├── roles
├── awsjson
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ │ ├── BuildServer1.yaml
│ │ └── BuildServer1.JSON
├── snow
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── windows-hostname
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ ├── defaults
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── meta
│ │ └── main.yml
├── domain
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── resize-azure
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── windows-ad-controller
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ ├── handlers
│ │ └── main.yml
│ ├── vars
│ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ ├── README.md
│ ├── meta
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── harden-check-fail
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── sql_run_sql_script_dsc
│ ├── templates
│ │ ├── Set-RunSQLScript.sql.j2
│ │ ├── Get-RunSQLScript.sql.j2
│ │ ├── Test-RunSQLScript.sql.j2
│ │ └── audit_table.j2
│ ├── tasks
│ │ ├── main.yml
│ │ ├── using_sqlscriptquery.yml
│ │ └── using_sqlscript.yml
│ ├── defaults
│ │ └── main.yml
│ └── files
│ │ └── run_sql_command.ps1
├── dynatrace-agent
│ ├── tasks
│ │ ├── main.yml
│ │ ├── chocolatey.yml
│ │ └── package.yml
│ └── defaults
│ │ └── main.yml
├── post-windows
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── main.yml
│ │ ├── share.yml
│ │ └── ie.yml
├── set-static-ip
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── main.yml
│ │ └── multi_network.yml
├── credential-examples
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── main.yml
│ │ ├── read_remote_file.yml
│ │ └── add_credential.yml
├── ad-computer-registration
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── main.yml
│ │ ├── register.yml
│ │ └── deregister.yml
├── enable-dsc-lcm
│ ├── tasks
│ │ └── main.yml
│ └── files
│ │ └── configure_lcm.ps1
├── cloudforms-refresh-provider
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── services
│ ├── files
│ │ └── ServiceExample.exe
│ └── tasks
│ │ └── main.yml
├── sql_create_db_with_script
│ ├── tasks
│ │ └── main.yml
│ └── files
│ │ └── create_db.ps1
├── cloudforms-link-service
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── collect-log
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── failover-cluster-common
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── iis-dsc
│ ├── defaults
│ │ └── main.yml
│ ├── templates
│ │ └── index.html.j2
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── failover-cluster
│ ├── tasks
│ │ ├── main.yml
│ │ ├── dynamic.yml
│ │ └── static.yml
│ └── defaults
│ │ └── main.yml
├── undeploy-azure
│ └── tasks
│ │ └── main.yml
├── thirdparty
│ └── tasks
│ │ └── main.yml
├── mcafee-agent
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── sqlupgrade
│ ├── templates
│ │ └── upgradeSQL2016.bat
│ └── tasks
│ │ └── main.yml
├── mcafee-epo
│ ├── defaults
│ │ └── main.yml
│ ├── tasks
│ │ ├── main.yml
│ │ └── install.yml
│ └── templates
│ │ └── installMcAfeeEPO.bat
├── sql2016-update
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── main.yml
│ │ └── check_version.yml
├── sql_run_sql_script
│ ├── tasks
│ │ ├── main.yml
│ │ ├── powershell.yml
│ │ └── mssql_script.yml
│ ├── defaults
│ │ └── main.yml
│ ├── templates
│ │ └── audit_table.j2
│ └── files
│ │ └── run_sql_command.ps1
├── sql2019
│ ├── defaults
│ │ └── main.yml
│ ├── tasks
│ │ ├── powershell.yml
│ │ ├── batch.yml
│ │ ├── ini.yml
│ │ ├── win_shell.yml
│ │ ├── win_package.yml
│ │ ├── win_dsc_package.yml
│ │ ├── win_dsc.yml
│ │ ├── psexec.yml
│ │ └── main.yml
│ ├── templates
│ │ ├── installSQL2019.bat
│ │ ├── sqlsilent.ini
│ │ └── installSQL2019.ps1
│ └── files
│ │ └── enableSQLTCP.ps1
├── sql2016
│ ├── tasks
│ │ ├── powershell.yml
│ │ ├── batch.yml
│ │ ├── ini.yml
│ │ ├── win_shell.yml
│ │ ├── win_package.yml
│ │ ├── win_dsc.yml
│ │ ├── win_dsc_package.yml
│ │ ├── psexec.yml
│ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ ├── templates
│ │ ├── installSQL2016.bat
│ │ ├── sqlsilent.ini
│ │ └── installSQL2016.ps1
│ └── files
│ │ └── enableSQLTCP.ps1
├── iiscert
│ ├── template
│ │ └── index.html.j2
│ └── tasks
│ │ └── main.yml
├── ec2-find-amis
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── registry
│ └── tasks
│ │ └── main.yml
├── patch
│ └── tasks
│ │ └── main.yml
├── iis
│ └── tasks
│ │ └── main.yml
├── requirements.yml
├── undeploy-openstack
│ └── tasks
│ │ └── main.yml
├── undeploy
│ └── tasks
│ │ └── main.yml
├── deploy-openstack
│ └── tasks
│ │ └── main.yml
├── deploy
│ └── tasks
│ │ └── main.yml
└── deploy-azure
│ └── tasks
│ └── main.yml
├── ansible.cfg
├── iis.yml
├── patch.yml
├── sql2016.yml
├── collections
└── requirements.yml
├── harden-windows.yml
├── registry.yml
├── services.yml
├── sqlupgrade.yml
├── sql2016_apply_update.yml
├── thirdparty.yml
├── windows_post.yml
├── iiscert.yml
├── snow_create_ci.yml
├── snow_create_incident.yml
├── credential_examples.yml
├── sql2019.yml
├── dynatrace_oneagent.yml
├── iis_dsc.yml
├── ad_computer_register.yml
├── collect-log.yml
├── win-ad-controller.yml
├── awsjson.yml
├── group_vars
├── all.yml
└── windows.yml
├── .gitignore
├── ad_computer_deregister.yml
├── set_static_ip.yml
├── mcafee_epo.yml
├── dynatrace_agent.yml
├── sql-server-management-studio.yml
├── mssql-run_sql_command_on_db.yml
├── mssql-run_sql_command_on_db_dsc.yml
├── windows-instance-resize-azure.yml
├── mssql-create-db-with-script.yml
├── windows-vm-create.yml
├── cluster-nodes-instance-create-vmware.yml
├── whoami.yml
├── fixservice.yml
├── windows-instance-remove-ovirt.yml
├── windows-instance-create-azure.yml
├── windows-instance-remove-azure.yml
├── windows-instance-create-ovirt.yml
├── ad-node-instance-create-ec2.yml
├── thirdparty-other-app.yml
├── windows-instance-create-ec2.yml
├── node-config
├── ad-node-openstack.yml
├── ad-node-ec2.yml
├── cluster-nodes-openstack.yml
└── cluster-nodes-vmware.yml
├── windows-vm-destroy.yml
├── cluster-nodes-instance-remove-vmware.yml
├── cluster-nodes-instance-create-os-stack.yml
├── windows-ad.yml
├── win-nodes-openstack.yml
├── win-nodes-azure.yml
├── windows-instance-remove-os-stack.yml
├── windows-instance-create-openstack.yml
├── windows-instance-create-os-stack.yml
├── cluster-nodes-instance-remove-os-stack.yml
├── ad-node-instance-create-openstack.yml
├── get_drive_space.yml
├── ad-node-instance-remove-openstack.yml
├── windows-instance-remove-openstack.yml
├── ad-node-instance-remove-ec2.yml
├── restful.yml
├── win-nodes-ec2.yml
├── templates
└── userdata.txt.j2
├── set_custom_facts.yml
├── win-nodes-ovirt.yml
├── failover-cluster-create.yml
├── failover-iis-cluster-create.yml
├── ad_computer_deregister_all.yml
├── splunk_forwarder.yml
├── mssql-create-db.yml
├── thirdparty-single-app.yml
├── network_windows.yml
├── enable_winrm_via_vmware.yml
├── domain.yml
├── handle_unreachable_hosts_method_2.yml
├── update_windows.yml
├── update_all_windows.yml
├── win-nodes-vmware.yml
├── handle_unreachable_hosts_method_3.yml
├── windows_teardown_ec2.yml
├── sql2016_find_version.yml
├── README.md
├── patching_windows.yml
├── handle_unreachable_hosts_method_1.yml
├── mssql-create-db-with-dsc.yml
├── winrm_enable_ca_cert.yml
├── snow_service_request.yml
└── expand-disk-vmware.yml
/roles/awsjson/tasks/main.yml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/roles/snow/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 |
--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | deprecation_warnings=False
--------------------------------------------------------------------------------
/roles/windows-hostname/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 |
3 |
--------------------------------------------------------------------------------
/roles/domain/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | join_ou_path: ''
--------------------------------------------------------------------------------
/roles/resize-azure/defaults/main.yml:
--------------------------------------------------------------------------------
1 | vm_size: Standard_A1_v2
--------------------------------------------------------------------------------
/roles/windows-ad-controller/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 |
3 |
--------------------------------------------------------------------------------
/roles/harden-check-fail/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | fail_on_drift: yes
--------------------------------------------------------------------------------
/roles/windows-hostname/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hostname: wintest
3 |
--------------------------------------------------------------------------------
/iis.yml:
--------------------------------------------------------------------------------
1 | - name: Install IIS
2 | hosts: all
3 |
4 | roles:
5 | - iis
6 |
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/templates/Set-RunSQLScript.sql.j2:
--------------------------------------------------------------------------------
1 | {{ sql_query }}
--------------------------------------------------------------------------------
/patch.yml:
--------------------------------------------------------------------------------
1 | - name: Apply Patches
2 | hosts: all
3 |
4 | roles:
5 | - patch
--------------------------------------------------------------------------------
/roles/windows-hostname/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: windows reboot
3 | win_reboot:
--------------------------------------------------------------------------------
/sql2016.yml:
--------------------------------------------------------------------------------
1 | - name: Install SQL 2016
2 | hosts: all
3 |
4 | roles:
5 | - sql2016
--------------------------------------------------------------------------------
/collections/requirements.yml:
--------------------------------------------------------------------------------
1 | collections:
2 | - community.crypto
3 | - dynatrace.oneagent
--------------------------------------------------------------------------------
/roles/dynatrace-agent/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - include_tasks: "{{ install_with }}.yml"
--------------------------------------------------------------------------------
/roles/post-windows/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | shares:
4 | - internal
5 | - external
6 |
--------------------------------------------------------------------------------
/roles/set-static-ip/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | second_interface_static_ip_address: 10.10.10.52
--------------------------------------------------------------------------------
/roles/windows-ad-controller/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for windows-ad-controller
--------------------------------------------------------------------------------
/roles/windows-ad-controller/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for windows-ad-controller
3 |
4 |
--------------------------------------------------------------------------------
/harden-windows.yml:
--------------------------------------------------------------------------------
1 | - name: Harden Windows
2 | hosts: all
3 |
4 | roles:
5 | - harden-check-fail
--------------------------------------------------------------------------------
/registry.yml:
--------------------------------------------------------------------------------
1 | - name: Setup Various Registry Keys
2 | hosts: all
3 |
4 | roles:
5 | - registry
--------------------------------------------------------------------------------
/roles/credential-examples/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | remote_file_path: \\host\test\some_file.txt
--------------------------------------------------------------------------------
/services.yml:
--------------------------------------------------------------------------------
1 | - name: Setup Various Services
2 | hosts: Services
3 |
4 | roles:
5 | - services
--------------------------------------------------------------------------------
/sqlupgrade.yml:
--------------------------------------------------------------------------------
1 | - name: Upgrade to SQL 2016
2 | hosts: all
3 |
4 | roles:
5 | - sqlupgrade
6 |
--------------------------------------------------------------------------------
/roles/post-windows/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - include_tasks: share.yml
4 |
5 | - include_tasks: ie.yml
--------------------------------------------------------------------------------
/sql2016_apply_update.yml:
--------------------------------------------------------------------------------
1 | - name: Install SQL 2016
2 | hosts: all
3 |
4 | roles:
5 | - sql2016-update
--------------------------------------------------------------------------------
/thirdparty.yml:
--------------------------------------------------------------------------------
1 | - name: Install Third Party Software
2 | hosts: all
3 |
4 | roles:
5 | - thirdparty
--------------------------------------------------------------------------------
/windows_post.yml:
--------------------------------------------------------------------------------
1 | - name: windows post configuration
2 | hosts: all
3 |
4 | roles:
5 | - post-windows
--------------------------------------------------------------------------------
/iiscert.yml:
--------------------------------------------------------------------------------
1 | - name: Install IIS and assign a cert
2 | hosts: all
3 |
4 | roles:
5 | - iis
6 | - iiscert
--------------------------------------------------------------------------------
/roles/ad-computer-registration/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | role_action: register
4 |
5 | join_ou_path: ''
6 |
--------------------------------------------------------------------------------
/roles/enable-dsc-lcm/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: enable LCM configuration
4 | script: configure_lcm.ps1
--------------------------------------------------------------------------------
/snow_create_ci.yml:
--------------------------------------------------------------------------------
1 | - name: Create incident on Service Now
2 | hosts: all
3 |
4 | roles:
5 | - snow
6 |
--------------------------------------------------------------------------------
/snow_create_incident.yml:
--------------------------------------------------------------------------------
1 | - name: Create incident on Service Now
2 | hosts: all
3 |
4 | roles:
5 | - snow
--------------------------------------------------------------------------------
/credential_examples.yml:
--------------------------------------------------------------------------------
1 | - name: credential examples
2 | hosts: all
3 |
4 | roles:
5 | - credential-examples
--------------------------------------------------------------------------------
/roles/set-static-ip/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - include_tasks: multi_network.yml
4 | when: (ansible_interfaces | length) > 1
--------------------------------------------------------------------------------
/roles/windows-hostname/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | remote_user: root
4 | roles:
5 | - windows-hostname
--------------------------------------------------------------------------------
/sql2019.yml:
--------------------------------------------------------------------------------
1 | - name: Install SQL 2019
2 | hosts: all
3 | vars:
4 | install_with: ini
5 | roles:
6 | - role: sql2019
--------------------------------------------------------------------------------
/dynatrace_oneagent.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install dynatrace agent
3 | hosts: all
4 | roles:
5 | - dynatrace.oneagent.oneagent
--------------------------------------------------------------------------------
/iis_dsc.yml:
--------------------------------------------------------------------------------
1 | - name: Install IIS with DSC
2 | hosts: all
3 | vars:
4 | install_with: ini
5 | roles:
6 | - iis-dsc
7 |
--------------------------------------------------------------------------------
/ad_computer_register.yml:
--------------------------------------------------------------------------------
1 | - name: add computer object to the domain
2 | hosts: all
3 |
4 | roles:
5 | - ad-computer-registration
--------------------------------------------------------------------------------
/collect-log.yml:
--------------------------------------------------------------------------------
1 | - name: Collect log file
2 | hosts: all
3 | vars:
4 | install_with: ini
5 | roles:
6 | - role: collect-log
--------------------------------------------------------------------------------
/roles/cloudforms-refresh-provider/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | provider_id: 3
3 | max_retries: 10
4 | retry_interval: 20
5 | verbose: false
--------------------------------------------------------------------------------
/roles/windows-ad-controller/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | remote_user: root
4 | roles:
5 | - windows-ad-controller
--------------------------------------------------------------------------------
/win-ad-controller.yml:
--------------------------------------------------------------------------------
1 | - name: Provision Windows AD Controller
2 | hosts: all
3 |
4 | roles:
5 | - ansible-role-windows-ad-controller
--------------------------------------------------------------------------------
/roles/services/files/ServiceExample.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oatakan/windows-ansible-example/HEAD/roles/services/files/ServiceExample.exe
--------------------------------------------------------------------------------
/awsjson.yml:
--------------------------------------------------------------------------------
1 | - name: Join server to the domain
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 |
6 | roles:
7 | - awsjson
8 |
--------------------------------------------------------------------------------
/group_vars/all.yml:
--------------------------------------------------------------------------------
1 | ansible_port: 5986
2 | ansible_connection: winrm
3 | ansible_winrm_transport: credssp
4 | ansible_winrm_server_cert_validation: ignore
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea/windows-ansible-example.iml
2 | .idea/encodings.xml
3 | .idea/misc.xml
4 | .idea/modules.xml
5 | .idea/vcs.xml
6 | .idea/workspace.xml
7 |
--------------------------------------------------------------------------------
/group_vars/windows.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ansible_winrm_server_cert_validation: ignore
3 | ansible_winrm_transport: basic
4 | ansible_winrm_kerberos_delegation: yes
5 |
--------------------------------------------------------------------------------
/roles/sql_create_db_with_script/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Run create DB Script
2 | script: create_db.ps1 -instanceName {{ instance_name }} -dbName {{ db_name }}
--------------------------------------------------------------------------------
/roles/cloudforms-link-service/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | category: lifecycle
3 | tag: retire_full
4 | verbose: false
5 | max_retries: 10
6 | retry_interval: 10
7 |
--------------------------------------------------------------------------------
/roles/collect-log/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | temp_directory: '{{ ansible_env.TEMP }}'
3 | log_file: C:\McAfee_ePO.log
4 | destination_file_location: 'log_upload'
--------------------------------------------------------------------------------
/roles/failover-cluster-common/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | required_features:
4 | - Failover-clustering
5 | - RSAT-Clustering-PowerShell
6 | - RSAT-Clustering-CmdInterface
--------------------------------------------------------------------------------
/ad_computer_deregister.yml:
--------------------------------------------------------------------------------
1 | - name: remove computer object to the domain
2 | hosts: all
3 |
4 | roles:
5 | - role: ad-computer-registration
6 | role_action: deregister
--------------------------------------------------------------------------------
/roles/dynatrace-agent/tasks/chocolatey.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: ensure dynatrace agent is {{ state }}
4 | win_chocolatey:
5 | name: dynatraceagent
6 | state: "{{ state }}"
--------------------------------------------------------------------------------
/roles/iis-dsc/defaults/main.yml:
--------------------------------------------------------------------------------
1 | iis_sites:
2 | - name: Ansible Playbook Test
3 | port: 8080
4 | path: C:\sites\playbooktest
5 | iis_test_message: "Hello World! My test IIS Server"
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/templates/Get-RunSQLScript.sql.j2:
--------------------------------------------------------------------------------
1 | SELECT TABLE_NAME FROM [{{ db_name }}].INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE' and TABLE_NAME = 'dbcaudit_temp'
--------------------------------------------------------------------------------
/set_static_ip.yml:
--------------------------------------------------------------------------------
1 | - name: set static ip address on the 2nd interface
2 | hosts: all
3 | vars:
4 | second_interface_static_ip_address: 10.10.10.52
5 | roles:
6 | - set-static-ip
7 |
--------------------------------------------------------------------------------
/roles/failover-cluster/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - include_tasks: static.yml
4 | when: cluster_ip_address is defined
5 |
6 | - include_tasks: dynamic.yml
7 | when: cluster_ip_address is not defined
--------------------------------------------------------------------------------
/roles/ad-computer-registration/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - include_tasks: register.yml
4 | when: role_action == 'register'
5 |
6 | - include_tasks: deregister.yml
7 | when: role_action == 'deregister'
--------------------------------------------------------------------------------
/roles/undeploy-azure/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Delete a resource group
3 | azure_rm_resourcegroup:
4 | name: myResourceGroup
5 | location: southcentralus
6 | state: absent
7 | force: yes
--------------------------------------------------------------------------------
/mcafee_epo.yml:
--------------------------------------------------------------------------------
1 | - name: Install SQL 2016
2 | hosts: all
3 |
4 | roles:
5 | - role: mcafee-epo
6 | sql_server_hostname: "{{ ansible_host | default(ansible_ssh_host) | default(inventory_hostname) }}"
--------------------------------------------------------------------------------
/roles/credential-examples/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # read the content of a remote file
4 | - include_tasks: read_remote_file.yml
5 |
6 | # add credential and use in a powershell script
7 | - include_tasks: add_credential.yml
--------------------------------------------------------------------------------
/roles/dynatrace-agent/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | install_with: chocolatey
4 | state: present
5 |
6 | package_url: https://downloads.dynatrace.com/clientservices/agent?version=6.5.0.1289&os=windows&arch=x64&techtype=java_net
--------------------------------------------------------------------------------
/roles/windows-hostname/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: change hostname
3 | win_shell: Rename-Computer -NewName {{ hostname }}
4 | when: hostname|lower != ansible_hostname|lower
5 | ignore_errors: yes
6 | notify: windows reboot
--------------------------------------------------------------------------------
/roles/resize-azure/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Change VM Size
3 | azure_rm_virtualmachine:
4 | resource_group: myResourceGroup
5 | name: MyWin01
6 | vm_size: "{{ vm_size }}"
7 | state: present
8 | register: vm
9 |
--------------------------------------------------------------------------------
/roles/thirdparty/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install latest packages
3 | win_chocolatey:
4 | name: "{{ item }}"
5 | state: latest
6 | loop:
7 | - googlechrome
8 | - "{{ windows_app_name | default('7zip.install') }}"
--------------------------------------------------------------------------------
/roles/mcafee-agent/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | temp_directory: '{{ ansible_env.TEMP }}'
3 | install_file_name: McAfee_Endpoint_Security_10_6_0_357_13_epo_enterprise_evaluation.zip
4 | install_file_location: ''
5 | sql_server_hostname: 127.0.0.1
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: ensure required DSC module is available
4 | win_psmodule:
5 | name: SqlServerDsc
6 | state: present
7 |
8 | - include_tasks: using_{{ script_execution_method }}.yml
--------------------------------------------------------------------------------
/roles/sqlupgrade/templates/upgradeSQL2016.bat:
--------------------------------------------------------------------------------
1 | \\172.16.32.239\Installs\SQL_2016_Ent\setup.exe /Q /ACTION=upgrade /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /ConfigurationFile=\\172.16.32.239\Installs\SQL_2016_Ent\Upgrade.ini
2 |
--------------------------------------------------------------------------------
