WIP: completed code review 1) compared with phase 1 skylight plays/roles 2)...

Jim Rigsbee

2019-09-25 f0dbbfde893337c429c18cc0a81d500947ba7a72

WIP: completed code review
1) compared with phase 1 skylight plays/roles
2) fixed bugs found while testing
3) added post-software flight check

 ansible/configs/ansible-skylight/env_vars.yml

@@ -78,7 +78,7 @@
windows_instance_count: 2
windows_instance_type: "t3.medium"

windows_workstation_instance_type: "t3.medium"
windows_workstation_instance_type: "t3.large"

activedirectory_instance_count: 1
activedirectory_instance_type: "t3.medium"
@@ -295,7 +295,7 @@
    UserData: "{{ lookup('template', '../configs/{{ env_type }}/templates/win_ec2_userdata.j2') }}"
    tags:
      - key: "AnsibleGroup"
        value: "workstations,windows_servers"
        value: "workstations"
      - key: "ostype"
        value: "windows"

@@ -333,6 +333,7 @@

# Windows Default account
user_prefix: student
workstation_user: training 

###################### GITLAB INFO #######################
# Gitlab variables

 ansible/configs/ansible-skylight/files/cloud_providers/ec2_cloud_template.j2

@@ -246,8 +246,13 @@
        Value: "{{project_tag}}"
      - Key: "{{project_tag}}"
        Value: "{{ instance['name'] }}"
{% if instance['unique'] | default(false) %}
      - Key: "instance_name"
        Value: "{{ instance['name'] }}"
{% else %}
      - Key: "instance_name"
        Value: "{{ instance['name'] }}{{instancecount.index}}" 
{% endif %}
      - Key: "env_type"
        Value: "{{ env_type }}"
      - Key: "guid"

 ansible/configs/ansible-skylight/files/hosts_template.j2

@@ -1,64 +1,42 @@
[all:vars]
{% if ssh_port is defined %}
ansible_port={{ ssh_port }}
{% endif %}

[windows:vars]
[windows_hosts:vars]
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignore
ansible_port=5986

[windows_workstations:vars]
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignore
ansible_port=5986

[windows_domain_controllers:vars]
[activedirectories:vars]
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
ansible_user={{ hostvars[host].ansible_user }}
ansible_password="{{ windows_password }}"

[tower:vars]
ansible_port=22
ansible_ssh_user={{ ansible_user }}
ansible_ssh_private_key_file="/root/.ssh/{{ env_authorized_key }}.pem"

[gitlab:vars]
ansible_port=22
ansible_ssh_user={{ ansible_user }}
ansible_ssh_private_key_file="/root/.ssh/{{ env_authorized_key }}.pem"

[infra]
{% for host in hostvars %}
{%   if "windc" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   elif "gitlab" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }}
{%   endif %}
{% endfor %}

[windows]
[windows_hosts]
{% for host in hostvars %}
{%   if "win1" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   elif "win2" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   elif "workstation" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ workstation_password }}" private_ip={{ hostvars[host].private_ip_address }}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ workstation_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   endif %}
{% endfor %}

{% for group in groups %}
{% if 'tag' not in group and 'unknowns' not in group and 'ungrouped' not in group %}
{% if 'tag' not in group and 'unknowns' not in group and 'ungrouped' not in group and 'linux' not in group and 'towers' not in group and 'gitlab' not in group and 'bastions' not in group %}

[{{group}}]
{%   for entry in groups[group] %}
{%     for host in hostvars %}
{%       if entry == host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }}
{%       if entry == host and 'bastion' not in entry %}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }}
{%       endif %}
{%     endfor %}
{%   endfor %}

 ansible/configs/ansible-skylight/post_software.yml

@@ -23,15 +23,34 @@
    - name: Copy Ansible Inventory for this environment
      win_copy:
        src: "{{output_dir}}/hosts-{{ env_type }}-{{ guid }}"
        dest: "C:\\inventory.ini"     
        dest: "C:\\inventory.ini"

- name: PostSoftware flight-check
  hosts: localhost
  connection: local
  hosts: towers
  gather_facts: false
  become: false
  become: true
  tags:
    - post_flight_check
  tasks:
    - name: Get rid of conflicting SSL library
      package:
        name: pyOpenSSL
        state: absent

