired: no |
| | | update_password: always |
| | | password_never_expires: yes |
| | | state: present |
| | | |
| | | - name: Change ansible password for this server |
| | | set_fact: |
| | | ansible_password: "{{ workstation_password }}" |
| | | |
| | | - name: Remove domain student account from Remote Desktop Users |
| | | win_group_membership: |
| | | name: "Remote Desktop Users" |
| | | members: |
| | | - "{{ dns_domain_name_short }}\\{{ user_prefix }}" |
| | | state: absent |
| | | |
| | | - name: Remove specific users from Remote Management |
| | | win_group_membership: |
| | | name: "Remote Management Users" |
| | | members: |
| | | - "{{ dns_domain_name_short }}\\Ansible Users" |
| | | - "devops" |
| | | state: absent |
| | | |
| | | - name: Remove specific users from Administrators |
| | | win_group_membership: |
| | | name: "Administrators" |
| | | members: |
| | | - "{{ dns_domain_name_short }}\\Ansible Users" |
| | | - "devops" |
| | | state: absent |
| | | |
| | | - name: Add local student user to workstation |
| | | win_user: |
| | | account_locked: no |
| | | description: "Workstation Training account" |
| | | fullname: "Training User" |
| | | groups: |
| | | - Administrators |
| | | name: "{{ workstation_user }}" |
| | | password: "{{ workstation_password }}" |
| | | state: present |
| | | user_cannot_change_password: yes |
| | | |
| | | # TODO figure out why this doesn't work |
| | | # JR: Ansible just ignores this and runs as Administrator but when I set |
| | | # "become" vars via set_fact it uses them - go figure???? |
| | | # - become: yes |
| | | # become_user: "{{ workstation_user }}" |
| | | # become_method: runas |
| | | # become_flags: logon_type=new_credentials logon_flags=netcredentials_only |
| | | # vars: |
| | | # ansible_become_password: "{{ windows_password }}" |
| | | - block: |
| | | - name: Become student the hackish way |
| | | set_fact: |
| | | ansible_become_user: "{{ workstation_user }}" |
| | | ansible_become: yes |
| | | ansible_become_password: "{{ workstation_password }}" |
| | | ansible_become_method: runas |
| | | |
| | | - name: install Chocolatey |
| | | win_chocolatey: |
| | | name: chocolatey |
| | | state: present |
| | | |
| | | - name: disable enhanced exit codes |
| | | win_chocolatey_feature: |
| | | name: useEnhancedExitCodes |
| | | state: disabled |
| | | when: ansible_version.full is version_compare('2.8', '<') |
| | | |
| | | - name: Install Visual Studio Code, Git, and Chrome |
| | | win_chocolatey: |
| | | name: |
| | | - visualstudiocode |
| | | - git |
| | | - googlechrome |
| | | ignore_checksums: true |
| | | |
| | | - name: Create a shortcut to Tower site |
| | | win_shortcut: |
| | | src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe' |
| | | dest: '%UserProfile%\Desktop\Ansible Tower.lnk' |
| | | args: --new-window http://tower.{{ dns_domain_name }}/ |
| | | directory: '%ProgramFiles(x86)%\Google\Chrome\Application' |
| | | icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0' |
| | | |
| | | - name: Create a shortcut to the user's Gitlab ansible-playbooks repository |
| | | win_shortcut: |
| | | src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe' |
| | | dest: '%UserProfile%\Desktop\GitLab.lnk' |
| | | args: --new-window https://gitlab.{{ dns_domain_name }}/{{ user_prefix }} |
| | | directory: '%ProgramFiles(x86)%\Google\Chrome\Application' |
| | | icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0' |
| | | |
| | | - name: Create a shortcut to Ansible Docs site |
| | | win_shortcut: |
| | | src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe' |
| | | dest: '%UserProfile%\Desktop\Ansible Docs.lnk' |
| | | args: --new-window http://docs.ansible.com/ |
| | | directory: '%ProgramFiles(x86)%\Google\Chrome\Application' |
| | | icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0' |