/dynatrace_agent.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install dynatrace agent
3 | hosts: all
4 | roles:
5 | - role: dynatrace-agent
6 | install_with: chocolatey # or 'package' for ad-hoc installation
7 | state: present # or 'absent' to remove
--------------------------------------------------------------------------------
/roles/failover-cluster/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | cluster_name: testcluster
4 | #cluster_ip_address: '192.168.100.20/24'
5 |
6 | retry_interval_sec: 10
7 | retry_count: 60
8 |
9 | dns_domain_name: example.com
10 |
11 | first_node: no
--------------------------------------------------------------------------------
/roles/iis-dsc/templates/index.html.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 
5 |
{{ ansible_hostname }} --- {{ iis_test_message }}
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/roles/mcafee-epo/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | temp_directory: '{{ ansible_env.TEMP }}'
3 | install_file_name: EPO510_2428_5_LR2.zip
4 | install_file_location: ''
5 | sql_server_hostname: 127.0.0.1
6 | product_id: '{E2C3579A-6B3B-40F6-88E8-BE08E78C8D1A}'
--------------------------------------------------------------------------------
/sql-server-management-studio.yml:
--------------------------------------------------------------------------------
1 | - name: Install SQL Server Management Studio
2 | hosts: all
3 |
4 | tasks:
5 | - name: Install SQL Server Management Studio
6 | win_chocolatey:
7 | name: sql-server-management-studio
8 | state: latest
--------------------------------------------------------------------------------
/mssql-run_sql_command_on_db.yml:
--------------------------------------------------------------------------------
1 | - name: SQL 2016 Create DB with Script
2 | hosts: all
3 | vars:
4 | login_user: sa
5 | login_password: "{{ mssql_password }}"
6 | instance_name: "{{ ansible_hostname }}"
7 |
8 | roles:
9 | - sql_run_sql_script
--------------------------------------------------------------------------------
/roles/sql2016-update/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | update_file_path: '{{ ansible_env.TEMP }}\SQLServer2016SP2-KB4052908-x64-ENU.exe'
3 | update_file_url: https://download.microsoft.com/download/9/2/B/92BAD988-00C5-4F68-811E-B7FFBE009B00/SQLServer2016SP2-KB4052908-x64-ENU.exe
--------------------------------------------------------------------------------
/roles/sql_run_sql_script/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: use powershell when on ansible 2.9 or lower
3 | set_fact:
4 | run_sql_script_method: powershell
5 | when: ansible_version.full is version('2.10', '<')
6 |
7 | - include_tasks: '{{ run_sql_script_method }}.yml'
--------------------------------------------------------------------------------
/mssql-run_sql_command_on_db_dsc.yml:
--------------------------------------------------------------------------------
1 | - name: SQL 2016/2019 Create DB tables with DSC
2 | hosts: all
3 | vars:
4 | login_user: sa
5 | login_password: "{{ mssql_password }}"
6 | instance_name: "{{ ansible_hostname }}"
7 |
8 | roles:
9 | - sql_run_sql_script_dsc
--------------------------------------------------------------------------------
/windows-instance-resize-azure.yml:
--------------------------------------------------------------------------------
1 | - name: Change VM Size on Windows Instance on Azure
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars:
7 | ansible_port: 5986
8 | windows: yes
9 | roles:
10 | - resize-azure
--------------------------------------------------------------------------------
/mssql-create-db-with-script.yml:
--------------------------------------------------------------------------------
1 | - name: SQL 2016 Create DB with Script
2 | hosts: all
3 | vars:
4 | login_user: "{{ mssql_username }}"
5 | login_password: "{{ mssql_password }}"
6 | instance_name: "{{ ansible_hostname }}"
7 | roles:
8 | - sql_create_db_with_script
--------------------------------------------------------------------------------
/roles/sql_run_sql_script/tasks/powershell.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Execute run sql command on DB Script
4 | script: run_sql_command.ps1 -instanceName {{ instance_name }} -dbName {{ db_name }} -sqlQuery "{{ sql_query }}" -userName "{{ login_user }}" -password "{{ login_password }}"
--------------------------------------------------------------------------------
/windows-vm-create.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Servers
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars:
7 | ansible_port: 5986
8 | vars_files:
9 | - win-nodes-vmware.yml
10 |
11 | roles:
12 | - ansible-role-vmware
--------------------------------------------------------------------------------
/cluster-nodes-instance-create-vmware.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Cluster Servers
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 |
7 | vars_files:
8 | - node-config/cluster-nodes-vmware.yml
9 |
10 | roles:
11 | - ansible-role-vmware
--------------------------------------------------------------------------------
/whoami.yml:
--------------------------------------------------------------------------------
1 | - name: Whoami
2 | hosts: all
3 |
4 | tasks:
5 | - name: find whoami based on credentials supplied
6 | win_whoami:
7 | register: whoami_base
8 |
9 | - name: output base user
10 | debug:
11 | msg: "{{ whoami_base.account.account_name }}"
--------------------------------------------------------------------------------
/fixservice.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Fix a broken Service
4 | hosts: all
5 |
6 | tasks:
7 | - name: Fix Print Spooler Service
8 | win_service:
9 | name: Spooler
10 | username: LocalSystem
11 | password: ""
12 | state: started
13 | start_mode: auto
--------------------------------------------------------------------------------
/roles/iis-dsc/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: stop iis service
2 | win_dsc:
3 | resource_name: service
4 | name: W3Svc
5 | state: stopped
6 |
7 | - name: start iis service
8 | win_dsc:
9 | resource_name: service
10 | name: W3Svc
11 | state: Running
12 | startuptype: Automatic
--------------------------------------------------------------------------------
/roles/mcafee-epo/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: check for existing installation
4 | win_reg_stat:
5 | path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{{ product_id }}
6 | register: existing_installation
7 |
8 | - include_tasks: install.yml
9 | when: not existing_installation.exists
--------------------------------------------------------------------------------
/windows-instance-remove-ovirt.yml:
--------------------------------------------------------------------------------
1 | - name: remove vms
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-ovirt.yml
8 |
9 | roles:
10 | - role: ansible-role-ovirt
11 | role_action: deprovision
12 | delegate_to: localhost
--------------------------------------------------------------------------------
/windows-instance-create-azure.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Instance on Azure
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-azure.yml
8 | vars:
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - deploy-azure
--------------------------------------------------------------------------------
/windows-instance-remove-azure.yml:
--------------------------------------------------------------------------------
1 | - name: Delete Windows Instance on Azure
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-azure.yml
8 | vars:
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - undeploy-azure
--------------------------------------------------------------------------------
/windows-instance-create-ovirt.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Instances on Ovirt
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-ovirt.yml
8 | vars:
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - ansible-role-ovirt
--------------------------------------------------------------------------------
/ad-node-instance-create-ec2.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows AD Instances on ec2
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - node-config/ad-node-ec2.yml
8 | vars:
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - ansible-role-ec2
--------------------------------------------------------------------------------
/thirdparty-other-app.yml:
--------------------------------------------------------------------------------
1 | - name: Install Third Party Software
2 | hosts: all
3 |
4 | tasks:
5 |
6 | - name: install Visual Studio Code, Git, and Putty
7 | win_chocolatey:
8 | name:
9 | - visualstudiocode
10 | - git
11 | - googlechrome
12 | ignore_checksums: true
--------------------------------------------------------------------------------
/roles/sql2019/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | iso_path: '{{ ansible_env.TEMP }}\sql2019.iso'
3 | install_with: win_package # ini, batch, powershell, win_shell or psexec
4 | iso_url: https://download.microsoft.com/download/8/4/c/84c6c430-e0f5-476d-bf43-eaaa222a72e0/SQLServer2019-x64-ENU.iso
5 | product_id: '{1EC3E2C8-1D6B-4891-A92F-7B396E7FB1D1}'
--------------------------------------------------------------------------------
/windows-instance-create-ec2.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Instances on ec2
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-ec2.yml
8 | vars:
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - ec2-find-amis
13 | - ansible-role-ec2
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | temp_directory: '{{ ansible_env.TEMP }}'
4 | script_execution_method: sqlscriptquery #sqlscript or sqlscriptquery
5 | db_name: rhdemo1
6 | sql_query: >-
7 | CREATE TABLE [{{ db_name }}].[dbo].[dbcaudit_temp]([SN] [varchar](255) NOT NULL,[Type]
8 | [varchar](20) NOT NULL) ON [PRIMARY]
--------------------------------------------------------------------------------
/node-config/ad-node-openstack.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | nodes:
4 | - name: oswinad1
5 | role: windows_ad
6 | app_name: windows_ad
7 | flavor: o1.small
8 | image: Windows 2016 Datacenter Updated
9 | key_name: ansible-oatakan
10 | volume_size: 30
11 | nics:
12 | - net-name: private_network
13 | os_type: windows
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/templates/Test-RunSQLScript.sql.j2:
--------------------------------------------------------------------------------
1 | if (select count(TABLE_NAME) from [{{ db_name }}].INFORMATION_SCHEMA.TABLES where TABLE_TYPE = 'BASE TABLE' and TABLE_NAME = 'dbcaudit_temp') = 0
2 | BEGIN
3 | RAISERROR ('Did not find table dbcaudit_temp', 16, 1)
4 | END
5 | ELSE
6 | BEGIN
7 | PRINT 'Found table dbcaudit_temp'
8 | END
--------------------------------------------------------------------------------
/windows-vm-destroy.yml:
--------------------------------------------------------------------------------
1 | - name: Destroy Windows Servers VMs
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-vmware.yml
8 |
9 | roles:
10 | - role: ansible-role-vmware
11 | role_action: deprovision
12 | delegate_to: localhost
13 | run_once: yes
--------------------------------------------------------------------------------
/roles/sql2016/tasks/powershell.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create SQL 2016 Install Script
3 | win_template:
4 | src: installSQL2016.ps1
5 | dest: C:\installSQL2016.ps1
6 |
7 | - name: install SQL 2016
8 | win_shell: c:\installSQL2016.ps1
9 | args:
10 | chdir: c:\
11 | creates: c:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER
--------------------------------------------------------------------------------
/roles/sql2019/tasks/powershell.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create SQL 2019 Install Script
3 | win_template:
4 | src: installSQL2019.ps1
5 | dest: C:\installSQL2019.ps1
6 |
7 | - name: install SQL 2019
8 | win_shell: c:\installSQL2019.ps1
9 | args:
10 | chdir: c:\
11 | creates: c:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER
--------------------------------------------------------------------------------
/cluster-nodes-instance-remove-vmware.yml:
--------------------------------------------------------------------------------
1 | - name: Remove Windows Cluster Servers
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - node-config/cluster-nodes-vmware.yml
8 |
9 | roles:
10 | - role: ansible-role-vmware
11 | role_action: deprovision
12 | delegate_to: localhost
--------------------------------------------------------------------------------
/cluster-nodes-instance-create-os-stack.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Cluster Servers
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars:
7 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
8 | vars_files:
9 | - node-config/cluster-nodes-openstack.yml
10 |
11 | roles:
12 | - ansible-role-openstack
--------------------------------------------------------------------------------
/windows-ad.yml:
--------------------------------------------------------------------------------
1 | - name: Windows AD Controller
2 | hosts: all
3 | vars:
4 | ansible_port: 5986
5 | ansible_connection: winrm
6 | ansible_winrm_transport: credssp
7 | ansible_winrm_server_cert_validation: ignore
8 | install_with: ini
9 | roles:
10 | - role: windows-hostname
11 | hostname: windc11
12 | - windows-ad-controller
--------------------------------------------------------------------------------
/roles/sqlupgrade/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Create SQL 2016 Install Script
2 | win_template:
3 | src: templates/upgradeSQL2016.bat
4 | dest: C:\upgradeSQL2016.bat
5 |
6 |
7 | - name: Upgrade to SQL 2016
8 | win_command: c:\upgradeSQL2016.bat
9 | args:
10 | creates: c:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER
11 | ignore_errors: true
12 |
--------------------------------------------------------------------------------
/roles/sql2016/tasks/batch.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create SQL 2016 Install Script
3 | win_template:
4 | src: installSQL2016.bat
5 | dest: C:\installSQL2016.bat
6 |
7 | - name: install SQL 2016
8 | win_shell: c:\installSQL2016.bat
9 | args:
10 | executable: cmd
11 | chdir: c:\
12 | creates: c:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER
13 |
--------------------------------------------------------------------------------
/roles/sql2019/tasks/batch.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create SQL 2019 Install Script
3 | win_template:
4 | src: installSQL2019.bat
5 | dest: C:\installSQL2019.bat
6 |
7 | - name: install SQL 2019
8 | win_shell: c:\installSQL2019.bat
9 | args:
10 | executable: cmd
11 | chdir: c:\
12 | creates: c:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER
13 |
--------------------------------------------------------------------------------
/win-nodes-openstack.yml:
--------------------------------------------------------------------------------
1 | ---
2 | nodes:
3 | - name: windows
4 | role: windows
5 | app_name: windows_demo
6 | flavor: m1.medium
7 | image: windows-2019-standard-core
8 | key_name: ansible-oatakan
9 | volume_size: 40
10 | nics:
11 | - net-name: private_network
12 | os_type: windows
13 | user_data: "{{ lookup('template', 'templates/userdata.txt.j2') }}"
--------------------------------------------------------------------------------
/roles/iiscert/template/index.html.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 | CVX Config Mgt. Demo
4 |
5 |
6 |
7 | CVX Config Mgt. Demo
8 |
9 | This is the servers IP address:
10 |
{{ ansible_host }}
11 |
12 | This is the sites URL
13 | {{ inventory_hostname }}
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/win-nodes-azure.yml:
--------------------------------------------------------------------------------
1 | ---
2 | nodes:
3 | - name: MyWin01
4 | role: windows
5 | app_name: windows_demo
6 | #vm_size: Standard_A1_v2
7 | #vm_size: Standard_A2_v2
8 | vm_size: Standard_D2s_v3
9 | os_type: Windows
10 | image:
11 | sku: 2019-Datacenter-Core-smalldisk
12 | publisher: MicrosoftWindowsServer
13 | version: latest
14 | offer: WindowsServer
--------------------------------------------------------------------------------
/windows-instance-remove-os-stack.yml:
--------------------------------------------------------------------------------
1 | - name: Delete openstack instance
2 | hosts: all
3 | gather_facts: no
4 | become: no
5 | vars_files:
6 | - win-nodes-openstack.yml
7 | vars:
8 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - role: ansible-role-os-stack
13 | role_action: deprovision
--------------------------------------------------------------------------------
/roles/ec2-find-amis/defaults/main.yml:
--------------------------------------------------------------------------------
1 | image_names:
2 | rhel-74: RHEL-7.4_HVM_GA-20170808-x86_64-2-Hourly2-GP2
3 | rhel-75: RHEL-7.5_HVM_GA-20180322-x86_64-1-Hourly2-GP2
4 | rhel-76: "RHEL-7.6_HVM_GA*"
5 | centos-75: CentOS Linux 7 x86_64 HVM EBS ENA 1805_01
6 | win-2016: "Windows_Server-2016-English-Core-Base*"
7 | win-2019: "Windows_Server-2019-English-Core-Base*"
8 | ec2_region: us-east-1
9 |
--------------------------------------------------------------------------------
/windows-instance-create-openstack.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Instances on OpenStack
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-openstack.yml
8 | vars:
9 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
10 | ansible_port: 5986
11 | windows: yes
12 | roles:
13 | - ansible-role-openstack
--------------------------------------------------------------------------------
/windows-instance-create-os-stack.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows Instances on OpenStack
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - win-nodes-openstack.yml
8 | vars:
9 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
10 | ansible_port: 5986
11 | windows: yes
12 | roles:
13 | - ansible-role-os-stack
--------------------------------------------------------------------------------
/cluster-nodes-instance-remove-os-stack.yml:
--------------------------------------------------------------------------------
1 | - name: Remove Windows Cluster Servers
2 | hosts: all
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars:
7 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
8 | vars_files:
9 | - node-config/cluster-nodes-openstack.yml
10 |
11 | roles:
12 | - role: ansible-role-openstack
13 | role_action: deprovision
--------------------------------------------------------------------------------
/ad-node-instance-create-openstack.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows AD Instances on OpenStack
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - node-config/ad-node-openstack.yml
8 | vars:
9 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
10 | ansible_port: 5986
11 | windows: yes
12 | roles:
13 | - ansible-role-os-stack
--------------------------------------------------------------------------------
/get_drive_space.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Get drive space
4 | hosts: all
5 |
6 | tasks:
7 | - name: get drive space
8 | win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
9 | register: drive_space
10 |
11 | - name: drive space
12 | debug:
13 | msg: "free drive space: {{ ((drive_space.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }} GB"
--------------------------------------------------------------------------------
/roles/ad-computer-registration/tasks/register.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: add a powershell module
4 | win_psmodule:
5 | name: xActiveDirectory
6 | state: present
7 |
8 | - name: add computer object
9 | win_dsc:
10 | resource_name: xADComputer
11 | ComputerName: "{{ computer_name }}"
12 | Path: '{{ join_ou_path | default("") }}'
13 | Ensure: Present
14 | when:
15 | - computer_name is defined
--------------------------------------------------------------------------------
/roles/ad-computer-registration/tasks/deregister.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: add a powershell module
4 | win_psmodule:
5 | name: xActiveDirectory
6 | state: present
7 |
8 | - name: remove computer object
9 | win_dsc:
10 | resource_name: xADComputer
11 | ComputerName: "{{ computer_name }}"
12 | Path: '{{ join_ou_path | default("") }}'
13 | Ensure: Absent
14 | when:
15 | - computer_name is defined
--------------------------------------------------------------------------------
/roles/post-windows/tasks/share.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: ensure shares directory is created
4 | win_file:
5 | path: C:\shares\{{ item }}
6 | state: directory
7 | loop: "{{ shares }}"
8 |
9 | - name: ensure shares exist
10 | win_share:
11 | name: "{{ item }}"
12 | description: "{{ item }} share"
13 | path: C:\shares\{{ item }}
14 | list: yes
15 | full: Administrators
16 | loop: "{{ shares }}"
--------------------------------------------------------------------------------
/roles/sql2016/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | iso_path: "{{ ansible_env.TEMP }}\\sql2016.iso"
3 | install_with: win_package # ini, batch, powershell, win_shell or psexec
4 | #iso_url: http://care.dlservice.microsoft.com/dl/download/F/E/9/FE9397FA-BFAB-4ADD-8B97-91234BC774B2/SQLServer2016-x64-ENU.iso
5 | iso_url: https://download.microsoft.com/download/9/0/7/907AD35F-9F9C-43A5-9789-52470555DB90/ENU/SQLServer2016SP1-FullSlipstream-x64-ENU.iso
--------------------------------------------------------------------------------
/roles/dynatrace-agent/tasks/package.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: download dynatrace agent
3 | win_get_url:
4 | url: '{{ package_url }}'
5 | dest: C:\dynatrace.msi
6 | when: state == 'present'
7 |
8 | - name: ensure dynatrace agent is "{{ state }}"
9 | win_package:
10 | path: C:\dynatrace.msi
11 | product_id: '{FEF8B348-84EA-4387-87EE-F05C3C1332A6}'
12 | state: "{{ state }}"
13 | arguments:
14 | - /quiet
--------------------------------------------------------------------------------
/roles/sql2016/tasks/ini.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create config file
3 | win_template:
4 | src: sqlsilent.ini
5 | dest: c:\sqlsilent.ini
6 |
7 | - name: install SQL 2016
8 | win_shell: "{{ disk_image_out.mount_paths[0] }}setup.exe /ConfigurationFile=C:\\sqlsilent.ini /INDICATEPROGRESS=False"
9 | args:
10 | executable: cmd
11 | chdir: c:\
12 | creates: C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER
--------------------------------------------------------------------------------
/roles/sql2019/tasks/ini.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create config file
3 | win_template:
4 | src: sqlsilent.ini
5 | dest: c:\sqlsilent.ini
6 |
7 | - name: install SQL 2019
8 | win_shell: "{{ disk_image_out.mount_paths[0] }}setup.exe /ConfigurationFile=C:\\sqlsilent.ini /INDICATEPROGRESS=False"
9 | args:
10 | executable: cmd
11 | chdir: c:\
12 | creates: C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER
--------------------------------------------------------------------------------
/roles/sql2016/templates/installSQL2016.bat:
--------------------------------------------------------------------------------
1 | {{ disk_image_out.mount_paths[0] }}setup.exe /Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\Backup /SQLUSERDBDIR=C:\Databases /SQLUSERDBLOGDIR=C:\UserDatabases
--------------------------------------------------------------------------------
/roles/sql2019/templates/installSQL2019.bat:
--------------------------------------------------------------------------------
1 | {{ disk_image_out.mount_paths[0] }}setup.exe /Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\Backup /SQLUSERDBDIR=C:\Databases /SQLUSERDBLOGDIR=C:\UserDatabases
--------------------------------------------------------------------------------
/ad-node-instance-remove-openstack.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Windows AD Instances on OpenStack
2 | hosts: localhost
3 | gather_facts: False
4 | connection: local
5 | become: no
6 | vars_files:
7 | - node-config/ad-node-openstack.yml
8 | vars:
9 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
10 | ansible_port: 5986
11 | windows: yes
12 | roles:
13 | - role: ansible-role-os-stack
14 | role_action: deprovision
--------------------------------------------------------------------------------
/windows-instance-remove-openstack.yml:
--------------------------------------------------------------------------------
1 | - name: Delete openstack instance
2 | hosts: all
3 | gather_facts: no
4 | become: no
5 | vars_files:
6 | - win-nodes-openstack.yml
7 | vars:
8 | config_file: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
9 | ansible_port: 5986
10 | windows: yes
11 | roles:
12 | - role: ansible-role-openstack
13 | role_action: deprovision
14 | delegate_to: localhost
15 | run_once: yes
--------------------------------------------------------------------------------
/roles/windows-ad-controller/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for windows-ad-controller
3 | dns_domain_name: "example.com"
4 | domain_admin_password: "Micr0soft!"
