├── .ansible-lint ├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── .kitchen.yml ├── .yamllint ├── Jenkinsfile ├── LICENSE ├── README.md ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── cpm_clean.yml ├── cpm_extract.yml ├── cpm_hardening.yml ├── cpm_install.yml ├── cpm_prerequisites.yml ├── cpm_registration.yml ├── cpm_validateparameters.yml └── main.yml ├── tests ├── ansible.cfg ├── default.yml ├── integration │ └── default │ │ └── pester │ │ └── defaults.tests.ps1 ├── requirements.txt └── scripts │ └── user_data_windows_2016.ps1 └── vars └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | exclude_paths: 2 | - .*/ 3 | parseable: true 4 | quiet: true 5 | use_default_rules: true 6 | verbosity: 1 7 | skip_list: 8 | - '204' -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Environment(please complete the following information):** 27 | - Ansible version 28 | - Deployment environment [e.g. aws, azure, on-prem] 29 | - Version [e.g. 22] 30 | 31 | **Additional context** 32 | Add any other context about the problem here. 33 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignore *.retry files 2 | *.retry 3 | .kitchen.local.yml 4 | .kitchen/ 5 | tests/inventory/hosts 6 | .idea/* 7 | -------------------------------------------------------------------------------- /.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | driver: 4 | name: ec2 5 | interface: private 6 | 7 | transport: 8 | name: winrm 9 | port: 5986 10 | winrm_transport: ssl 11 | ssl: true 12 | connect_timeout: 60 13 | connection_retries: 5 14 | username: Administrator 15 | password: Nopass123 16 | 17 | provisioner: 18 | name: ansible_push 19 | verbose: "vvv" 20 | chef_bootstrap_url: nil 21 | remote_user: Administrator 22 | ansible_port: 5986 23 | ansible_connection: winrm 24 | pass_transport_password: true 25 | raw_arguments: "--timeout=3600" 26 | ansible_config: tests/ansible.cfg 27 | ansible_playbook_bin: .testenv/bin/ansible-playbook 28 | playbook: tests/default.yml 29 | 30 | platforms: 31 | - name: cpm 32 | driver_plugin: ec2 33 | driver_config: 34 | instance_type: m4.large 35 | associate_public_ip: false 36 | subnet_filter: 37 | tag: 'Name' 38 | value: 'Jenkins Private Subnet' 39 | security_group_filter: 40 | name: 'ansible-sg' 41 | tags: 42 | Name: CPM Role Test 43 | created-by: test-kitchen 44 | component-type: cpm 45 | kitchen-type: cpm 46 | block_device_mappings: 47 | - device_name: /dev/sda1 48 | ebs: 49 | volume_size: 30 50 | delete_on_termination: true 51 | image_search: 52 | owner-id: 801119661308 53 | name: Windows_Server-2016-English-Full-Base-20* 54 | user_data: tests/scripts/user_data_windows_2016.ps1 55 | 56 | suites: 57 | - name: default 58 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | .*/ 4 | /tests/* 5 | 6 | rules: 7 | braces: 8 | min-spaces-inside: 0 9 | max-spaces-inside: 0 10 | min-spaces-inside-empty: -1 11 | max-spaces-inside-empty: -1 12 | brackets: 13 | min-spaces-inside: 0 14 | max-spaces-inside: 0 15 | min-spaces-inside-empty: -1 16 | max-spaces-inside-empty: -1 17 | colons: 18 | max-spaces-before: 0 19 | max-spaces-after: 1 20 | commas: 21 | max-spaces-before: 0 22 | min-spaces-after: 1 23 | max-spaces-after: 1 24 | comments: 25 | level: warning 26 | require-starting-space: true 27 | min-spaces-from-content: 2 28 | comments-indentation: 29 | level: warning 30 | document-end: disable 31 | document-start: 32 | level: warning 33 | present: true 34 | empty-lines: 35 | max: 2 36 | max-start: 0 37 | max-end: 0 38 | empty-values: 39 | forbid-in-block-mappings: false 40 | forbid-in-flow-mappings: false 41 | hyphens: 42 | max-spaces-after: 1 43 | indentation: 44 | spaces: consistent 45 | indent-sequences: true 46 | check-multi-line-strings: false 47 | key-duplicates: enable 48 | key-ordering: disable 49 | line-length: 50 | max: 255 51 | level: warning 52 | allow-non-breakable-words: true 53 | allow-non-breakable-inline-mappings: false 54 | new-line-at-end-of-file: enable 55 | new-lines: 56 | type: unix 57 | trailing-spaces: enable 58 | truthy: disable 59 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | pipeline { 2 | agent { 3 | node { 4 | label 'ansible' 5 | } 6 | } 7 | environment { 8 | AWS_REGION = sh(script: 'curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | python3 -c "import json,sys;obj=json.load(sys.stdin);print (obj[\'region\'])"', returnStdout: true).trim() 9 | shortCommit = sh(script: "git log -n 1 --pretty=format:'%h'", returnStdout: true).trim() 10 | } 11 | stages { 12 | stage('Install virtual environment') { 13 | steps { 14 | sh ''' 15 | python3 -m pip install --user virtualenv 16 | python3 -m virtualenv .testenv 17 | source .testenv/bin/activate 18 | pip install -r tests/requirements.txt 19 | ''' 20 | } 21 | } 22 | stage('yamllint validation') { 23 | steps { 24 | sh ''' 25 | source .testenv/bin/activate 26 | yamllint . 27 | ''' 28 | } 29 | } 30 | stage('Provision testing environment') { 31 | steps { 32 | sh ''' 33 | export PATH="$HOME/.rbenv/bin:$PATH" 34 | eval "$(rbenv init -)" 35 | rbenv global 2.5.1 36 | kitchen create 37 | ''' 38 | 39 | } 40 | } 41 | stage('Run playbook on windows machine') { 42 | steps { 43 | sh ''' 44 | export PATH="$HOME/.rbenv/bin:$PATH" 45 | eval "$(rbenv init -)" 46 | rbenv global 2.5.1 47 | source .testenv/bin/activate 48 | kitchen converge 49 | ''' 50 | } 51 | } 52 | // stage('Run pester tests') { 53 | // steps { 54 | // sh ''' 55 | // export PATH="$HOME/.rbenv/bin:$PATH" 56 | // eval "$(rbenv init -)" 57 | // rbenv global 2.5.1 58 | // kitchen verify 59 | // ''' 60 | // } 61 | // } 62 | } 63 | post { 64 | always { 65 | sh ''' 66 | export PATH="$HOME/.rbenv/bin:$PATH" 67 | eval "$(rbenv init -)" 68 | rbenv global 2.5.1 69 | kitchen destroy 70 | ''' 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2013-2018 CyberArk Software Ltd. https://CyberArk.com. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | https://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | Apache License 16 | Version 2.0, January 2004 17 | https://www.apache.org/licenses/ 18 | 19 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 20 | 21 | 1. Definitions. 22 | 23 | "License" shall mean the terms and conditions for use, reproduction, 24 | and distribution as defined by Sections 1 through 9 of this document. 25 | 26 | "Licensor" shall mean the copyright owner or entity authorized by 27 | the copyright owner that is granting the License. 28 | 29 | "Legal Entity" shall mean the union of the acting entity and all 30 | other entities that control, are controlled by, or are under common 31 | control with that entity. For the purposes of this definition, 32 | "control" means (i) the power, direct or indirect, to cause the 33 | direction or management of such entity, whether by contract or 34 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 35 | outstanding shares, or (iii) beneficial ownership of such entity. 36 | 37 | "You" (or "Your") shall mean an individual or Legal Entity 38 | exercising permissions granted by this License. 39 | 40 | "Source" form shall mean the preferred form for making modifications, 41 | including but not limited to software source code, documentation 42 | source, and configuration files. 43 | 44 | "Object" form shall mean any form resulting from mechanical 45 | transformation or translation of a Source form, including but 46 | not limited to compiled object code, generated documentation, 47 | and conversions to other media types. 48 | 49 | "Work" shall mean the work of authorship, whether in Source or 50 | Object form, made available under the License, as indicated by a 51 | copyright notice that is included in or attached to the work 52 | (an example is provided in the Appendix below). 53 | 54 | "Derivative Works" shall mean any work, whether in Source or Object 55 | form, that is based on (or derived from) the Work and for which the 56 | editorial revisions, annotations, elaborations, or other modifications 57 | represent, as a whole, an original work of authorship. For the purposes 58 | of this License, Derivative Works shall not include works that remain 59 | separable from, or merely link (or bind by name) to the interfaces of, 60 | the Work and Derivative Works thereof. 61 | 62 | "Contribution" shall mean any work of authorship, including 63 | the original version of the Work and any modifications or additions 64 | to that Work or Derivative Works thereof, that is intentionally 65 | submitted to Licensor for inclusion in the Work by the copyright owner 66 | or by an individual or Legal Entity authorized to submit on behalf of 67 | the copyright owner. For the purposes of this definition, "submitted" 68 | means any form of electronic, verbal, or written communication sent 69 | to the Licensor or its representatives, including but not limited to 70 | communication on electronic mailing lists, source code control systems, 71 | and issue tracking systems that are managed by, or on behalf of, the 72 | Licensor for the purpose of discussing and improving the Work, but 73 | excluding communication that is conspicuously marked or otherwise 74 | designated in writing by the copyright owner as "Not a Contribution." 75 | 76 | "Contributor" shall mean Licensor and any individual or Legal Entity 77 | on behalf of whom a Contribution has been received by Licensor and 78 | subsequently incorporated within the Work. 79 | 80 | 2. Grant of Copyright License. Subject to the terms and conditions of 81 | this License, each Contributor hereby grants to You a perpetual, 82 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 83 | copyright license to reproduce, prepare Derivative Works of, 84 | publicly display, publicly perform, sublicense, and distribute the 85 | Work and such Derivative Works in Source or Object form. 86 | 87 | 3. Grant of Patent License. Subject to the terms and conditions of 88 | this License, each Contributor hereby grants to You a perpetual, 89 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 90 | (except as stated in this section) patent license to make, have made, 91 | use, offer to sell, sell, import, and otherwise transfer the Work, 92 | where such license applies only to those patent claims licensable 93 | by such Contributor that are necessarily infringed by their 94 | Contribution(s) alone or by combination of their Contribution(s) 95 | with the Work to which such Contribution(s) was submitted. If You 96 | institute patent litigation against any entity (including a 97 | cross-claim or counterclaim in a lawsuit) alleging that the Work 98 | or a Contribution incorporated within the Work constitutes direct 99 | or contributory patent infringement, then any patent licenses 100 | granted to You under this License for that Work shall terminate 101 | as of the date such litigation is filed. 