initial working version of windows-ad for ans-tower-lab

sborenst

2017-09-26 4e49fc2ff1a204d2b0aca0c6d7f4b65767182652

initial working version of windows-ad for ans-tower-lab

 ansible/configs/ans-tower-lab/env_vars.yml

@@ -16,7 +16,7 @@
### Common Host settings

repo_method: file # Other Options are: file, satellite and rhn

windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg=='

# Do you want to run a full yum update
update_packages: false
@@ -133,6 +133,10 @@
#tower_public_dns: "tower.{{subdomain_base}}."
bastion_public_dns: "bastion.{{subdomain_base}}."
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"

activedirectory_public_dns: "ad.{{subdomain_base}}."
activedirectory_public_dns_chomped: "ad.{{subdomain_base}}"

vpcid_cidr_block: "192.168.0.0/16"
vpcid_name_tag: "{{subdomain_base}}"


 ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2

@@ -31,7 +31,7 @@
        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315"
      },
      "ap-southeast-2": {
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-468f9225"
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925"
      },
      "sa-east-1": {
        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4"
@@ -224,6 +224,28 @@
        "HostedZoneConfig": {
          "Comment": "Created By ansible agnostic deployer"
        }
      }
    },
    "WindowsDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "Windows1EIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{activedirectory_public_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows1",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "BastionDNS": {
@@ -833,7 +855,12 @@
      }

    },

    "Windows{{loop.index}}EIP" : {
    "Type" : "AWS::EC2::EIP",
    "DependsOn": [ "windows{{loop.index}}" ],
    "Properties" : {
     "InstanceId" : { "Ref" : "windows{{loop.index}}" }
    }},
    "windows{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {

 ansible/configs/ans-tower-lab/pre_infra.yml

@@ -32,6 +32,7 @@
      - name: set_fact windows_password (just generated)
        set_fact:
          generated_windows_password: "{{ password_gen_r.stdout }}"
          windows_password: "{{ password_gen_r.stdout }}"
        when: not passwordfile.stat.exists

      - name: set_fact windows_password (previously generated)

 ansible/configs/ans-tower-lab/pre_software.yml

@@ -69,6 +69,7 @@

- name: Place Tower License from env_secret_vars on bastion
  hosts: "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') }}"
  become: yes
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
@@ -77,6 +78,7 @@
    - place_tower_license_file
  tasks:
    - blockinfile:
        create: yes
        path: /root/tower_license.txt
        block: "{{tower_license}}"
      when: tower_license is defined

 ansible/roles/set-repositories/tasks/rhn-repos.yml

@@ -21,7 +21,7 @@

# TODO: should take pool ids from a var
- name: get product pool id
  shell: /usr/bin/subscription-manager list --all --available --matches="*OpenShift Container Platform*" | awk '/Pool ID/ {print $3}' | head -1
  shell: /usr/bin/subscription-manager list --all --available --matches="*{{rhn_pool_id_string}}*" | awk '/Pool ID/ {print $3}' | head -1
  # command: subscription-manager list --all --available --matches="OpenShift Container Platform" | awk '/Pool ID/ {print $3}' | head -1
  register: pool_id
  until: pool_id | succeeded

 ansible/roles/windows-ad/defaults/main.yml

@@ -1,5 +1,6 @@
---
ad_domain_name: "{{ ec2_tag_internaldns }}"
#ad_domain_name: "{{ ec2_tag_internaldns }}"
ad_domain_name: "{{activedirectory_public_dns_chomped}}"
ad_safe_mode_password: "{{ windows_password | default(generated_windows_password) }}"
ad_admin_user: "admin@{{ ad_domain_name}}"
ad_admin_password: "{{ windows_password | default(generated_windows_password) }}"

 ansible/roles/windows-ad/tasks/main.yml

@@ -5,11 +5,20 @@
    include_management_tools: yes
    include_sub_features: yes

- name: Promote to domain controller
  win_domain_controller:

- name: Setup Active Directory Controller
  win_domain:
    dns_domain_name: "{{ ad_domain_name }}"
    safe_mode_password: "{{ ad_safe_mode_password }}"
    domain_admin_user: "{{ ad_admin_user }}"
    domain_admin_password: "{{ ad_admin_password }}"
    state: domain_controller
  register: result
    safe_mode_password: "{{ windows_password }}"
  register: active_directory_controllers

- name: reboot once DC created
  win_reboot:
  when: active_directory_controllers.reboot_required

- name: List DCs in domain
  win_shell: "nltest /dclist:{{ ad_domain_name }}"
  register: domain_list

- debug:
    var: domain_list

 ansible/roles/windows-common/tasks/main.yml

@@ -1,3 +1,12 @@
---
# pip install pywinrm


- include: sshd.yml
  when: install_win_ssh | bool

- win_shell: "systeminfo | findstr /C:OS"
  register: windows_system_info

- debug:
    var: windows_system_info