5 |
6 | # Users and Password to Create
7 | users_password: "MySecureP@ssword1" # MUST FOLLOW WINDOWS AD PASSWORD RULES
8 | users:
9 | - user1
10 | - user2
11 |
12 | # Details for reverse DNS lookup
13 | ptr_zone_name: "0.168.192.in-addr.arpa"
14 | ptr_zone_cidr: "192.168.0.0/24"
15 |
16 |
--------------------------------------------------------------------------------
/node-config/ad-node-ec2.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | nodes:
4 | - name: winad1
5 | role: windows_ad
6 | app_name: windows_cluster_demo
7 | instance_type: t2.large
8 | image: "{{ win2019_ami_id|default('ami-0105e6d241a21e66f') }}" #windows 2019
9 | volumes:
10 | - device_name: /dev/xvda
11 | volume_type: gp2
12 | volume_size: 50
13 | delete_on_termination: true
14 | user_data: "{{ lookup('template', 'templates/userdata.txt.j2') }}"
--------------------------------------------------------------------------------
/roles/collect-log/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: copy log file
4 | win_copy:
5 | src: '{{ log_file }}'
6 | dest: "{{ smb_share }}\\{{ destination_file_location }}\\{{ ansible_host }}_mcafee_log.txt"
7 | remote_src: yes
8 | become: yes
9 | become_method: runas
10 | become_flags: logon_type=new_credentials logon_flags=netcredentials_only
11 | vars:
12 | ansible_become_user: "{{ smb_share_username }}"
13 | ansible_become_pass: "{{ smb_share_password }}"
--------------------------------------------------------------------------------
/roles/services/tasks/main.yml:
--------------------------------------------------------------------------------
1 | # Setup services
2 |
3 |
4 | - name: Copy Example Service EXE to Server
5 | win_copy:
6 | src: files/ServiceExample.exe
7 | dest: C:\Windows\ServiceExample.exe
8 |
9 |
10 |
11 | - name: Create a new service
12 | win_service:
13 | name: service name
14 | path: C:\Windows\ServiceExample.exe
15 | display_name: Example Service
16 | description: This is an example service
17 | username: LocalSystem
18 | password: ""
19 |
--------------------------------------------------------------------------------
/roles/sql2016/templates/sqlsilent.ini:
--------------------------------------------------------------------------------
1 | [OPTIONS]
2 | QUIET="True"
3 | ACTION="Install"
4 | IACCEPTSQLSERVERLICENSETERMS="True"
5 | ENU="True"
6 | UPDATEENABLED="False"
7 | FEATURES=SQLENGINE,Conn
8 | INSTANCENAME="MSSQLSERVER
9 | SECURITYMODE="SQL"
10 | SAPWD="{{ mssql_password }}"
11 | AGTSVCSTARTUPTYPE="automatic"
12 | BROWSERSVCSTARTUPTYPE="automatic"
13 | SQLSYSADMINACCOUNTS="{{ mssql_username }}"
14 | SQLBACKUPDIR="C:\Backup"
15 | SQLUSERDBDIR="C:\Databases"
16 | SQLUSERDBLOGDIR="C:\UserDatabases"
--------------------------------------------------------------------------------
/roles/sql2019/templates/sqlsilent.ini:
--------------------------------------------------------------------------------
1 | [OPTIONS]
2 | QUIET="True"
3 | ACTION="Install"
4 | IACCEPTSQLSERVERLICENSETERMS="True"
5 | ENU="True"
6 | UPDATEENABLED="False"
7 | FEATURES=SQLENGINE,Conn
8 | INSTANCENAME="MSSQLSERVER
9 | SECURITYMODE="SQL"
10 | SAPWD="{{ mssql_password }}"
11 | AGTSVCSTARTUPTYPE="automatic"
12 | BROWSERSVCSTARTUPTYPE="automatic"
13 | SQLSYSADMINACCOUNTS="{{ mssql_username }}"
14 | SQLBACKUPDIR="C:\Backup"
15 | SQLUSERDBDIR="C:\Databases"
16 | SQLUSERDBLOGDIR="C:\UserDatabases"
--------------------------------------------------------------------------------
/roles/failover-cluster-common/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: add a powershell module
4 | win_psmodule:
5 | name: xFailOverCluster
6 | state: present
7 |
8 | - name: add windows features
9 | win_dsc:
10 | resource_name: WindowsFeature
11 | Name: "{{ item }}"
12 | Ensure: Present
13 | loop: "{{ required_features }}"
14 |
15 | - name: ensure registry service is running
16 | win_dsc:
17 | resource_name: Service
18 | Name: TermService
19 | StartupType: Automatic
20 | State: Running
--------------------------------------------------------------------------------
/roles/sql2016/templates/installSQL2016.ps1:
--------------------------------------------------------------------------------
1 | $p = Start-Process {{ disk_image_out.mount_paths[0] }}setup.exe -ArgumentList '/Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\Backup /SQLUSERDBDIR=C:\Databases /SQLUSERDBLOGDIR=C:\UserDatabases' -wait -NoNewWindow -PassThru
2 |
3 | $p.HasExited
4 |
5 | $p.ExitCode
--------------------------------------------------------------------------------
/roles/sql2019/templates/installSQL2019.ps1:
--------------------------------------------------------------------------------
1 | $p = Start-Process {{ disk_image_out.mount_paths[0] }}setup.exe -ArgumentList '/Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\Backup /SQLUSERDBDIR=C:\Databases /SQLUSERDBLOGDIR=C:\UserDatabases' -wait -NoNewWindow -PassThru
2 |
3 | $p.HasExited
4 |
5 | $p.ExitCode
--------------------------------------------------------------------------------
/roles/credential-examples/tasks/read_remote_file.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: read remote file
4 | slurp:
5 | src: '{{ remote_file_path }}'
6 | register: read_remote_file
7 | become: true
8 | become_method: runas
9 | become_flags: logon_type=new_credentials logon_flags=net_credentials_only
10 | vars:
11 | ansible_become_user: "{{ smb_share_username }}"
12 | ansible_become_password: "{{ smb_share_password }}"
13 |
14 | - name: show file content
15 | debug:
16 | msg: "{{ read_remote_file['content'] | b64decode }}"
17 |
--------------------------------------------------------------------------------
/roles/sql_run_sql_script/tasks/mssql_script.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Execute script
4 | community.general.mssql_script:
5 | login_host: '{{ ansible_host | default(ansible_ssh_host) | default(inventory_hostname) }}'
6 | login_user: sa
7 | login_password: '{{ mssql_password }}'
8 | output: dict
9 | script: '{{ sql_script }}'
10 | delegate_to: localhost
11 | become: false
12 | register: mssql_execute_sql_query
13 |
14 | - debug:
15 | msg: "validate table created: {{ mssql_execute_sql_query.query_results_dict[0][0][0]['TABLE_NAME'] }}"
--------------------------------------------------------------------------------
/ad-node-instance-remove-ec2.yml:
--------------------------------------------------------------------------------
1 | - hosts: localhost
2 | become: no
3 | tasks:
4 | - name: get ec2 instance information
5 | ec2_remote_facts:
6 | region: "{{ ec2_region }}"
7 | filters:
8 | vpc-id: "{{ ec2_vpc_id }}"
9 | "tag:app": windows_cluster_demo
10 | "tag:role": windows_ad
11 | register: ec2_instances
12 |
13 | - name: terminate instances
14 | ec2:
15 | region: "{{ ec2_region }}"
16 | state: "absent"
17 | instance_ids: "{{ ec2_instances.instances | map(attribute='id') | list }}"
--------------------------------------------------------------------------------
/restful.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Call a Public Test Restful API
4 | hosts: localhost
5 | gather_facts: False
6 | connection: local
7 |
8 | tasks:
9 | - name: Create new user using Restful API
10 | uri:
11 | url: https://reqres.in/api/users
12 | method: POST
13 | username: test
14 | password: test
15 | return_content: yes
16 | body: {"email":"testuser@test.com","password":"Test!!!1"}
17 | body_format: json
18 | status_code: 201
19 | register: todo
20 |
21 | - debug:
22 | msg: "{{ todo }}"
--------------------------------------------------------------------------------
/roles/sql2016/tasks/win_shell.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install SQL 2016
3 | win_shell: "{{ disk_image_out.mount_paths[0] }}setup.exe /Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\\Backup /SQLUSERDBDIR=C:\\Databases /SQLUSERDBLOGDIR=C:\\UserDatabases"
4 | args:
5 | executable: cmd
6 | chdir: c:\
7 | creates: c:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER
--------------------------------------------------------------------------------
/roles/sql2019/tasks/win_shell.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install SQL 2019
3 | win_shell: "{{ disk_image_out.mount_paths[0] }}setup.exe /Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\\Backup /SQLUSERDBDIR=C:\\Databases /SQLUSERDBLOGDIR=C:\\UserDatabases"
4 | args:
5 | executable: cmd
6 | chdir: c:\
7 | creates: c:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER
--------------------------------------------------------------------------------
/roles/enable-dsc-lcm/files/configure_lcm.ps1:
--------------------------------------------------------------------------------
1 | [DscLocalConfigurationManager()]
2 | Configuration LCM {
3 |
4 | node localhost {
5 | Settings
6 | {
7 | ConfigurationMode = 'ApplyAndAutoCorrect'
8 | RebootNodeIfNeeded = $false
9 | ActionAfterReboot = 'ContinueConfiguration'
10 | RefreshMode = 'Push'
11 | ConfigurationModeFrequencyMins = 15;
12 | }
13 |
14 | }
15 | }
16 |
17 | md c:\lcmconfig -ErrorAction SilentlyContinue
18 | lcm -OutputPath c:\lcmconfig
19 | Set-DscLocalConfigurationManager -Path c:\lcmconfig -Force -Verbose
--------------------------------------------------------------------------------
/roles/sql_run_sql_script/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | run_sql_script_method: mssql_script # mssql_script or powershell
4 |
5 | db_name: rhdemo1
6 | sql_query: >-
7 | CREATE TABLE [dbo].[dbcaudit_temp]([SN] [varchar](255) NOT NULL,[Type]
8 | [varchar](20) NOT NULL) ON [PRIMARY]
9 |
10 | sql_script: >-
11 | IF OBJECT_ID(N'{{ db_name }}.dbo.dbcaudit_temp', N'U') IS NULL BEGIN CREATE TABLE [{{ db_name }}].[dbo].[dbcaudit_temp]([SN] [varchar](255) NOT NULL,[Type] [varchar](20) NOT NULL) ON [PRIMARY]; END;
12 | SELECT TABLE_NAME FROM [{{ db_name }}].INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE' and TABLE_NAME = 'dbcaudit_temp'
--------------------------------------------------------------------------------
/node-config/cluster-nodes-openstack.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | nodes:
4 | - name: winweb1
5 | role: cluster_first
6 | app_name: windows_cluster_demo
7 | flavor: m1.medium
8 | image: Windows Server 2016 updated
9 | key_name: ansible-oatakan
10 | volume_size: 30
11 | nics:
12 | - net-name: private_network
13 | os_type: windows
14 | - name: winweb2
15 | role: cluster_other
16 | app_name: windows_cluster_demo
17 | flavor: m1.medium
18 | image: Windows Server 2016 updated
19 | key_name: ansible-oatakan
20 | volume_size: 30
21 | nics:
22 | - net-name: private_network
23 | os_type: windows
--------------------------------------------------------------------------------
/roles/mcafee-epo/templates/installMcAfeeEPO.bat:
--------------------------------------------------------------------------------
1 | {{ temp_directory }}\mcafee_epo\setup.exe /qn /l* C:\McAfee_ePO.log MFSADMINUSERNAME_UE=admin MFSADMINPASSWORD_UE={{ mssql_password }} MFSADMINVERIFYPASSWORD_UE={{ mssql_password }} MFSDATABASESERVERNAME={{ sql_server_hostname }} MFSDATABASEPORT=1433 MFSDATABASENAME=EPODB MFSDATABASEUSERNAME_UE=sa MFSDATABASEPASSWORD_UE={{ mssql_password }} AGENTPORT=80 AGENTSECUREPORT=443 TOMCATSECUREPORT=8443 MFSDATABASEAUTHENTICATION=2 SQLUDPPORTISENABLED=0 IGNOREPROPINI=1 MFSKEYSTOREPASSWORD_UE={{ mssql_password }} MFSVERIFYKEYSTOREPASSWORD={{ mssql_password }} ENABLETELEMETRY=0 ENABLEFIPSMODE=0 SKIPAUTOPRODINST=0 AgreeToLicense="Yes"
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/tasks/using_sqlscriptquery.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: ensure required DSC module is available
4 | win_psmodule:
5 | name: SqlServerDsc
6 | state: present
7 |
8 | - name: create database tables (SqlScriptQuery)
9 | win_dsc:
10 | resource_name: SqlScriptQuery
11 | ServerName: localhost
12 | InstanceName: MSSQLServer
13 | Credential_username: sa
14 | Credential_password: '{{ mssql_password }}'
15 | SetQuery: "{{ lookup('template', 'Set-RunSQLScript.sql.j2') }}"
16 | TestQuery: "{{ lookup('template', 'Test-RunSQLScript.sql.j2') }}"
17 | GetQuery: "{{ lookup('template', 'Get-RunSQLScript.sql.j2') }}"
--------------------------------------------------------------------------------
/win-nodes-ec2.yml:
--------------------------------------------------------------------------------
1 | ---
2 | nodes:
3 | - name: windows
4 | role: windows
5 | app_name: windows_demo
6 | instance_type: t2.large
7 | image: "{{ win2019_ami_id|default('ami-0105e6d241a21e66f') }}" #windows 2019
8 | #image: ami-603b1c1a #windows 2016
9 | #image: ami-013e197b #windows 2012 R2
10 | volumes:
11 | - device_name: /dev/xvda
12 | ebs:
13 | volume_size: 50
14 | delete_on_termination: true
15 | - device_name: /dev/xvdb
16 | ebs:
17 | volume_size: 100
18 | delete_on_termination: true
19 | user_data: "{{ lookup('template', 'templates/userdata.txt.j2') }}"
20 |
21 |
--------------------------------------------------------------------------------
/templates/userdata.txt.j2:
--------------------------------------------------------------------------------
1 |
2 | $admin = [adsi]("WinNT://./administrator, user")
3 | {% if ansible_password is defined %}
4 | $admin.PSBase.Invoke("SetPassword", "{{ ansible_password }}")
5 | {% endif %}
6 | & $([scriptblock]::Create((New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"))) -ForceNewSSLCert -EnableCredSSP
7 | Enable-WSManCredSSP -Role Server -Force
8 | Set-Item -Path "WSMan:\localhost\Service\Auth\CredSSP" -Value $true
9 | Resize-Partition -DriveLetter c -Size (Get-PartitionSupportedSize -DriveLetter c).sizeMax -ErrorAction SilentlyContinue
10 |
--------------------------------------------------------------------------------
/roles/registry/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Registry - Disable System Tray, Clock and Calendar UI
2 | win_regedit:
3 | path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell
4 | name: UseWin32TrayClockExperience
5 | data: 1
6 | type: dword
7 |
8 | - name: Registry - Disable Login Screen Background Image
9 | win_regedit:
10 | path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
11 | name: DisableLogonBackgroundImage
12 | data: 1
13 | type: dword
14 |
15 | - name: Registry - Disable One Drive
16 | win_regedit:
17 | path: HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}
18 | name: System.IsPinnedToNameSpaceTree
19 | data: 0
20 | type: dword
--------------------------------------------------------------------------------
/set_custom_facts.yml:
--------------------------------------------------------------------------------
1 | - name: set custom facts and gather
2 | hosts: all
3 | tasks:
4 | - name: create custom facts on the system
5 | win_copy:
6 | content: |
7 | @{
8 | local_facts = @{
9 | custom_fact_1 = 'test 1'
10 | custom_fact_2 = 'test 2'
11 | }
12 | }
13 | dest: C:\windows\temp\ansible_custom_facts.ps1
14 |
15 | - name: gather custom facts
16 | setup:
17 | fact_path: C:\windows\temp\ansible_custom_facts.ps1
18 |
19 | - debug:
20 | msg: "custom_fact_1: {{ ansible_ansible_custom_facts.local_facts.custom_fact_1 }}, custom_fact_2: {{ ansible_ansible_custom_facts.local_facts.custom_fact_2 }}"
21 |
--------------------------------------------------------------------------------
/win-nodes-ovirt.yml:
--------------------------------------------------------------------------------
1 | ---
2 | providers:
3 | ovirt:
4 | cluster: pele-Local
5 | nodes:
6 | - name: wintest2
7 | role: windows
8 | app_name: windows_demo
9 | networks:
10 | - name: ovirtmgmt
11 | ip: 192.168.1.64
12 | netmask: 255.255.255.0
13 | gateway: 192.168.1.254
14 | domain: home.ad
15 | dns_servers:
16 | - 192.168.1.254
17 | - 8.8.4.4
18 | # disks:
19 | # - name: windows-2019-standard-core
20 | # name_prefix: no
21 | # size: 80GiB
22 | domain: home.ad
23 | memory: 4096
24 | cpu: 2
25 | type: server
26 | user_name: vagrant
27 | template: "{{ template_name | default('windows-2019-standard-core') }}"
28 | #template: windows-2016
29 | sysprep: yes
--------------------------------------------------------------------------------
/roles/patch/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Copy a Windows Update file from remote directory to local
2 | win_copy:
3 | src: \\192.168.1.103\iso\windows10.0-kb4013418-x64.msu
4 | dest: c:\windows10.0-kb4013418-x64.msu
5 | remote_src: True
6 |
7 | - name: Install Windows Update for KB4013418
8 | win_shell: c:\windows10.0-kb4013418-x64.msu /quiet /norestart
9 | register: patch
10 |
11 |
12 |
13 | #- name: Install Windows Update for KB4013418
14 | # win_package:
15 | # path: c:\windows10.0-kb4013418-x64.msu
16 | # productid: '{D64B6984-242F-32BC-B008-752806E5FC44}.KB4013418'
17 | # arguments: '/quiet /norestart'
18 | # ensure: present
19 | # expected_return_code: [0,3010]
20 | # register: patch
21 |
22 | - debug:
23 | msg: "{{ patch }}"
24 |
--------------------------------------------------------------------------------
/roles/sql2019/tasks/win_package.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install SQL 2019
3 | win_package:
4 | path: '{{ disk_image_out.mount_paths[0] }}setup.exe'
5 | product_id: '{{ product_id }}'
6 | arguments:
7 | - /Q
8 | - /ACTION=Install
9 | - /IACCEPTSQLSERVERLICENSETERMS
10 | - /ENU
11 | - /UPDATEENABLED=false
12 | - /FEATURES=SQLENGINE,Conn
13 | - /INSTANCENAME=MSSQLSERVER
14 | - /SECURITYMODE=SQL
15 | - /SAPWD={{ mssql_password }}
16 | - /AGTSVCSTARTUPTYPE=automatic
17 | - /BROWSERSVCSTARTUPTYPE=automatic
18 | - /SQLSYSADMINACCOUNTS={{ mssql_username }}
19 | - /SQLBACKUPDIR=C:\Backup
20 | - /SQLUSERDBDIR=C:\Databases
21 | - /SQLUSERDBLOGDIR=C:\UserDatabases
22 | register: sql_install
--------------------------------------------------------------------------------
/roles/sql2016/files/enableSQLTCP.ps1:
--------------------------------------------------------------------------------
1 | # Ensure SQL Power Shell Modules are in the path
2 | $env:PSModulePath = $env:PSModulePath + ";C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules"
3 |
4 | # Import SQL Server Module called SQLPS
5 | Import-Module SQLPS -DisableNameChecking
6 |
7 | $smo = 'Microsoft.SqlServer.Management.Smo.'
8 | $wmi = new-object ($smo + 'Wmi.ManagedComputer')
9 | # Enable the TCP protocol on the default instance. If the instance is named, replace MSSQLSERVER with the instance name in the following line.
10 | $uri = "ManagedComputer[@Name='" + (get-item env:\computername).Value + "']/ServerInstance[@Name='MSSQLSERVER']/ServerProtocol[@Name='Tcp']"
11 | $Tcp = $wmi.GetSmoObject($uri)
12 | $Tcp.IsEnabled = $true
13 | $Tcp.Alter()
14 | $Tcp
--------------------------------------------------------------------------------
/roles/sql2019/files/enableSQLTCP.ps1:
--------------------------------------------------------------------------------
1 | # Ensure SQL Power Shell Modules are in the path
2 | $env:PSModulePath = $env:PSModulePath + ";C:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules"
3 |
4 | # Import SQL Server Module called SQLPS
5 | Import-Module SQLPS -DisableNameChecking
6 |
7 | $smo = 'Microsoft.SqlServer.Management.Smo.'
8 | $wmi = new-object ($smo + 'Wmi.ManagedComputer')
9 | # Enable the TCP protocol on the default instance. If the instance is named, replace MSSQLSERVER with the instance name in the following line.
10 | $uri = "ManagedComputer[@Name='" + (get-item env:\computername).Value + "']/ServerInstance[@Name='MSSQLSERVER']/ServerProtocol[@Name='Tcp']"
11 | $Tcp = $wmi.GetSmoObject($uri)
12 | $Tcp.IsEnabled = $true
13 | $Tcp.Alter()
14 | $Tcp
--------------------------------------------------------------------------------
/failover-cluster-create.yml:
--------------------------------------------------------------------------------
1 | - name: Failover prereqs
2 | hosts: all
3 |
4 | roles:
5 | - role: failover-cluster-common
6 |
7 | - name: Create failover cluster on first node
8 | hosts: '*cluster_first'
9 | vars:
10 | ansible_port: 5986
11 | ansible_connection: winrm
12 | ansible_winrm_transport: credssp
13 | ansible_winrm_server_cert_validation: ignore
14 | roles:
15 | - role: failover-cluster
16 | first_node: yes
17 |
18 | - name: Join failover clusters on other nodes
19 | hosts: '*cluster_other'
20 | vars:
21 | ansible_port: 5986
22 | ansible_connection: winrm
23 | ansible_winrm_transport: credssp
24 | ansible_winrm_server_cert_validation: ignore
25 | roles:
26 | - role: failover-cluster
27 | first_node: no
28 |
--------------------------------------------------------------------------------
/roles/set-static-ip/tasks/multi_network.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Install required DSC modules
4 | win_psmodule:
5 | name: NetworkingDsc
6 | state: present
7 |
8 | - name: show current ip address of the 2nd interface
9 | debug:
10 | msg: "{{ ansible_ip_addresses[3] }}"
11 |
12 | - name: Set static address for the 2nd interface
13 | win_dsc:
14 | resource_name: IPAddress
15 | IPAddress: "{{ second_interface_static_ip_address }}"
16 | InterfaceAlias: "{{ ansible_interfaces[1].connection_name }}"
17 | AddressFamily: IPV4
18 |
19 | - name: gather new networking facts
20 | setup:
21 | filter:
22 | - 'ansible_ip_addresses'
23 |
24 | - name: show the new ip address of the 2nd interface
25 | debug:
26 | msg: "{{ ansible_ip_addresses[3] }}"
--------------------------------------------------------------------------------
/roles/sql2016/tasks/win_package.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install SQL 2016
3 | win_package:
4 | path: '{{ disk_image_out.mount_paths[0] }}setup.exe'
5 | product_id: '{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}'
6 | arguments:
7 | - /Q
8 | - /ACTION=Install
9 | - /IACCEPTSQLSERVERLICENSETERMS
10 | - /ENU
11 | - /UPDATEENABLED=false
12 | - /FEATURES=SQLENGINE,Conn
13 | - /INSTANCENAME=MSSQLSERVER
14 | - /SECURITYMODE=SQL
15 | - /SAPWD={{ mssql_password }}
16 | - /AGTSVCSTARTUPTYPE=automatic
17 | - /BROWSERSVCSTARTUPTYPE=automatic
18 | - /SQLSYSADMINACCOUNTS={{ mssql_username }}
19 | - /SQLBACKUPDIR=C:\Backup
20 | - /SQLUSERDBDIR=C:\Databases
21 | - /SQLUSERDBLOGDIR=C:\UserDatabases
22 | register: sql_install
--------------------------------------------------------------------------------
/roles/iis/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install IIS Web-Server with sub features and management tools
2 | win_feature:
3 | name: Web-Server
4 | state: present
5 | restart: True
6 | include_sub_features: True
7 | include_management_tools: True
8 |
9 | - name: Firewall rule to allow http on TCP port 80
10 | action: win_firewall_rule
11 | args:
12 | name: http
13 | enable: yes
14 | state: present
15 | localport: 80
16 | action: allow
17 | direction: In
18 | protocol: TCP
19 |
20 | - name: Firewall rule to allow https on TCP port 443
21 | action: win_firewall_rule
22 | args:
23 | name: https
24 | enable: yes
25 | state: present
26 | localport: 443
27 | action: allow
28 | direction: In
29 | protocol: TCP
--------------------------------------------------------------------------------
/failover-iis-cluster-create.yml:
--------------------------------------------------------------------------------
1 | - name: prereqs
2 | hosts: all
3 |
4 | roles:
5 | - domain
6 | - iis-dsc
7 | - role: failover-cluster-common
8 |
9 | - name: Create failover cluster on first node
10 | hosts: '*cluster_first'
11 | vars:
12 | ansible_port: 5986
13 | ansible_connection: winrm
14 | ansible_winrm_transport: credssp
15 | ansible_winrm_server_cert_validation: ignore
16 | roles:
17 | - role: failover-cluster
18 | first_node: yes
19 |
20 | - name: Join failover clusters on other nodes
21 | hosts: '*cluster_other'
22 | vars:
23 | ansible_port: 5986
24 | ansible_connection: winrm
25 | ansible_winrm_transport: credssp
26 | ansible_winrm_server_cert_validation: ignore
27 | roles:
28 | - role: failover-cluster
29 | first_node: no
30 |
--------------------------------------------------------------------------------
/roles/requirements.yml:
--------------------------------------------------------------------------------
1 | #- src: juju4.harden_windows
2 |
3 | - src: https://github.com/oatakan/ansible-role-ec2
4 | version: origin/master
5 |
6 | - src: https://github.com/oatakan/ansible-role-vmware
7 | version: origin/master
8 |
9 | - src: https://github.com/oatakan/ansible-role-ovirt
10 | version: origin/master
11 |
12 | - src: https://github.com/oatakan/ansible-role-kubevirt
13 | version: origin/master
14 |
15 | - src: https://github.com/oatakan/ansible-role-azure
16 | version: origin/master
17 |
18 | - src: https://github.com/oatakan/ansible-role-openstack
19 | version: origin/master
20 |
21 | - src: https://github.com/oatakan/ansible-role-os-stack
22 | version: origin/master
23 |
24 | - src: https://github.com/oatakan/ansible-role-windows-ad-controller
25 | version: origin/master
26 |
--------------------------------------------------------------------------------
/roles/sql2019/tasks/win_dsc_package.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: install SQL 2019
4 | win_dsc:
5 | resource_name: Package
6 | Path: '{{ disk_image_out.mount_paths[0] }}setup.exe'
7 | ProductId: '{{ product_id }}'
8 | Name: Microsoft SQL Server 2019
9 | Arguments: >
10 | /Q
11 | /ACTION=Install
12 | /IACCEPTSQLSERVERLICENSETERMS
13 | /ENU
14 | /UPDATEENABLED=false
15 | /FEATURES=SQLENGINE,Conn
16 | /INSTANCENAME=MSSQLSERVER
17 | /SECURITYMODE=SQL
18 | /SAPWD={{ mssql_password }}
19 | /AGTSVCSTARTUPTYPE=automatic
20 | /BROWSERSVCSTARTUPTYPE=automatic
21 | /SQLSYSADMINACCOUNTS={{ mssql_username }}
22 | /SQLBACKUPDIR=C:\Backup
23 | /SQLUSERDBDIR=C:\Databases
24 | /SQLUSERDBLOGDIR=C:\UserDatabases
25 | register: sql_install
--------------------------------------------------------------------------------
/roles/sql2016/tasks/win_dsc.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Install required DSC module
4 | win_psmodule:
5 | name: SqlServerDsc
6 | state: present
7 |
8 |
9 | - name: install SQL 2016
10 | win_dsc:
11 | resource_name: SqlSetup
12 | InstanceName: MSSQLServer
13 | SourcePath: '{{ disk_image_out.mount_paths[0] }}'