102 | 103 | 4. Redistribution. You may reproduce and distribute copies of the 104 | Work or Derivative Works thereof in any medium, with or without 105 | modifications, and in Source or Object form, provided that You 106 | meet the following conditions: 107 | 108 | (a) You must give any other recipients of the Work or 109 | Derivative Works a copy of this License; and 110 | 111 | (b) You must cause any modified files to carry prominent notices 112 | stating that You changed the files; and 113 | 114 | (c) You must retain, in the Source form of any Derivative Works 115 | that You distribute, all copyright, patent, trademark, and 116 | attribution notices from the Source form of the Work, 117 | excluding those notices that do not pertain to any part of 118 | the Derivative Works; and 119 | 120 | (d) If the Work includes a "NOTICE" text file as part of its 121 | distribution, then any Derivative Works that You distribute must 122 | include a readable copy of the attribution notices contained 123 | within such NOTICE file, excluding those notices that do not 124 | pertain to any part of the Derivative Works, in at least one 125 | of the following places: within a NOTICE text file distributed 126 | as part of the Derivative Works; within the Source form or 127 | documentation, if provided along with the Derivative Works; or, 128 | within a display generated by the Derivative Works, if and 129 | wherever such third-party notices normally appear. The contents 130 | of the NOTICE file are for informational purposes only and 131 | do not modify the License. You may add Your own attribution 132 | notices within Derivative Works that You distribute, alongside 133 | or as an addendum to the NOTICE text from the Work, provided 134 | that such additional attribution notices cannot be construed 135 | as modifying the License. 136 | 137 | You may add Your own copyright statement to Your modifications and 138 | may provide additional or different license terms and conditions 139 | for use, reproduction, or distribution of Your modifications, or 140 | for any such Derivative Works as a whole, provided Your use, 141 | reproduction, and distribution of the Work otherwise complies with 142 | the conditions stated in this License. 143 | 144 | 5. Submission of Contributions. Unless You explicitly state otherwise, 145 | any Contribution intentionally submitted for inclusion in the Work 146 | by You to the Licensor shall be under the terms and conditions of 147 | this License, without any additional terms or conditions. 148 | Notwithstanding the above, nothing herein shall supersede or modify 149 | the terms of any separate license agreement you may have executed 150 | with Licensor regarding such Contributions. 151 | 152 | 6. Trademarks. This License does not grant permission to use the trade 153 | names, trademarks, service marks, or product names of the Licensor, 154 | except as required for reasonable and customary use in describing the 155 | origin of the Work and reproducing the content of the NOTICE file. 156 | 157 | 7. Disclaimer of Warranty. Unless required by applicable law or 158 | agreed to in writing, Licensor provides the Work (and each 159 | Contributor provides its Contributions) on an "AS IS" BASIS, 160 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 161 | implied, including, without limitation, any warranties or conditions 162 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 163 | PARTICULAR PURPOSE. You are solely responsible for determining the 164 | appropriateness of using or redistributing the Work and assume any 165 | risks associated with Your exercise of permissions under this License. 166 | 167 | 8. Limitation of Liability. In no event and under no legal theory, 168 | whether in tort (including negligence), contract, or otherwise, 169 | unless required by applicable law (such as deliberate and grossly 170 | negligent acts) or agreed to in writing, shall any Contributor be 171 | liable to You for damages, including any direct, indirect, special, 172 | incidental, or consequential damages of any character arising as a 173 | result of this License or out of the use or inability to use the 174 | Work (including but not limited to damages for loss of goodwill, 175 | work stoppage, computer failure or malfunction, or any and all 176 | other commercial damages or losses), even if such Contributor 177 | has been advised of the possibility of such damages. 178 | 179 | 9. Accepting Warranty or Additional Liability. While redistributing 180 | the Work or Derivative Works thereof, You may choose to offer, 181 | and charge a fee for, acceptance of support, warranty, indemnity, 182 | or other liability obligations and/or rights consistent with this 183 | License. However, in accepting such obligations, You may act only 184 | on Your own behalf and on Your sole responsibility, not on behalf 185 | of any other Contributor, and only if You agree to indemnify, 186 | defend, and hold each Contributor harmless for any liability 187 | incurred by, or claims asserted against, such Contributor by reason 188 | of your accepting any such warranty or additional liability. 189 | 190 | END OF TERMS AND CONDITIONS 191 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CPM Ansible Role 2 | This Ansible Role will deploy and install CyberArk Central Policy Manager including the pre-requisites, application, hardening and connect to an existing Vault environment. 