-
Notifications
You must be signed in to change notification settings - Fork 21
/
main.yml
97 lines (82 loc) · 2.73 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
- name: Allow access from our network
win_firewall_rule:
name: Allow access from our network
direction: in
action: allow
enabled: yes
state: present
when: open_firewall
- name: Set the default SSH shell to PowerShell
win_regedit:
path: HKLM:\SOFTWARE\OpenSSH
name: DefaultShell
data: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
type: string
state: present
- name: Detect cygwin
win_stat:
path: 'C:\cygwin64\etc'
register: cygwin
- name: Configure shell for cygwin
win_lineinfile:
path: 'C:\cygwin64\etc\nsswitch.conf'
line: "db_shell: /cygdrive/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe"
when: cygwin.stat.exists
register: configured_cygwin
- name: Reboot machine to apply changes in cygwin config
win_reboot:
when: configured_cygwin.changed and skip_addc_install
- name: Prepare AD facts
set_fact:
ad_domain: "{{ '.'.join(inventory_hostname.split('.')[1:]) }}"
ad_netbios: "{{ inventory_hostname.split('.')[0].upper() }}"
ad_suffix: "{{ inventory_hostname.split('.')[1:] | map('regex_replace', '^(.*)$', 'dc=\\1') | join(',') }}"
ad_password: "{{ service.ad.safe_password }}"
- name: Debug AD facts
debug:
msg: 'AD domain: "{{ ad_domain }}", AD netbios: "{{ ad_netbios }}", AD suffix: "{{ ad_suffix }}"'
- name: 'Install AD server'
include_tasks: 'install.yml'
when: not skip_addc_install
- name: Install management tools
win_feature:
name:
- RSAT-AD-Tools
include_sub_features: yes
include_management_tools: yes
- name: Install powershell modules
win_shell: |
Get-PackageProvider NuGet -ForceBootstrap
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
Install-Module PSIni -Confirm:$False
- name: Make sure Active Directory Web Services is running
win_service:
name: adws
start_mode: auto
state: started
- name: 'Add sudo schema and possibly other'
include_tasks: 'schema.yml'
when: not skip_schema
- name: Set Password Never Expires for system users
win_shell: |
Import-Module ActiveDirectory
$user = Get-ADUser -Server {{ ad_domain }} -Identity {{ item }} \
-Properties PasswordNeverExpires
if ($user.PasswordNeverExpires -eq $true) {
exit 255
}
Set-ADUser -Server {{ ad_domain }} -Identity {{ item }} \
-PasswordNeverExpires $true
register: result
failed_when: "result.rc != 255 and result.rc != 0"
changed_when: "result.rc == 0"
until: "result.rc == 255 or result.rc == 0"
# The AD is sometimes not ready to proccess requests so we retry
# to make it stable.
retries: 5
delay: 60
with_items:
- "{{ ad_permanent_users }}"
- name: 'Configure DNS on vagrant AD'
include_tasks: 'dns.yml'
when: not skip_dns