├── .gitignore ├── README.md ├── ansible.cfg ├── appinstall_choco.yml ├── collections └── requirements.yml ├── configureRemotingForAnsible.ps1 ├── dem_inventory.ini ├── dem_inventory_simp.ini ├── demo_dir_structure ├── development.ini ├── dual_play_example.yml ├── homepage_customizer.yml ├── iis_install.yml ├── install-msi.yml ├── install_feature.yml ├── provision_win_vm.yml ├── reports └── Consolidated_VMs_Report.html ├── roles ├── add_multiple_win_users │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── add_single_win_user │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── change_guest_acct │ └── tasks │ │ └── main.yml ├── choco_facts │ ├── .travis.yml │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── tests │ │ ├── inventory │ │ └── test.yml │ └── vars │ │ └── main.yml ├── choco_reporting │ ├── .travis.yml │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── consolidated_vms_report.html.j2 │ │ ├── consolidated_vms_report_last_block.html.j2 │ │ └── individual_vm_report.html.j2 │ ├── tests │ │ ├── inventory │ │ └── test.yml │ └── vars │ │ └── main.yml ├── homepage_customizer │ ├── files │ │ └── Ansible-Red.png │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── homepage.j2 ├── max_password_age │ └── tasks │ │ └── main.yml ├── password_encryption │ └── tasks │ │ └── main.yml ├── provision_win_vm │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── password.yml ├── system_events │ └── tasks │ │ └── main.yml ├── text_to_speech │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── win_check_updates │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── consolidated_vms_report.html.j2 │ │ ├── consolidated_vms_report_last_block.html.j2 │ │ └── individual_vm_report.html.j2 │ └── vars │ │ └── main.yml ├── win_startup_message │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── win_updates │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml └── windows_test_webpage │ ├── files │ ├── index.html │ ├── rh_ansible.jpg │ └── winlogo.jpg │ └── tasks │ └── main.yml ├── set_win_sec_policy.yml ├── slackmessage.yml ├── text_to_speech.yml ├── vmpower.yml ├── win_add_multi_users.yml ├── win_add_single_user.yml ├── win_check_updates.yml ├── win_chocolatey_allfacts.yml ├── win_chocolatey_config.yml ├── win_chocolatey_facts.yml ├── win_chocolatey_features.yml ├── win_chocolatey_install.yml ├── win_chocolatey_source.yml ├── win_startup_message.yml └── windows_updates.yml /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | local_settings.py 56 | 57 | # Flask stuff: 58 | instance/ 59 | .webassets-cache 60 | 61 | # Scrapy stuff: 62 | .scrapy 63 | 64 | # Sphinx documentation 65 | docs/_build/ 66 | 67 | # PyBuilder 68 | target/ 69 | 70 | # Jupyter Notebook 71 | .ipynb_checkpoints 72 | 73 | # pyenv 74 | .python-version 75 | 76 | # celery beat schedule file 77 | celerybeat-schedule 78 | 79 | # SageMath parsed files 80 | *.sage.py 81 | 82 | # dotenv 83 | .env 84 | 85 | # virtualenv 86 | .venv 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | 100 | # mypy 101 | .mypy_cache/ 102 | 103 | 104 | main.log 105 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # windowsauto 2 | Ansible Playbooks for Windows 3 | 4 | Note these are for demo purposes only. Please rework them for your Prod needs. 5 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- https://ansible.com/ 2 | # =============================================== 3 | 4 | # nearly all parameters can be overridden in ansible-playbook 5 | # or with command line flags. ansible will read ANSIBLE_CONFIG, 6 | # ansible.cfg in the current working directory, .ansible.cfg in 7 | # the home directory or /etc/ansible/ansible.cfg, whichever it 8 | # finds first 9 | 10 | [defaults] 11 | 12 | # some basic default values... 13 | stdout_callback = yaml 14 | inventory = ./development.ini 15 | #library = /usr/share/my_modules/ 16 | #module_utils = /usr/share/my_module_utils/ 17 | #remote_tmp = ~/.ansible/tmp 18 | #local_tmp = ~/.ansible/tmp 19 | #plugin_filters_cfg = /etc/ansible/plugin_filters.yml 20 | #forks = 5 21 | #poll_interval = 15 22 | #sudo_user = root 23 | #ask_sudo_pass = True 24 | #ask_pass = True 25 | #transport = smart 26 | #remote_port = 22 27 | #module_lang = C 28 | #module_set_locale = False 29 | host_key_checking = False 30 | 31 | # plays will gather facts by default, which contain information about 32 | # the remote system. 33 | # 34 | # smart - gather by default, but don't regather if already gathered 35 | # implicit - gather by default, turn off with gather_facts: False 36 | # explicit - do not gather by default, must say gather_facts: True 37 | #gathering = implicit 38 | 39 | # This only affects the gathering done by a play's gather_facts directive, 40 | # by default gathering retrieves all facts subsets 41 | # all - gather all subsets 42 | # network - gather min and network facts 43 | # hardware - gather hardware facts (longest facts to retrieve) 44 | # virtual - gather min and virtual facts 45 | # facter - import facts from facter 46 | # ohai - import facts from ohai 47 | # You can combine them using comma (ex: network,virtual) 48 | # You can negate them using ! (ex: !hardware,!facter,!ohai) 49 | # A minimal set of facts is always gathered. 50 | #gather_subset = all 51 | 52 | # some hardware related facts are collected 53 | # with a maximum timeout of 10 seconds. This 54 | # option lets you increase or decrease that 55 | # timeout to something more suitable for the 56 | # environment. 57 | # gather_timeout = 10 58 | 59 | # Ansible facts are available inside the ansible_facts.* dictionary 60 | # namespace. This setting maintains the behaviour which was the default prior 61 | # to 2.5, duplicating these variables into the main namespace, each with a 62 | # prefix of 'ansible_'. 63 | # This variable is set to True by default for backwards compatibility. It 64 | # will be changed to a default of 'False' in a future release. 65 | # ansible_facts. 66 | # inject_facts_as_vars = True 67 | 68 | # additional paths to search for roles in, colon separated 69 | #roles_path = ./roles 70 | 71 | # uncomment this to disable SSH key host checking 72 | #host_key_checking = False 73 | 74 | # change the default callback, you can only have one 'stdout' type enabled at a time. 75 | #stdout_callback = skippy 76 | 77 | 78 | ## Ansible ships with some plugins that require whitelisting, 79 | ## this is done to avoid running all of a type by default. 80 | ## These setting lists those that you want enabled for your system. 81 | ## Custom plugins should not need this unless plugin author specifies it. 82 | 83 | # enable callback plugins, they can output to stdout but cannot be 'stdout' type. 84 | #callback_whitelist = timer, mail 85 | 86 | # Determine whether includes in tasks and handlers are "static" by 87 | # default. As of 2.0, includes are dynamic by default. Setting these 88 | # values to True will make includes behave more like they did in the 89 | # 1.x versions. 90 | #task_includes_static = False 91 | #handler_includes_static = False 92 | 93 | # Controls if a missing handler for a notification event is an error or a warning 94 | #error_on_missing_handler = True 95 | 96 | # change this for alternative sudo implementations 97 | #sudo_exe = sudo 98 | 99 | # What flags to pass to sudo 100 | # WARNING: leaving out the defaults might create unexpected behaviours 101 | #sudo_flags = -H -S -n 102 | 103 | # SSH timeout 104 | #timeout = 10 105 | 106 | # default user to use for playbooks if user is not specified 107 | # (/usr/bin/ansible will use current user as default) 108 | #remote_user = root 109 | 110 | # logging is off by default unless this path is defined 111 | # if so defined, consider logrotate 112 | #log_path = /var/log/ansible.log 113 | 114 | # default module name for /usr/bin/ansible 115 | #module_name = command 116 | 117 | # use this shell for commands executed under sudo 118 | # you may need to change this to bin/bash in rare instances 119 | # if sudo is constrained 120 | #executable = /bin/sh 121 | 122 | # if inventory variables overlap, does the higher precedence one win 123 | # or are hash values merged together? The default is 'replace' but 124 | # this can also be set to 'merge'. 