3 | 4 | 5 | ## Requirements 6 | ------------ 7 | - Windows 2016 installed on the remote host 8 | - WinRM open on port 5986 (**not 5985**) on the remote host 9 | - Pywinrm is installed on the workstation running the playbook 10 | - The workstation running the playbook must have network connectivity to the remote host 11 | - The remote host must have Network connectivity to the CyberArk vault and the repository server 12 | - 443 port outbound 13 | - 1858 port outbound 14 | - Administrator access to the remote host 15 | - CPM CD image 16 | 17 | 18 | ## Role Variables 19 | These are the variables used in this playbook: 20 | 21 | ### Flow Variables 22 | Variable | Required | Default | Comments 23 | :--------------------------------|:-------------|:------------------------------------------|:--------- 24 | cpm_prerequisites | no | false | Install CPM pre requisites 25 | cpm_install | no | false | Install CPM 26 | cpm_hardening | no | false | Apply CPM hardening 27 | cpm_registration | no | false | Connect CPM to the Vault 28 | cpm_clean | no | false | N/A 29 | 30 | ### Deployment Variables 31 | Variable | Required | Default | Comments 32 | :--------------------------------|:-------------|:-----------------------------------------------------|:--------- 33 | vault_ip | yes | None | Vault IP to perform registration 34 | vault_port | no | **1858** | Vault port 35 | vault_username | no | **administrator** | Vault username to perform registration 36 | vault_password | yes | None | Vault password to perform registration 37 | secure_vault_password | no | None | Secure Vault password to perform registration 38 | dr_vault_ip | no | None | Vault DR IP address to perform registration 39 | accept_eula | yes | **"No"** | Accepting EULA condition 40 | cpm_zip_file_path | yes | None | CyberArk CPM installation Zip file package path 41 | cpm_installation_drive | no | **C:** | Destination installation drive 42 | cpm_username | no | **PasswordManager** | Vault Component's username 43 | 44 | ## Dependencies 45 | None 46 | 47 | ## Usage 48 | The role consists of a number of different tasks which can be enabled or disabled for the particular 49 | run. 50 | 51 | `cpm_install` 52 | 53 | This task will deploy the CPM to required folder and validate successful deployment. 54 | 55 | `cpm_hardening` 56 | 57 | This task will run the CPM hardening process. 58 | 59 | `cpm_registration` 60 | 61 | This task will perform registration with active Vault. 62 | 63 | `cpm_validateparameters` 64 | 65 | This task will validate which CPM steps have already occurred on the server to prevent repetition. 66 | 67 | `cpm_clean` 68 | 69 | This task will clean the configuration (inf) files from the installation, delete the 70 | CPM installation logs from the Temp folder and delete the cred files. 71 | 72 | ## Example Playbook 73 | Below is an example of how you can incorporate this role into an Ansible playbook 74 | to call the CPM role with several parameters: 75 | 76 | ``` 77 | --- 78 | - include_role: 79 | name: cpm 80 | vars: 81 | - cpm_prerequisites: true 82 | - cpm_install: true 83 | - cpm_hardening: true 84 | - cpm_registration: true 85 | ``` 86 | 87 | ## Running the playbook: 88 | For an example of how to incorporate this role into a complete playbook, please see the 89 | **[pas-orchestrator](https://github.com/cyberark/pas-orchestrator)** example. 90 | 91 | ## License 92 | Apache License, Version 2.0 93 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for cpm 3 | cpm_prerequisites: false 4 | cpm_install: false 5 | cpm_hardening: false 6 | cpm_registration: false 7 | cpm_clean: false 8 | cpm_extract: false 9 | cpm_ignore_checksum: false 10 | cpm_exists: false 11 | cpm_scanner_exists: false 12 | cpm_hardened: false 13 | cpm_registered: false 14 | cpm_official: true 15 | 16 | cpm_service_name: "CyberArk Password Manager" 17 | cpm_scanner_service_name: "CyberArk Central Policy Manager Scanner" 18 | 19 | cpm_base_bin_drive: "C:" 20 | cpm_extract_folder: "{{ cpm_base_bin_drive }}\\Cyberark\\packages" 21 | cpm_artifact_name: "cpm.zip" 22 | cpm_component_folder: "Central Policy Manager" 23 | cpm_installationautomation_folder: "{{ cpm_extract_folder }}\\{{ cpm_component_folder }}\\InstallationAutomation" 24 | cpm_hardening_script: "CPM_Hardening.ps1" 25 | 26 | cpm_installation_drive: "C:" 27 | cpm_installation_path: "{{ cpm_installation_drive }}\\Program Files (x86)\\CyberArk" 28 | cpm_registrationtool_folder: "{{ cpm_installationautomation_folder }}\\Registration" 29 | 30 | cpm_prerequisites_log: "{{ cpm_installationautomation_folder }}\\cpm_prerequisites_result.txt" 31 | cpm_install_log: "{{ cpm_installationautomation_folder }}\\cpm_installation_result.txt" 32 | cpm_hardening_log: "{{ cpm_installationautomation_folder }}\\cpm_hardening_result.txt" 33 | cpm_registration_log: "{{ cpm_installationautomation_folder }}\\cpm_registration_result.txt" 34 | 35 | vault_username: "administrator" 36 | accept_eula: "No" 37 | vault_port: 1858 38 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for cpm 3 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | galaxy_info: 4 | author: 5 | - Nimrod Yakobovitz 6 | - Yogev Chen 7 | - Avishay Bar 8 | - Ziv Lifshits 9 | - Maish Saidel-Keesing 10 | - Erez Samimi 11 | description: Installs CyberArk CPM software 12 | company: CyberArk 13 | license: Apache2 14 | 15 | min_ansible_version: 2.5 16 | 17 | platforms: 18 | - name: Windows 19 | versions: 20 | - 2016 21 | 22 | galaxy_tags: 23 | - cpm 24 | - cyberark 25 | - security 26 | 27 | dependencies: [] 28 | -------------------------------------------------------------------------------- /tasks/cpm_clean.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm_extract 3 | 4 | - name: Find all inf files 5 | win_find: 6 | paths: "{{ cpm_installation_path }}\\Password Manager\\Logs" 7 | patterns: ['*.