14 | Features: SQLENGINE
15 | InstallSharedDir: 'C:\Program Files\Microsoft SQL Server'
16 | SQLSysAdminAccounts:
17 | - '{{ mssql_username }}'
18 | SQLSvcAccount_username: '{{ mssql_username }}'
19 | SQLSvcAccount_password: '{{ mssql_password }}'
20 | AgtSvcAccount_username: '{{ mssql_username }}'
21 | AgtSvcAccount_password: '{{ mssql_password }}'
22 | SecurityMode: SQL
23 | SAPwd_username: sa
24 | SAPwd_password: '{{ mssql_password }}'
25 | register: sql_install
--------------------------------------------------------------------------------
/roles/sql2019/tasks/win_dsc.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Install required DSC module
4 | win_psmodule:
5 | name: SqlServerDsc
6 | state: present
7 |
8 |
9 | - name: install SQL 2019
10 | win_dsc:
11 | resource_name: SqlSetup
12 | InstanceName: MSSQLServer
13 | SourcePath: '{{ disk_image_out.mount_paths[0] }}'
14 | Features: SQLENGINE
15 | InstallSharedDir: 'C:\Program Files\Microsoft SQL Server'
16 | SQLSysAdminAccounts:
17 | - '{{ mssql_username }}'
18 | SQLSvcAccount_username: '{{ mssql_username }}'
19 | SQLSvcAccount_password: '{{ mssql_password }}'
20 | AgtSvcAccount_username: '{{ mssql_username }}'
21 | AgtSvcAccount_password: '{{ mssql_password }}'
22 | SecurityMode: SQL
23 | SAPwd_username: sa
24 | SAPwd_password: '{{ mssql_password }}'
25 | register: sql_install
--------------------------------------------------------------------------------
/roles/sql2016/tasks/win_dsc_package.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install SQL 2016
3 | win_dsc:
4 | resource_name: Package
5 | Path: '{{ disk_image_out.mount_paths[0] }}setup.exe'
6 | ProductId: '{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}'
7 | Name: Microsoft SQL Server 2016
8 | Arguments: >
9 | /Q
10 | /ACTION=Install
11 | /IACCEPTSQLSERVERLICENSETERMS
12 | /ENU
13 | /UPDATEENABLED=false
14 | /FEATURES=SQLENGINE,Conn
15 | /INSTANCENAME=MSSQLSERVER
16 | /SECURITYMODE=SQL
17 | /SAPWD={{ mssql_password }}
18 | /AGTSVCSTARTUPTYPE=automatic
19 | /BROWSERSVCSTARTUPTYPE=automatic
20 | /SQLSYSADMINACCOUNTS={{ mssql_username }}
21 | /SQLBACKUPDIR=C:\Backup
22 | /SQLUSERDBDIR=C:\Databases
23 | /SQLUSERDBLOGDIR=C:\UserDatabases
24 | register: sql_install
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/tasks/using_sqlscript.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: ensure required DSC module is available
4 | win_psmodule:
5 | name: SqlServerDsc
6 | state: present
7 |
8 | - name: create db scripts
9 | win_template:
10 | src: '{{ item }}.j2'
11 | dest: '{{ temp_directory }}\{{ item }}'
12 | loop:
13 | - Set-RunSQLScript.sql
14 | - Test-RunSQLScript.sql
15 | - Get-RunSQLScript.sql
16 |
17 | - name: create database tables (SqlScript)
18 | win_dsc:
19 | resource_name: SqlScript
20 | ServerName: localhost
21 | InstanceName: MSSQLServer
22 | Credential_username: sa
23 | Credential_password: '{{ mssql_password }}'
24 | SetFilePath: '{{ temp_directory }}\Set-RunSQLScript.sql'
25 | TestFilePath: '{{ temp_directory }}\Test-RunSQLScript.sql'
26 | GetFilePath: '{{ temp_directory }}\Get-RunSQLScript.sql'
--------------------------------------------------------------------------------
/ad_computer_deregister_all.yml:
--------------------------------------------------------------------------------
1 | - name: remove computer objects
2 | hosts: all
3 | gather_facts: yes
4 | serial: 1
5 |
6 | pre_tasks:
7 | - debug:
8 | msg: "{{ ansible_hostname | default('') }}"
9 | roles:
10 | - role: ad-computer-registration
11 | role_action: deregister
12 | computer_name: "{{ ansible_hostname }}"
13 | delegate_to: "{{ windows_ad_server_ip }}"
14 | when: ansible_hostname is defined
15 |
16 | - name: remove cluster object
17 | hosts: all
18 | gather_facts: no
19 | vars:
20 | ansible_port: 5986
21 | ansible_connection: winrm
22 | ansible_winrm_transport: credssp
23 | ansible_winrm_server_cert_validation: ignore
24 | roles:
25 | - role: ad-computer-registration
26 | role_action: deregister
27 | computer_name: "{{ cluster_name }}"
28 | delegate_to: "{{ windows_ad_server_ip }}"
29 | run_once: yes
--------------------------------------------------------------------------------
/roles/sql2016-update/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: check update file
4 | win_stat:
5 | path: "{{ update_file_path }}"
6 | register: update_file
7 | when: (":" in update_file_path)
8 |
9 | - name: download update file
10 | win_get_url:
11 | dest: "{{ update_file_path }}"
12 | url: "{{ update_file_url }}"
13 | register: download_update
14 | until: download_update is success
15 | delay: 3
16 | retries: 5
17 | when: (":" in update_file_path) and (not update_file.stat.exists)
18 |
19 | - include_tasks: check_version.yml
20 |
21 | - name: patch SQL 2016
22 | win_package:
23 | path: '{{ update_file_path }}'
24 | product_id: '{0AE831BC-ABCD-4DE2-8FBF-68B220611A7F}'
25 | arguments:
26 | - /Q
27 | - /quiet
28 | - /IAcceptSQLServerLicenseTerms
29 | - /Action=Patch
30 | - /AllInstances
31 | register: sql_update
32 |
33 | - include_tasks: check_version.yml
--------------------------------------------------------------------------------
/roles/sql2016/tasks/psexec.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: download PsTools
3 | win_get_url:
4 | dest: "{{ ansible_env.TEMP }}\\pstools.zip"
5 | url: "https://download.sysinternals.com/files/PSTools.zip"
6 |
7 | - name: extract PSTools
8 | win_unzip:
9 | src: "{{ ansible_env.TEMP }}\\pstools.zip"
10 | dest: "{{ ansible_env.TEMP }}\\pstools"
11 | rm: true
12 |
13 | - name: install SQL 2016
14 | win_psexec:
15 | command: "{{ disk_image_out.mount_paths[0] }}setup.exe /Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\\Backup /SQLUSERDBDIR=C:\\Databases /SQLUSERDBLOGDIR=C:\\UserDatabases"
16 | priority: high
17 | executable: "{{ ansible_env.TEMP }}\\pstools\\PsExec.exe"
--------------------------------------------------------------------------------
/roles/sql2019/tasks/psexec.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: download PsTools
3 | win_get_url:
4 | dest: "{{ ansible_env.TEMP }}\\pstools.zip"
5 | url: "https://download.sysinternals.com/files/PSTools.zip"
6 |
7 | - name: extract PSTools
8 | win_unzip:
9 | src: "{{ ansible_env.TEMP }}\\pstools.zip"
10 | dest: "{{ ansible_env.TEMP }}\\pstools"
11 | rm: true
12 |
13 | - name: install SQL 2019
14 | win_psexec:
15 | command: "{{ disk_image_out.mount_paths[0] }}setup.exe /Q /ACTION=Install /IACCEPTSQLSERVERLICENSETERMS /ENU /UPDATEENABLED=false /FEATURES=SQLENGINE,Conn /INSTANCENAME=MSSQLSERVER /SECURITYMODE=SQL /SAPWD={{ mssql_password }} /AGTSVCSTARTUPTYPE=automatic /BROWSERSVCSTARTUPTYPE=automatic /SQLSYSADMINACCOUNTS={{ mssql_username }} /SQLBACKUPDIR=C:\\Backup /SQLUSERDBDIR=C:\\Databases /SQLUSERDBLOGDIR=C:\\UserDatabases"
16 | priority: high
17 | executable: "{{ ansible_env.TEMP }}\\pstools\\PsExec.exe"
--------------------------------------------------------------------------------
/roles/sql_run_sql_script/templates/audit_table.j2:
--------------------------------------------------------------------------------
1 | CREATE TABLE [{{ schema }}].[{{ table_name }}](
2 | [SN] [varchar](255) NOT NULL,
3 | [Type] [varchar](20) NOT NULL,
4 | [DB_SLA] [nvarchar](16) NULL,
5 | [DBC_Contact] [nvarchar](10) NULL,
6 | [RD] [varchar](16) NULL,
7 | [Ver] [varchar](35) NULL,
8 | [SQLSP] [varchar](35) NULL,
9 | [EDITION] [varchar](35) NOT NULL,
10 | [C3403A] [varchar](10) NULL,
11 | [C3364A] [varchar](10) NULL,
12 | [C3405A] [varchar](10) NULL,
13 | [C3412B] [varchar](10) NULL,
14 | [C3404A] [varchar](10) NULL,
15 | [C3413A] [varchar](10) NULL,
16 | [C3386A] [varchar](10) NULL,
17 | [C4539A] [varchar](10) NULL,
18 | [C4549A] [varchar](10) NULL,
19 | [C4554A] [varchar](10) NULL,
20 | [CA001A] [varchar](10) NULL,
21 | [C3412A] [varchar](10) NULL,
22 | [C3364B] [varchar](10) NULL,
23 | [C3371A] [varchar](10) NULL,
24 | [C3410A] [varchar](10) NULL,
25 | [C4547A] [varchar](10) NULL
26 | ) ON [PRIMARY]
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/templates/audit_table.j2:
--------------------------------------------------------------------------------
1 | CREATE TABLE [{{ schema }}].[{{ table_name }}](
2 | [SN] [varchar](255) NOT NULL,
3 | [Type] [varchar](20) NOT NULL,
4 | [DB_SLA] [nvarchar](16) NULL,
5 | [DBC_Contact] [nvarchar](10) NULL,
6 | [RD] [varchar](16) NULL,
7 | [Ver] [varchar](35) NULL,
8 | [SQLSP] [varchar](35) NULL,
9 | [EDITION] [varchar](35) NOT NULL,
10 | [C3403A] [varchar](10) NULL,
11 | [C3364A] [varchar](10) NULL,
12 | [C3405A] [varchar](10) NULL,
13 | [C3412B] [varchar](10) NULL,
14 | [C3404A] [varchar](10) NULL,
15 | [C3413A] [varchar](10) NULL,
16 | [C3386A] [varchar](10) NULL,
17 | [C4539A] [varchar](10) NULL,
18 | [C4549A] [varchar](10) NULL,
19 | [C4554A] [varchar](10) NULL,
20 | [CA001A] [varchar](10) NULL,
21 | [C3412A] [varchar](10) NULL,
22 | [C3364B] [varchar](10) NULL,
23 | [C3371A] [varchar](10) NULL,
24 | [C3410A] [varchar](10) NULL,
25 | [C4547A] [varchar](10) NULL
26 | ) ON [PRIMARY]
--------------------------------------------------------------------------------
/splunk_forwarder.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: install/uninstall splunk forwarder
4 | hosts: all
5 | vars:
6 | package_state: present #present/absent
7 | splunk_package_url: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=windows&version=8.2.1&product=universalforwarder&filename=splunkforwarder-8.2.1-ddff1c41e5cf-x64-release.msi&wget=true
8 | tasks:
9 | - name: download package
10 | win_get_url:
11 | url: "{{ splunk_package_url }}"
12 | dest: c:\splunkforwarder-8.2.1-ddff1c41e5cf-x64-release.msi
13 | when: package_state == 'present'
14 |
15 | - name: ensure splunk forwarder {{ package_state }}
16 | win_package:
17 | path: c:\splunkforwarder-8.2.1-ddff1c41e5cf-x64-release.msi
18 | product_id: '{3D9AF58B-098C-4F85-AF29-EAA55C44FFDC}'
19 | state: "{{ package_state }}"
20 | arguments:
21 | - /qn
22 | - /norestart
23 | - AGREETOLICENSE=YES
--------------------------------------------------------------------------------
/mssql-create-db.yml:
--------------------------------------------------------------------------------
1 | - name: Create a db on MSSQL
2 | hosts: all
3 | gather_facts: false
4 | become: false
5 | vars:
6 | db_name: rhdemo1
7 |
8 | tasks:
9 | - name: Set windows connection variables
10 | set_fact:
11 | ansible_port: 5986
12 | ansible_connection: winrm
13 | ansible_winrm_server_cert_validation: ignore
14 | delegate_to: localhost
15 |
16 | - name: Enable port for MSSQL
17 | win_firewall_rule:
18 | name: MSSQL
19 | localport: 1433
20 | action: allow
21 | direction: in
22 | protocol: tcp
23 | profiles: public
24 | state: present
25 | enabled: yes
26 |
27 | - name: Create a db
28 | mssql_db:
29 | login_host: "{{ ansible_host | default(ansible_ssh_host) | default(inventory_hostname) }}"
30 | login_user: sa
31 | login_password: '{{ mssql_password }}'
32 | name: '{{ db_name }}'
33 | state: present
34 | delegate_to: localhost
--------------------------------------------------------------------------------
/roles/failover-cluster/tasks/dynamic.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: create windows cluster
4 | win_dsc:
5 | resource_name: xCluster
6 | Name: "{{ cluster_name }}"
7 | DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
8 | DomainAdministratorCredential_password: "{{ domain_admin_password }}"
9 | register: create_windows_cluster
10 | ignore_errors: yes
11 | when: first_node
12 |
13 | - name: wait for cluster
14 | win_dsc:
15 | resource_name: xWaitForCluster
16 | Name: "{{ cluster_name }}"
17 | RetryIntervalSec: "{{ retry_interval_sec }}"
18 | RetryCount: "{{ retry_count }}"
19 | when: not first_node
20 |
21 | - name: join windows cluster
22 | win_dsc:
23 | resource_name: xCluster
24 | Name: "{{ cluster_name }}"
25 | DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
26 | DomainAdministratorCredential_password: "{{ domain_admin_password }}"
27 | ignore_errors: yes
28 | when: not first_node
--------------------------------------------------------------------------------
/thirdparty-single-app.yml:
--------------------------------------------------------------------------------
1 | - name: Install Third Party Software
2 | hosts: all
3 |
4 | roles:
5 | - domain
6 |
7 | tasks:
8 | - block:
9 | - name: install Chocolatey
10 | win_chocolatey:
11 | name: chocolatey
12 | state: present
13 |
14 | - name: disable enhanced exit codes
15 | win_chocolatey_feature:
16 | name: useEnhancedExitCodes
17 | state: disabled
18 |
19 | - name: install Visual Studio Code, Git, and Putty
20 | win_chocolatey:
21 | name:
22 | - visualstudiocode
23 | - git
24 | - googlechrome
25 | ignore_checksums: true
26 |
27 | - name: install an app
28 | win_chocolatey:
29 | name: "{{ windows_app_name }}"
30 | state: latest
31 |
32 | become: yes
33 | become_user: "{{ domain_admin_username }}@{{ dns_domain_name }}"
34 | become_method: runas
35 |
36 | vars:
37 | ansible_become_pass: "{{ domain_admin_password }}"
--------------------------------------------------------------------------------
/roles/undeploy-openstack/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: check openstack config file
3 | stat: path="{{ config_file }}"
4 | register: st
5 | delegate_to: 127.0.0.1
6 |
7 | - name: include openstack details
8 | include_vars: "{{ config_file }}"
9 | when: st.stat.exists and st.stat.isreg
10 |
11 | - name: remove intances
12 | os_server:
13 | state: absent
14 | #auth:
15 | # auth_url: "{{ clouds.devstack.auth.auth_url | default(lookup('env', 'OS_AUTH_URL')) }}"
16 | # username: "{{ clouds.devstack.auth.username | default(lookup('env', 'OS_USERNAME')) }}"
17 | # password: "{{ clouds.devstack.auth.password | default(lookup('env', 'OS_PASSWORD')) }}"
18 | # project_name: "{{ clouds.devstack.auth.project_name | default(lookup('env', 'OS_PROJECT_NAME')) }}"
19 | name: "{{ hostvars[inventory_hostname].openstack.name }}"
20 | delegate_to: 127.0.0.1
21 | with_items: "{{ nodes }}"
22 | when: (nodes is defined) and (hostvars[inventory_hostname].openstack.name is defined) and (item.name == hostvars[inventory_hostname].openstack.name)
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/roles/failover-cluster/tasks/static.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: create windows cluster
4 | win_dsc:
5 | resource_name: xCluster
6 | Name: "{{ cluster_name }}"
7 | StaticIPAddress: "{{ cluster_ip_address }}"
8 | DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
9 | DomainAdministratorCredential_password: "{{ domain_admin_password }}"
10 | register: create_windows_cluster
11 | ignore_errors: yes
12 | when: first_node
13 |
14 | - name: wait for cluster
15 | win_dsc:
16 | resource_name: xWaitForCluster
17 | Name: "{{ cluster_name }}"
18 | RetryIntervalSec: "{{ retry_interval_sec }}"
19 | RetryCount: "{{ retry_count }}"
20 | when: not first_node
21 |
22 | - name: join windows cluster
23 | win_dsc:
24 | resource_name: xCluster
25 | Name: "{{ cluster_name }}"
26 | StaticIPAddress: "{{ cluster_ip_address }}"
27 | DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
28 | DomainAdministratorCredential_password: "{{ domain_admin_password }}"
29 | ignore_errors: yes
30 | when: not first_node
--------------------------------------------------------------------------------
/network_windows.yml:
--------------------------------------------------------------------------------
1 | - name: windows change tcpip parameters
2 | hosts: all
3 |
4 | tasks:
5 | - name: change tcpip parameter
6 | win_regedit:
7 | path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
8 | name: EnablePMTUDiscovery
9 | data: 1
10 | type: dword
11 |
12 | - name: change tcpip parameter
13 | win_regedit:
14 | path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
15 | name: EnablePMTUBHDetect
16 | data: 1
17 | type: dword
18 |
19 | - name: get interfaces
20 | win_reg_stat:
21 | path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
22 | register: interface_ids
23 |
24 | - debug:
25 | var: interface_ids
26 |
27 | - name: set mtu size
28 | win_regedit:
29 | path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{{ item }}
30 | name: MTU
31 | data: 4096
32 | type: dword
33 | loop: "{{ interface_ids.sub_keys }}"
34 | #
35 | # - name: change mtu
36 | # win_shell: change_mtu 4096 {{ interface_name }}
37 |
--------------------------------------------------------------------------------
/roles/credential-examples/tasks/add_credential.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: create credential
4 | win_credential:
5 | name: smbhost
6 | type: generic_password
7 | username: "{{ smb_share_username }}"
8 | secret: "{{ smb_share_password }}"
9 | state: present
10 | vars: &become_vars
11 | ansible_become: True
12 | ansible_become_method: runas
13 | # when using Tower/AWX, you can define become user and password in the Machine credential
14 | # and comment out ansible_become_user and ansible_become_pass below
15 | ansible_become_user: '{{ ansible_user }}'
16 | ansible_become_pass: '{{ ansible_password }}'
17 |
18 | - name: ensure CredentialsManager module is available
19 | win_psmodule:
20 | name: CredentialManager
21 | state: present
22 |
23 | # you need to use become to access the credentials
24 | - name: access credential store
25 | win_shell: |
26 | $cred = Get-StoredCredential -Target smbhost
27 | $cred.Username | ConvertTo-Json
28 | register: find_smb_username
29 | vars: *become_vars
30 |
31 | - name: show result
32 | debug:
33 | msg: "{{ find_smb_username.stdout | from_json }}"
--------------------------------------------------------------------------------
/enable_winrm_via_vmware.yml:
--------------------------------------------------------------------------------
1 | - name: enable winrm via vmware
2 | hosts: all
3 | gather_facts: no
4 | become: no
5 | vars:
6 | datacenter: cloud
7 | tasks:
8 | - name: enable winrm
9 | vmware_vm_shell:
10 | hostname: "{{ lookup('env', 'VMWARE_HOST')|default(providers.vcenter.hostname) }}"
11 | username: "{{ lookup('env', 'VMWARE_USER')|default(providers.vcenter.username) }}"
12 | password: "{{ lookup('env', 'VMWARE_PASSWORD')|default(providers.vcenter.password) }}"
13 | datacenter: "{{ datacenter }}"
14 | validate_certs: no
15 | vm_id: "{{ name | default(inventory_hostname) }}"
16 | vm_username: "{{ vm_username | default('Administrator') }}"
17 | vm_password: "{{ vm_password | default(ansible_password) }}"
18 | vm_shell: 'C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe'
19 | vm_shell_args: -command "& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))) -ForceNewSSLCert -EnableCredSSP"
20 | delegate_to: localhost
--------------------------------------------------------------------------------
/domain.yml:
--------------------------------------------------------------------------------
1 | - name: join server to the domain
2 | hosts: all
3 |
4 | roles:
5 | - role: ad-computer-registration
6 | role_action: deregister
7 | computer_name: "{{ inventory_hostname }}"
8 | delegate_to: "{{ dns_servers | default(omit) }}"
9 | become: yes
10 | become_method: runas
11 | become_user: "{{ domain_admin_username }}@{{ dns_domain_name }}"
12 | ansible_become_pass: "{{ domain_admin_password }}"
13 | - domain
14 |
15 | post_tasks:
16 | - name: Add Ansible group to a local Administrators
17 | win_group_membership:
18 | name: Administrators
19 | members:
20 | - "{{ dns_domain_name.split('.')[0] }}\\user1"
21 | state: present
22 |
23 | - name: add remote desktop users group to a local Remote Management Users
24 | win_group_membership:
25 | name: Remote Management Users
26 | members:
27 | - "{{ dns_domain_name.split('.')[0] }}\\user1"
28 | state: present
29 | # become: yes
30 | # become_method: runas
31 | # become_user: "{{ domain_admin_username }}@{{ dns_domain_name }}"
32 | # ansible_become_pass: "{{ domain_admin_password }}"
--------------------------------------------------------------------------------
/handle_unreachable_hosts_method_2.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # in this method, the playbook will show as failed in Tower, listing unreachable systems as unreachable at the end
4 | # unreachable systems identified in the first play
5 | # any tasks/roles can be executed in the 2nd play on reachable systems
6 | # result: all tasks are executed on all reachable systems
7 |
8 | - name: ping hosts
9 | hosts: all
10 | gather_facts: false
11 | tasks:
12 | - name: ping host
13 | win_ping:
14 |
15 | - debug:
16 | msg: "failed hosts: {{ ansible_play_hosts_all | difference(ansible_play_hosts) }}"
17 | run_once: true
18 |
19 | # you can take any action here on behalf of failed hosts
20 | # remember to use (run_once: true) and (delegate_to: localhost) as appropriate
21 | # why delegate_to: localhost? you might ask. Imagine a scenario where all hosts failed.
22 | # in that case, there are no hosts to execute any tasks on, you can delegate_to: localhost for any action needed
23 | # for example send email, make api call to update a record somewhere etc.
24 |
25 | - hosts: all
26 | gather_facts: false
27 | tasks:
28 | - debug:
29 | msg: "{{ inventory_hostname }} is reachable"
--------------------------------------------------------------------------------
/roles/undeploy/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: poweroff vm
3 | vmware_guest:
4 | hostname: "{{ lookup('env', 'VMWARE_HOST') }}"
5 | username: "{{ lookup('env', 'VMWARE_USER') }}"
6 | password: "{{ lookup('env', 'VMWARE_PASSWORD') }}"
7 | validate_certs: no
8 | name: "{{ inventory_hostname }}"
9 | uuid: "{{ hostvars[inventory_hostname].config.uuid }}"
10 | state: poweredoff
11 | delegate_to: 127.0.0.1
12 | with_items: "{{ nodes }}"
13 | when: (nodes is defined) and (hostvars[inventory_hostname].config.uuid is defined) and (hostvars[inventory_hostname].config.name == item.name)
14 |
15 | - name: delete vm
16 | vmware_guest:
17 | hostname: "{{ lookup('env', 'VMWARE_HOST') }}"
18 | username: "{{ lookup('env', 'VMWARE_USER') }}"
19 | password: "{{ lookup('env', 'VMWARE_PASSWORD') }}"
20 | validate_certs: no
21 | name: "{{ inventory_hostname }}"
22 | uuid: "{{ hostvars[inventory_hostname].config.uuid }}"
23 | state: absent
24 | delegate_to: 127.0.0.1
25 | with_items: "{{ nodes }}"
26 | when: (nodes is defined) and (hostvars[inventory_hostname].config.uuid is defined) and (hostvars[inventory_hostname].config.name == item.name)
27 |
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/roles/snow/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: check existing CI
4 | snow_record:
5 | state: present
6 | table: cmdb_ci_win_server
7 | username: "{{ sn_username }}"
8 | password: "{{ sn_password }}"
9 | instance: "{{ sn_instance }}"
10 | number: "{{ inventory_hostname }}"
11 | lookup_field: name
12 | delegate_to: localhost
13 | vars:
14 | ansible_connection: local
15 | register: check_host
16 | ignore_errors: yes
17 |
18 | - name: ensure CI record exists
19 | snow_record:
20 | state: present
21 | table: cmdb_ci_win_server
22 | username: "{{ sn_username }}"
23 | password: "{{ sn_password }}"
24 | instance: "{{ sn_instance }}"
25 | number: "{{ inventory_hostname if check_host.record is defined else omit }}"
26 | data:
27 | name: "{{ inventory_hostname }}"
28 | host_name: "{{ ansible_hostname | lower }}"
29 | ip_address: "{{ ansible_host }}"
30 | mac_address: "{{ ansible_interfaces[0].macaddress }}"
31 | serial_number: "{{ ansible_product_serial }}"
32 | os: "{{ ansible_facts.os_family }}"
33 | sys_tags: "app_name_windows_demo"
34 | lookup_field: name
35 | delegate_to: localhost
36 | vars:
37 | ansible_connection: local
38 | register: new_host
39 |
--------------------------------------------------------------------------------
/roles/domain/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: add domain controller private IP as DNS server
4 | win_dns_client:
5 | adapter_names: "*"
6 | ipv4_addresses: "{{ dns_servers | default([]) }}"
7 |
8 | - name: add windows server to the domain
9 | win_domain_membership:
10 | dns_domain_name: "{{ dns_domain_name }}"
11 | domain_admin_user: "{{ domain_admin_username }}@{{ dns_domain_name }}"
12 | domain_admin_password: "{{ domain_admin_password }}"
13 | state: domain
14 | register: join_domain
15 |
16 | #- name: add a powershell module
17 | # win_psmodule:
18 | # name: xComputerManagement
19 | # state: present
20 | #
21 | #- name: add windows server to the domain
22 | # win_dsc:
23 | # resource_name: xComputer
24 | # Name: "{{ ansible_hostname }}"
25 | # DomainName: "{{ dns_domain_name }}"
26 | # JoinOU: '{{ join_ou_path | default("") }}'
27 | # credential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
28 | # credential_password: "{{ domain_admin_password }}"
29 | # register: join_domain
30 |
31 | - name: reboot server if required
32 | win_reboot:
33 | when: join_domain.reboot_required
34 |
35 | #- name: set DNS search string
36 | # win_dns_searchsuffix:
37 | # suffixes:
38 | # - "{{ dns_domain_name }}"
--------------------------------------------------------------------------------
/roles/sql_create_db_with_script/files/create_db.ps1:
--------------------------------------------------------------------------------
1 | # Usage:
2 | # create_mssql_db.ps1 -instanceName YourInstanceName -dbName YOURDB
3 |
4 | # Load command line parameters
5 | Param(
6 | [Parameter(Mandatory=$True)]
7 | [string]$instanceName,
8 |
9 | [Parameter(Mandatory=$True)]
10 | [string]$dbName
11 | )
12 |
13 | # Ensure SQL Power Shell Modules are in the path
14 | $env:PSModulePath = $env:PSModulePath + ";C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules"
15 |
16 | # Import SQL Server Module called SQLPS
17 | Import-Module SQLPS -DisableNameChecking
18 |
19 | # Your SQL Server Instance Name (Server)
20 | $Srvr = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server -ArgumentList $instanceName
21 |
22 | # Check if the Database Already Exists
23 | $dbExists = $FALSE
24 | foreach ($db in $Srvr.databases) {
25 | if ($db.name -eq $dbName) {
26 | Write-Host "DB already exists."