125 | #hash_behaviour = replace 126 | 127 | # by default, variables from roles will be visible in the global variable 128 | # scope. To prevent this, the following option can be enabled, and only 129 | # tasks and handlers within the role will see the variables there 130 | #private_role_vars = yes 131 | 132 | # list any Jinja2 extensions to enable here: 133 | #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 134 | 135 | # if set, always use this private key file for authentication, same as 136 | # if passing --private-key to ansible or ansible-playbook 137 | #private_key_file = /path/to/file 138 | 139 | # If set, configures the path to the Vault password file as an alternative to 140 | # specifying --vault-password-file on the command line. 141 | #vault_password_file = /path/to/vault_password_file 142 | 143 | # format of string {{ ansible_managed }} available within Jinja2 144 | # templates indicates to users editing templates files will be replaced. 145 | # replacing {file}, {host} and {uid} and strftime codes with proper values. 146 | #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 147 | # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence 148 | # in some situations so the default is a static string: 149 | #ansible_managed = Ansible managed 150 | 151 | # by default, ansible-playbook will display "Skipping [host]" if it determines a task 152 | # should not be run on a host. Set this to "False" if you don't want to see these "Skipping" 153 | # messages. NOTE: the task header will still be shown regardless of whether or not the 154 | # task is skipped. 155 | #display_skipped_hosts = True 156 | 157 | # by default, if a task in a playbook does not include a name: field then 158 | # ansible-playbook will construct a header that includes the task's action but 159 | # not the task's args. This is a security feature because ansible cannot know 160 | # if the *module* considers an argument to be no_log at the time that the 161 | # header is printed. If your environment doesn't have a problem securing 162 | # stdout from ansible-playbook (or you have manually specified no_log in your 163 | # playbook on all of the tasks where you have secret information) then you can 164 | # safely set this to True to get more informative messages. 165 | #display_args_to_stdout = False 166 | 167 | # by default (as of 1.3), Ansible will raise errors when attempting to dereference 168 | # Jinja2 variables that are not set in templates or action lines. Uncomment this line 169 | # to revert the behavior to pre-1.3. 170 | #error_on_undefined_vars = False 171 | 172 | # by default (as of 1.6), Ansible may display warnings based on the configuration of the 173 | # system running ansible itself. This may include warnings about 3rd party packages or 174 | # other conditions that should be resolved if possible. 175 | # to disable these warnings, set the following value to False: 176 | #system_warnings = True 177 | 178 | # by default (as of 1.4), Ansible may display deprecation warnings for language 179 | # features that should no longer be used and will be removed in future versions. 180 | # to disable these warnings, set the following value to False: 181 | #deprecation_warnings = True 182 | 183 | # (as of 1.8), Ansible can optionally warn when usage of the shell and 184 | # command module appear to be simplified by using a default Ansible module 185 | # instead. These warnings can be silenced by adjusting the following 186 | # setting or adding warn=yes or warn=no to the end of the command line 187 | # parameter string. This will for example suggest using the git module 188 | # instead of shelling out to the git command. 189 | # command_warnings = False 190 | 191 | 192 | # set plugin path directories here, separate with colons 193 | #action_plugins = /usr/share/ansible/plugins/action 194 | #become_plugins = /usr/share/ansible/plugins/become 195 | #cache_plugins = /usr/share/ansible/plugins/cache 196 | #callback_plugins = /usr/share/ansible/plugins/callback 197 | #connection_plugins = /usr/share/ansible/plugins/connection 198 | #lookup_plugins = /usr/share/ansible/plugins/lookup 199 | #inventory_plugins = /usr/share/ansible/plugins/inventory 200 | #vars_plugins = /usr/share/ansible/plugins/vars 201 | #filter_plugins = /usr/share/ansible/plugins/filter 202 | #test_plugins = /usr/share/ansible/plugins/test 203 | #terminal_plugins = /usr/share/ansible/plugins/terminal 204 | #strategy_plugins = /usr/share/ansible/plugins/strategy 205 | 206 | 207 | # by default, ansible will use the 'linear' strategy but you may want to try 208 | # another one 209 | #strategy = free 210 | 211 | # by default callbacks are not loaded for /bin/ansible, enable this if you 212 | # want, for example, a notification or logging callback to also apply to 213 | # /bin/ansible runs 214 | #bin_ansible_callbacks = False 215 | 216 | 217 | # don't like cows? that's unfortunate. 218 | # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 219 | #nocows = 1 220 | 221 | # set which cowsay stencil you'd like to use by default. When set to 'random', 222 | # a random stencil will be selected for each task. The selection will be filtered 223 | # against the `cow_whitelist` option below. 224 | #cow_selection = default 225 | #cow_selection = random 226 | 227 | # when using the 'random' option for cowsay, stencils will be restricted to this list. 228 | # it should be formatted as a comma-separated list with no spaces between names. 229 | # NOTE: line continuations here are for formatting purposes only, as the INI parser 230 | # in python does not support them. 231 | #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ 232 | # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ 233 | # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www 234 | 235 | # don't like colors either? 236 | # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 237 | #nocolor = 1 238 | 239 | # if set to a persistent type (not 'memory', for example 'redis') fact values 240 | # from previous runs in Ansible will be stored. This may be useful when 241 | # wanting to use, for example, IP information from one group of servers 242 | # without having to talk to them in the same playbook run to get their 243 | # current IP information. 244 | #fact_caching = memory 245 | 246 | #This option tells Ansible where to cache facts. The value is plugin dependent. 247 | #For the jsonfile plugin, it should be a path to a local directory. 248 | #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 249 | 250 | #fact_caching_connection=/tmp 251 | 252 | 253 | 254 | # retry files 255 | # When a playbook fails a .retry file can be created that will be placed in ~/ 256 | # You can enable this feature by setting retry_files_enabled to True 257 | # and you can change the location of the files by setting retry_files_save_path 258 | 259 | #retry_files_enabled = False 260 | #retry_files_save_path = ~/.ansible-retry 261 | 262 | # squash actions 263 | # Ansible can optimise actions that call modules with list parameters 264 | # when looping. Instead of calling the module once per with_ item, the 265 | # module is called once with all items at once. Currently this only works 266 | # under limited circumstances, and only with parameters named 'name'. 