*'] 8 | register: files_to_delete 9 | 10 | - name: Delete all inf files 11 | win_file: 12 | path: "{{ item.path }}" 13 | state: absent 14 | with_items: "{{ files_to_delete.files }}" 15 | 16 | - name: Clean Windows\\Temp folder 17 | win_find: 18 | paths: "C:\\Windows\\Temp" 19 | patterns: ['CPM*.*', 'InstallationAutomation*.*'] 20 | register: files_to_delete 21 | 22 | - name: Delete temp folder 23 | win_file: 24 | path: "{{ item.path }}" 25 | state: absent 26 | with_items: "{{ files_to_delete.files }}" 27 | 28 | - name: Keep installation automation folder 29 | win_copy: 30 | src: "{{ cpm_installationautomation_folder }}" 31 | dest: "{{ cpm_base_bin_drive }}\\Cyberark\\CPM" 32 | remote_src: True 33 | ignore_errors: yes 34 | 35 | - name: Delete extract folder 36 | win_file: 37 | path: "{{ cpm_extract_folder }}" 38 | state: absent 39 | 40 | - name: Clean run History 41 | win_shell: | 42 | try { 43 | $path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" 44 | 45 | if (& { Test-Path $path } 2>&1) { 46 | $arr = (Get-Item -Path $path).Property 47 | foreach ($item in $arr) 48 | { 49 | if ($item -ne "(Default)") 50 | { 51 | Remove-ItemProperty -Path $path -Name $item -ErrorAction SilentlyContinue 52 | } 53 | } 54 | } 55 | } catch { 56 | Write-Output "Error occured: $error" 57 | exit 1 58 | } 59 | exit 0 60 | 61 | - name: Clean event logs 62 | win_shell: | 63 | try { 64 | wevtutil el | ForEach-Object { wevtutil cl "$_" } 65 | } catch { 66 | Write-Output "Error occured: $error" 67 | exit 1 68 | } 69 | 70 | - name: Clean recycle bin 71 | win_shell: | 72 | try { 73 | $Recycler = (New-Object -ComObject Shell.Application).Namespace(0xa) 74 | $Recycler.items() | ForEach-Object { rm $_.path -Force -Recurse } 75 | } catch { 76 | Write-Output "Error occured: $error" 77 | exit 1 78 | } 79 | -------------------------------------------------------------------------------- /tasks/cpm_extract.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm_extract 3 | 4 | - name: Create folder 5 | win_file: 6 | path: "{{ cpm_extract_folder }}" 7 | state: directory 8 | 9 | - name: Copy CPM package from local source 10 | win_copy: 11 | src: "{{ cpm_zip_file_path }}" 12 | dest: "{{ cpm_extract_folder }}\\{{ cpm_artifact_name }}" 13 | register: st 14 | 15 | - fail: 16 | msg: "{{ cpm_zip_file_path }} not exists, failing..." 17 | when: not st.checksum 18 | 19 | - name: Check if package is valid using checksum 20 | fail: 21 | msg: "Checksum does not match, please validate your package." 22 | when: 23 | - st.checksum != cpm_sha1_checksum 24 | - not cpm_ignore_checksum 25 | 26 | - name: Unzip the CPM package 27 | win_unzip: 28 | src: "{{ cpm_extract_folder }}\\{{ cpm_artifact_name }}" 29 | dest: "{{ cpm_extract_folder }}" 30 | when: cpm_official 31 | 32 | - name: Create component folder 33 | win_file: 34 | path: "{{ cpm_extract_folder }}\\{{ cpm_component_folder }}" 35 | state: directory 36 | when: not cpm_official 37 | 38 | - name: Unzip the CPM package 39 | win_unzip: 40 | src: "{{ cpm_extract_folder }}\\{{ cpm_artifact_name }}" 41 | dest: "{{ cpm_extract_folder }}\\{{ cpm_component_folder }}" 42 | when: not cpm_official 43 | -------------------------------------------------------------------------------- /tasks/cpm_hardening.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm_hardening 3 | 4 | - name: Create user.ini file 5 | win_file: 6 | path: "{{ cpm_installation_path }}\\Password Manager\\Vault\\user.ini" 7 | state: touch 8 | 9 | - name: Hardening Block 10 | block: 11 | 12 | - name: Set cpm_hardening_script in domain 13 | set_fact: 14 | cpm_hardening_script: "CPM_In_Domain_Hardening.ps1" 15 | when: ansible_windows_domain_member 16 | 17 | - name: Run CPM hardening 18 | win_shell: | 19 | $ErrorActionPreference = "SilentlyContinue" 20 | try { 21 | $Action = .\{{ cpm_hardening_script }} 22 | } catch { 23 | Write-Output $Error 24 | } finally { 25 | $Action | Out-File -FilePath "{{ cpm_hardening_log }}" 26 | $Result = Get-Content "{{ cpm_hardening_log }}" -Raw | ConvertFrom-Json 27 | } 28 | Write-Output $Result.isSucceeded 29 | if ($Result.isSucceeded -eq 2) { 30 | exit 1 31 | } else { 32 | exit 0 33 | } 34 | args: 35 | chdir: "{{ cpm_installationautomation_folder }}" 36 | 37 | - name: Validate CPM hardening and stop service 38 | win_service: 39 | name: "{{ cpm_service_name }}" 40 | state: stopped 41 | register: cpm_service_info 42 | 43 | - name: Validate CPM scanner hardening and stop service 44 | win_service: 45 | name: "{{ cpm_scanner_service_name }}" 46 | state: stopped 47 | register: cpm_scanner_service_info 48 | 49 | - set_fact: 50 | cpm_hardened: true 51 | when: cpm_service_info.username != "LocalSystem" and cpm_scanner_service_info.username != "LocalSystem" 52 | -------------------------------------------------------------------------------- /tasks/cpm_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm installation 3 | 4 | - name: Set installation folder on xml config file 5 | win_shell: | 6 | try 7 | { 8 | ### This script set the install directory received from var in the install config file 9 | $filePath = "{{ cpm_installationautomation_folder }}\\Installation\\InstallationConfig.xml" 10 | $xml = [xml](Get-Content $filePath) 11 | $step = $xml.SelectSingleNode("//Parameter[@Name = 'CPMInstallDirectory']") 12 | $step.Value = "{{ cpm_installation_path }}" 13 | $xml.Save($filePath) 14 | exit 0 15 | } 16 | catch 17 | { 18 | Write-Output "Error occured during SetAtrributeInXML" 19 | exit 1 20 | } 21 | 22 | - name: Installation Block 23 | block: 24 | 25 | - name: Run CPM installation 26 | win_shell: | 27 | Set-Location "{{ cpm_installationautomation_folder }}\Installation" 28 | #$ErrorActionPreference = "SilentlyContinue" 29 | $Action = .