| | | |
| | | - name: Set git to cache credentials |
| | | win_command: git config --global credential.helper manager |
| | | |
| | | - name: Allow insecure git repos for self signed certificates |
| | | win_command: git config --global http.sslVerify "false" |
| | | |
| | | - name: Set git user |
| | | win_command: git config --global user.name "{{ user_prefix }}" |
| | | |
| | | - name: Set git user email |
| | | win_command: git config --global user.email "{{ user_prefix }}@{{ dns_domain_name }}" |
| | | |
| | | - name: Set git password |
| | | win_shell: cmdkey /generic:LegacyGeneric:target=git:https://gitlab.{{ dns_domain_name }} /user:{{ user_prefix }} /pass:"{{ windows_password }}" |
| | | |
| | | - name: Set git password |
| | | win_shell: cmdkey /generic:LegacyGeneric:target=git:https://{{ user_prefix }}@gitlab.{{ dns_domain_name }} /user:{{ user_prefix }} /pass:"{{ windows_password }}" |
| | | |
| | | - name: Copy .gitconfig to user directory |
| | | win_copy: |
| | | src: C:\Windows\.gitconfig |
| | | dest: C:\Users\{{ workstation_user }}\.gitconfig |
| | | remote_src: True |
| | | |
| | | # - name: Clone student git repo |
| | | # win_command: git clone https://gitlab.{{ dns_domain_name }}/{{ user_prefix }}/{{ user_prefix }}.git |
| | | # args: |
| | | # chdir: C:\Users\{{ workstation_user }}\Documents |
| | | # creates: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }} |
| | | # |
| | | # - name: Create Readme file to intialize the repo |
| | | # win_copy: |
| | | # dest: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}\README.md |
| | | # content: "" |
| | | # register: initialize |
| | | # |
| | | # - name: Add initial file |
| | | # win_command: git add C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}\README.md |
| | | # args: |
| | | # chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }} |
| | | # when: initialize.changed |
| | | # |
| | | # - name: Commit initial file |
| | | # win_command: git commit -m "Initialize" |
| | | # args: |
| | | # chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }} |
| | | # when: initialize.changed |
| | | # |
| | | # - name: Push initial commit |
| | | # win_command: git push |
| | | # args: |
| | | # chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }} |
| | | # when: initialize.changed |
| | | |
| | | - name: Create VS Code Settings Directory |
| | | win_file: |
| | | path: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\ |
| | | state: directory |
| | | |
| | | - name: Create VS Code Settings Directory |
| | | win_file: |
| | | path: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\ |
| | | state: directory |
| | | |
| | | - name: Configure VS Code Settings File |
| | | win_copy: |
| | | src: files/settings.json |
| | | dest: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\settings.json |
| | | |
| | | - name: Set Chrome to default Browser |
| | | win_regedit: |
| | | path: HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\{{ item }}\UserChoice |
| | | name: ProgId |
| | | data: ChromeHTML |
| | | with_items: |
| | | - http |
| | | - https |
| | | |
| | | - name: Set Chrome to not ask about default browser |
| | | win_regedit: |
| | | path: HKLM:\Software\Policies\Google\Chrome |
| | | name: DefaultBrowserSettingEnabled |
| | | data: 0 |
| | | type: dword |
| | | |
| | | - name: Disable Chrome Welcome Screen |
| | | win_regedit: |
| | | path: HKLM:\Software\Policies\Google\Chrome |
| | | name: "{{ item }}" |
| | | data: 0 |
| | | type: dword |
| | | with_items: |
| | | - PromotionalTabsEnabled |
| | | - WelcomePageOnOSUpgradeEnabled |
| | | |
| | | - name: Disable Chrome Syncing |
| | | win_regedit: |
| | | path: HKLM:\Software\Policies\Google\Chrome |
| | | name: SyncDisabled |
| | | data: 1 |
| | | type: dword |
| | | |
| | | - name: Disable Server Management at Startup |