267 | #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper 268 | 269 | # prevents logging of task data, off by default 270 | #no_log = False 271 | 272 | # prevents logging of tasks, but only on the targets, data is still logged on the master/controller 273 | #no_target_syslog = False 274 | 275 | # controls whether Ansible will raise an error or warning if a task has no 276 | # choice but to create world readable temporary files to execute a module on 277 | # the remote machine. This option is False by default for security. Users may 278 | # turn this on to have behaviour more like Ansible prior to 2.1.x. See 279 | # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user 280 | # for more secure ways to fix this than enabling this option. 281 | #allow_world_readable_tmpfiles = False 282 | 283 | # controls the compression level of variables sent to 284 | # worker processes. At the default of 0, no compression 285 | # is used. This value must be an integer from 0 to 9. 286 | #var_compression_level = 9 287 | 288 | # controls what compression method is used for new-style ansible modules when 289 | # they are sent to the remote system. The compression types depend on having 290 | # support compiled into both the controller's python and the client's python. 291 | # The names should match with the python Zipfile compression types: 292 | # * ZIP_STORED (no compression. available everywhere) 293 | # * ZIP_DEFLATED (uses zlib, the default) 294 | # These values may be set per host via the ansible_module_compression inventory 295 | # variable 296 | #module_compression = 'ZIP_DEFLATED' 297 | 298 | # This controls the cutoff point (in bytes) on --diff for files 299 | # set to 0 for unlimited (RAM may suffer!). 300 | #max_diff_size = 1048576 301 | 302 | # This controls how ansible handles multiple --tags and --skip-tags arguments 303 | # on the CLI. If this is True then multiple arguments are merged together. If 304 | # it is False, then the last specified argument is used and the others are ignored. 305 | # This option will be removed in 2.8. 306 | #merge_multiple_cli_flags = True 307 | 308 | # Controls showing custom stats at the end, off by default 309 | #show_custom_stats = True 310 | 311 | # Controls which files to ignore when using a directory as inventory with 312 | # possibly multiple sources (both static and dynamic) 313 | #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo 314 | 315 | # This family of modules use an alternative execution path optimized for network appliances 316 | # only update this setting if you know how this works, otherwise it can break module execution 317 | #network_group_modules=eos, nxos, ios, iosxr, junos, vyos 318 | 319 | # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as 320 | # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain 321 | # jinja2 templating language which will be run through the templating engine. 322 | # ENABLING THIS COULD BE A SECURITY RISK 323 | #allow_unsafe_lookups = False 324 | 325 | # set default errors for all plays 326 | #any_errors_fatal = False 327 | 328 | [inventory] 329 | # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' 330 | #enable_plugins = host_list, virtualbox, yaml, constructed 331 | 332 | # ignore these extensions when parsing a directory as inventory source 333 | #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry 334 | 335 | # ignore files matching these patterns when parsing a directory as inventory source 336 | #ignore_patterns= 337 | 338 | # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. 339 | #unparsed_is_failed=False 340 | 341 | [privilege_escalation] 342 | #become=True 343 | #become_method=sudo 344 | #become_user=root 345 | #become_ask_pass=False 346 | 347 | [paramiko_connection] 348 | 349 | # uncomment this line to cause the paramiko connection plugin to not record new host 350 | # keys encountered. Increases performance on new host additions. Setting works independently of the 351 | # host key checking setting above. 352 | #record_host_keys=False 353 | 354 | # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this 355 | # line to disable this behaviour. 356 | #pty=False 357 | 358 | # paramiko will default to looking for SSH keys initially when trying to 359 | # authenticate to remote devices. This is a problem for some network devices 360 | # that close the connection after a key failure. Uncomment this line to 361 | # disable the Paramiko look for keys function 362 | #look_for_keys = False 363 | 364 | # When using persistent connections with Paramiko, the connection runs in a 365 | # background process. If the host doesn't already have a valid SSH key, by 366 | # default Ansible will prompt to add the host key. This will cause connections 367 | # running in background processes to fail. Uncomment this line to have 368 | # Paramiko automatically add host keys. 369 | #host_key_auto_add = True 370 | 371 | [ssh_connection] 372 | 373 | # ssh arguments to use 374 | # Leaving off ControlPersist will result in poor performance, so use 375 | # paramiko on older platforms rather than removing it, -C controls compression use 376 | #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s 377 | 378 | # The base directory for the ControlPath sockets. 379 | # This is the "%(directory)s" in the control_path option 380 | # 381 | # Example: 382 | # control_path_dir = /tmp/.ansible/cp 383 | #control_path_dir = ~/.ansible/cp 384 | 385 | # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, 386 | # port and username (empty string in the config). The hash mitigates a common problem users 387 | # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. 388 | # In those cases, a "too long for Unix domain socket" ssh error would occur. 389 | # 390 | # Example: 391 | # control_path = %(directory)s/%%h-%%r 392 | #control_path = 393 | 394 | # Enabling pipelining reduces the number of SSH operations required to 395 | # execute a module on the remote server. This can result in a significant 396 | # performance improvement when enabled, however when using "sudo:" you must 397 | # first disable 'requiretty' in /etc/sudoers 398 | # 399 | # By default, this option is disabled to preserve compatibility with 400 | # sudoers configurations that have requiretty (the default on many distros). 401 | # 402 | #pipelining = False 403 | 404 | # Control the mechanism for transferring files (old) 405 | # * smart = try sftp and then try scp [default] 406 | # * True = use scp only 407 | # * False = use sftp only 408 | #scp_if_ssh = smart 409 | 410 | # Control the mechanism for transferring files (new) 411 | # If set, this will override the scp_if_ssh option 412 | # * sftp = use sftp to transfer files 413 | # * scp = use scp to transfer files 414 | # * piped = use 'dd' over SSH to transfer files 415 | # * smart = try sftp, scp, and piped, in that order [default] 416 | #transfer_method = smart 417 | 418 | # if False, sftp will not use batch mode to transfer files. This may cause some 419 | # types of file transfer failures impossible to catch however, and should 420 | # only be disabled if your sftp version has problems with batch mode 421 | #sftp_batch_mode = False 422 | 423 | # The -tt argument is passed to ssh when pipelining is not enabled because sudo 424 | # requires a tty by default. 425 | #usetty = True 426 | 427 | # Number of times to retry an SSH connection to a host, in case of UNREACHABLE. 428 | # For each retry attempt, there is an exponential backoff, 429 | # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). 430 | #retries = 3 431 | 432 | [persistent_connection] 433 | 434 | # Configures the persistent connection timeout value in seconds. This value is 435 | # how long the persistent connection will remain idle before it is destroyed. 436 | # If the connection doesn't receive a request before the timeout value 437 | # expires, the connection is shutdown. The default value is 30 seconds. 