\CPMInstallation.ps1 30 | $Action | Out-File -FilePath "{{ cpm_install_log }}" 31 | $Result = Get-Content "{{ cpm_install_log }}" -Raw | ConvertFrom-Json 32 | if ($Result.isSucceeded -ne 0) { 33 | exit 1 34 | } else { 35 | exit 0 36 | } 37 | args: 38 | chdir: "{{ cpm_installationautomation_folder }}\\Installation" 39 | 40 | - name: Get log path for installation 41 | win_shell: | 42 | $Result = Get-Content "{{ cpm_install_log }}" 43 | Write-Output $Result 44 | register: log_result 45 | 46 | - name: Fetch installation log from path 47 | fetch: 48 | src: '{{ item.logPath }}' 49 | dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_install.log' 50 | flat: yes 51 | with_items: 52 | - "{{ log_result.stdout | from_json }}" 53 | 54 | rescue: 55 | 56 | - name: Rescue - Get log path for installation 57 | win_shell: | 58 | $Result = Get-Content "{{ cpm_install_log }}" 59 | Write-Output $Result 60 | register: log_result 61 | 62 | - name: Rescue - Fetch installation log from path 63 | fetch: 64 | src: '{{ item.logPath }}' 65 | dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_install.log' 66 | flat: yes 67 | with_items: 68 | - "{{ log_result.stdout | from_json }}" 69 | 70 | - name: Rescue - Fail installation stage 71 | fail: 72 | msg: 'ERROR: Installation failed. For more info check {{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_install.log' 73 | 74 | - name: Get log path for installation 75 | win_shell: | 76 | $Result = Get-Content "{{ cpm_install_log }}" 77 | Write-Output $Result 78 | register: log_result 79 | 80 | - name: Validate CPM installation 81 | win_lineinfile: 82 | path: '{{ item.logPath }}' 83 | regexp: 'Operation Succeeded' 84 | state: present 85 | line: 'Operation Succeeded' 86 | with_items: 87 | - "{{ log_result.stdout | from_json }}" 88 | 89 | - name: Check if CPM service created successfully 90 | win_service: 91 | name: "{{ cpm_service_name }}" 92 | register: cpm_service_info 93 | 94 | - name: Check if CPM scanner created successfully 95 | win_service: 96 | name: "{{ cpm_scanner_service_name }}" 97 | register: cpm_scanner_service_info 98 | 99 | - set_fact: 100 | cpm_exists: "{{ cpm_service_info.exists }}" 101 | cpm_scanner_exists: "{{ cpm_scanner_service_info.exists }}" 102 | -------------------------------------------------------------------------------- /tasks/cpm_prerequisites.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm prerequisities 3 | 4 | - name: Pre Install Block 5 | block: 6 | 7 | - name: Run CPM prerequisites 8 | win_shell: | 9 | $ErrorActionPreference = "SilentlyContinue" 10 | $Action = .\CPM_PreInstallation.ps1 11 | $Action | Out-File -FilePath "{{ cpm_prerequisites_log }}" 12 | $Result = Get-Content "{{ cpm_prerequisites_log }}" -Raw | ConvertFrom-Json 13 | if ($Result.isSucceeded -ne 0) { 14 | exit 1 15 | } else { 16 | exit 0 17 | } 18 | args: 19 | chdir: "{{ cpm_installationautomation_folder }}" 20 | 21 | - name: Get log path for prerequisites 22 | win_shell: | 23 | $Result = Get-Content "{{ cpm_prerequisites_log }}" 24 | Write-Output $Result 25 | register: log_result 26 | 27 | - name: Fetch prerequisites log from path 28 | fetch: 29 | src: '{{ item.logPath }}' 30 | dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_prerequisites.log' 31 | flat: yes 32 | with_items: 33 | - "{{ log_result.stdout | from_json }}" 34 | 35 | rescue: 36 | 37 | - name: Rescue - Get log path for prerequisites 38 | win_shell: | 39 | $Result = Get-Content "{{ cpm_prerequisites_log }}" 40 | Write-Output $Result 41 | register: log_result 42 | 43 | - name: Rescue - Fetch prerequisites log from path 44 | fetch: 45 | src: '{{ item.logPath }}' 46 | dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_prerequisites.log' 47 | flat: yes 48 | with_items: 49 | - "{{ log_result.stdout | from_json }}" 50 | 51 | - name: Rescue - Fail prerequisites stage 52 | fail: 53 | msg: 'ERROR: Pre Prerequisites failed. For more info check {{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_prerequisites.log' 54 | -------------------------------------------------------------------------------- /tasks/cpm_registration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm registration 3 | 4 | - name: Registration Block 5 | block: 6 | - set_fact: 7 | vault_ip_str: "{{ vault_ip }}" 8 | 9 | - name: Concat DR vault ip to vault_ip_str 10 | set_fact: 11 | vault_ip_str: "{{ vault_ip_str }},{{ dr_vault_ip }}" 12 | when: dr_vault_ip is defined 13 | 14 | - name: Change Vault ip in CPMRegisterComponentConfig.xml 15 | win_xml: 16 | path: "{{ cpm_installationautomation_folder }}\\Registration\\CPMRegisterComponentConfig.xml" 17 | fragment: "{{ vault_ip_str }}" 18 | xpath: "//Parameter[@Name = 'vaultip']" 19 | attribute: "Value" 20 | type: attribute 21 | 22 | - name: Change Vault Port in CPMRegisterComponentConfig.xml 23 | win_xml: 24 | path: "{{ cpm_installationautomation_folder }}\\Registration\\CPMRegisterComponentConfig.xml" 25 | fragment: "{{ vault_port }}" 26 | xpath: "//Parameter[@Name = 'vaultPort']" 27 | attribute: "Value" 28 | type: attribute 29 | 30 | - name: Change Vault User in CPMRegisterComponentConfig.xml 31 | win_xml: 32 | path: "{{ cpm_installationautomation_folder }}\\Registration\\CPMRegisterComponentConfig.xml" 33 | fragment: "{{ vault_username }}" 34 | xpath: "//Parameter[@Name = 'vaultUser']" 35 | attribute: "Value" 36 | type: attribute 37 | 38 | - name: Change CPM Install Directory in CPMRegisterComponentConfig.xml 39 | win_xml: 40 | path: "{{ cpm_installationautomation_folder }}\\Registration\\CPMRegisterComponentConfig.xml" 41 | fragment: "{{ cpm_installation_path }}" 42 | xpath: "//Parameter[@Name = 'installDirectory']" 43 | attribute: "Value" 44 | type: attribute 45 | 46 | - name: Change CPM username in CPMRegisterComponentConfig.xml 47 | win_xml: 48 | path: "{{ cpm_installationautomation_folder }}\\Registration\\CPMRegisterComponentConfig.xml" 49 | fragment: "{{ cpm_username }}" 50 | xpath: "//Parameter[@Name = 'username']" 51 | attribute: "Value" 52 | type: attribute 53 | when: cpm_username is defined 54 | 55 | - name: Run CPM registration 56 | win_shell: | 57 | Set-Location "{{ cpm_registrationtool_folder }}" 58 | #$ErrorActionPreference = "SilentlyContinue" 59 | $secStrObj = ConvertTo-SecureString -String "{{ secure_vault_password }}" -Force 60 | $Action = .