27 | $dbExists = $TRUE
28 | }
29 | }
30 |
31 |
32 | # Create database with default settings
33 | if ($dbExists -eq $FALSE) {
34 | $db = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Database($Srvr, $dbName)
35 | $db.Create()
36 |
37 | #Confirm, list databases in your current instance
38 | $Srvr.Databases |
39 | Select Name, Status, Owner, CreateDate
40 | }
41 |
--------------------------------------------------------------------------------
/roles/post-windows/tasks/ie.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: system - Ensure that Microsoft Printing to PDF feature is enabled
4 | win_dsc:
5 | resource_name: WindowsOptionalFeature
6 | Name: Printing-PrintToPDFServices-Features
7 | Ensure: Enable
8 | when: "'Windows 10' in ansible_distribution"
9 |
10 | - name: ie - ensure proxy is set
11 | win_regedit:
12 | path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings
13 | name: ProxyServer
14 | data: http://127.0.0.1:8080
15 | type: string
16 |
17 | - name: ie - ensure web sites are in compatibility list
18 | win_regedit:
19 | path: HKCU:\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData
20 | name: UserFilter
21 | data: "{{ item }}"
22 | type: binary
23 | loop:
24 | - [0x41,0x1f,0x00,0x00,0x53,0x08,0xad,0xba,0x01,0x00,0x00,0x00,0x32,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x55,0xba,0x0c,0x2e,0x1a,0xfb,0xd4,0x01,0x01,0x00,0x00,0x00,0x0a,0x00,0x72,0x00,0x65,0x00,0x64,0x00,0x68,0x00,0x61,0x00,0x74,0x00,0x2e,0x00,0x63,0x00,0x6f,0x00,0x6d,0x00] # http://www.redhat.com
25 |
26 | - name: system - ensure smooth edge for fonts is enabled
27 | win_regedit:
28 | path: HKCU:\Control Panel\Desktop
29 | name: FontSmoothing
30 | data: 2
31 | type: string
--------------------------------------------------------------------------------
/update_windows.yml:
--------------------------------------------------------------------------------
1 | - name: install Windows Updates
2 | hosts: all
3 |
4 | tasks:
5 | - block:
6 |
7 | - name: check for missing updates.
8 | win_updates:
9 | state: searched
10 | register: update_count
11 |
12 | - debug:
13 | var: update_count
14 |
15 | - name: install all windows updates
16 | win_updates:
17 | category_names:
18 | - CriticalUpdates
19 | - DefinitionUpdates
20 | - SecurityUpdates
21 | - UpdateRollups
22 | - Updates
23 | reboot: yes
24 | when: update_count.found_update_count|int >= 1
25 |
26 | rescue:
27 |
28 | - name: reboot before continue to retry
29 | win_reboot:
30 |
31 | - name: install all windows updates (retry)
32 | win_updates:
33 | category_names:
34 | - CriticalUpdates
35 | - DefinitionUpdates
36 | - SecurityUpdates
37 | - UpdateRollups
38 | - Updates
39 | reboot: yes
40 |
41 | always:
42 |
43 | - name: check for missing updates.
44 | win_updates:
45 | state: searched
46 | register: update_count
47 |
48 | - name: list missing updates
49 | debug:
50 | var: update_count
--------------------------------------------------------------------------------
/update_all_windows.yml:
--------------------------------------------------------------------------------
1 | - name: install Windows Updates
2 | hosts: all
3 |
4 | tasks:
5 | - block:
6 |
7 | - name: check for missing updates.
8 | win_updates:
9 | state: searched
10 | register: update_count
11 |
12 | - debug:
13 | var: update_count
14 |
15 | - name: install all windows updates
16 | win_updates:
17 | category_names:
18 | - CriticalUpdates
19 | - DefinitionUpdates
20 | - SecurityUpdates
21 | - UpdateRollups
22 | - Updates
23 | reboot: yes
24 | when: update_count.found_update_count|int >= 1
25 |
26 | rescue:
27 |
28 | - name: reboot before continue to retry
29 | win_reboot:
30 |
31 | - name: install all windows updates (retry)
32 | win_updates:
33 | category_names:
34 | - CriticalUpdates
35 | - DefinitionUpdates
36 | - SecurityUpdates
37 | - UpdateRollups
38 | - Updates
39 | reboot: yes
40 |
41 | always:
42 |
43 | - name: check for missing updates.
44 | win_updates:
45 | state: searched
46 | register: update_count
47 |
48 | - name: list missing updates
49 | debug:
50 | var: update_count
--------------------------------------------------------------------------------
/roles/iiscert/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Generate Self Sign CSR Request
2 | raw: New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname {{ inventory_hostname }}.lab.rhlabs.net | select Thumbprint | ft -HideTableHeaders
3 | register: csr
4 |
5 | - debug:
6 | msg: "{{ csr.stdout | trim }}"
7 |
8 | - name: Remove Default Web Site
9 | win_iis_website:
10 | name: "Default Web Site"
11 | state: absent
12 |
13 | - name: Create directory structure
14 | win_file:
15 | path: "{{ item }}"
16 | state: directory
17 | with_items:
18 | - C:\sites
19 | - C:\sites\Ansible
20 | - C:\sites\logs
21 |
22 | - name: Create Ansible IIS site
23 | win_iis_website:
24 | name: Ansible
25 | state: started
26 | physical_path: c:\sites\Ansible
27 | parameters: logfile.directory:c:\sites\logs
28 | ssl: True
29 | register: website
30 |
31 | - debug:
32 | msg: "{{ website }}"
33 |
34 | - name: Add HTTPS Webbinding to IIS
35 | win_iis_webbinding:
36 | name: Ansible
37 | protocol: https
38 | certificate_hash: "{{ csr.stdout | trim }}"
39 | state: present
40 |
41 | - name: Remove the HTTP binding on port 80
42 | win_iis_webbinding:
43 | name: Ansible
44 | port: 80
45 | state: absent
46 |
47 | - name: Create directory structure
48 | win_template:
49 | src: template/index.html.j2
50 | dest: c:\sites\Ansible\index.html
51 |
--------------------------------------------------------------------------------
/win-nodes-vmware.yml:
--------------------------------------------------------------------------------
1 | ---
2 | providers:
3 | vcenter:
4 | datacenter: cloud
5 | cluster: mylab
6 | resource_pool: manageto
7 |
8 | nodes:
9 | - name: wintest1
10 | role: windows
11 | app_name: windows_demo
12 | environment: dev
13 | networks:
14 | - name: mgmt
15 | ip: 192.168.1.52
16 | netmask: 255.255.255.0
17 | gateway: 192.168.1.254
18 | domain: home.ad
19 | dns_servers:
20 | - 192.168.1.254
21 | - 8.8.4.4
22 | domain: home.ad
23 | memory: "{{ node_memory | default(4096) }}"
24 | cpu: "{{ node_cpu | default(2) }}"
25 | template: "{{ win_template_name | default('windows-2019-standard-core') }}"
26 | snapshot_src: Linked
27 | linked_clone: True
28 | customization:
29 | autologon: True
30 | autologoncount: 1
31 | orgname: Ansible
32 | fullname: Ansible
33 | timezone: 20
34 | password: '{{ ansible_password }}'
35 | runonce:
36 | - powershell.exe -command "Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private"
37 | - powershell.exe -command "Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile C:\ConfigureRemotingForAnsible.ps1"
38 | - powershell.exe -ExecutionPolicy Unrestricted -File C:\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP
39 |
--------------------------------------------------------------------------------
/roles/sql2016-update/tasks/check_version.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: look for instance name
4 | win_reg_stat:
5 | path: HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server
6 | register: sql_server_instance_names
7 |
8 | - name: fail if no instance name found
9 | fail:
10 | msg: 'could not find MSSQL instance name'
11 | when: sql_server_instance_names.properties.InstalledInstances.value is undefined or sql_server_instance_names.properties.InstalledInstances.value | length == 0
12 |
13 | - name: find instance properties
14 | win_reg_stat:
15 | path: HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
16 | name: "{{ item }}"
17 | register: sql_server_instance_name_properties
18 | loop: "{{ sql_server_instance_names.properties.InstalledInstances.value }}"
19 |
20 | - name: find instance information
21 | win_reg_stat:
22 | path: HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\{{ item.value }}\Setup
23 | register: sql_server_instance_information
24 | loop: "{{ sql_server_instance_name_properties.results }}"
25 |
26 | - name: set version information
27 | set_fact:
28 | sql_server_edition: "{{ sql_server_instance_information.results[0].properties.Edition.value }}"
29 | sql_server_version: "{{ sql_server_instance_information.results[0].properties.Version.value }}"
30 |
31 | - name: show sql server version
32 | debug:
33 | msg: "SQL server: {{ sql_server_edition }} - {{ sql_server_version }}"
34 |
35 |
--------------------------------------------------------------------------------
/handle_unreachable_hosts_method_3.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # in this method, the playbook will show as success in Tower, listing unreachable systems as unreachable at the end
4 | # unreachable systems identified in the first play
5 | # any tasks/roles can be executed in the 2nd play on reachable systems
6 | # result: all tasks are executed on all reachable systems
7 |
8 | - name: ping hosts
9 | hosts: all
10 | gather_facts: false
11 | tasks:
12 | - block:
13 | - name: ping host
14 | win_ping:
15 | ignore_unreachable: true
16 | always:
17 | - name: add reachable hosts to a new group
18 | add_host:
19 | name: "{{ inventory_hostname }}"
20 | group: reachable_hosts
21 |
22 | - debug:
23 | msg: "failed hosts: {{ ansible_play_hosts_all | difference(groups.reachable_hosts) }}"
24 | run_once: true
25 |
26 | # you can take any action here on behalf of failed hosts
27 | # remember to use (run_once: true) and (delegate_to: localhost) as appropriate
28 | # why delegate_to: localhost? you might ask. Imagine a scenario where all hosts failed.
29 | # in that case, there are no hosts to execute any tasks on, you can delegate_to: localhost for any action needed
30 | # for example send email, make api call to update a record somewhere etc.
31 |
32 | - name: other play
33 | hosts: reachable_hosts
34 | tasks:
35 | - debug:
36 | msg: "{{ inventory_hostname }} is reachable"
--------------------------------------------------------------------------------
/roles/harden-check-fail/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # https://www.stigviewer.com/stig/windows_10/2016-11-03/finding/V-63373
4 | - name: Permissions for system files and directories must conform to minimum requirements. - C
5 | win_acl:
6 | path: C:\
7 | user: "{{ item.u }}"
8 | rights: "{{ item.r }}"
9 | type: "{{ item.t }}"
10 | state: present
11 | inherit: "{{ item.i }}"
12 | propagation: "{{ item.p }}"
13 | loop:
14 | #- { u: 'Administrators', r: 'FullControl', t: 'allow', i: 'ContainerInherit, ObjectInherit', p: 'InheritOnly', s: present }
15 | #- { u: 'SYSTEM', r: 'FullControl', t: 'allow', i: 'ContainerInherit, ObjectInherit', p: 'InheritOnly', s: present }
16 | #- { u: 'Users', r: 'ReadAndExecute', t: 'allow', i: 'ContainerInherit, ObjectInherit', p: 'InheritOnly', s: present }
17 | - { u: 'Authenticated Users', r: 'Modify', t: 'allow', i: 'ContainerInherit, ObjectInherit', p: 'InheritOnly', s: present }
18 | - { u: 'Users', r: 'CreateDirectories, AppendData', t: 'allow', i: 'None', p: 'NoPropagateInherit', s: absent }
19 | register: check_c_acl
20 |
21 | - name: Disable Remote Desktop
22 | win_regedit:
23 | key: 'HKLM:\System\CurrentControlSet\Control\Terminal Server'
24 | value: fDenyTSConnections
25 | data: 1
26 | datatype: dword
27 | register: check_rdp_disable
28 |
29 | - fail:
30 | msg: "There is a drift in rdp configuration - failing"
31 | when:
32 | - fail_on_drift
33 | - check_rdp_disable is changed
--------------------------------------------------------------------------------
/windows_teardown_ec2.yml:
--------------------------------------------------------------------------------
1 | - hosts: localhost
2 | become: no
3 | tasks:
4 | - name: get ec2 instance information
5 | ec2_instance_facts:
6 | region: "{{ ec2_region }}"
7 | filters:
8 | vpc-id: "{{ ec2_vpc_id }}"
9 | "tag:app": windows_demo
10 | register: ec2_instances
11 |
12 | - name: terminate instances
13 | ec2:
14 | region: "{{ ec2_region }}"
15 | state: "absent"
16 | instance_ids: "{{ ec2_instances.instances | map(attribute='instance_id') | list }}"
17 |
18 | - name: Get record for router ELB DNS Entry
19 | route53:
20 | command: get
21 | zone: "{{ hosted_zone_domain_name }}"
22 | record: "{{ subdomain | default(ec2_instances.instances[0].tags.role | lower) }}.{{ ec2_name_prefix | lower }}.{{ hosted_zone_domain_name }}"
23 | type: A
24 | register: routerelbrec
25 | when: hosted_zone_domain_name is defined and ec2_name_prefix is defined
26 |
27 | - name: Delete Router ELB DNS Entry if it doesn't exist
28 | route53:
29 | #state: present ## Added in Ansible 2.4 will remove need for when statement below
30 | command: delete
31 | zone: "{{ hosted_zone_domain_name }}"
32 | record: "{{ subdomain | default(ec2_instances.instances[0].tags.role | lower) }}.{{ ec2_name_prefix | lower }}.{{ hosted_zone_domain_name }}"
33 | type: A
34 | value: "{{ ec2_instances.instances[0].public_ip_address }}"
35 | when: routerelbrec.set is defined and "{} != routerelbrec.set"
--------------------------------------------------------------------------------
/sql2016_find_version.yml:
--------------------------------------------------------------------------------
1 | - name: Install SQL 2016
2 | hosts: all
3 |
4 | tasks:
5 | - name: look for instance name
6 | win_reg_stat:
7 | path: HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server
8 | register: sql_server_instance_names
9 |
10 | - name: fail if no instance name found
11 | fail:
12 | msg: 'could not find MSSQL instance name'
13 | when: sql_server_instance_names.properties.InstalledInstances.value is undefined or sql_server_instance_names.properties.InstalledInstances.value | length == 0
14 |
15 | - name: find instance properties
16 | win_reg_stat:
17 | path: HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
18 | name: "{{ item }}"
19 | register: sql_server_instance_name_properties
20 | loop: "{{ sql_server_instance_names.properties.InstalledInstances.value }}"
21 |
22 | - name: find instance information
23 | win_reg_stat:
24 | path: HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\{{ item.value }}\Setup
25 | register: sql_server_instance_information
26 | loop: "{{ sql_server_instance_name_properties.results }}"
27 |
28 | - name: set version information
29 | set_fact:
30 | sql_server_edition: "{{ sql_server_instance_information.results[0].properties.Edition.value }}"
31 | sql_server_version: "{{ sql_server_instance_information.results[0].properties.Version.value }}"
32 |
33 | - name: show sql server version
34 | debug:
35 | msg: "SQL server: {{ sql_server_edition }} - {{ sql_server_version }}"
--------------------------------------------------------------------------------
/roles/cloudforms-refresh-provider/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Set the provider URL
3 | set_fact:
4 | provider_url: "{{ manageiq.api_url }}/api/providers/{{ provider_id }}"
5 |
6 | - name: Log provider_url
7 | debug: var=provider_url
8 | when: verbose
9 |
10 | - name: Refresh provider
11 | uri:
12 | url: "{{ provider_url }}"
13 | method: POST
14 | body:
15 | action: refresh
16 | body_format: json
17 | validate_certs: false
18 | headers:
19 | X-Auth-Token: "{{ manageiq.api_token }}"
20 | Content-Type: "application/json"
21 | status_code: 200
22 | register: refresh_output
23 |
24 | - name: Log refresh_output
25 | debug: var=refresh_output
26 | when: verbose
27 |
28 | - name: Set the task href
29 | set_fact:
30 | task_url: "{{ refresh_output.json.task_href}}"
31 |
32 | - name: Log task_url
33 | debug: var=task_url
34 | when: verbose
35 |
36 | # - name: Wait for the provider refresh task to end
37 | # uri:
38 | # url: "{{ task_url }}"
39 | # method: GET
40 | # validate_certs: false
41 | # headers:
42 | # # Authorization: "{{ miq_creds }}"
43 | # X-Auth-Token: "{{ manageiq.api_token }}"
44 | # Content-Type: "application/json"
45 | # status_code: 200
46 | # register: refresh_output
47 | # until: refresh_output.json.state == 'Finished' or refresh_output.json.status == 'Error'
48 | # failed_when: refresh_output.json.status == 'Error'
49 | # retries: "{{ max_retries }}"
50 | # delay: "{{ retry_interval }}"
51 |
52 | # - debug: var=refresh_output.json
53 | # when: verbose
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Find product id in Windows registry
2 |
3 | `Computer\HKEY_CLASSES_ROOT\Installer\Dependencies
4 |
5 | Select name then Default key
6 |
7 | or
8 |
9 | get product id first from
10 |
11 | Computer\HKEY_CLASSES_ROOT\Installer\Products
12 |
13 | for example: SQL 2016
14 |
15 | CB138EA08A2F2ED4F8FB862B0216A1F7
16 |
17 | Microsoft SQL Server 2016 Setup (English)
18 |
19 | Then find Uninstallstring
20 |
21 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\\InstallProperties\UninstallString
22 |
23 | MsiExec.exe /X{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F} -<< product code
24 |
25 | product code: {0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}`
26 |
27 | # How to Install VMware Automation SDK Python on Tower Node
28 |
29 | login to Tower with root credentials
30 |
31 | `source /var/lib/awx/venv/ansible/bin/activate`
32 |
33 | `cd /tmp`
34 |
35 | `git clone https://github.com/vmware/vsphere-automation-sdk-python.git`
36 |
37 | `cd vsphere-automation-sdk-python`
38 |
39 | if using python3:
40 |
41 | `pip3 install --upgrade -r requirements.txt --extra-index-url file:///tmp/vsphere_automation_sdk/vsphere-automation-sdk-python-master/lib`
42 |
43 | `pip3 install --upgrade git+https://github.com/vmware/vsphere-automation-sdk-python.git`
44 |
45 | if using python2:
46 |
47 | `pip install --upgrade -r requirements.txt --extra-index-url file:///tmp/vsphere_automation_sdk/vsphere-automation-sdk-python-master/lib`
48 |
49 | `pip install --upgrade git+https://github.com/vmware/vsphere-automation-sdk-python.git`
50 |
51 |
52 |
53 |
--------------------------------------------------------------------------------
/roles/windows-ad-controller/README.md:
--------------------------------------------------------------------------------
1 | Role Name
2 | =========
3 |
4 | This role configures a host to be a Windows domain controller. In addition, it configures DNS. This role has been tested on Windows 2016 only
5 |
6 | Requirements
7 | ------------
8 |
9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
10 |
11 | Role Variables
12 | --------------
13 |
14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
15 |
16 | Dependencies
17 | ------------
18 |
19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
20 |
21 | Example Playbook
22 | ----------------
23 |
24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
25 |
26 | - hosts: servers
27 | roles:
28 | - { role: username.rolename, x: 42 }
29 |
30 | License
31 | -------
32 |
33 | BSD
34 |
35 | Author Information
36 | ------------------
37 |
38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed).
39 |
--------------------------------------------------------------------------------
/patching_windows.yml:
--------------------------------------------------------------------------------
1 | - name: Windows Patches
2 | hosts: all
3 | vars:
4 | categories:
5 | - SecurityUpdates
6 | - CriticalUpdates
7 | tasks:
8 | - block:
9 | - name: apply windows updates
10 | win_updates:
11 | category_name: "{{ categories | default([]) }}"
12 | blacklist: "{{ blacklist | default([]) }}"
13 | whitelist: "{{ whitelist | default([]) }}"
14 | reboot: no
15 | register: patching_output
16 |
17 | - name: reboot if necessary
18 | win_reboot:
19 | when:
20 | - patching_output.reboot_required
21 | - reboot_method == 'auto'
22 | - patch_window == reboot_window
23 |
24 | - name: check missing updates
25 | win_updates:
26 | category_name: "{{ categories | default([]) }}"
27 | state: searched
28 | register: missing_output
29 |
30 | - name: warn if missed updates
31 | debug:
32 | msg: "Yo yo yo - We missed some ( {{ missing_output.found_update_count }} updates ) "
33 | when:
34 | - missing_output.found_update_count is defined
35 | - missing_output.found_update_count > 0
36 |
37 | - name: list of updates not installed (skipped)
38 | debug:
39 | msg: "{{ item }}"
40 | loop:
41 | - "{{ missing_output.updates }}"
42 | when:
43 | - missing_output.found_update_count is defined
44 | - missing_output.found_update_count > 0
45 | - missing_output.updates is defined
46 | when:
47 | - patch_enabled
48 | - patch_method == 'auto'
--------------------------------------------------------------------------------
/roles/mcafee-agent/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: copy setup file
4 | win_copy:
5 | src: '{{ install_file_location }}\{{ install_file_name }}'
6 | dest: '{{ temp_directory }}\'
7 | remote_src: yes
8 |
9 | - name: create temporary directory
10 | win_file:
11 | path: '{{ temp_directory }}\mcafee_epo'
12 | state: directory
13 |
14 | - name: unzip file
15 | win_unzip:
16 | src: '{{ temp_directory }}\{{ install_file_name }}'
17 | dest: '{{ temp_directory }}\mcafee_epo'
18 | #creates: "{{ install_location }}\\scripts"
19 | rm: no
20 | register: mcafee_epo_unzip
21 |
22 | - name: install McAfee EPO
23 | win_package:
24 | path: '{{ temp_directory }}\mcafee_epo\setup.exe'
25 | product_id: '{E2C3579A-6B3B-40F6-88E8-BE08E78C8D1A}'
26 | arguments:
27 | - /qr
28 | - /l* C:\McAfee_ePO.log
29 | - MFSADMINUSERNAME_UE=admin
30 | - MFSADMINPASSWORD_UE={{ mssql_password }}
31 | - MFSADMINVERIFYPASSWORD_UE={{ mssql_password }}
32 | - MFSDATABASESERVERNAME={{ sql_server_hostname }}
33 | - MFSDATABASEPORT=1433
34 | - MFSDATABASENAME=EPODB
35 | - MFSDATABASEUSERNAME_UE=sa
36 | - MFSDATABASEPASSWORD_UE={{ mssql_password }}
37 | - AGENTPORT=80
38 | - AGENTSECUREPORT=443
39 | - TOMCATSECUREPORT=8443
40 | - MFSDATABASEAUTHENTICATION=2
41 | - SQLUDPPORTISENABLED=0
42 | - IGNOREPROPINI=1
43 | - MFSKEYSTOREPASSWORD_UE={{ mssql_password }}
44 | - MFSVERIFYKEYSTOREPASSWORD={{ mssql_password }}
45 | - ENABLETELEMETRY=0
46 | - ENABLEFIPSMODE=0
47 | - SKIPAUTOPRODINST=0
48 | - AgreeToLicense="Yes"
49 | register: mcafee_epo_install
50 |
51 | - debug:
52 | var: mcafee_epo_install
--------------------------------------------------------------------------------
/handle_unreachable_hosts_method_1.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # in this method, no system will report as failed or unreachable
4 | # unreachable systems identified in the first play
5 | # any tasks/roles can be executed in the 2nd play on reachable systems
6 | # result: all tasks are executed on all reachable systems
7 |
8 | - name: ping hosts
9 | hosts: all
10 | gather_facts: no
11 | tasks:
12 | - block:
13 | - wait_for:
14 | timeout: 10 # you can increase this timeout as appropriate for your environment
15 | host: "{{ inventory_hostname }}"
16 | port: "{{ ansible_port }}"
17 | delegate_to: localhost
18 | rescue:
19 | - set_fact:
20 | unreachable: true
21 | always:
22 | - name: add reachable hosts to a new group
23 | add_host:
24 | name: "{{ inventory_hostname }}"
25 | group: reachable_hosts
26 |
27 | - debug:
28 | msg: "failed hosts: {{ ansible_play_hosts | map('extract', hostvars) | list | json_query(query) }}"
29 | run_once: true
30 | vars:
31 | query: "@[?unreachable].inventory_hostname"
32 |
33 | # you can take any action here on behalf of failed hosts
34 | # remember to use (run_once: true) and (delegate_to: localhost) as appropriate
35 | # why delegate_to: localhost? you might ask. Imagine a scenario where all hosts failed.