438 | #connect_timeout = 30 439 | 440 | # The command timeout value defines the amount of time to wait for a command 441 | # or RPC call before timing out. The value for the command timeout must 442 | # be less than the value of the persistent connection idle timeout (connect_timeout) 443 | # The default value is 30 second. 444 | #command_timeout = 30 445 | 446 | [accelerate] 447 | #accelerate_port = 5099 448 | #accelerate_timeout = 30 449 | #accelerate_connect_timeout = 5.0 450 | 451 | # The daemon timeout is measured in minutes. This time is measured 452 | # from the last activity to the accelerate daemon. 453 | #accelerate_daemon_timeout = 30 454 | 455 | # If set to yes, accelerate_multi_key will allow multiple 456 | # private keys to be uploaded to it, though each user must 457 | # have access to the system via SSH to add a new key. The default 458 | # is "no". 459 | #accelerate_multi_key = yes 460 | 461 | [selinux] 462 | # file systems that require special treatment when dealing with security context 463 | # the default behaviour that copies the existing context or uses the user default 464 | # needs to be changed to use the file system dependent context. 465 | #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p 466 | 467 | # Set this to yes to allow libvirt_lxc connections to work without SELinux. 468 | #libvirt_lxc_noseclabel = yes 469 | 470 | [colors] 471 | #highlight = white 472 | #verbose = blue 473 | #warn = bright purple 474 | #error = red 475 | #debug = dark gray 476 | #deprecate = purple 477 | #skip = cyan 478 | #unreachable = red 479 | #ok = green 480 | #changed = yellow 481 | #diff_add = green 482 | #diff_remove = red 483 | #diff_lines = cyan 484 | 485 | 486 | [diff] 487 | # Always print diff when running ( same as always running with -D/--diff ) 488 | # always = no 489 | 490 | # Set how many context lines to show in diff 491 | # context = 3 492 | -------------------------------------------------------------------------------- /appinstall_choco.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install chocolatey package on Windows host 3 | hosts: windows 4 | 5 | tasks: 6 | 7 | - name: Use win_product_facts 8 | win_product_facts: 9 | 10 | - name: print out ansible vars 11 | debug: 12 | var: ansible_distribution 13 | 14 | - name: check location of choco.exe 15 | win_stat: 16 | path: C:\ProgramData\chocolatey\bin\choco.exe 17 | register: path_to_choco 18 | 19 | - name: Chocolatey temporary patch 20 | win_shell: C:\ProgramData\chocolatey\bin\choco.exe feature disable --name="useEnhancedExitCodes" 21 | ignore_errors: true 22 | when: path_to_choco.stat.exists 23 | # when: ansible_distribution.find("Server") != -1 or ansible_distribution.find("Windows 10 Pro") != -1 24 | 25 | - name: Chocolatey temporary patch 26 | win_shell: C:\ProgramData\chocoportable\bin\choco.exe feature disable --name="useEnhancedExitCodes" 27 | ignore_errors: true 28 | when: path_to_choco.stat.exists == False 29 | # when: ansible_distribution.find("Windows 10 Home") != -1 30 | 31 | - name: Install multiple packages 32 | win_chocolatey: 33 | name: "{{ choco_packages }}" 34 | state: "{{ app_state }}" 35 | 36 | -------------------------------------------------------------------------------- /collections/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | # With just the collection name 4 | - chocolatey.chocolatey -------------------------------------------------------------------------------- /configureRemotingForAnsible.ps1: -------------------------------------------------------------------------------- 1 | $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" 2 | $file = "$env:temp\ConfigureRemotingForAnsible.ps1" 3 | (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) 4 | powershell.exe -ExecutionPolicy ByPass -File $file 5 | winrm enumerate winrm/config/Listener -------------------------------------------------------------------------------- /dem_inventory.ini: -------------------------------------------------------------------------------- 1 | [atlanta] 2 | host1 ssh_host=192.168.2.11 ansible_password=Password1 3 | host2 ssh_host=192.168.1.12 4 | 5 | [atlanta:vars] 6 | ansible_password=Password5678 7 | 8 | [raleigh] 9 | host3 ssh_host=192.168.2.13 10 | host4 ssh_host=192.168.2.14 11 | 12 | [southeast:children] 13 | atlanta 14 | raleigh 15 | 16 | [southeast:vars] 17 | ansible_user=Administrator 18 | ansible_password=Password1234 19 | ansible_connection=winrm 20 | ansible_winrm_transport=basic 21 | ansible_winrm_server_cert_validation=ignore 22 | 23 | [usa:children] 24 | southeast 25 | northeast 26 | southwest 27 | northwest 28 | 29 | -------------------------------------------------------------------------------- /dem_inventory_simp.ini: -------------------------------------------------------------------------------- 1 | [atlanta] 2 | host1 ssh_host=192.168.2.11 3 | host2 ssh_host=192.168.1.12 4 | 5 | [atlanta:vars] 6 | ansible_user=Administrator 7 | ansible_password=Password1234 8 | ansible_connection=winrm 9 | ansible_winrm_transport=basic 10 | ansible_winrm_server_cert_validation=ignore 11 | 12 | -------------------------------------------------------------------------------- /demo_dir_structure: -------------------------------------------------------------------------------- 1 | production # inventory file for production servers 2 | staging # inventory file for staging environment 3 | 4 | group_vars/ 5 | group1.yml # here we assign variables to particular groups 6 | group2.yml 7 | host_vars/ 8 | hostname1.yml # here we assign variables to particular systems 9 | hostname2.yml 10 | 11 | library/ # if any custom modules, put them here (optional) 12 | module_utils/ # if any custom module_utils to support modules, put them here (optional) 13 | filter_plugins/ # if any custom filter plugins, put them here (optional) 14 | 15 | site.yml # master playbook 16 | webservers.yml # playbook for webserver tier 17 | dbservers.yml # playbook for dbserver tier 18 | 19 | roles/ 20 | common/ # this hierarchy represents a "role" 21 | tasks/ # 22 | main.yml # <-- tasks file can include smaller files if warranted 23 | handlers/ # 24 | main.yml # <-- handlers file 25 | templates/ # <-- files for use with the template resource 26 | ntp.conf.j2 # <------- templates end in .j2 27 | files/ # 28 | bar.txt # <-- files for use with the copy resource 29 | foo.sh # <-- script files for use with the script resource 30 | vars/ # 31 | main.yml # <-- variables associated with this role 32 | defaults/ # 33 | main.yml # <-- default lower priority variables for this role 34 | meta/ # 35 | main.yml # <-- role dependencies 36 | library/ # roles can also include custom modules 37 | module_utils/ # roles can also include custom module_utils 38 | lookup_plugins/ # or other types of plugins, like lookup in this case 39 | 40 | webtier/ # same kind of structure as "common" was above, done for the webtier role 41 | monitoring/ # "" 42 | fooapp/ # "" -------------------------------------------------------------------------------- /development.ini: -------------------------------------------------------------------------------- 1 | [vmware_exsi] 2 | 192.168.150.10 ansible_user=root ansible_password=Sup3rFly! 3 | [windows] 4 | 192.168.150.6 ansible_user=ansible ansible_password=Sup3rFly! ssh_host=192.168.128.6 ansible_connection=winrm ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore 5 | 6 | -------------------------------------------------------------------------------- /dual_play_example.