    - name: Upgrade requests-credssp module
      pip:
        name: requests-credssp
        state: latest

    - name: Test Ansible connectivity to Windows servers
      shell: |
        ansible windows -m win_ping
      register: ansible_check
      ignore_errors: true

    - debug:
        msg: "[ERROR] Ansible connectivity from Tower failed"
      when: ansible_check is failed

    - debug:
        msg: "Post-Software checks completed successfully"

 ansible/configs/ansible-skylight/software.yml

@@ -16,7 +16,9 @@
    - skylight-windows-ad

- name: Step 002 software - Configure Windows Servers
  hosts: windows_servers
  hosts:
    - windows_servers
    - workstations
  gather_facts: true
  tags:
    - windows-servers
@@ -69,13 +71,10 @@
  roles:
    - skylight-windows-workstation

- name: Software flight-check
- name: Step 00xxxxx software
  hosts: localhost
  connection: local
  gather_facts: false
  gather_facts: False
  become: false
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Software checks completed successfully"
        msg: "Software tasks Ended"

 ansible/roles/skylight-ansible-tower/tasks/main.yml

@@ -17,6 +17,7 @@
      - nano
      - bind-utils
      - python-pip
      - python-ldap3
    state: present

#- name: Install devel branch

 ansible/roles/skylight-ansible-tower/tasks/setup.yml

@@ -254,7 +254,7 @@
    user: admin
    password: "{{ tower_admin_password }}"
    body:
      id: "{{ host_id.json.results[0].id }}"
      '{ "id": {{ host_id.json.results[0].id | int }} }'
    body_format: json
    validate_certs: False
    force_basic_auth: yes
@@ -288,7 +288,7 @@
    method: PATCH
    user: admin
    password: "{{ tower_admin_password }}"
    body: '{ "TOWER_URL_BASE": "https://s{{ userid }}-tower.{{ dns_domain_name }}" }'
    body: '{ "TOWER_URL_BASE": "https://tower.{{ dns_domain_name }}" }'
    body_format: json
    validate_certs: False
    force_basic_auth: yes

 ansible/roles/skylight-ansible-tower/templates/host_inventory.j2

@@ -1,64 +1,42 @@
[all:vars]
{% if ssh_port is defined %}
ansible_port={{ ssh_port }}
{% endif %}

[windows:vars]
[windows_hosts:vars]
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignore
ansible_port=5986

[windows_workstations:vars]
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignore
ansible_port=5986

[windows_domain_controllers:vars]
[activedirectories:vars]
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
ansible_user={{ hostvars[host].ansible_user }}
ansible_password="{{ windows_password }}"

[tower:vars]
ansible_port=22
ansible_ssh_user={{ ansible_user }}
ansible_ssh_private_key_file="/root/.ssh/{{ env_authorized_key }}.pem"

[gitlab:vars]
ansible_port=22
ansible_ssh_user={{ ansible_user }}
ansible_ssh_private_key_file="/root/.ssh/{{ env_authorized_key }}.pem"

[infra]
{% for host in hostvars %}
{%   if "windc" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   elif "gitlab" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }}
{%   endif %}
{% endfor %}

[windows]
[windows_hosts]
{% for host in hostvars %}
{%   if "win1" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   elif "win2" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   elif "workstation" in host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ windows_password }}" private_ip={{ hostvars[host].private_ip_address }}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }} ansible_user={{ hostvars[host].ansible_user }} ansible_password="{{ workstation_password }}" private_ip={{ hostvars[host].private_ip_address }}
{%   endif %}
{% endfor %}

{% for group in groups %}
{% if 'tag' not in group and 'unknowns' not in group and 'ungrouped' not in group %}
{% if 'tag' not in group and 'unknowns' not in group and 'ungrouped' not in group and 'linux' not in group and 'towers' not in group and 'gitlab' not in group and 'bastions' not in group %}