36 | # in that case, there are no hosts to execute any tasks on, you can delegate_to: localhost for any action needed
37 | # for example send email, make api call to update a record somewhere etc.
38 |
39 |
40 | - name: other play
41 | hosts: reachable_hosts
42 | tasks:
43 | - debug:
44 | msg: "{{ inventory_hostname }} is reachable"
--------------------------------------------------------------------------------
/roles/deploy-openstack/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: check openstack config file
3 | stat: path="{{ config_file }}"
4 | register: st
5 |
6 | - name: include openstack details
7 | include_vars: "{{ config_file }}"
8 | when: st.stat.exists and st.stat.isreg
9 |
10 | - name: launch a compute instance
11 | os_server:
12 | state: present
13 | #auth:
14 | # auth_url: "{{ clouds.devstack.auth.auth_url | default(lookup('env', 'OS_AUTH_URL')) }}"
15 | # username: "{{ clouds.devstack.auth.username | default(lookup('env', 'OS_USERNAME')) }}"
16 | # password: "{{ clouds.devstack.auth.password | default(lookup('env', 'OS_PASSWORD')) }}"
17 | # project_name: "{{ clouds.devstack.auth.project_name | default(lookup('env', 'OS_PROJECT_NAME')) }}"
18 | name: "{{ item.name }}"
19 | image: "{{ item.image }}"
20 | key_name: "{{ item.key_name }}"
21 | timeout: 300
22 | flavor: "{{ item.flavor }}"
23 | nics: "{{ item.nics }}"
24 | boot_from_volume: yes
25 | terminate_volume: yes
26 | volume_size: "{{ item.volume_size }}"
27 | userdata: "{{ item.user_data }}"
28 | meta:
29 | hostname: "{{ item.name }}"
30 | role: "{{ item.role }}"
31 | app_name: "{{ item.app_name }}"
32 | auto_ip: yes
33 | wait: yes
34 | async: 7200
35 | poll: 0
36 | register: deploy
37 | with_items: "{{ nodes }}"
38 | when: nodes is defined
39 |
40 | - name: Wait for instance creation to complete
41 | async_status: jid="{{ item.ansible_job_id }}"
42 | register: instances
43 | until: instances.finished
44 | retries: 300
45 | delay: 10
46 | with_items: "{{ deploy.results }}"
47 |
48 | - name: Waiting for servers to come online
49 | wait_for:
50 | host: "{{ item.openstack.public_v4|default(item.openstack.interface_ip) }}"
51 | port: 5986
52 | timeout: 600
53 | with_items: "{{ instances.results }}"
54 | when: (instances | changed) and (nodes is defined)
55 |
56 |
57 |
58 |
59 |
60 |
61 |
--------------------------------------------------------------------------------
/roles/iis-dsc/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install required DSC modules
3 | win_psmodule:
4 | name: "{{ item }}"
5 | state: present
6 | with_items:
7 | - xWebAdministration
8 | - xNetworking
9 |
10 | - name: Install IIS
11 | win_dsc:
12 | resource_name: windowsfeature
13 | name: Web-Server
14 |
15 | - name: Create site directory structure
16 | win_dsc:
17 | resource_name: file
18 | ensure: Present
19 | type: Directory
20 | destinationpath: "{{ item.path }}"
21 | with_items: "{{ iis_sites }}"
22 |
23 | - name: Create IIS Website
24 | win_dsc:
25 | resource_name: xWebsite
26 | Ensure: Present
27 | Name: "{{ item.name }}"
28 | State: Started
29 | PhysicalPath: "{{ item.path }}"
30 | BindingInfo:
31 | - Protocol: http
32 | Port: 8080
33 | IPAddress: '*'
34 | with_items: "{{ iis_sites }}"
35 | notify:
36 | - stop iis service
37 | - start iis service
38 |
39 | - name: Open port for site on the firewall
40 | win_dsc:
41 | resource_name: xFirewall
42 | ensure: Present
43 | name: "iisport{{ item.port }}"
44 | enabled: True
45 | localport: "{{ item.port }}"
46 | action: Allow
47 | direction: Inbound
48 | protocol: TCP
49 | with_items: "{{ iis_sites }}"
50 | notify:
51 | - stop iis service
52 | - start iis service
53 |
54 | - name: Template simple web site to iis_site_path as index.html
55 | win_template:
56 | src: 'index.html.j2'
57 | dest: '{{ item.path }}\index.html'
58 | with_items: "{{ iis_sites }}"
59 |
60 | - name: proper response from iis is received
61 | win_uri:
62 | url: http://{{ ansible_host }}:8080/
63 | return_content: yes
64 | validate_certs: no
65 | register: response
66 | until: iis_test_message in response.content
67 | retries: 10
68 | delay: 1
69 | ignore_errors: yes
70 |
71 | - name: output url
72 | debug:
73 | msg: 'application is available at http://{{ ansible_host }}:8080/'
74 | when: response is success
75 |
--------------------------------------------------------------------------------
/roles/windows-hostname/meta/main.yml:
--------------------------------------------------------------------------------
1 | galaxy_info:
2 | author: your name
3 | description: your description
4 | company: your company (optional)
5 |
6 | # If the issue tracker for your role is not on github, uncomment the
7 | # next line and provide a value
8 | # issue_tracker_url: http://example.com/issue/tracker
9 |
10 | # Some suggested licenses:
11 | # - BSD (default)
12 | # - MIT
13 | # - GPLv2
14 | # - GPLv3
15 | # - Apache
16 | # - CC-BY
17 | license: license (GPLv2, CC-BY, etc)
18 |
19 | min_ansible_version: 1.2
20 |
21 | # If this a Container Enabled role, provide the minimum Ansible Container version.
22 | # min_ansible_container_version:
23 |
24 | # Optionally specify the branch Galaxy will use when accessing the GitHub
25 | # repo for this role. During role install, if no tags are available,
26 | # Galaxy will use this branch. During import Galaxy will access files on
27 | # this branch. If Travis integration is configured, only notifications for this
28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch
29 | # (usually master) will be used.
30 | #github_branch:
31 |
32 | #
33 | # platforms is a list of platforms, and each platform has a name and a list of versions.
34 | #
35 | # platforms:
36 | # - name: Fedora
37 | # versions:
38 | # - all
39 | # - 25
40 | # - name: SomePlatform
41 | # versions:
42 | # - all
43 | # - 1.0
44 | # - 7
45 | # - 99.99
46 |
47 | galaxy_tags: []
48 | # List tags for your role here, one per line. A tag is a keyword that describes
49 | # and categorizes the role. Users find roles by searching for tags. Be sure to
50 | # remove the '[]' above, if you add tags to this list.
51 | #
52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
53 | # Maximum 20 tags per role.
54 |
55 | dependencies: []
56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above,
57 | # if you add dependencies to this list.
--------------------------------------------------------------------------------
/roles/windows-ad-controller/meta/main.yml:
--------------------------------------------------------------------------------
1 | galaxy_info:
2 | author: your name
3 | description: your description
4 | company: your company (optional)
5 |
6 | # If the issue tracker for your role is not on github, uncomment the
7 | # next line and provide a value
8 | # issue_tracker_url: http://example.com/issue/tracker
9 |
10 | # Some suggested licenses:
11 | # - BSD (default)
12 | # - MIT
13 | # - GPLv2
14 | # - GPLv3
15 | # - Apache
16 | # - CC-BY
17 | license: license (GPLv2, CC-BY, etc)
18 |
19 | min_ansible_version: 1.2
20 |
21 | # If this a Container Enabled role, provide the minimum Ansible Container version.
22 | # min_ansible_container_version:
23 |
24 | # Optionally specify the branch Galaxy will use when accessing the GitHub
25 | # repo for this role. During role install, if no tags are available,
26 | # Galaxy will use this branch. During import Galaxy will access files on
27 | # this branch. If Travis integration is configured, only notifications for this
28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch
29 | # (usually master) will be used.
30 | #github_branch:
31 |
32 | #
33 | # platforms is a list of platforms, and each platform has a name and a list of versions.
34 | #
35 | # platforms:
36 | # - name: Fedora
37 | # versions:
38 | # - all
39 | # - 25
40 | # - name: SomePlatform
41 | # versions:
42 | # - all
43 | # - 1.0
44 | # - 7
45 | # - 99.99
46 |
47 | galaxy_tags: []
48 | # List tags for your role here, one per line. A tag is a keyword that describes
49 | # and categorizes the role. Users find roles by searching for tags. Be sure to
50 | # remove the '[]' above, if you add tags to this list.
51 | #
52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
53 | # Maximum 20 tags per role.
54 |
55 | dependencies: []
56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above,
57 | # if you add dependencies to this list.
--------------------------------------------------------------------------------
/roles/ec2-find-amis/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: find ami for rhel7
2 | ec2_ami_info:
3 | owners: 309956199498
4 | filters:
5 | name: "{{ image_names['rhel-75'] }}"
6 | region: "{{ ec2_region }}"
7 | register: rhel7_ami_find
8 |
9 | - name: find ami for centos7
10 | ec2_ami_info:
11 | owners: 309956199498
12 | filters:
13 | name: "{{ image_names['centos-75'] }}"
14 | region: "{{ ec2_region }}"
15 | register: centos7_ami_find
16 |
17 | - name: find ami for windows 2016
18 | ec2_ami_info:
19 | filters:
20 | name: "{{ image_names['win-2016'] }}"
21 | region: "{{ ec2_region }}"
22 | register: win2016_ami_find
23 |
24 | - name: find ami for windows 2019
25 | ec2_ami_info:
26 | filters:
27 | name: "{{ image_names['win-2019'] }}"
28 | region: "{{ ec2_region }}"
29 | register: win2019_ami_find
30 |
31 | - name: set ami id for rhel7
32 | set_fact:
33 | rhel7_ami_id: "{{ rhel7_ami_find.images[-1].image_id }}"
34 | when:
35 | - rhel7_ami_find.images is defined
36 | - rhel7_ami_find.images|length > 0
37 |
38 | - name: set ami id for centos7
39 | set_fact:
40 | centos7_ami_id: "{{ centos7_ami_find.images[-1].image_id }}"
41 | when:
42 | - centos7_ami_find.images is defined
43 | - centos7_ami_find.images|length > 0
44 |
45 | - name: set ami id for windows 2016
46 | set_fact:
47 | win2016_ami_id: "{{ win2016_ami_find.images[-1].image_id }}"
48 | when:
49 | - win2016_ami_find.images is defined
50 | - win2016_ami_find.images|length > 0
51 |
52 | - name: set ami id for windows 2019
53 | set_fact:
54 | win2019_ami_id: "{{ win2019_ami_find.images[-1].image_id }}"
55 | when:
56 | - win2019_ami_find.images is defined
57 | - win2019_ami_find.images|length > 0
58 |
59 | - debug:
60 | var: rhel7_ami_id
61 | when:
62 | - rhel7_ami_id is defined
63 |
64 | - debug:
65 | var: centos7_ami_id
66 | when:
67 | - centos7_ami_id is defined
68 |
69 | - debug:
70 | var: win2016_ami_id
71 | when:
72 | - win2016_ami_id is defined
73 |
74 | - debug:
75 | var: win2019_ami_id
76 | when:
77 | - win2019_ami_id is defined
78 |
--------------------------------------------------------------------------------
/roles/sql_run_sql_script/files/run_sql_command.ps1:
--------------------------------------------------------------------------------
1 | # Usage:
2 | # execute_sql_on_db.ps1 -instanceName YourInstanceName -dbName YOURDB -sqlQuery "CREATE TABLE test (ID int PRIMARY KEY NOT NULL, Name varchar(25) NOT NULL;"
3 | # execute_sql_on_db.ps1 -instanceName YourInstanceName -dbName YOURDB -sqlQuery "SELECT * FROM information_schema.tables WHERE TABLE_TYPE='BASE_TABLE';"
4 | # execute_sql_on_db.ps1 -instanceName YourInstanceName -sqlQuery "SELECT name FROM sys.databases;"
5 |
6 |
7 | # Load command line parameters
8 | Param(
9 | [Parameter(Mandatory=$True)]
10 | [string]$instanceName,
11 |
12 | [Parameter(Mandatory=$False)]
13 | [string]$dbName,
14 |
15 | [Parameter(Mandatory=$True)]
16 | [string]$sqlQuery,
17 |
18 | [Parameter(Mandatory=$False)]
19 | [string]$userName,
20 |
21 | [Parameter(Mandatory=$False)]
22 | [string]$password
23 |
24 | )
25 |
26 | # Ensure SQL Power Shell Modules are in the path
27 | $env:PSModulePath = $env:PSModulePath + ";C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules"
28 |
29 | # Import SQL Server Module called SQLPS
30 | Import-Module SQLPS -DisableNameChecking
31 |
32 | if ($dbName) {
33 |
34 | # Your SQL Server Instance Name (Server)
35 | $mySrvConn = new-object Microsoft.SqlServer.Management.Common.ServerConnection
36 | $mySrvConn.ServerInstance = $instanceName
37 | $mySrvConn.LoginSecure = $false
38 | $mySrvConn.Login = $userName
39 | $mySrvConn.Password = $password
40 |
41 | $Srvr = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server($mySrvConn)
42 |
43 | # Check if the Database Exists
44 | $dbExists = $FALSE
45 | foreach ($db in $Srvr.databases) {
46 | if ($db.name -eq $dbName) {
47 | $dbExists = $TRUE
48 | }
49 | }
50 |
51 | # Execute query if the database exists
52 | if ($dbExists -eq $True) {
53 | Write-Host "Executing query against database $dbName"
54 | Invoke-Sqlcmd -Username $userName -Password $password -Query "$sqlQuery" -ServerInstance $instanceName -Database $dbName
55 | }
56 | } else {
57 | Write-Host "Executing query against instance $instanceName"
58 | Invoke-Sqlcmd -Username $userName -Password $password -Query "$sqlQuery" -ServerInstance $instanceName
59 | }
60 |
61 |
--------------------------------------------------------------------------------
/roles/sql_run_sql_script_dsc/files/run_sql_command.ps1:
--------------------------------------------------------------------------------
1 | # Usage:
2 | # execute_sql_on_db.ps1 -instanceName YourInstanceName -dbName YOURDB -sqlQuery "CREATE TABLE test (ID int PRIMARY KEY NOT NULL, Name varchar(25) NOT NULL;"
3 | # execute_sql_on_db.ps1 -instanceName YourInstanceName -dbName YOURDB -sqlQuery "SELECT * FROM information_schema.tables WHERE TABLE_TYPE='BASE_TABLE';"
4 | # execute_sql_on_db.ps1 -instanceName YourInstanceName -sqlQuery "SELECT name FROM sys.databases;"
5 |
6 |
7 | # Load command line parameters
8 | Param(
9 | [Parameter(Mandatory=$True)]
10 | [string]$instanceName,
11 |
12 | [Parameter(Mandatory=$False)]
13 | [string]$dbName,
14 |
15 | [Parameter(Mandatory=$True)]
16 | [string]$sqlQuery,
17 |
18 | [Parameter(Mandatory=$False)]
19 | [string]$userName,
20 |
21 | [Parameter(Mandatory=$False)]
22 | [string]$password
23 |
24 | )
25 |
26 | # Ensure SQL Power Shell Modules are in the path
27 | $env:PSModulePath = $env:PSModulePath + ";C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules"
28 |
29 | # Import SQL Server Module called SQLPS
30 | Import-Module SQLPS -DisableNameChecking
31 |
32 | if ($dbName) {
33 |
34 | # Your SQL Server Instance Name (Server)
35 | $mySrvConn = new-object Microsoft.SqlServer.Management.Common.ServerConnection
36 | $mySrvConn.ServerInstance = $instanceName
37 | $mySrvConn.LoginSecure = $false
38 | $mySrvConn.Login = $userName
39 | $mySrvConn.Password = $password
40 |
41 | $Srvr = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server($mySrvConn)
42 |
43 | # Check if the Database Exists
44 | $dbExists = $FALSE
45 | foreach ($db in $Srvr.databases) {
46 | if ($db.name -eq $dbName) {
47 | $dbExists = $TRUE
48 | }
49 | }
50 |
51 | # Execute query if the database exists
52 | if ($dbExists -eq $True) {
53 | Write-Host "Executing query against database $dbName"
54 | Invoke-Sqlcmd -Username $userName -Password $password -Query "$sqlQuery" -ServerInstance $instanceName -Database $dbName
55 | }
56 | } else {
57 | Write-Host "Executing query against instance $instanceName"
58 | Invoke-Sqlcmd -Username $userName -Password $password -Query "$sqlQuery" -ServerInstance $instanceName
59 | }
60 |
61 |
--------------------------------------------------------------------------------
/mssql-create-db-with-dsc.yml:
--------------------------------------------------------------------------------
1 | - name: Create a db on MSSQL using DSC
2 | hosts: all
3 | gather_facts: no
4 | become: no
5 | vars:
6 | db_name: rhdemo1
7 |
8 | tasks:
9 | - name: Install required DSC modules
10 | win_psmodule:
11 | name: "{{ item }}"
12 | state: present
13 | loop:
14 | - NetworkingDsc
15 | - SqlServerDsc
16 |
17 | - name: create database
18 | win_dsc:
19 | resource_name: SqlScriptQuery
20 | ServerName: localhost
21 | InstanceName: MSSQLServer
22 | Credential_username: sa
23 | Credential_password: '{{ mssql_password }}'
24 | SetQuery: |
25 | CREATE DATABASE ['{{ db_name }}']
26 | TestQuery: |
27 | if (select count(name) from sys.databases where name = '{{ db_name }}') = 0
28 | BEGIN
29 | RAISERROR ('Did not find database [{{ db_name }}]', 16, 1)
30 | END
31 | ELSE
32 | BEGIN
33 | PRINT 'Found database [{{ db_name }}]'
34 | END
35 | GetQuery: |
36 | SELECT Name FROM sys.databases WHERE Name = '{{ db_name }}' FOR JSON AUTO
37 |
38 | - name: Open port for MSSQL
39 | win_dsc:
40 | resource_name: Firewall
41 | ensure: Present
42 | name: MSSQL
43 | enabled: True
44 | localport: 1433
45 | action: Allow
46 | direction: Inbound
47 | protocol: TCP
48 |
49 | # - name: Set windows connection variables
50 | # set_fact:
51 | # ansible_port: 5986
52 | # ansible_connection: winrm
53 | # ansible_winrm_server_cert_validation: ignore
54 | # delegate_to: 127.0.0.1
55 | #
56 | # - name: Enable port for MSSQL
57 | # win_firewall_rule:
58 | # name: MSSQL
59 | # localport: 1433
60 | # action: allow
61 | # direction: in
62 | # protocol: tcp
63 | # profiles: public
64 | # state: present
65 | # enabled: yes
66 | #
67 | # - name: Create a db
68 | # mssql_db:
69 | # login_host: "{{ ansible_host | default(ansible_ssh_host) | default(inventory_hostname) }}"
70 | # login_user: sa
71 | # login_password: '{{ mssql_password }}'
72 | # name: '{{ db_name }}'
73 | # state: present
74 | # delegate_to: 127.0.0.1
75 |
--------------------------------------------------------------------------------
/roles/sql2016/tasks/main.yml:
--------------------------------------------------------------------------------
1 | # Install SQL 2016
2 |
3 | - name: set up sqladmin user
4 | win_user:
5 | name: "{{ mssql_username }}"
6 | password: "{{ mssql_password }}"
7 | password_never_expires: True
8 | state: present
9 | groups:
10 | - Administrators
11 |
12 | - name: install .Net
13 | win_feature:
14 | name: "{{ item }}"
15 | state: present
16 | include_sub_features: True
17 | include_management_tools: True
18 | with_items:
19 | - NET-Framework-Core
20 | - NET-Framework-Features
21 | register: install_dotnet
22 | until: install_dotnet is success
23 | delay: 3
24 | retries: 5
25 |
26 | - name: create directory structure
27 | win_file:
28 | path: "{{ item }}"
29 | state: directory
30 | with_items:
31 | - C:\Backup
32 | - C:\Databases
33 | - C:\UserDatabases
34 |
35 | - name: check ISO file
36 | win_stat:
37 | path: "{{ iso_path }}"
38 | register: iso_file
39 | when: (":" in iso_path)
40 |
41 | - name: download ISO file
42 | win_get_url:
43 | dest: "{{ iso_path }}"
44 | url: "{{ iso_url }}"
45 | register: download_iso
46 | until: download_iso is success
47 | delay: 3
48 | retries: 5
49 | when: (":" in iso_path) and (not iso_file.stat.exists)
50 |
51 | - name: mount iso
52 | win_disk_image:
53 | image_path: "{{ iso_path }}"
54 | state: present
55 | register: disk_image_out
56 |
57 | - include_tasks: "{{ install_with }}.yml"
58 | when: ansible_version.full is version('2.4', '>=')
59 |
60 | - include: "{{ install_with }}.yml"
61 | when: ansible_version.full is version('2.4', '<')
62 |
63 | - name: unmount iso
64 | win_disk_image:
65 | image_path: "{{ iso_path }}"
66 | state: absent
67 |
68 | - name: reboot if required
69 | win_reboot:
70 | when:
71 | - sql_install is defined
72 | - sql_install.reboot_required is defined
73 | - sql_install.reboot_required
74 |
75 | - name: copy script file
76 | win_copy:
77 | src: enableSQLTCP.ps1
78 | dest: c:\enableSQLTCP.ps1
79 |
80 | - name: enable tcp on SQL server instance
81 | win_shell: c:\enableSQLTCP.ps1
82 |
83 | - name: delete the script
84 | win_file:
85 | path: c:\enableSQLTCP.ps1
86 | state: absent
87 |
88 | - name: restart SQL Server instance
89 | win_service:
90 | name: MSSQLSERVER
91 | state: restarted
92 | force_dependent_services: yes
--------------------------------------------------------------------------------
/winrm_enable_ca_cert.yml:
--------------------------------------------------------------------------------
1 | - name: winrm enable cert
2 | hosts: all
3 | vars:
4 | # make sure you're using HTTP (default port 5985) as we need to delete HTTPS and replace with HTTPS using our cert
5 | # you can start using HTTPS (port 5986) with your newly imported cert after running this playbook
6 | ansible_port: 5985
7 | ansible_connection: winrm
8 | ansible_winrm_transport: credssp
9 | ansible_winrm_server_cert_validation: ignore
10 |
11 | tasks:
12 | # we generate a self-signed cert as an example, you can remove this task if you have an existing certificate
13 | - name: generate a new self-signed cert
14 | win_shell: |
15 | $store_location = 'cert:\localmachine\my'
16 | $cert = New-SelfSignedCertificate -certstorelocation $store_location -dnsname {{ ansible_fqdn }}
17 | $pwd = ConvertTo-SecureString -String "{{ ansible_password }}" -Force -AsPlainText
18 | $path = $store_location + '{{"\\"}}' + $cert.thumbprint
19 | Export-PfxCertificate -cert $path -FilePath C:\winrm_cert.p12 -Password $pwd
20 |
21 | # uncomment the task below and update the src in this task if you want to copy and import and existing cert
22 | #- name: copy CA cert
23 | # win_copy:
24 | # src: cert.pfx
25 | # dest: C:\winrm_cert.p12
26 |
27 | - name: import cert
28 | win_certificate_store:
29 | path: C:\winrm_cert.p12
30 | state: present
31 | store_location: LocalMachine
32 | store_name: My
33 | password: "{{ ansible_password }}" # here you can update the password accordingly or remove if you don't have
34 | register: winrm_ca_cert
35 |
36 | - debug:
37 | msg: "{{ winrm_ca_cert.thumbprints[0] }}"
38 |
39 | - name: delete winrm HTTPS listener
40 | win_shell: winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
41 | register: delete_winrm_https_listener
42 | failed_when:
43 | - delete_winrm_https_listener.rc != 0
44 | - ('The service cannot find the resource' not in delete_winrm_https_listener.stderr)
45 | changed_when: delete_winrm_https_listener.rc == 0
46 |
47 | - name: enable winrm to use the CA cert
48 | win_shell: |
49 | winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="{{ ansible_fqdn }}"; CertificateThumbprint="{{ winrm_ca_cert.thumbprints[0] }}"}'
--------------------------------------------------------------------------------
/roles/sql2019/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: set up sqladmin user
4 | win_user:
5 | name: "{{ mssql_username }}"
6 | password: "{{ mssql_password }}"
7 | password_never_expires: True
8 | state: present
9 | groups:
10 | - Administrators
11 |
12 | - name: install .Net
13 | win_feature:
14 | name: "{{ item }}"
15 | state: present
16 | include_sub_features: True
17 | include_management_tools: True
18 | with_items:
19 | - NET-Framework-Core
20 | - NET-Framework-Features
21 | register: install_dotnet
22 | until: install_dotnet is success
23 | delay: 3
24 | retries: 5
25 |
26 | - name: create directory structure
27 | win_file:
28 | path: "{{ item }}"
29 | state: directory
30 | with_items:
31 | - C:\Backup
32 | - C:\Databases
33 | - C:\UserDatabases
34 |
35 | - name: check ISO file
36 | win_stat:
37 | path: "{{ iso_path }}"
38 | register: iso_file
39 | when: (":" in iso_path)
40 |
41 | - name: download ISO file
42 | win_get_url:
43 | dest: "{{ iso_path }}"
44 | url: "{{ iso_url }}"
45 | register: download_iso
46 | until: download_iso is success
47 | delay: 3
48 | retries: 5
49 | when: (":" in iso_path) and (not iso_file.stat.exists)
50 |
51 | - name: mount iso
52 | win_disk_image:
53 | image_path: "{{ iso_path }}"