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install chocolatey package on Windows host 3 | hosts: networkadmins 4 | 5 | tasks: 6 | 7 | - name: Install multiple packages 8 | win_chocolatey: 9 | name: "{{ choco_packages_na }}" 10 | state: "{{ app_state_na }}" 11 | 12 | - name: install chocolatey package on Windows host 13 | hosts: research 14 | 15 | tasks: 16 | 17 | - name: Install multiple packages 18 | win_chocolatey: 19 | name: "{{ choco_packages_research }}" 20 | state: "{{ app_state_research }}" 21 | 22 | -------------------------------------------------------------------------------- /homepage_customizer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the iis web service 3 | hosts: windows 4 | 5 | roles: 6 | - homepage_customizer 7 | -------------------------------------------------------------------------------- /iis_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the iis web service 3 | hosts: windows 4 | 5 | tasks: 6 | - name: install iis 7 | win_feature: 8 | name: Web-Server 9 | state: present 10 | 11 | - name: start iis service 12 | win_service: 13 | name: W3Svc 14 | state: started 15 | 16 | - name: Create test web page 17 | include_role: 18 | name: "./roles/windows_test_webpage" -------------------------------------------------------------------------------- /install-msi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Application from an MSI 3 | hosts: windows 4 | 5 | tasks: 6 | - name: Download the MSI installer 7 | win_get_url: 8 | url: "https://the.earth.li/~sgtatham/putty/latest/w64/putty-64bit-0.71-installer.msi" 9 | dest: 'C:\Users\Administrator\Downloads\' 10 | 11 | - name: Install MSI 12 | win_package: 13 | path: 'C:\Users\Administrator\Downloads\putty-64bit-0.71-installer.msi' 14 | state: present 15 | -------------------------------------------------------------------------------- /install_feature.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the iis web service 3 | hosts: windows 4 | 5 | tasks: 6 | 7 | - name: install selected feature 8 | win_feature: 9 | name: {{ feature }} 10 | state: present 11 | 12 | - name: start selected service 13 | win_service: 14 | name: {{ service }} 15 | state: started -------------------------------------------------------------------------------- /provision_win_vm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create Windows 2012r2 VM 3 | hosts: localhost 4 | gather_facts: false 5 | 6 | tasks: 7 | - name: Provision Windows 2012r2 VM 8 | include_role: 9 | name: provision_windows_vm 10 | vars_from: "password.yml" -------------------------------------------------------------------------------- /reports/Consolidated_VMs_Report.html: -------------------------------------------------------------------------------- 1 | 2 | 192.168.128.107 3 | 4 | 7 | 8 | 9 | 10 | 192.168.150.31 11 | 12 | 15 | 16 | 17 | 18 | 19 | 20 | Report Table for Windows VMs 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 |
Windows VMList of Required Updates/Packages
30 | 31 | -------------------------------------------------------------------------------- /roles/add_multiple_win_users/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create Windows Domain Group if it does not exists 3 | win_domain_group: 4 | name: "{{ item.group_name }}" 5 | scope: "{{ item.group_scope }}" 6 | state: present 7 | with_items: "{{ user_info }}" 8 | 9 | - name: Create Multiple AD Users 10 | win_domain_user: 11 | name: "{{ item.name }}" 12 | firstname: "{{item.firstname }}" 13 | surname: "{{ item.surname }}" 14 | password: "{{ item.password }}" 15 | password_expired: yes 16 | state: present 17 | email: '"{{ item.name }}"@example.com' 18 | with_items: "{{ user_info }}" -------------------------------------------------------------------------------- /roles/add_multiple_win_users/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Administrator will need to populate the information accordingly 3 | # 4 | # Note that 'password_expired' has been set to yes in the playbook 5 | # so that user will have to change their password on next login 6 | user_info: 7 | - { name: 'james', firstname: 'James', surname: 'Jockey', password: '@Supersecret123', group_name: 'dev', group_scope: 'domainlocal'} 8 | - { name: 'jack', firstname: 'Jack', surname: 'White', password: '@Supersecret123', group_name: 'dev', group_scope: 'domainlocal'} 9 | - { name: 'mickey', firstname: 'Mickey', surname: 'Mouse', password: '@Supersecret123', group_name: 'qa', group_scope: 'domainlocal'} 10 | - { name: 'donald', firstname: 'Donald', surname: 'Duck', password: '@Supersecret123', group_name: 'qa', group_scope: 'domainlocal'} -------------------------------------------------------------------------------- /roles/add_single_win_user/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create Windows Domain Group if it does not exists 3 | win_domain_group: 4 | name: "{{ item }}" 5 | scope: "{{ win_group_scope }}" 6 | state: present 7 | loop: "{{ win_user_groups }}" 8 | 9 | - name: Create AD User 10 | win_domain_user: 11 | name: "{{ win_user_name }}" 12 | firstname: "{{ win_user_firstname }}" 13 | surname: "{{ win_user_surname }}" 14 | password: "{{ win_user_password }}" 15 | groups: "{{win_user_groups }}" 16 | state: present 17 | email: "{{ win_user_email }}" 18 | 19 | - name: Send Email with Report 20 | mail: 21 | host: smtp.gmail.com 22 | port: 587 23 | username: "{{ gmail_account }}" 24 | password: "{{ gmail_account_password }}" 25 | to: "{{ sendto_email }}" 26 | subject: 'New Employee Account Creation for {{ win_user_firstname }} {{ win_user_surname }}' 27 | body: | 28 | Your new employee, {{ win_user_firstname }} can login for this first time with the follow account info. 29 | They will be prompted to change thier password. 30 | username: {{ win_user_name }} 31 | password: {{ win_user_password }} 32 | email address: {{ win_user_email }} 33 | delegate_to: localhost 34 | 35 | 36 | -------------------------------------------------------------------------------- /roles/add_single_win_user/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | win_group_scope: domainlocal 3 | gmail_account: rojasautolab@gmail.com 4 | gmail_account_password: Zapata99! -------------------------------------------------------------------------------- /roles/change_guest_acct/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: change the guest account name 2 | win_security_policy: 3 | section: System Access 4 | key: NewGuestName 5 | value: "{{ guest_account_name }}" 6 | 7 | -------------------------------------------------------------------------------- /roles/choco_facts/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ -------------------------------------------------------------------------------- /roles/choco_facts/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/choco_facts/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for choco_facts -------------------------------------------------------------------------------- /roles/choco_facts/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for choco_facts -------------------------------------------------------------------------------- /roles/choco_facts/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your role description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: license (GPL-2.0-or-later, MIT, etc) 18 | 19 | min_ansible_version: 2.9 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | 42 | galaxy_tags: [] 43 | # List tags for your role here, one per line. A tag is a keyword that describes 44 | # and categorizes the role. Users find roles by searching for tags. Be sure to 45 | # remove the '[]' above, if you add tags to this list. 46 | # 47 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 48 | # Maximum 20 tags per role. 49 | 50 | dependencies: [] 51 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 52 | # if you add dependencies to this list. 53 | -------------------------------------------------------------------------------- /roles/choco_facts/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for choco_facts 3 | 4 | - name: gather facts 5 | win_chocolatey_facts: 6 | -------------------------------------------------------------------------------- /roles/choco_facts/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/choco_facts/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - choco_facts -------------------------------------------------------------------------------- /roles/choco_facts/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for choco_facts -------------------------------------------------------------------------------- /roles/choco_reporting/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ -------------------------------------------------------------------------------- /roles/choco_reporting/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/choco_reporting/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for choco_reporting -------------------------------------------------------------------------------- /roles/choco_reporting/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for choco_reporting -------------------------------------------------------------------------------- /roles/choco_reporting/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your role description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: license (GPL-2.0-or-later, MIT, etc) 18 | 19 | min_ansible_version: 2.9 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | 42 | galaxy_tags: [] 43 | # List tags for your role here, one per line. A tag is a keyword that describes 44 | # and categorizes the role. Users find roles by searching for tags. Be sure to 45 | # remove the '[]' above, if you add tags to this list. 46 | # 47 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 48 | # Maximum 20 tags per role. 49 | 50 | dependencies: [] 51 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 52 | # if you add dependencies to this list. 53 | -------------------------------------------------------------------------------- /roles/choco_reporting/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for choco_reporting 3 | 4 | - name: gather facts 5 | win_chocolatey_facts: 6 | register: list_packages 7 | 8 | - name: print data for checking 9 | debug: 10 | var: list_packages.ansible_facts.ansible_chocolatey.packages 11 | 12 | - name: Clean Up Reports Directory if it exists 13 | file: 14 | path: chocoreports 15 | state: absent 16 | delegate_to: localhost 17 | run_once: yes 18 | 19 | - name: Create Reports Directory 20 | file: 21 | path: chocoreports 22 | state: directory 23 | mode: 0755 24 | delegate_to: localhost 25 | run_once: yes 26 | 27 | - name: Template Rendering 28 | template: 29 | src: individual_vm_report.html.j2 30 | dest: "chocoreports/z{{ inventory_hostname }}_interim_report.html" 31 | delegate_to: localhost 32 | 33 | - name: Create Interim Report 34 | template: 35 | src: consolidated_vms_report.html.j2 36 | dest: "chocoreports/Consolidated_VMs_Report.html" 37 | delegate_to: localhost 38 | run_once: yes 39 | 40 | - name: Consolidate Interim Report 41 | assemble: 42 | src: chocoreports/ 43 | dest: chocoreports/Consolidated_VMs_Report.html 44 | delegate_to: localhost 45 | run_once: yes 46 | 47 | - name: Generate Remaining Portion of Report 48 | template: 49 | src: consolidated_vms_report_last_block.html.j2 50 | dest: "chocoreports/consolidated_vms_report_last_block.html" 51 | delegate_to: localhost 52 | run_once: yes 53 | 54 | - name: Get the List of Interim Reports 55 | find: 56 | paths: chocoreports/ 57 | patterns: '*_interim_report.html' 58 | register: interim_reports_to_delete 59 | delegate_to: localhost 60 | run_once: yes 61 | 62 | - name: Clean Up Interim Reports 63 | file: 64 | path: "{{ item.path }}" 65 | state: absent 66 | loop: "{{ interim_reports_to_delete.files }}" 67 | delegate_to: localhost 68 | run_once: yes 69 | 70 | - name: Consolidate Final Report 71 | assemble: 72 | src: chocoreports/ 73 | dest: chocoreports/Consolidated_VMs_Report.html 74 | delegate_to: localhost 75 | run_once: yes 76 | 77 | - name: Final Clean Up 78 | file: 79 | path: chocoreports/consolidated_vms_report_last_block.html 80 | state: absent 81 | delegate_to: localhost 82 | run_once: yes 83 | 84 | - name: Send Email with Report 85 | mail: 86 | host: smtp.gmail.com 87 | port: 587 88 | username: "{{ gmail_account }}" 89 | password: "{{ gmail_account_password }}" 90 | to: "{{ sendto_email }}" 91 | subject: "Chocolatey Ansible Report" 92 | body: "The list of Packages installed by Chocolatey" 93 | attach: 94 | - chocoreports/Consolidated_VMs_Report.html 95 | delegate_to: localhost 96 | run_once: yes -------------------------------------------------------------------------------- /roles/choco_reporting/templates/consolidated_vms_report.html.j2: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /roles/choco_reporting/templates/consolidated_vms_report_last_block.html.j2: -------------------------------------------------------------------------------- 1 |
Windows InstancePackage InstalledVersion
2 | 3 | 4 | 36 | 37 | -------------------------------------------------------------------------------- /roles/choco_reporting/templates/individual_vm_report.html.j2: -------------------------------------------------------------------------------- 1 | 2 | 3 | {% for pack in list_packages.ansible_facts.ansible_chocolatey.packages %} 4 | 5 | 6 | {{ inventory_hostname }} 7 | 8 |
  • {{ pack.package }}
    • 9 | 10 | 11 |
  • {{ pack.version }}
    • 12 | 13 | 14 | 15 | {% endfor %} 16 | 17 | 18 | 19 | 20 | 21 | {# | dict2items #} -------------------------------------------------------------------------------- /roles/choco_reporting/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/choco_reporting/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - choco_reporting -------------------------------------------------------------------------------- /roles/choco_reporting/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for choco_reporting 3 | gmail_account: "rojasautolab@gmail.com" 4 | gmail_account_password: "Zapata99!" 5 | sendto_email: "David Rojas " -------------------------------------------------------------------------------- /roles/homepage_customizer/files/Ansible-Red.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davidrojas25/windowsauto/0da52f2874d82bdfb17097bd92a7479a1bb87782/roles/homepage_customizer/files/Ansible-Red.png -------------------------------------------------------------------------------- /roles/homepage_customizer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install iis 3 | win_feature: 4 | name: Web-Server 5 | state: present 6 | 7 | - name: start iis service 8 | win_service: 9 | name: W3Svc 10 | state: started 11 | - name: Customize the homepage with Jinja2 Template 12 | win_template: 13 | src: ./roles/homepage_customizer/templates/homepage.j2 14 | dest: C:\Inetpub\wwwroot\index.html 15 | - name: Copy Red Hat Ansible Image 16 | win_copy: 17 | src: ./roles/homepage_customizer/files/Ansible-Red.png 18 | dest: C:\Inetpub\wwwroot\ 19 | 20 | -------------------------------------------------------------------------------- /roles/homepage_customizer/templates/homepage.j2: -------------------------------------------------------------------------------- 1 | {# HTML Jinja2 Template#} 2 | 3 | 4 | {{header}} 5 | 25 | 26 | 27 |

    {{header}}

    28 | HTML5 Icon 29 |

    {{body}}