\CPMRegisterCommponent.ps1 -spwdObj $secStrObj 61 | $Action | Out-File -FilePath "{{ cpm_registration_log }}" 62 | $Result = Get-Content "{{ cpm_registration_log }}" -Raw | ConvertFrom-Json 63 | if ($Result.isSucceeded -ne 0) { 64 | exit 1 65 | } else { 66 | exit 0 67 | } 68 | no_log: true 69 | 70 | - name: Get log path for registration 71 | win_shell: | 72 | $Result = Get-Content "{{ cpm_registration_log }}" 73 | Write-Output $Result 74 | register: log_result 75 | no_log: true 76 | 77 | - name: Fetch registration log from path 78 | fetch: 79 | src: '{{ item.logPath }}' 80 | dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_registration.log' 81 | flat: yes 82 | with_items: 83 | - "{{ log_result.stdout | from_json }}" 84 | 85 | - name: Start CPM service & set to auto 86 | win_service: 87 | name: "{{ cpm_service_name }}" 88 | start_mode: auto 89 | state: started 90 | 91 | - name: Start CPM scanner service & set to auto 92 | win_service: 93 | name: "{{ cpm_scanner_service_name }}" 94 | start_mode: auto 95 | state: started 96 | 97 | - name: Check if CPM service is running 98 | win_service: 99 | name: "{{ cpm_service_name }}" 100 | register: cpm_service_info 101 | 102 | - name: Check if CPM scanner service is running 103 | win_service: 104 | name: "{{ cpm_scanner_service_name }}" 105 | register: cpm_scanner_service_info 106 | 107 | - set_fact: 108 | cpm_registered: true 109 | when: cpm_service_info.state == "running" and cpm_scanner_service_info.state == "running" 110 | 111 | rescue: 112 | 113 | - name: Rescue - Get log path for registration 114 | win_shell: | 115 | $Result = Get-Content "{{ cpm_registration_log }}" 116 | Write-Output $Result 117 | register: log_result 118 | no_log: true 119 | 120 | - name: Rescue - Fetch registration log from path 121 | fetch: 122 | src: '{{ item.logPath }}' 123 | dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_registration.log' 124 | flat: yes 125 | with_items: 126 | - "{{ log_result.stdout | from_json }}" 127 | 128 | - name: Rescue - Fail registration stage 129 | fail: 130 | msg: 'ERROR: Registration failed. For more info check {{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/cpm/{{ inventory_hostname }}_registration.log' 131 | -------------------------------------------------------------------------------- /tasks/cpm_validateparameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm_validateparameters 3 | - name: Check EULA is accepted 4 | fail: 5 | msg: "You must accept EULA to start the playbook" 6 | when: (accept_eula|type_debug != 'bool' and accept_eula|lower != "yes") or (accept_eula|type_debug == 'bool' and not accept_eula) 7 | 8 | - name: Set secure vault password 9 | block: 10 | - name: Set default value for vault_password 11 | set_fact: 12 | vault_password: '' 13 | when: vault_password is undefined 14 | 15 | - name: Set default value for secure_vault_password 16 | set_fact: 17 | secure_vault_password: '' 18 | when: secure_vault_password is undefined 19 | 20 | - name: Check if the user use 2 passwords 21 | fail: 22 | msg: "You must provide either vault_password or secure_vault_password parameter" 23 | when: 24 | - (vault_password != '') 25 | - (secure_vault_password != '') 26 | 27 | - name: Convert to securestring 28 | win_shell: | 29 | $secure_vault_password_object = ConvertTo-SecureString "{{ vault_password }}" -AsPlainText -Force 30 | $secure_vault_password_string = ConvertFrom-SecureString $secure_vault_password_object 31 | write-output $secure_vault_password_string 32 | register: secure_vault_password_string 33 | when: vault_password != '' 34 | 35 | - name: Set varible for secured vault password 36 | set_fact: 37 | secure_vault_password: "{{ secure_vault_password_string.stdout_lines[0] }}" 38 | vault_password: '' 39 | when: secure_vault_password == '' 40 | when: 41 | - cpm_registration 42 | no_log: true 43 | 44 | - name: Check if CPM was already installed 45 | win_service: 46 | name: "{{ cpm_service_name }}" 47 | register: cpm_service_info 48 | 49 | - name: Check if CPM scanner was already installed 50 | win_service: 51 | name: "{{ cpm_scanner_service_name }}" 52 | register: cpm_scanner_service_info 53 | 54 | - set_fact: 55 | cpm_exists: "{{ cpm_service_info.exists }}" 56 | cpm_scanner_exists: "{{ cpm_scanner_service_info.exists }}" 57 | 58 | - name: Check if CPM is hardened 59 | set_fact: 60 | cpm_hardened: true 61 | when: 62 | - cpm_exists and cpm_scanner_exists 63 | - cpm_service_info.username != "LocalSystem" and cpm_scanner_service_info.username != "LocalSystem" 64 | 65 | - name: Check if CPM is registered 66 | set_fact: 67 | cpm_registered: true 68 | when: 69 | - cpm_exists and cpm_scanner_exists 70 | - cpm_service_info.state == "running" 71 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for