54 | state: present
55 | register: disk_image_out
56 |
57 | - import_tasks: "{{ install_with }}.yml"
58 | when: ansible_version.full is version('2.4', '>=')
59 |
60 | - include: "{{ install_with }}.yml"
61 | when: ansible_version.full is version('2.4', '<')
62 |
63 | - name: unmount iso
64 | win_disk_image:
65 | image_path: "{{ iso_path }}"
66 | state: absent
67 |
68 | - name: reboot if required
69 | win_reboot:
70 | when:
71 | - sql_install is defined
72 | - sql_install.reboot_required is defined
73 | - sql_install.reboot_required
74 |
75 | - name: ensure system is reachable
76 | wait_for_connection:
77 | delay: 15
78 | timeout: 120
79 |
80 | - name: copy script file
81 | win_copy:
82 | src: enableSQLTCP.ps1
83 | dest: c:\enableSQLTCP.ps1
84 |
85 | - name: enable tcp on SQL server instance
86 | win_shell: c:\enableSQLTCP.ps1
87 |
88 | - name: delete the script
89 | win_file:
90 | path: c:\enableSQLTCP.ps1
91 | state: absent
92 |
93 | - name: restart SQL Server instance
94 | win_service:
95 | name: MSSQLSERVER
96 | state: restarted
97 | force_dependent_services: yes
--------------------------------------------------------------------------------
/snow_service_request.yml:
--------------------------------------------------------------------------------
1 | - name: Update ticket on Service Now
2 | hosts: all
3 | gather_facts: no
4 | connection: local
5 | become: no
6 |
7 | tasks:
8 | # - name: create servicenow request if not provided
9 | # snow_record:
10 | # state: present
11 | # table: sc_request
12 | # username: "{{ sn_username }}"
13 | # password: "{{ sn_password }}"
14 | # instance: "{{ sn_instance }}"
15 | # data:
16 | # work_notes: "Ansible Automation - Music store app version: {{ app_version }} deployment started"
17 | # state: 1
18 | # delegate_to: localhost
19 | # register: snow_request
20 | # when: (snow_request_id | default('')) | length == 0
21 | #
22 | # - debug:
23 | # msg: "{{ snow_request }}"
24 | #
25 | # - name: create servicenow request item
26 | # snow_record:
27 | # state: present
28 | # table: sc_req_item
29 | # username: "{{ sn_username }}"
30 | # password: "{{ sn_password }}"
31 | # instance: "{{ sn_instance }}"
32 | # data:
33 | # work_notes: "Ansible Automation - Music store app version: {{ app_version }} deployment started"
34 | # state: 1
35 | # delegate_to: localhost
36 | # register: snow_request_item
37 | # when: (snow_request_id | default('')) | length > 0
38 | #
39 | # - name: set snow_request_id if not provided
40 | # set_fact:
41 | # snow_request_id: "{{ snow_request.record.sys_id }}"
42 | # when: (snow_request_id | default('')) | length == 0
43 |
44 | - name: close servicenow request
45 | snow_record:
46 | state: present
47 | table: sc_request
48 | username: "{{ sn_username }}"
49 | password: "{{ sn_password }}"
50 | instance: "{{ sn_instance }}"
51 | number: "{{ snow_request_id }}"
52 | data:
53 | work_notes: "Ansible Automation - Music store app version: {{ app_version }} deployed"
54 | state: 3
55 | delegate_to: localhost
56 | when: (snow_request_id | default('')) | length > 0
57 |
58 | - name: close servicenow request item
59 | snow_record:
60 | state: present
61 | table: sc_req_item
62 | username: "{{ sn_username }}"
63 | password: "{{ sn_password }}"
64 | instance: "{{ sn_instance }}"
65 | number: "RITM{{ snow_request_id.split('REQ')[1] }}"
66 | data:
67 | work_notes: "Ansible Automation - Music store app version: {{ app_version }} deployed"
68 | state: 3
69 | delegate_to: localhost
70 | when: (snow_request_id | default('')) | length > 0
--------------------------------------------------------------------------------
/expand-disk-vmware.yml:
--------------------------------------------------------------------------------
1 | - name: Expand disk on VMware Windows VM
2 | hosts: all
3 | vars:
4 | disk_fullness_percentage_threshold: 80
5 | disk_fullness_percentage: "{{ 100 - (100*(free_drive_space_before|int)/(total_size_before|int))|int }}"
6 |
7 | tasks:
8 | - name: get total size
9 | win_shell: (Get-WmiObject -Class Win32_logicaldisk).Size
10 | register: drive_total_size
11 |
12 | - name: set total size
13 | set_fact:
14 | total_size_before: "{{ ((drive_total_size.stdout)|int / (1024*1024*1024)) | round(2, 'floor') }}"
15 |
16 | - name: get drive space
17 | win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
18 | register: drive_space
19 |
20 | - name: set free drive space
21 | set_fact:
22 | free_drive_space_before: "{{ ((drive_space.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }}"
23 |
24 | - debug:
25 | msg: "free drive space: {{ free_drive_space_before }} GB ({{ 100 - disk_fullness_percentage|int }}% of total space)"
26 |
27 | - debug:
28 | msg: "{{ total_size_before|int|round + 5 }}"
29 |
30 | - block:
31 | - name: expand vm disk to {{ total_size_before|int|round + 5 }}
32 | vmware_guest:
33 | hostname: "{{ lookup('env', 'VMWARE_HOST')|default(providers.vcenter.hostname) }}"
34 | username: "{{ lookup('env', 'VMWARE_USER')|default(providers.vcenter.username) }}"
35 | password: "{{ lookup('env', 'VMWARE_PASSWORD')|default(providers.vcenter.password) }}"
36 | validate_certs: no
37 | name: "{{ config.name }}"
38 | disk:
39 | - size_gb: "{{ total_size_before|int|round + 5 }}"
40 | autoselect_datastore: yes
41 | delegate_to: localhost
42 | vars:
43 | ansible_connection: local
44 |
45 | - name: expand file system
46 | win_shell: Resize-Partition -DriveLetter c -Size (Get-PartitionSupportedSize -DriveLetter c).sizeMax -ErrorAction SilentlyContinue
47 |
48 | - name: get drive space
49 | win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
50 | register: drive_space_after_expansion
51 |
52 | - name: set free drive space after expansion
53 | set_fact:
54 | free_drive_space_after: "{{ ((drive_space_after_expansion.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }}"
55 |
56 | - debug:
57 | msg: "free drive space: {{ free_drive_space_after }} GB"
58 | when: disk_fullness_percentage|int > disk_fullness_percentage_threshold|int
--------------------------------------------------------------------------------
/roles/awsjson/templates/BuildServer1.yaml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: 2010-09-09
2 | Metadata:
3 | 'AWS::CloudFormation::Designer':
4 | c96bc054-5622-43fa-976e-af60de3af976:
5 | size:
6 | width: 60
7 | height: 60
8 | position:
9 | x: 210
10 | 'y': 190
11 | z: 0
12 | embeds: []
13 | 4effa2fc-6ed6-42a3-b4a9-caa9888f30f5:
14 | size:
15 | width: 60
16 | height: 60
17 | position:
18 | x: 310
19 | 'y': 190
20 | z: 0
21 | embeds: []
22 | Parameters:
23 | KeyName:
24 | Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
25 | Type: 'AWS::EC2::KeyPair::KeyName'
26 | ConstraintDescription: must be the name of an existing EC2 KeyPair.
27 | SubnetID:
28 | Description: Name of an existing EC2 subnetID
29 | Type: 'AWS::EC2::Subnet::Id'
30 | Default: subnet-6a615331
31 | ConstraintDescription: must be the name of an existing SubNetID.
32 | AMIID:
33 | Description: please type an existing AMI ID
34 | Type: String
35 | Default: ami-b1f77ea7
36 | AllowedValues:
37 | - ami-b1f77ea7
38 | - ami-c8492cde
39 | ConstraintDescription: 'Allowed values - ami-b1f77ea7 (base), ami-c8492cde (iis) .'
40 | InstanceType:
41 | Description: WebServer EC2 instance type
42 | Type: String
43 | Default: t2.medium
44 | AllowedValues:
45 | - t1.micro
46 | - t2.nano
47 | - t2.micro
48 | - t2.small
49 | - t2.medium
50 | - t2.large
51 | - m1.small
52 | - m1.medium
53 | - m1.large
54 | - m1.xlarge
55 | - m2.xlarge
56 | - m2.2xlarge
57 | - m2.4xlarge
58 | - m3.medium
59 | - m3.large
60 | - m3.xlarge
61 | - m3.2xlarge
62 | - m4.large
63 | - m4.xlarge
64 | - m4.2xlarge
65 | - m4.4xlarge
66 | - m4.10xlarge
67 | - c1.medium
68 | - c1.xlarge
69 | - c3.large
70 | - c3.xlarge
71 | - c3.2xlarge
72 | - c3.4xlarge
73 | - c3.8xlarge
74 | - c4.large
75 | - c4.xlarge
76 | - c4.2xlarge
77 | - c4.4xlarge
78 | - c4.8xlarge
79 | - g2.2xlarge
80 | - g2.8xlarge
81 | - r3.large
82 | - r3.xlarge
83 | - r3.2xlarge
84 | - r3.4xlarge
85 | - r3.8xlarge
86 | - i2.xlarge
87 | - i2.2xlarge
88 | - i2.4xlarge
89 | - i2.8xlarge
90 | - d2.xlarge
91 | - d2.2xlarge
92 | - d2.4xlarge
93 | - d2.8xlarge
94 | - hi1.4xlarge
95 | - hs1.8xlarge
96 | - cr1.8xlarge
97 | - cc2.8xlarge
98 | - cg1.4xlarge
99 | ConstraintDescription: must be a valid EC2 instance type.
100 | Resources:
101 | EC2TestServer1:
102 | Type: 'AWS::EC2::Instance'
103 | Properties:
104 |
105 | SubnetId: !Ref SubnetID
106 | KeyName: !Ref KeyName
107 |
108 | Metadata:
109 | 'AWS::CloudFormation::Designer':
110 | id: 4effa2fc-6ed6-42a3-b4a9-caa9888f30f5
111 |
--------------------------------------------------------------------------------
/roles/deploy/tasks/main.yml:
--------------------------------------------------------------------------------
1 |
2 |
3 | # Clone a VM from a Template or existing running machine and customize
4 | - name: clone template and customize
5 | vmware_guest:
6 | hostname: "{{ lookup('env', 'VMWARE_HOST')|default(providers.vcenter.hostname) }}"
7 | username: "{{ lookup('env', 'VMWARE_USER')|default(providers.vcenter.username) }}"
8 | password: "{{ lookup('env', 'VMWARE_PASSWORD')|default(providers.vcenter.password) }}"
9 | validate_certs: no
10 | datacenter: "{{ providers.vcenter.datacenter }}"
11 | cluster: "{{ providers.vcenter.cluster }}"
12 | resource_pool: "{{ providers.vcenter.resource_pool|default('') }}"
13 | name: "{{ item.name }}"
14 | template: "{{ item.template }}"
15 | snapshot_src: "{{ item.snapshot_src|default(omit) }}"
16 | linked_clone: "{{ item.linked_clone|default(omit) }}"
17 | customvalues: "{{ item.customvalues|default(omit) }}"
18 | state: poweredon
19 | wait_for_ip_address: yes
20 | disk: "{{ item.disk|default(omit) }}"
21 | hardware:
22 | memory_mb: "{{ item.memory }}"
23 | num_cpus: "{{ item.cpu }}"
24 | scsi: paravirtual
25 | networks: "{{ item.networks }}"
26 | customization:
27 | autologon: True
28 | orgname: Ansible
29 | fullname: Ansible
30 | # timezone 20 = Central Standard Time
31 | # For more info see https://msdn.microsoft.com/en-us/library/ms912391(v=winembedded.11).aspx[msdn.microsoft.com]
32 | timezone: 20
33 | password: Password!1
34 | dns_servers: "{{ item.dns_servers|default([]) }}"
35 | runonce:
36 | - powershell.exe -command "& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))) -ForceNewSSLCert -EnableCredSSP"
37 | #- powershell.exe Unblock-File C:\ConfigureRemotingForAnsible.ps1
38 | #- powershell.exe -ExecutionPolicy Unrestricted -File C:\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP
39 | #- winrm set winrm/config/service/auth @{Basic="true"}
40 | #- winrm set winrm/config/service @{AllowUnencrypted="true"}
41 | #- winrm set winrm/config/client/auth @{CredSSP="true"}
42 | - winrm set winrm/config/service/auth @{CredSSP="true"}
43 | #- powershell.exe -command "& Invoke-WebRequest -Body @{'host_config_key'='{{ tower_callback.host_config_key|default(omit) }}'} -Method Post -Uri '{{ tower_callback.url|default(omit) }}'"
44 | async: 7200
45 | poll: 0
46 | register: deploy
47 | with_items: "{{ nodes }}"
48 | when: nodes is defined
49 |
50 | - name: Wait for instance creation to complete
51 | async_status: jid="{{ item.ansible_job_id }}"
52 | register: instances
53 | until: instances.finished
54 | retries: 300
55 | delay: 10
56 | with_items: "{{ deploy.results }}"
57 |
58 | - name: Waiting for servers to come online
59 | wait_for:
60 | host: "{{ item.networks[0].ip }}"
61 | port: 5986
62 | timeout: 600
63 | with_items: "{{ nodes }}"
64 | when: (instances | changed) and (nodes is defined)
65 |
66 |
67 |
68 |
69 |
70 |
71 |
--------------------------------------------------------------------------------
/roles/mcafee-epo/tasks/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: copy setup file
4 | win_copy:
5 | src: '{{ install_file_location }}\{{ install_file_name }}'
6 | dest: '{{ temp_directory }}\'
7 | remote_src: yes
8 |
9 | - name: create temporary directory
10 | win_file:
11 | path: '{{ temp_directory }}\mcafee_epo'
12 | state: directory
13 |
14 | - name: unzip file
15 | win_unzip:
16 | src: '{{ temp_directory }}\{{ install_file_name }}'
17 | dest: '{{ temp_directory }}\mcafee_epo'
18 | rm: no
19 | ignore_errors: yes
20 | register: mcafee_epo_unzip
21 |
22 | - name: create install script
23 | win_template:
24 | src: installMcAfeeEPO.bat
25 | dest: '{{ temp_directory }}\mcafee_epo\installMcAfeeEPO.bat'
26 |
27 | - name: install pstools
28 | win_chocolatey:
29 | name: pstools
30 | state: present
31 |
32 | - name: install McAfee EPO
33 | win_psexec:
34 | command: '{{ temp_directory }}\mcafee_epo\installMcAfeeEPO.bat'
35 | priority: high
36 | interactive: yes
37 |
38 | # keep tasks below for reference. McAfee requires UI access and only seem to work with psexec
39 | #- name: install McAfee EPO
40 | # win_package:
41 | # path: '{{ temp_directory }}\mcafee_epo\setup.exe'
42 | # product_id: "{{ product_id }}"
43 | # arguments:
44 | # - /qn
45 | # - /l* C:\McAfee_ePO.log
46 | # - MFSADMINUSERNAME_UE=admin
47 | # - MFSADMINPASSWORD_UE={{ mssql_password }}
48 | # - MFSADMINVERIFYPASSWORD_UE={{ mssql_password }}
49 | # - MFSDATABASESERVERNAME={{ sql_server_hostname }}
50 | # - MFSDATABASEPORT=1433
51 | # - MFSDATABASENAME=EPODB
52 | # - MFSDATABASEUSERNAME_UE=sa
53 | # - MFSDATABASEPASSWORD_UE={{ mssql_password }}
54 | # - AGENTPORT=80
55 | # - AGENTSECUREPORT=443
56 | # - TOMCATSECUREPORT=8443
57 | # - MFSDATABASEAUTHENTICATION=2
58 | # - SQLUDPPORTISENABLED=0
59 | # - IGNOREPROPINI=1
60 | # - MFSKEYSTOREPASSWORD_UE={{ mssql_password }}
61 | # - MFSVERIFYKEYSTOREPASSWORD={{ mssql_password }}
62 | # - ENABLETELEMETRY=0
63 | # - ENABLEFIPSMODE=0
64 | # - SKIPAUTOPRODINST=0
65 | # - AgreeToLicense="Yes"
66 | # register: mcafee_epo_install
67 |
68 | #- name: install McAfee EPO
69 | # win_dsc:
70 | # resource_name: Package
71 | # Path: '{{ temp_directory }}\mcafee_epo\setup.exe'
72 | # ProductId: "{{ product_id }}"
73 | # Name: Microsoft SQL Server 2016
74 | # Arguments: >
75 | # /qn
76 | # /l* C:\McAfee_ePO.log
77 | # MFSADMINUSERNAME_UE=admin
78 | # MFSADMINPASSWORD_UE={{ mssql_password }}
79 | # MFSADMINVERIFYPASSWORD_UE={{ mssql_password }}
80 | # MFSDATABASESERVERNAME={{ sql_server_hostname }}
81 | # MFSDATABASEPORT=1433
82 | # MFSDATABASENAME=EPODB
83 | # MFSDATABASEUSERNAME_UE=sa
84 | # MFSDATABASEPASSWORD_UE={{ mssql_password }}
85 | # AGENTPORT=80
86 | # AGENTSECUREPORT=443
87 | # TOMCATSECUREPORT=8443
88 | # MFSDATABASEAUTHENTICATION=2
89 | # SQLUDPPORTISENABLED=0
90 | # IGNOREPROPINI=1
91 | # MFSKEYSTOREPASSWORD_UE={{ mssql_password }}
92 | # MFSVERIFYKEYSTOREPASSWORD={{ mssql_password }}
93 | # ENABLETELEMETRY=0
94 | # ENABLEFIPSMODE=0
95 | # SKIPAUTOPRODINST=0
96 | # AgreeToLicense="Yes"
97 | # register: mcafee_epo_install
--------------------------------------------------------------------------------
/node-config/cluster-nodes-vmware.yml:
--------------------------------------------------------------------------------
1 | ---
2 | providers:
3 | vcenter:
4 | datacenter: cloud
5 | cluster: mylab
6 | resource_pool: manageto
7 |
8 | nodes:
9 | - name: winnode1
10 | role: cluster_first
11 | app_name: windows_cluster_demo
12 | networks:
13 | - name: mgmt
14 | ip: 192.168.1.53
15 | netmask: 255.255.255.0
16 | gateway: 192.168.1.254
17 | domain: home.ad
18 | dns_servers:
19 | - 192.168.1.254
20 | - 8.8.4.4
21 | domain: home.ad
22 | memory: 4096
23 | cpu: 2
24 | template: windows-2016-standard-core
25 | snapshot_src: Linked
26 | linked_clone: True
27 | customvalues:
28 | - key: app_name
29 | value: windows_cluster_demo
30 | - key: role
31 | value: windows
32 | customization:
33 | autologon: True
34 | orgname: Ansible
35 | fullname: Ansible
36 | timezone: 20
37 | password: '{{ ansible_password }}'
38 | runonce:
39 | - powershell.exe -command "& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))) -ForceNewSSLCert -EnableCredSSP"
40 | - winrm set winrm/config/service/auth @{CredSSP="true"}
41 | - name: winnode2
42 | role: cluster_other
43 | app_name: windows_cluster_demo
44 | networks:
45 | - name: mgmt
46 | ip: 192.168.1.54
47 | netmask: 255.255.255.0
48 | gateway: 192.168.1.254
49 | domain: home.ad
50 | dns_servers:
51 | - 192.168.1.254
52 | - 8.8.4.4
53 | domain: home.ad
54 | memory: 4096
55 | cpu: 2
56 | template: windows-2016-standard-core
57 | snapshot_src: Linked
58 | linked_clone: True
59 | customvalues:
60 | - key: app_name
61 | value: windows_cluster_demo
62 | - key: role
63 | value: windows
64 | customization:
65 | autologon: True
66 | orgname: Ansible
67 | fullname: Ansible
68 | timezone: 20
69 | password: '{{ ansible_password }}'
70 | runonce:
71 | - powershell.exe -command "& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))) -ForceNewSSLCert -EnableCredSSP"
72 | - winrm set winrm/config/service/auth @{CredSSP="true"}
73 | - name: winnode3
74 | role: cluster_other
75 | app_name: windows_cluster_demo
76 | networks:
77 | - name: mgmt
78 | ip: 192.168.1.48
79 | netmask: 255.255.255.0
80 | gateway: 192.168.1.254
81 | domain: home.ad
82 | dns_servers:
83 | - 192.168.1.254
84 | - 8.8.4.4
85 | domain: home.ad
86 | memory: 4096
87 | cpu: 2
88 | template: windows-2016-standard-core
89 | snapshot_src: Linked
90 | linked_clone: True
91 | customvalues:
92 | - key: app_name
93 | value: windows_cluster_demo
94 | - key: role
95 | value: windows
96 | customization:
97 | autologon: True
98 | orgname: Ansible
99 | fullname: Ansible
100 | timezone: 20
101 | password: '{{ ansible_password }}'
102 | runonce:
103 | - powershell.exe -command "& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))) -ForceNewSSLCert -EnableCredSSP"
104 | - winrm set winrm/config/service/auth @{CredSSP="true"}
--------------------------------------------------------------------------------
/roles/cloudforms-link-service/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Lookup CloudForms VM via uid_ems
3 | uri:
4 | url: "{{ manageiq.api_url }}/api/vms?filter[]=uid_ems={{ item.azure_vm.id }}&expand=resources"
5 | method: GET
6 | body:
7 | action: refresh
8 | body_format: json
9 | validate_certs: false
10 | headers:
11 | X-Auth-Token: "{{ manageiq.api_token }}"
12 | Content-Type: "application/json"
13 | status_code: 200
14 | register: lookup_vms_output
15 | until: lookup_vms_output.json.subcount > 0
16 | retries: "{{ max_retries }}"
17 | delay: "{{ retry_interval }}"
18 | with_items: "{{ instances.results }}"
19 |
20 | - debug: var=lookup_vms_output.results
21 | when: verbose
22 |
23 | - name: Set the service URL
24 | set_fact:
25 | svc_url: "/api/{{ manageiq.service }}"
26 |
27 | - name: Log svc_url
28 | debug: var=svc_url
29 | when: verbose
30 |
31 | - name: Initialize an empty list for vms
32 | set_fact:
33 | empty_list: []
34 |
35 | - debug: var=empty_list
36 | when: verbose
37 |
38 | - name: Append resource href to vms list
39 | set_fact:
40 | vms: "{{ empty_list }} + [ { 'href': svc_url, 'resource': { 'href': '/api/vms/{{ item.json.resources[0].id }}' } } ]"
41 | with_items: "{{ lookup_vms_output.results }}"
42 |
43 | - name: Log vms
44 | debug: var=vms
45 | when: verbose
46 |
47 | - name: Add vms to the service
48 | uri:
49 | url: "{{ manageiq.api_url }}/api/services"
50 | method: POST
51 | body_format: json
52 | body:
53 | action: add_resource
54 | resources: "{{ vms }}"
55 | validate_certs: false
56 | headers:
57 | X-Auth-Token: "{{ manageiq.api_token }}"
58 | Content-Type: "application/json"
59 | status_code: 200
60 | register: add_output
61 |
62 | - name: Log add_output
63 | debug: var=add_output.json.results[0].success
64 | when: verbose
65 |
66 | - name: Check if the VM was successfully attached to service
67 | fail: msg="{{ add_output.json.results[0].message }}"
68 | when: add_output.json.results[0].success == false
69 |
70 | - name: Assign tag to CloudForms service "{{ category }}:{{ tag }}"
71 | uri:
72 | url: "{{ manageiq.api_url }}/api/{{ manageiq.service }}/tags"
73 | method: POST
74 | body_format: json
75 | body:
76 | action: assign
77 | resources:
78 | - category: "{{ category }}"
79 | name: "{{ tag }}"
80 | validate_certs: false
81 | headers:
82 | X-Auth-Token: "{{ manageiq.api_token }}"
83 | Content-Type: "application/json"
84 | status_code: 200
85 | register: tag_service_output
86 |
87 | - name: Log tag_service_output
88 | debug: var=tag_service_output
89 | when: verbose
90 |
91 | - name: Assign CF tag to VM
92 | uri:
93 | url: "{{ manageiq.api_url }}/api/vms/{{ item.json.resources[0].id }}/tags"
94 | method: POST
95 | body:
96 | action: assign
97 | resources:
98 | - category: "{{ category }}"
99 | name: "{{ tag }}"
100 | body_format: json
101 | validate_certs: false
102 | headers:
103 | X-Auth-Token: "{{ manageiq.api_token }}"
104 | Content-Type: "application/json"
105 | status_code: 200
106 | register: assign_vmtag_output
107 | with_items: "{{ lookup_vms_output.results }}"
108 |
109 | - name: Log assign_vmtag_output
110 | debug: var=assign_vmtag_output.results
111 | when: verbose
112 |
113 | - name: Lookup CloudForms userid
114 | uri:
115 | url: "{{ manageiq.api_url }}/api/{{ manageiq.user }}?attributes=userid"
116 | method: GET
117 | validate_certs: false
118 | headers:
119 | X-Auth-Token: "{{ manageiq.api_token }}"
120 | Content-Type: "application/json"
121 | status_code: 200
122 | register: lookup_user_output
123 |
124 | - name: Log lookup_user_output
125 | debug: var=lookup_user_output
126 | when: verbose
127 |
128 | - name: Setting CloudForms userid
129 | set_fact:
130 | userid: "{{ lookup_user_output.json.userid }}"
131 |
132 | - name: Log userid
133 | debug: var=userid
134 | when: verbose
135 |
136 | - name: Assign CloudForms userid to VM
137 | uri:
138 | url: "{{ item.json.resources[0].href }}"
139 | method: POST
140 | body:
141 | action: set_owner
142 | resource:
143 | owner: "{{ userid }}"
144 | body_format: json
145 | validate_certs: false
146 | headers:
147 | X-Auth-Token: "{{ manageiq.api_token }}"
148 | Content-Type: "application/json"
149 | status_code: 200
150 | register: assign_cfowner_output
151 | with_items: "{{ lookup_vms_output.results }}"
152 |
153 | - name: Log assign_cfowner_output
154 | debug: var=assign_cfowner_output
155 | when: verbose
156 |
157 |
--------------------------------------------------------------------------------
/roles/awsjson/templates/BuildServer1.JSON:
--------------------------------------------------------------------------------
1 | {
2 | "AWSTemplateFormatVersion": "2010-09-09",
3 | "Metadata": {
4 | "AWS::CloudFormation::Designer": {
5 | "c96bc054-5622-43fa-976e-af60de3af976": {
6 | "size": {
7 | "width": 60,
8 | "height": 60
9 | },
10 | "position": {
11 | "x": 210,
12 | "y": 190
13 | },
14 | "z": 0,
15 | "embeds": []
16 | },
17 | "4effa2fc-6ed6-42a3-b4a9-caa9888f30f5": {
18 | "size": {
19 | "width": 60,
20 | "height": 60
21 | },
22 | "position": {
23 | "x": 310,
24 | "y": 190
25 | },
26 | "z": 0,
27 | "embeds": []
28 | }
29 | }
30 | },
31 | "Parameters": {
32 | "KeyName": {
33 | "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
34 | "Type": "AWS::EC2::KeyPair::KeyName",
35 | "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
36 | },
37 | "SubnetID": {
38 | "Description": "Name of an existing EC2 subnetID",
39 | "Type": "AWS::EC2::Subnet::Id",
40 | "Default": "subnet-6a615331",
41 | "ConstraintDescription": "must be the name of an existing SubNetID."