| | | win_regedit: |
| | | path: HKCU:\Software\Microsoft\ServerManager\ |
| | | name: DoNotOpenServerManagerAtLogon |
| | | data: 1 |
| | | type: dword |
| | | |
| | | - name: Remove EC2 Feedback Icon |
| | | win_file: |
| | | path: C:\Users\{{ workstation_user }}\Desktop\EC2 Feedback.website |
| | | state: absent |
| | | |
| | | - name: Remove EC2 Website Icon |
| | | win_file: |
| | | path: C:\Users\{{ workstation_user }}\Desktop\EC2 Microsoft Windows Guide.website |
| | | state: absent |
| | | always: |
| | | - name: Restore ansible user info |
| | | set_fact: |
| | | ansible_become: no |
| | | |
| | | # become: yes |
| | | # become_user: "{{ workstation_user }}" |
| | | # become_method: runas |
| | | # become_flags: logon_type=new_credentials logon_flags=netcredentials_only |
| | | # vars: |
| | | # ansible_become_password: "{{ windows_password }}" |
| | | |
| | | - include_tasks: myrtille.yml |
| | | |
| | | - include_tasks: git_lab.yml |
| | | when: git_lab | d(false) | bool |
| | | |
| | | - include_tasks: adv_lab.yml |
| | | when: advanced_lab | d(false) | bool |
New file |
| | |
| | | # https://github.com/cedrozor/myrtille |
| | | |
| | | - name: Install IIS and .Net 4.5 on Server |
| | | win_feature: |
| | | name: |
| | | - Web-Server |
| | | - NET-Framework-Core |
| | | # - Application-Server |
| | | - Web-Asp-Net45 |
| | | include_management_tools: True |
| | | state: present |
| | | when: "'Windows 10' not in ansible_distribution" |
| | | |
| | | - name: Install IIS and .Net 4.5 on Non-Server |
| | | win_dsc: |
| | | resource_name: WindowsOptionalFeature |
| | | Name: "{{ item }}" |
| | | Ensure: Enable |
| | | when: "'Windows 10' in ansible_distribution" |
| | | loop: |
| | | - IIS-WebServerRole |
| | | - IIS-WebServer |
| | | - NetFx4Extended-ASPNET45 |
| | | - IIS-NetFxExtensibility45 |
| | | - IIS-ISAPIExtensions |
| | | - IIS-ISAPIFilter |
| | | - IIS-ASPNET45 |
| | | |
| | | - name: Create temp directory |
| | | win_file: |
| | | path: C:\Temp\ |
| | | state: directory |
| | | |
| | | - name: Check if Myrtille is downloaded |
| | | win_stat: |
| | | path: C:\Temp\Myrtille_2.3.1_x86_x64_Setup.exe |
| | | register: myrtille |
| | | |
| | | # The following fails because windows defaults to TLS 1.0 and Github now requires 1.2 |
| | | # - name: Download Myrtille to specified path only if modified |
| | | # win_get_url: |
| | | # url: https://github.com/cedrozor/myrtille/releases/download/v2.3.1/Myrtille_2.3.1_x86_x64_Setup.exe |
| | | # dest: C:\Temp\Myrtille_2.3.1_x86_x64_Setup.exe |
| | | # when: not myrtille.stat.exists |
| | | |
| | | - name: Download Myrtille to specified path only if modified |
| | | win_shell: "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://github.com/cedrozor/myrtille/releases/download/v2.3.1/Myrtille_2.3.1_x86_x64_Setup.exe' -OutFile 'C:\\Temp\\Myrtille_2.3.1_x86_x64_Setup.exe'" |
| | | when: not myrtille.stat.exists |
| | | |
| | | - name: Extract the binary |
| | | win_command: Myrtille_2.3.1_x86_x64_Setup.exe -o "C:\Temp" -y |
| | | args: |
| | | chdir: C:\Temp\ |
| | | creates: C:\Temp\setup.exe |
| | | |
| | | - name: Install Myrtille |
| | | win_package: |
| | | path: C:\Temp\setup.exe |
| | | arguments: /q |
| | | creates_path: C:\Program Files (x86)\Myrtille |
| | | |
| | | - name: Disable NTLM RDP Authetication requirement |
| | | win_regedit: |
| | | path: HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp |
| | | name: "{{ item }}" |
| | | data: 0 |
| | | type: dword |
| | | with_items: |
| | | - SecurityLayer |
| | | - UserAuthentication |
| | | |
| | | - name: Create RDP Application |
| | | win_iis_webapplication: |
| | | name: rdp |
| | | site: Default Web Site |
| | | application_pool: MyrtilleAppPool |
| | | physical_path: C:\Program Files (x86)\Myrtille\ |
| | | state: present |