[{{group}}]
{%   for entry in groups[group] %}
{%     for host in hostvars %}
{%       if entry == host %}
{{ host }} ansible_host={{ hostvars[host].private_ip_address }}
{%       if entry == host and 'bastion' not in entry %}
{{ hostvars[host].instance_name }}.{{ dns_domain_name }} ansible_host={{ hostvars[host].private_ip_address }}
{%       endif %}
{%     endfor %}
{%   endfor %}

 ansible/roles/skylight-ansible-tower/templates/tower_host.json.j2

@@ -3,6 +3,5 @@
    "description": "",
    "inventory": "{{ inventory_id.json.results[0].id }}",
    "enabled": true,
    "instance_id": "",
    "variables": "ansible_port: 5986\nansible_connection: winrm\nansible_winrm_server_cert_validation: ignore\nansible_winrm_transport: ntlm"
    "instance_id": ""
}

 ansible/roles/skylight-do417-repos/tasks/main.yml

@@ -1,23 +1,36 @@
---
- name: Remove repo directory
  file:
    path: /tmp/do417-labs
    path: /tmp/do417
    state: absent

- name: Get ssh key for Github
  copy:
    src: "{{ github_ssh_key }}"
    dest: /tmp/github_ssh_key
    mode: 0400
    owner: "{{ ansible_user }}"

- name: Get lab source code
  git:
     clone: yes
     force: yes
     dest: "/tmp/do417-labs"
     repo: "https://github.com/jimrigsbee/do417-labs"
    clone: yes
    force: yes
    dest: "/tmp/do417"
    repo: "ssh://git@github.com/RedHatTraining/do417.git"
    key_file: /tmp/github_ssh_key

- name: Remove ssh key for Github
  file:
    path: /tmp/github_ssh_key
    state: absent

- name: Remove .git directory
  file:
    path: /tmp/do417-labs/.git
    path: /tmp/do417/.git
    state: absent

- name: Determining material directories
  command: find /tmp/do417-labs/ -maxdepth 1 -mindepth 1 -type d -printf '%f\n'
  command: find /tmp/do417/classroom/infrastructure/playbooks/files/src -maxdepth 1 -mindepth 1 -type d -printf '%f\n'
  register: repos_name

- name: Retrieve access token
@@ -97,9 +110,9 @@

- name: Copying files for repositories
  copy:
    src: "/tmp/do417-labs/{{ item }}/"
    src: "/tmp/do417/classroom/infrastructure/playbooks/files/src/{{ item }}/"
    dest: "/tmp/{{ item }}/"
    remote_src: true 
    remote_src: true
  with_items: "{{ repos_name.stdout_lines }}"

- name: Load files into repositories

 ansible/roles/skylight-gitlab-env/tasks/api.yml

@@ -39,45 +39,45 @@
        "skip_confirmation": true
      }

- name: GitLab Post | Get local user information via API
  uri:
    url: https://gitlab.{{ dns_domain_name }}/api/v4/users?username={{ user_prefix }}
    method: GET
    validate_certs: no
    status_code:
      - 200
      - 201
    headers:
      Content-Type: application/json
      Authorization: Bearer {{ gitlab_access_token.json.access_token }}
  register: gitlab_local_users

- name: debug
  debug:
    var: gitlab_local_users

- name: GitLab Post | Create Projects via API
  uri:
    url: https://gitlab.{{ dns_domain_name }}/api/v4/projects/user/{{ item.id }}
    method: POST
    validate_certs: no
    status_code:
      - 200
      - 201
      - 409
      - 400
    body_format: json
    headers:
      Content-Type: application/json
      Authorization: Bearer {{ gitlab_access_token.json.access_token }}
    body: >
      {
        "name": "{{ item.name }}",
        "group": "{{ item.name }}",
        "issues_enabled": false,
        "wiki_enabled": false,
        "snippets_enabled": false
      }
  with_items:
    - "{{ gitlab_local_users.json }}"
  when: item.id is defined
# - name: GitLab Post | Get local user information via API
#   uri:
#     url: https://gitlab.{{ dns_domain_name }}/api/v4/users?username={{ user_prefix }}
#     method: GET
#     validate_certs: no
#     status_code:
#       - 200
#       - 201
#     headers:
#       Content-Type: application/json
#       Authorization: Bearer {{ gitlab_access_token.json.access_token }}
#   register: gitlab_local_users
#
# - name: debug
#   debug:
#     var: gitlab_local_users
#
# - name: GitLab Post | Create Projects via API
#   uri:
#     url: https://gitlab.{{ dns_domain_name }}/api/v4/projects/user/{{ item.id }}
#     method: POST
#     validate_certs: no
#     status_code:
#       - 200
#       - 201
#       - 409
#       - 400
#     body_format: json
#     headers:
#       Content-Type: application/json
#       Authorization: Bearer {{ gitlab_access_token.json.access_token }}
#     body: >
#       {
#         "name": "{{ item.name }}",
#         "group": "{{ item.name }}",
#         "issues_enabled": false,
#         "wiki_enabled": false,
#         "snippets_enabled": false
#       }
#   with_items:
#     - "{{ gitlab_local_users.json }}"
#   when: item.id is defined