42 | },
43 |
44 | "AMIID": {
45 | "Description": "please type an existing AMI ID",
46 | "Type": "String",
47 | "Default": "ami-b1f77ea7",
48 | "AllowedValues": [
49 | "ami-b1f77ea7",
50 | "ami-c8492cde"
51 | ],
52 | "ConstraintDescription": "Allowed values - ami-b1f77ea7 (base), ami-c8492cde (iis) ."
53 | },
54 | "InstanceType": {
55 | "Description": "WebServer EC2 instance type",
56 | "Type": "String",
57 | "Default": "t2.medium",
58 | "AllowedValues": [
59 | "t1.micro",
60 | "t2.nano",
61 | "t2.micro",
62 | "t2.small",
63 | "t2.medium",
64 | "t2.large",
65 | "m1.small",
66 | "m1.medium",
67 | "m1.large",
68 | "m1.xlarge",
69 | "m2.xlarge",
70 | "m2.2xlarge",
71 | "m2.4xlarge",
72 | "m3.medium",
73 | "m3.large",
74 | "m3.xlarge",
75 | "m3.2xlarge",
76 | "m4.large",
77 | "m4.xlarge",
78 | "m4.2xlarge",
79 | "m4.4xlarge",
80 | "m4.10xlarge",
81 | "c1.medium",
82 | "c1.xlarge",
83 | "c3.large",
84 | "c3.xlarge",
85 | "c3.2xlarge",
86 | "c3.4xlarge",
87 | "c3.8xlarge",
88 | "c4.large",
89 | "c4.xlarge",
90 | "c4.2xlarge",
91 | "c4.4xlarge",
92 | "c4.8xlarge",
93 | "g2.2xlarge",
94 | "g2.8xlarge",
95 | "r3.large",
96 | "r3.xlarge",
97 | "r3.2xlarge",
98 | "r3.4xlarge",
99 | "r3.8xlarge",
100 | "i2.xlarge",
101 | "i2.2xlarge",
102 | "i2.4xlarge",
103 | "i2.8xlarge",
104 | "d2.xlarge",
105 | "d2.2xlarge",
106 | "d2.4xlarge",
107 | "d2.8xlarge",
108 | "hi1.4xlarge",
109 | "hs1.8xlarge",
110 | "cr1.8xlarge",
111 | "cc2.8xlarge",
112 | "cg1.4xlarge"
113 | ],
114 | "ConstraintDescription": "must be a valid EC2 instance type."
115 | }
116 | },
117 | "Resources": {
118 | "EC2TestServer1": {
119 | "Type": "AWS::EC2::Instance",
120 | "Properties": {
121 |
122 |
123 | "SubnetId": {
124 | "Ref": "SubnetID"
125 | },
126 | "KeyName": {
127 | "Ref": "KeyName"
128 | }
129 | },
130 | "Metadata": {
131 | "AWS::CloudFormation::Designer": {
132 | "id": "4effa2fc-6ed6-42a3-b4a9-caa9888f30f5"
133 | }
134 | }
135 | }
136 | }
137 | }
--------------------------------------------------------------------------------
/roles/deploy-azure/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create a resource group
3 | azure.azcollection.azure_rm_resourcegroup:
4 | name: myResourceGroup
5 | location: southcentralus
6 | tags:
7 | testing: testing
8 | delete: never
9 | ignore_errors: yes
10 |
11 | - name: Create virtual network
12 | azure_rm_virtualnetwork:
13 | resource_group: myResourceGroup
14 | name: myVnet
15 | address_prefixes: "10.0.0.0/16"
16 |
17 | - name: Add subnet
18 | azure_rm_subnet:
19 | resource_group: myResourceGroup
20 | name: mySubnet
21 | address_prefix: "10.0.1.0/24"
22 | virtual_network: myVnet
23 |
24 | - name: Create public IP address
25 | azure_rm_publicipaddress:
26 | resource_group: myResourceGroup
27 | allocation_method: Static
28 | name: myPublicIP
29 |
30 | - name: Create Network Security Group that allows SSH
31 | azure_rm_securitygroup:
32 | resource_group: myResourceGroup
33 | name: myNetworkSecurityGroup
34 | rules:
35 | - name: SSH
36 | protocol: Tcp
37 | destination_port_range: 22
38 | access: Allow
39 | priority: 1001
40 | direction: Inbound
41 | - name: WINRM
42 | protocol: Tcp
43 | destination_port_range: 5986
44 | access: Allow
45 | priority: 1002
46 | direction: Inbound
47 | - name: RDP
48 | protocol: Tcp
49 | destination_port_range: 3389
50 | access: Allow
51 | priority: 1003
52 | direction: Inbound
53 | - name: MSSQL
54 | protocol: Tcp
55 | destination_port_range: 1433
56 | access: Allow
57 | priority: 1004
58 | direction: Inbound
59 | - name: HTTP
60 | protocol: Tcp
61 | destination_port_range: 80
62 | access: Allow
63 | priority: 1005
64 | direction: Inbound
65 | - name: HTTPS
66 | protocol: Tcp
67 | destination_port_range: 443
68 | access: Allow
69 | priority: 1006
70 | direction: Inbound
71 |
72 | - name: Create virtual network inteface card
73 | azure_rm_networkinterface:
74 | resource_group: myResourceGroup
75 | name: myNIC
76 | virtual_network: myVnet
77 | subnet: mySubnet
78 | ip_configurations:
79 | - name: ipconfig1
80 | public_ip_address_name: myPublicIP
81 | primary: True
82 | security_group: myNetworkSecurityGroup
83 |
84 | - name: Create Windows VM
85 | azure_rm_virtualmachine:
86 | resource_group: myResourceGroup
87 | name: "{{ item.name }}"
88 | vm_size: "{{ item.vm_size }}"
89 | public_ip_allocation_method: Dynamic
90 | managed_disk_type: Standard_LRS
91 | open_ports:
92 | - 3389
93 | - 1433
94 | - "{{ item.ansible_port | default(ansible_port) | default('5986') }}"
95 | os_type: "{{ item.os_type | default('Windows') }}"
96 | network_interfaces: myNIC
97 | admin_username: ansible
98 | admin_password: "{{ item.root_password | default(ansible_password) }}"
99 | image: "{{ item.image }}"
100 | remove_on_absent: all
101 | tags:
102 | role: "{{ item.role }}"
103 | app_name: "{{ item.app_name }}"
104 | async: 7200
105 | poll: 0
106 | register: deploy
107 | loop: "{{ nodes }}"
108 | when: nodes is defined
109 |
110 | - name: Wait for instance creation to complete
111 | async_status: jid="{{ item.ansible_job_id }}"
112 | register: instances
113 | until: instances.finished
114 | retries: 300
115 | delay: 10
116 | with_items: "{{ deploy.results }}"
117 |
118 | - name: Create VM Extension
119 | azure_rm_virtualmachine_extension:
120 | name: "myvmextension-{{ item.0 }}"
121 | resource_group: myResourceGroup
122 | virtual_machine_name: "{{ item.1.ansible_facts.azure_vm.name }}"
123 | publisher: Microsoft.Compute
124 | virtual_machine_extension_type: CustomScriptExtension
125 | type_handler_version: 1.9
126 | settings: '{"fileUris": ["https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"],"commandToExecute": "powershell.exe -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP"}'
127 | auto_upgrade_minor_version: true
128 | with_indexed_items: "{{ instances.results }}"
129 | when: (instances | changed) and (nodes is defined)
130 |
131 | - name: Waiting for server to come online
132 | wait_for:
133 | host: "{{ item.ansible_facts.azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress }}"
134 | port: "{{ ansible_port }}"
135 | timeout: 600
136 | loop: "{{ instances.results }}"
137 | when: (instances | changed) and (nodes is defined)
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
--------------------------------------------------------------------------------
/roles/windows-ad-controller/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks file for windows-ad-controller---
3 | - name: Install AD
4 | win_feature:
5 | name: AD-Domain-Services
6 | state: present
7 | include_management_tools: True
8 | include_sub_features: True
9 | register: winfeature
10 |
11 | - debug: var=winfeature
12 |
13 | - name: Reboot if needed
14 | win_reboot:
15 | when: winfeature.reboot_required
16 |
17 | - name: Sleep 180 seconds to wait for DNS config
18 | pause:
19 | minutes: 3
20 | when: winfeature.changed
21 |
22 | #- name: Install AD
23 | # win_feature:
24 | # name: AD-Certificate
25 | # state: present
26 | # include_management_tools: True
27 | # include_sub_features: True
28 | # register: wincertfeature
29 |
30 | #- debug: var=wincertfeature
31 |
32 | #- name: Reboot if needed
33 | # win_reboot:
34 | # when: wincertfeature.reboot_required
35 |
36 | - name: Install DNS
37 | win_feature:
38 | name: DNS
39 | state: present
40 | include_management_tools: True
41 | register: windnsfeature
42 |
43 | - debug: var=windnsfeature
44 |
45 | - name: Reboot if needed
46 | win_reboot:
47 | when: windnsfeature.reboot_required
48 |
49 | - name: Sleep 180 seconds to wait for DNS config
50 | pause:
51 | minutes: 3
52 | when: windnsfeature.changed
53 |
54 | #- name: Ensure AD services are started - will fail if install not complete
55 | # win_service:
56 | # name: "{{ item }}"
57 | # state: started
58 | # start_mode: auto
59 | # with_items:
60 | # - adws
61 | # - dns
62 | # - kdc
63 | # - netlogon
64 |
65 | # Validate?
66 | # DCDIAG
67 | # Get-Service adws,kdc,netlogon,dns # Services are running?
68 | # Get-smbshare # sysvol & netlogin shares
69 | # get-eventlog "Directory Service" | select entrytype, source, eventid, message
70 |
71 | # get-eventlog "Active Directory Web Services" | select entrytype, source, eventid, message
72 |
73 | - name: Create DNS Domain
74 | win_domain:
75 | dns_domain_name: "{{ dns_domain_name }}"
76 | safe_mode_password: "{{ domain_admin_password }}"
77 | register: windomain
78 |
79 | - debug: var=windomain
80 |
81 | - name: Reboot if needed
82 | win_reboot:
83 | when: windomain.reboot_required
84 |
85 | # For some reason on a run after reboot I'm getting an error sometimes
86 | # Error message was MODULE FAILURE:
87 | # Exception calling \"Run\" with \"1\" argument(s): \"Exception calling \"Invoke\" with \"0\" argument(s): \"The running command \r\nstopped because the preference variable \"ErrorActionPreference\" or common parameter is set to Stop: The specified \r\nargument 'InstallDNS' was not recognized.
88 | # I added this sleep to see if it helps
89 | - name: Sleep 3 minutes after reboot from DNS configuration
90 | pause:
91 | minutes: 3
92 | when: windomain.reboot_required
93 |
94 | #- name: Ensure DNS services are started
95 | # win_service:
96 | # name: "{{ item }}"
97 | # state: started
98 | # start_mode: auto
99 | # with_items:
100 | # - dns
101 |
102 | #- name: Get current DNS zones
103 | # win_shell: Get-DnsServerZone | Select ZoneName
104 | # changed_when: false
105 | # register: dnsserverzone
106 | #
107 | #- debug: var=dnsserverzone
108 | #
109 | #- debug: var=ptr_zone_cidr
110 | #
111 | #- name: Set Reverse Lookup Zone
112 | # win_shell: Add-DnsServerPrimaryZone -NetworkId "{{ ptr_zone_cidr }}" -DynamicUpdate Secure -ReplicationScope Domain
113 | # when: "ptr_zone_name not in dnsserverzone.stdout"
114 |
115 | #- name: Ensure AD services are started - will fail if install not complete
116 | # win_service:
117 | # name: "{{ item }}"
118 | # state: started
119 | # start_mode: auto
120 | # with_items:
121 | # - adws
122 | # - dns
123 | # - kdc
124 | # - netlogon
125 |
126 |
127 | - name: Promote to Domain Controller
128 | win_domain_controller:
129 | dns_domain_name: "{{ dns_domain_name }}"
130 | domain_admin_user: "Admin@{{ dns_domain_name }}"
131 | domain_admin_password: "{{ domain_admin_password }}"
132 | safe_mode_password: "{{ domain_admin_password }}"
133 | state: domain_controller
134 | log_path: c:\ansible_win_domain_controller.txt
135 | register: windc
136 |
137 | - debug: var=windc
138 |
139 | - name: Reboot if needed
140 | win_reboot:
141 | when: windc.reboot_required
142 |
143 | - name: Sleep 60 seconds before adding windows group... sigh...
144 | pause:
145 | minutes: 1
146 | when: windc.changed
147 |
148 | - name: Ensure AD services are started - will fail if install not complete
149 | win_service:
150 | name: "{{ item }}"
151 | state: started
152 | start_mode: auto
153 | with_items:
154 | - adws
155 | - dns
156 | # - kdc
157 | # - netlogon
158 |
159 | - name: Get current DNS zones
160 | win_shell: Get-DnsServerZone | Select ZoneName
161 | changed_when: false
162 | register: dnsserverzone
163 |
164 | - debug: var=dnsserverzone
165 |
166 | - name: Set Reverse Lookup Zone - fails first time
167 | win_shell: Add-DnsServerPrimaryZone -NetworkId "{{ ptr_zone_cidr }}" -DynamicUpdate Secure -ReplicationScope Domain
168 | when: "ptr_zone_name not in dnsserverzone.stdout"
169 | ignore_errors: true
170 |
171 | - name: Sleep 120 seconds before adding reverse zone lookup. sigh...
172 | pause:
173 | minutes: 2
174 | when: "ptr_zone_name not in dnsserverzone.stdout"
175 |
176 | - name: Set Reverse Lookup Zone - 2nd run
177 | win_shell: Add-DnsServerPrimaryZone -NetworkId "{{ ptr_zone_cidr }}" -DynamicUpdate Secure -ReplicationScope Domain
178 | when: "ptr_zone_name not in dnsserverzone.stdout"
179 | register: revsersedns2
180 | ignore_errors: true
181 |
182 | - debug: var=revsersedns2
183 |
184 | - name: Get A records for zone
185 | win_shell: Get-DnsServerResourceRecord -ZoneName {{ dns_domain_name }} -RRType A | Format-Table -AutoSize -Wrap
186 | changed_when: false
187 | register: arecords
188 |
189 | - debug: var=arecords
190 |
191 | - name: Create A record for gitlab
192 | win_shell: Add-DnsServerResourceRecordA -Name "gitlab" -ZoneName "{{ dns_domain_name }}" -AllowUpdateAny -Ipv4Address "{{ hostvars['gitlab']['private_ip'] }}" -TimeToLive 01:00:00 -AgeRecord
193 | when: "'gitlab' not in arecords.stdout"
194 |
195 | - name: Get PTR Records for zone
196 | win_shell: Get-DnsServerResourceRecord -ZoneName {{ ptr_zone_name }} -RRType PTR | Format-Table -AutoSize -Wrap
197 | register: ptr_records
198 |
199 | #- debug: var=ptr_records
200 | #
201 | #- debug: msg="item = {{ item }}"
202 | # with_items: "{{ groups.all }}"
203 |
204 | # Add-DnsServerResourceRecordPtr -Name "17" -ZoneName "1.168.192.in-addr.arpa" -AllowUpdateAny -TimeToLive 01:00:00 -AgeRecord -PtrDomainName "hostname.example.com"
205 | - name: Set PTR Record for each host
206 | win_shell: Add-DnsServerResourceRecordPtr -Name "{{ hostvars[item]['private_ip'].split('.')[3] }}" -ZoneName "{{ ptr_zone_name }}" -AllowUpdateAny -TimeToLive 01:00:00 -AgeRecord -PtrDomainName "{{ item + '.' + dns_domain_name}}"
207 | when: "item not in ptr_records.stdout"
208 | with_items: "{{groups.all}}"
209 |
210 | - name: Add windows group
211 | win_domain_group:
212 | name: Ansible Users
213 | scope: global
214 | #path: OU=Users,DC=ansibleworkshop,DC=com
215 |
216 | - name: Add windows domain admin
217 | win_domain_user:
218 | name: "Admin"
219 | upn: "Admin@{{ dns_domain_name }}"
220 | state: present
221 | enabled: yes
222 | account_locked: no
223 | groups:
224 | - Domain Admins
225 | password: "{{ domain_admin_password }}"
226 | update_password: on_create
227 | password_expired: false
228 | firstname: admin
229 | surname: user
230 | company: AnsibleByRedHat
231 | email: "Admin@{{ dns_domain_name }}"
232 | #path: ou=Users,dc=ansibleworkshop,dc=com
233 |
234 |
235 | - name: Add windows AD users
236 | win_domain_user:
237 | name: "{{ user_prefix }}{{ item }}"
238 | upn: "{{ user_prefix}}{{ item }}@{{ dns_domain_name }}"
239 | #name: "{{ item }}"
240 | #upn: "{{ item }}@{{ dns_domain_name }}"
241 | state: present
242 | enabled: yes
243 | account_locked: no
244 | groups:
245 | - Ansible Users
246 | password: "{{ users_password }}"
247 | update_password: on_create
248 | password_expired: false
249 | firstname: user
250 | surname: user
251 | company: AnsibleByRedHat
252 | email: "{{user_prefix}}{{ item }}@{{ dns_domain_name }}"
253 | #email: "{{ item }}@{{ dns_domain_name }}"
254 | #with_items: "{{ users }}"
255 | with_sequence: count="{{ user_count }}"
256 |
257 | - name: Get current DNS search string
258 | win_shell: Get-DnsClientGlobalSetting | Select SuffixSearchList
259 | changed_when: false
260 | register: suffixsearchlist
261 |
262 | - debug: var=suffixsearchlist
263 |
264 | - name: Set DNS search string
265 | win_shell: Set-DnsClientGlobalSetting -SuffixSearchList {{ dns_domain_name }}, ec2.internal
266 | when: "dns_domain_name not in suffixsearchlist.stdout"
267 |
268 |
--------------------------------------------------------------------------------