    30 | 31 | -------------------------------------------------------------------------------- /roles/max_password_age/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: set the maximum password age 2 | win_security_policy: 3 | section: System Access 4 | key: MaximumPasswordAge 5 | value: "{{ max_password_age }}" 6 | 7 | -------------------------------------------------------------------------------- /roles/password_encryption/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: do not store passwords using reversible encryption 2 | win_security_policy: 3 | section: System Access 4 | key: ClearTextPassword 5 | value: "{{ clear_text_password }}" 6 | 7 | -------------------------------------------------------------------------------- /roles/provision_win_vm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create Windows 2012r2 VM from Template and Customize 3 | vmware_guest: 4 | datacenter: "{{ vm_datacenter }}" 5 | validate_certs: False 6 | folder: "/{{ vm_datacenter }}/vm" 7 | name: "{{ windows_vm_hostname }}" 8 | state: present 9 | template: "{{ vm_template }}" 10 | disk: 11 | - size_gb: "{{ vm_disk_size }}" 12 | type: "{{ vm_disk_type }}" 13 | datastore: "{{ vm_datastore }}" 14 | hardware: 15 | memory_mb: "{{ vm_ram }}" 16 | num_cpus: "{{ vm_cpu }}" 17 | networks: 18 | - name: "{{ vm_network }}" 19 | ip: "{{ windows_vm_ip }}" 20 | netmask: "{{ netmask }}" 21 | gateway: "{{ gateway_ip }}" 22 | dns_servers: 23 | - "{{ vm_dns_server }}" 24 | wait_for_ip_address: yes 25 | customization: 26 | autologon: yes 27 | domain: "{{ vm_domain }}" 28 | dns_servers: 29 | - "{{ vm_dns_server }}" 30 | hostname: "{{ windows_vm_hostname }}" 31 | password: "{{ win_vm_password }}" 32 | delegate_to: localhost 33 | 34 | - name: Wait for VM to be ready 35 | wait_for: timeout=300 36 | delegate_to: localhost 37 | 38 | - name: Sending notification email 39 | mail: 40 | host: localhost 41 | port: 25 42 | to: David Rojas 43 | subject: Ansible-report 44 | body: "{{ windows_vm_hostname }} has been successfully provisioned" 45 | delegate_to: localhost -------------------------------------------------------------------------------- /roles/provision_win_vm/vars/password.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davidrojas25/windowsauto/0da52f2874d82bdfb17097bd92a7479a1bb87782/roles/provision_win_vm/vars/password.yml -------------------------------------------------------------------------------- /roles/system_events/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: enable system events 2 | win_security_policy: 3 | section: Event Audit 4 | key: AuditSystemEvents 5 | value: "{{ system_events }}" 6 | 7 | -------------------------------------------------------------------------------- /roles/text_to_speech/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Using a different voice and a start sound 2 | win_say: 3 | start_sound_path: C:\Windows\Media\ding.wav 4 | msg: "{{ voice_message }}" 5 | voice: Microsoft David 6 | -------------------------------------------------------------------------------- /roles/text_to_speech/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | voice_message: 'Warnning! Warning! Self Destruction Protocal has been activated! you have 10 seconds to clear the office! 10. 9. 8. 7.' 3 | voice: Microsoft David -------------------------------------------------------------------------------- /roles/win_check_updates/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Search and return list of found updates (if any)" 3 | win_updates: 4 | category_names: "{{ category }}" 5 | state: searched 6 | register: list_of_updates 7 | 8 | - name: Clean Up Reports Directory if it exists 9 | file: 10 | path: reports 11 | state: absent 12 | delegate_to: localhost 13 | run_once: yes 14 | 15 | - name: Create Reports Directory 16 | file: 17 | path: reports 18 | state: directory 19 | mode: 0755 20 | delegate_to: localhost 21 | run_once: yes 22 | 23 | - name: Template Rendering 24 | template: 25 | src: individual_vm_report.html.j2 26 | dest: "reports/z{{ inventory_hostname }}_interim_report.html" 27 | delegate_to: localhost 28 | 29 | - name: Create Interim Report 30 | template: 31 | src: consolidated_vms_report.html.j2 32 | dest: "reports/Consolidated_VMs_Report.html" 33 | delegate_to: localhost 34 | run_once: yes 35 | 36 | - name: Consolidate Interim Report 37 | assemble: 38 | src: reports/ 39 | dest: reports/Consolidated_VMs_Report.html 40 | delegate_to: localhost 41 | run_once: yes 42 | 43 | - name: Generate Remaining Portion of Report 44 | template: 45 | src: consolidated_vms_report_last_block.html.j2 46 | dest: "reports/consolidated_vms_report_last_block.html" 47 | delegate_to: localhost 48 | run_once: yes 49 | 50 | - name: Get the List of Interim Reports 51 | find: 52 | paths: reports/ 53 | patterns: '*_interim_report.html' 54 | register: interim_reports_to_delete 55 | delegate_to: localhost 56 | run_once: yes 57 | 58 | - name: Clean Up Interim Reports 59 | file: 60 | path: "{{ item.path }}" 61 | state: absent 62 | loop: "{{ interim_reports_to_delete.files }}" 63 | delegate_to: localhost 64 | run_once: yes 65 | 66 | - name: Consolidate Final Report 67 | assemble: 68 | src: reports/ 69 | dest: reports/Consolidated_VMs_Report.html 70 | delegate_to: localhost 71 | run_once: yes 72 | 73 | - name: Final Clean Up 74 | file: 75 | path: reports/consolidated_vms_report_last_block.html 76 | state: absent 77 | delegate_to: localhost 78 | run_once: yes 79 | 80 | - name: Send Email with Report 81 | mail: 82 | host: smtp.gmail.com 83 | port: 587 84 | username: "{{ gmail_account }}" 85 | password: "{{ gmail_account_password }}" 86 | to: "{{ sendto_email }}" 87 | subject: "Ansible Report" 88 | body: "The list of required Windows Update for the Windows VMs can be found in the attached file" 89 | attach: 90 | - reports/Consolidated_VMs_Report.html 91 | delegate_to: localhost 92 | run_once: yes 93 | -------------------------------------------------------------------------------- /roles/win_check_updates/templates/consolidated_vms_report.html.j2: -------------------------------------------------------------------------------- 1 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /roles/win_check_updates/templates/consolidated_vms_report_last_block.html.j2: -------------------------------------------------------------------------------- 1 |
    Windows VMList of Required Updates/Packages
    2 | 3 | 4 | 36 | 37 | -------------------------------------------------------------------------------- /roles/win_check_updates/templates/individual_vm_report.html.j2: -------------------------------------------------------------------------------- 1 | 2 | {{ inventory_hostname }} 3 | 4 | 9 | 10 | -------------------------------------------------------------------------------- /roles/win_check_updates/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | category: ['Updates'] #good example of single item of list [SecurityUpdates, 'Updates'] for multiple 3 | gmail_account: "rojasautolab@gmail.com" 4 | gmail_account_password: "Zapata99!" 5 | sendto_email: "David Rojas " 6 | 7 | -------------------------------------------------------------------------------- /roles/win_startup_message/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Adding Updating Legal Notice Title 3 | win_regedit: 4 | path: HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System 5 | name: legalnoticecaption 6 | data: "{{ title_legal_notice }}" 7 | 8 | - name: Ading Updating Legal Notice Text 9 | win_regedit: 10 | path: HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System 11 | name: legalnoticetext 12 | data: "{{ text_legal_notice }}" 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /roles/win_startup_message/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | title_legal_notice: 'Welcome to Rojas Automation Lab' 3 | text_legal_notice: 'Lab access is for authorized members only' -------------------------------------------------------------------------------- /roles/win_updates/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Windows updates 3 | win_updates: 4 | category_names: "{{ categories }}" 5 | blacklist: "{{ blacklist_package | default(omit, true) }}" 6 | whitelist: "{{ whitelist_package | default(omit, true) }}" 7 | reboot: yes 8 | reboot_timeout: 1400 9 | 10 | -------------------------------------------------------------------------------- /roles/win_updates/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | categories: ['Updates'] 3 | -------------------------------------------------------------------------------- /roles/windows_test_webpage/files/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Red Hat Ansible Automation Test Page 5 | 6 | 7 | Red Hat Ansible Logo 8 | Windows Logo 9 | 10 |