cpm 3 | 4 | - name: Gather subset network facts 5 | setup: 6 | gather_subset: 7 | - 'network' 8 | 9 | # Validate Parameters 10 | - name: Validate input parameters 11 | include_tasks: cpm_validateparameters.yml 12 | 13 | - name: Extract CPM package 14 | include_tasks: cpm_extract.yml 15 | when: 16 | - cpm_extract 17 | tags: [print_action] 18 | 19 | - name: Running CPM prerequisities 20 | include_tasks: cpm_prerequisites.yml 21 | when: 22 | - cpm_prerequisites 23 | tags: [print_action] 24 | 25 | - name: Running CPM install 26 | include_tasks: cpm_install.yml 27 | when: 28 | - cpm_install 29 | - not cpm_exists 30 | tags: [print_action] 31 | 32 | - name: Running CPM hardening 33 | include_tasks: cpm_hardening.yml 34 | when: 35 | - not cpm_hardened 36 | - cpm_exists 37 | - cpm_scanner_exists 38 | - cpm_hardening 39 | tags: [print_action] 40 | 41 | - name: Running CPM registration 42 | include_tasks: cpm_registration.yml 43 | when: 44 | - cpm_registration 45 | - cpm_exists 46 | - cpm_scanner_exists 47 | - not cpm_registered 48 | tags: [print_action] 49 | 50 | - name: Running CPM clean 51 | include_tasks: cpm_clean.yml 52 | when: 53 | - cpm_clean 54 | tags: [print_action] 55 | -------------------------------------------------------------------------------- /tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | 3 | # Default path to roles directory 4 | roles_path = ../../ 5 | 6 | # Adds timestamp to each task and add a recap on the end of the playbook 7 | callback_whitelist = profile_tasks 8 | log_path = ./logs/ansible.log 9 | ; host_key_checking = False 10 | -------------------------------------------------------------------------------- /tests/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: cpm 4 | gather_facts: no 5 | tasks: 6 | 7 | - name: Get roles directory dirname 8 | set_fact: 9 | roles_dirname: "{{ playbook_dir | dirname | basename }}" 10 | dotnet_installer_path: "C:\\ndp48-x86-x64-allos-enu.exe" 11 | 12 | - name: Download .NET Framework 4.8 13 | win_get_url: 14 | url: https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0fd66638cde16859462a6243a4629a50/ndp48-x86-x64-allos-enu.exe 15 | dest: "{{ dotnet_installer_path }}" 16 | 17 | - name: Install Microsoft .NET Framework 4.8 18 | win_package: 19 | path: "{{ dotnet_installer_path }}" 20 | product_id: '{50e73eb2-10f7-4457-954a-6b06fccc7d04}' 21 | arguments: /q /norestart 22 | register: dotnet_install 23 | 24 | - name: Delete .NET Framework Installer 25 | win_file: 26 | path: "{{ dotnet_installer_path }}" 27 | state: absent 28 | 29 | - name: download package from s3 30 | aws_s3: 31 | bucket: cloud-initiatives-pipeline-bucket 32 | object: "Packages/v13.2/Central Policy Manager-Rls-v13.2.zip" 33 | dest: "/tmp/cpm.zip" 34 | mode: get 35 | delegate_to: localhost 36 | 37 | - name: Reboot host if required 38 | win_reboot: 39 | when: dotnet_install.reboot_required 40 | 41 | - name: CPM Deployment 42 | include_role: 43 | name: "{{ roles_dirname }}" 44 | vars: 45 | - cpm_extract: true 46 | - cpm_official: false 47 | - cpm_prerequisites: true 48 | - cpm_install: true 49 | - cpm_hardening: true 50 | - cpm_registration: false 51 | - cpm_zip_file_path: "/tmp/cpm.zip" 52 | - accept_eula: yes 53 | -------------------------------------------------------------------------------- /tests/integration/default/pester/defaults.tests.ps1: -------------------------------------------------------------------------------- 1 | describe "ansible_test_kitchen_windows_role ansible role" { 2 | Context "CPM Installation Path" { 3 | $Path = "C:\Program Files (x86)\Cyberark\Password Manager" 4 | it "CPM Directory Exists" { 5 | Test-Path -Path $Path | Should be $true 6 | } 7 | } 8 | } -------------------------------------------------------------------------------- /tests/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible==2.8.8 2 | ansible-lint==4.2.0 3 | boto==2.49.0 4 | boto3==1.12.8 5 | botocore==1.15.8 6 | certifi==2019.11.28 7 | cffi==1.14.0 8 | chardet==3.0.4 9 | cryptography==2.8 10 | docutils==0.15.2 11 | idna==2.9 12 | Jinja2==2.11.1 13 | jmespath==0.9.5 14 | MarkupSafe==1.1.1 15 | ntlm-auth==1.4.0 16 | pathspec==0.7.0 17 | pyasn1==0.4.8 18 | pycparser==2.19 19 | pyOpenSSL==19.1.0 20 | python-dateutil==2.8.1 21 | pywinrm==0.4.1 22 | PyYAML==5.3 23 | requests==2.23.0 24 | requests-credssp==1.1.1 25 | requests-ntlm==1.1.0 26 | ruamel.yaml==0.16.10 27 | ruamel.yaml.clib==0.2.0 28 | s3transfer==0.3.3 29 | six==1.14.0 30 | urllib3==1.25.8 31 | xmltodict==0.12.0 32 | yamllint==1.20.0 33 | -------------------------------------------------------------------------------- /tests/scripts/user_data_windows_2016.ps1: -------------------------------------------------------------------------------- 1 | 2 | # Change Password 3 | $admin = [adsi]("WinNT://./administrator, user") 4 | $admin.PSBase.Invoke("SetPassword", "Nopass123") 5 | 6 | # Configure machine for ansible remoting 7 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 8 | $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" 9 | $file = "$env:temp\ConfigureRemotingForAnsible.ps1" 10 | Invoke-WebRequest -Uri $url -OutFile $file 11 | powershell.exe -ExecutionPolicy ByPass -File $file -EnableCredSSP 12 | 13 | Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\software\Microsoft\Windows\CurrentVersion\Policies\system -Value 1 14 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for cpm 3 | cpm_sha1_checksum: "9a4a73d355fe9a0bf2b0ab73f9cb200b1e53bca5" 4 | --------------------------------------------------------------------------------