 ansible/roles/skylight-gitlab-env/tasks/main.yml

@@ -30,6 +30,7 @@
    path: /root/set_root_pw.sh
    state: absent

#TODO try new way from RM
- name: sleep 2 minute to allow root to initialize after password set
  pause:
    minutes: 2
@@ -53,19 +54,19 @@
        confirm: False
        state: present

    - name: GitLab Post | Create Projects in GitLab
      gitlab_project:
        server_url: https://gitlab.{{ dns_domain_name }}
        validate_certs: False
        login_user: root
        login_password: "{{ windows_password }}"
        name: "{{ user_prefix }}"
        group: "{{ user_prefix }}"
        issues_enabled: False
        wiki_enabled: False
        snippets_enabled: False
        state: present
      ignore_errors: true
    # - name: GitLab Post | Create Projects in GitLab
    #   gitlab_project:
    #     server_url: https://gitlab.{{ dns_domain_name }}
    #     validate_certs: False
    #     login_user: root
    #     login_password: "{{ windows_password }}"
    #     name: "{{ user_prefix }}"
    #     group: "{{ user_prefix }}"
    #     issues_enabled: False
    #     wiki_enabled: False
    #     snippets_enabled: False
    #     state: present
    #   ignore_errors: true

  when: ansible_version.full is version_compare('2.8', '<')


 ansible/roles/skylight-windows-ad/tasks/main.yml

@@ -75,7 +75,6 @@
    - "win1.{{ chomped_zone_internal_dns }}"
    - "win2.{{ chomped_zone_internal_dns }}"

#TODO: fix adding this group to administrators, s/b regular users
- name: Add windows group
  win_domain_group:
    name: Ansible Users

 ansible/roles/skylight-windows-common/tasks/main.yml

@@ -29,6 +29,7 @@
    fullname: "{{ item }}"
    groups:
      - Administrators
      - "Remote Management Users"
    name: "{{ item }}"
    password: "{{ windows_password }}"
    state: present

 ansible/roles/skylight-windows-workstation/tasks/main.yml

@@ -13,11 +13,46 @@
  set_fact:
    ansible_password: "{{ workstation_password }}"

- name: Remove domain student account from Remote Desktop Users
  win_group_membership:
    name: "Remote Desktop Users"
    members:
    - "{{ dns_domain_name_short }}\\{{ user_prefix }}"
    state: absent

- name: Remove specific users from Remote Management
  win_group_membership:
    name: "Remote Management Users"
    members:
    - "{{ dns_domain_name_short }}\\Ansible Users"
    - "devops"
    state: absent

- name: Remove specific users from Administrators
  win_group_membership:
    name: "Administrators"
    members:
    - "{{ dns_domain_name_short }}\\Ansible Users"
    - "devops"
    state: absent

- name: Add local student user to workstation
  win_user:
    account_locked: no
    description: "Workstation Training account"
    fullname: "Training User"
    groups:
      - Administrators
    name: "{{ workstation_user }}"
    password: "{{ workstation_password }}"
    state: present
    user_cannot_change_password: yes