    Test Web page on Windows IIS Server

    11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /roles/windows_test_webpage/files/rh_ansible.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davidrojas25/windowsauto/0da52f2874d82bdfb17097bd92a7479a1bb87782/roles/windows_test_webpage/files/rh_ansible.jpg -------------------------------------------------------------------------------- /roles/windows_test_webpage/files/winlogo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davidrojas25/windowsauto/0da52f2874d82bdfb17097bd92a7479a1bb87782/roles/windows_test_webpage/files/winlogo.jpg -------------------------------------------------------------------------------- /roles/windows_test_webpage/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Customize the homepage with Jinja2 Template 4 | win_copy: 5 | src: ./roles/windows_test_webpage/files/index.html 6 | dest: C:\Inetpub\wwwroot\ 7 | 8 | - name: Copy Red Hat Ansible Image 9 | win_copy: 10 | src: ./roles/windows_test_webpage/files/rh_ansible.jpg 11 | dest: C:\Inetpub\wwwroot\ 12 | 13 | - name: Copy Windows Image 14 | win_copy: 15 | src: ./roles/windows_test_webpage/files/winlogo.jpg 16 | dest: C:\Inetpub\wwwroot\ -------------------------------------------------------------------------------- /set_win_sec_policy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Windows Security Policies 3 | hosts: windows 4 | gather_facts: False 5 | 6 | roles: 7 | - change_guest_acct 8 | - max_password_age 9 | - password_encryption 10 | - system_events 11 | 12 | -------------------------------------------------------------------------------- /slackmessage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Slack Notification 3 | hosts: localhost 4 | become: yes 5 | become_user: root 6 | 7 | tasks: 8 | - name: Sending message to slack channel 9 | slack: 10 | token: 'ba39128609d7beba01411570c75170bb' 11 | channel: "redhat-rise-all" 12 | domain: "cgspoc.slack.com" 13 | parse: "full" 14 | color: "good" 15 | msg: 'The blah playbook was ran on successfully.' -------------------------------------------------------------------------------- /text_to_speech.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Multiple Windows Users 3 | hosts: windows 4 | gather_facts: False 5 | 6 | roles: 7 | - text_to_speech -------------------------------------------------------------------------------- /vmpower.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the iis web service 3 | hosts: vmware_exsi 4 | 5 | vars: 6 | list_vms: 7 | - rojaslab_linux001 8 | - rojaslab_linux002 9 | - rojaslab_win001 10 | - rojaslab_linux003 11 | - rojaslab_linux_gns3002 12 | - rojaslab_linux004 13 | vcenter_hostname: 192.168.150.10 14 | vcenter_username: root 15 | vcenter_password: Sup3rFly! 16 | vm_state: powered-off 17 | 18 | 19 | tasks: 20 | - name: power on or off VM 21 | vmware_guest_powerstate: 22 | hostname: "{{ vcenter_hostname }}" 23 | username: "{{ vcenter_username }}" 24 | password: "{{ vcenter_password }}" 25 | validate_certs: no 26 | folder: "/vmfs/volumes/datastore1/" 27 | name: "{{ item }}" 28 | state: "{{ vm_state }}" 29 | with_items: "{{ list_vms }}" 30 | delegate_to: localhost 31 | register: deploy 32 | -------------------------------------------------------------------------------- /win_add_multi_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Multiple Windows Users 3 | hosts: all 4 | gather_facts: False 5 | 6 | roles: 7 | - add_multiple_win_users -------------------------------------------------------------------------------- /win_add_single_user.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Windows User 3 | hosts: windows 4 | gather_facts: False 5 | 6 | roles: 7 | - add_single_win_user 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /win_check_updates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check Windows Update 3 | hosts: windows 4 | gather_facts: False 5 | 6 | roles: 7 | - win_check_updates 8 | -------------------------------------------------------------------------------- /win_chocolatey_allfacts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: gather and display chocolatey facts 3 | hosts: windows 4 | 5 | vars: 6 | factWanted: config 7 | 8 | collections: 9 | - chocolatey.chocolatey 10 | 11 | roles: 12 | - choco_reporting 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /win_chocolatey_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configuring Chocolatey 3 | hosts: windows 4 | 5 | vars: 6 | config_item: cacheLocation 7 | state: present 8 | value: C:\chocolatey_temp2 9 | 10 | collections: 11 | - chocolatey.chocolatey 12 | tasks: 13 | 14 | - name: set configuration parameter 15 | win_chocolatey_config: 16 | name: "{{ config_item }}" 17 | state: "{{ state }}" 18 | value: "{{ value }}" 19 | 20 | 21 | -------------------------------------------------------------------------------- /win_chocolatey_facts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: gather and display chocolatey facts 3 | hosts: windows 4 | 5 | vars: 6 | factWanted: config 7 | 8 | collections: 9 | - chocolatey.chocolatey 10 | 11 | tasks: 12 | 13 | - name: gather facts 14 | win_chocolatey_facts: 15 | 16 | - name: display config facts 17 | debug: 18 | var: ansible_chocolatey.{{ factWanted }} 19 | 20 | 21 | -------------------------------------------------------------------------------- /win_chocolatey_features.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enabling or disabling chocolatey features 3 | hosts: windows 4 | 5 | vars: 6 | feature: stopOnFirstPackageFailure 7 | state: enabled 8 | 9 | collections: 10 | - chocolatey.chocolatey 11 | 12 | tasks: 13 | 14 | - name: enable or disable Chocolatey features 15 | win_chocolatey_feature: 16 | name: "{{ feature }}" 17 | state: "{{ state }}" 18 | 19 | 20 | -------------------------------------------------------------------------------- /win_chocolatey_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install chocolatey package on Windows host 3 | hosts: windows 4 | 5 | vars: 6 | choco_packages: git 7 | app_state: present 8 | 9 | collections: 10 | - chocolatey.chocolatey 11 | 12 | tasks: 13 | 14 | - name: Install multiple packages 15 | win_chocolatey: 16 | name: "{{ choco_packages }}" 17 | state: "{{ app_state }}" 18 | 19 | 20 | -------------------------------------------------------------------------------- /win_chocolatey_source.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: modifying chocolatey source 3 | hosts: windows 4 | 5 | vars: 6 | name: chocolatey 7 | state: enabled 8 | source: https://chocolatey-server/chocolatey 9 | username: testusername 10 | password: testpassword 11 | 12 | collections: 13 | - chocolatey.chocolatey 14 | 15 | tasks: 16 | 17 | - name: modifying chocolatey source 18 | win_chocolatey_source: 19 | name: "{{ name }}" 20 | state: "{{ state }}" 21 | source: "{{ source }}" 22 | source_username: "{{ username }}" 23 | source_password: "{{ password }}" 24 | 25 | -------------------------------------------------------------------------------- /win_startup_message.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Windows User 3 | hosts: windows 4 | gather_facts: False 5 | 6 | roles: 7 | - win_startup_message 8 | -------------------------------------------------------------------------------- /windows_updates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the iis web service 3 | hosts: windows 4 | gather_facts: False 5 | 6 | roles: 7 | - win_updates 8 | 9 | 10 | 11 | 12 | 13 | 14 | --------------------------------------------------------------------------------