# TODO figure out why this doesn't work
# JR: Ansible just ignores this and runs as Administrator but when I set
#     "become" vars via set_fact it uses them - go figure????
# - become: yes
#   become_user: "{{ dns_domain_name_short }}\\{{ user_prefix }}"
#   become_user: "{{ workstation_user }}"
#   become_method: runas
#   become_flags: logon_type=new_credentials logon_flags=netcredentials_only
#   vars:
@@ -25,9 +60,9 @@
- block:
  - name: Become student the hackish way
    set_fact:
      ansible_become_user: "{{ dns_domain_name_short }}\\{{ user_prefix }}"
      ansible_become_user: "{{ workstation_user }}"
      ansible_become: yes
      ansible_become_password: "{{  windows_password }}"
      ansible_become_password: "{{  workstation_password }}"
      ansible_become_method: runas

  - name: install Chocolatey
@@ -94,53 +129,53 @@
  - name: Copy .gitconfig to user directory
    win_copy:
      src: C:\Windows\.gitconfig
      dest: C:\Users\{{ user_prefix }}\.gitconfig
      dest: C:\Users\{{ workstation_user }}\.gitconfig
      remote_src: True

  - name: Clone student git repo
    win_command: git clone https://gitlab.{{ dns_domain_name }}/{{ user_prefix }}/{{ user_prefix }}.git
    args:
      chdir: C:\Users\{{ user_prefix }}\Documents
      creates: C:\Users\{{ user_prefix }}\Documents\{{ user_prefix }}

  - name: Create Readme file to intialize the repo
    win_copy:
      dest: C:\Users\{{ user_prefix }}\Documents\{{ user_prefix }}\README.md
      content: ""
    register: initialize

  - name: Add initial file
    win_command: git add C:\Users\{{ user_prefix }}\Documents\{{ user_prefix }}\README.md
    args:
      chdir: C:\Users\{{ user_prefix }}\Documents\{{ user_prefix }}
    when: initialize.changed

  - name: Commit initial file
    win_command: git commit -m "Initialize"
    args:
      chdir: C:\Users\{{ user_prefix }}\Documents\{{ user_prefix }}
    when: initialize.changed

  - name: Push initial commit
    win_command: git push
    args:
      chdir: C:\Users\{{ user_prefix }}\Documents\{{ user_prefix }}
    when: initialize.changed
  # - name: Clone student git repo
  #   win_command: git clone https://gitlab.{{ dns_domain_name }}/{{ user_prefix }}/{{ user_prefix }}.git
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents
  #     creates: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #
  # - name: Create Readme file to intialize the repo
  #   win_copy:
  #     dest: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}\README.md
  #     content: ""
  #   register: initialize
  #
  # - name: Add initial file
  #   win_command: git add C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}\README.md
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #   when: initialize.changed
  #
  # - name: Commit initial file
  #   win_command: git commit -m "Initialize"
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #   when: initialize.changed
  #
  # - name: Push initial commit
  #   win_command: git push
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #   when: initialize.changed

  - name: Create VS Code Settings Directory
    win_file:
      path: C:\Users\{{ user_prefix }}\AppData\Roaming\Code\User\
      path: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\
      state: directory

  - name: Create VS Code Settings Directory
    win_file:
      path: C:\Users\{{ user_prefix }}\AppData\Roaming\Code\User\
      path: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\
      state: directory

  - name: Configure VS Code Settings File
    win_copy:
      src: files/settings.json
      dest: C:\Users\{{ user_prefix }}\AppData\Roaming\Code\User\settings.json
      dest: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\settings.json

  - name: Set Chrome to default Browser
    win_regedit:
@@ -184,12 +219,12 @@

  - name: Remove EC2 Feedback Icon
    win_file:
      path: C:\Users\{{ user_prefix }}\Desktop\EC2 Feedback.website
      path: C:\Users\{{ workstation_user }}\Desktop\EC2 Feedback.website
      state: absent

  - name: Remove EC2 Website Icon
    win_file:
      path: C:\Users\{{ user_prefix }}\Desktop\EC2 Microsoft Windows Guide.website
      path: C:\Users\{{ workstation_user }}\Desktop\EC2 Microsoft Windows Guide.website
      state: absent
  always:
  - name: Restore ansible user info
@@ -197,7 +232,7 @@
      ansible_become: no

  # become: yes
  # become_user: "{{ dns_domain_name_short }}\\{{ user_prefix }}"
  # become_user: "{{ workstation_user }}"
  # become_method: runas
  # become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  # vars: