Fix demo environment

Includes changes from #99 by @buzzware
snok · Sep 12, 2020 · a942f9a · a942f9a
1 parent 41fa2b8
commit a942f9a
Show file tree

Hide file tree

Showing 7 changed files with 191 additions and 253 deletions.
diff --git a/Vagrantfile b/Vagrantfile
@@ -1,78 +1,47 @@
-Vagrant.configure("2") do |config|
-  config.vm.define "adfs2016", autostart: false do |adfs2016|
-
-    adfs2016.vm.box = "cdaf/WindowsServer"
-
-    adfs2016.vm.provider "virtualbox" do |v|
-      v.memory = 2048
-      v.gui = true
-      v.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
-    end
+dir = File.expand_path("..", __FILE__)
 
-    # If you change this IP, also change the DNS server for the "web" VM.
-    adfs2016.vm.network "private_network", ip: "10.0.0.2"
-
-    # Some winrm hacking
-    # It prevents the connection with the VM from dropping
-    # after promoting it to a domain controller
-    adfs2016.winrm.timeout = 180
-    adfs2016.winrm.retry_limit = 20
-    adfs2016.winrm.retry_delay = 10
-    adfs2016.winrm.transport = :plaintext
-    adfs2016.winrm.basic_auth_only = true
-    adfs2016.winrm.username = "administrator"
-    adfs2016.winrm.password = "vagrant"
-
-    # Setup the domain controller
-    adfs2016.vm.provision "shell", privileged: true, path: "vagrant\\01-setup-domain.ps1"
-    adfs2016.vm.provision :reload
-    # Setup ADFS
-    adfs2016.vm.provision "shell", privileged: true, path: "vagrant\\02-setup-adfs.ps1"
-    adfs2016.vm.provision :reload
-    # Configure ADFS for use with the example project
-    adfs2016.vm.provision "shell", privileged: true, path: "vagrant\\03-example-adfs-config.ps1"
-  end
-
-  config.vm.define "adfs2012", autostart: false do |adfs2012|
+Vagrant.configure("2") do |config|
+  config.vagrant.plugins = "vagrant-reload"
 
-    adfs2012.vm.box = "fujiiface/2012r2"
+  config.vm.define "adfs", autostart: false do |adfs|
+    adfs.vm.hostname = "adfs"
+    adfs.vm.box = "StefanScherer/windows_2019"
 
-    adfs2012.vm.provider "virtualbox" do |v|
+    adfs.vm.provider "virtualbox" do |v|
       v.memory = 2048
       v.gui = true
       v.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
     end
 
     # If you change this IP, also change the DNS server for the "web" VM.
-    adfs2012.vm.network "private_network", ip: "10.0.0.2"
+    adfs.vm.network "private_network", ip: "10.10.10.2"
 
     # Some winrm hacking
     # It prevents the connection with the VM from dropping
     # after promoting it to a domain controller
-    adfs2012.winrm.timeout = 180
-    adfs2012.winrm.retry_limit = 20
-    adfs2012.winrm.retry_delay = 10
-    adfs2012.winrm.transport = :plaintext
-    adfs2012.winrm.basic_auth_only = true
-    adfs2012.winrm.username = "administrator"
-    adfs2012.winrm.password = "vagrant"
+    adfs.winrm.timeout = 180
+    adfs.winrm.retry_limit = 20
+    adfs.winrm.retry_delay = 10
+    adfs.winrm.transport = :plaintext
+    adfs.winrm.basic_auth_only = true
 
     # Setup the domain controller
-    adfs2012.vm.provision "shell", privileged: true, path: "vagrant\\01-setup-domain.ps1"
-    adfs2012.vm.provision :reload
+    adfs.vm.provision "shell", privileged: false, path: File.join(dir, 'vagrant', '01-setup-domain.ps1')
+    adfs.vm.provision :reload
+    adfs.vm.provision "shell", privileged: false, path: File.join(dir, 'vagrant', '02-setup-vagrant-user.ps1')
     # Setup ADFS
-    adfs2012.vm.provision "shell", privileged: true, path: "vagrant\\02-setup-adfs.ps1"
-    adfs2012.vm.provision :reload
+    adfs.vm.provision "shell", privileged: false, path: File.join(dir, 'vagrant', '03-setup-adfs.ps1')
+    adfs.vm.provision :reload
     # Configure ADFS for use with the example project
-    adfs2012.vm.provision "shell", privileged: true, path: "vagrant\\03-example-adfs-config.ps1"
+    adfs.vm.provision "shell", privileged: false, path: File.join(dir, 'vagrant', '04-example-adfs-config.ps1')
   end
 
   config.vm.define "web" do |web|
     web.vm.hostname = "web"
-    web.vm.box = "generic/debian10"
+    web.vm.box = "debian/buster64"
 
     # If you change this IP, you also have to change it in the file 03-example-adfs-config.ps1
-    web.vm.network "private_network", ip: "10.0.0.10"
+    web.vm.network "private_network", ip: "10.10.10.10"
     web.vm.network "forwarded_port", guest: 8000, host: 8000
 
     # Install all needed tools and migrate the 2 example django projects
@@ -90,7 +59,7 @@ Vagrant.configure("2") do |config|
       python3 /vagrant/demo/formsbased/manage.py makemigrations polls
       python3 /vagrant/demo/formsbased/manage.py migrate
       # Set fixed hosts entry to ADFS server
-      echo "10.0.0.2 adfs.example.com" >> /etc/hosts
+      echo "10.10.10.2 adfs.example.com" >> /etc/hosts
     SHELL
   end
 end
diff --git a/docs/demo.rst b/docs/demo.rst
@@ -10,22 +10,18 @@ Prerequisites
 * The github repository should be cloned/downloaded in some directory.
 
 This guide assumes you're using VirtualBox, but another hypervisor should also work.
-If you choose to use another one, make sure there's a windows server 2016 or 2012 R2 vagrant box available for it.
+If you choose to use another one, make sure there's a windows server 2019 vagrant box available for it.
 
 Components
 ----------
 The demo consists of 2 parts:
 
 * A web server VM.
-* A windows server 2012 R2 or 2016 VM.
+* A windows server 2019 VM.
 
 The webserver will run Django and is reachable at ``http://web.example.com:8000``. The windows server will run a
 domain controller and ADFS service.
 
-There are 2 windows server versions to chose from. An 2012 R2 and 2016 version. **You should run only one of them
-at the same time!** Because, to make things work (the webserver needs to be able to contact it),
-they share the same IP address.
-
 Starting the environment
 ------------------------
 Web server
@@ -60,27 +56,24 @@ ADFS server
 The next vagrant box to start is the ADFS server. The scripts used for provisioning the ADFS server can be found in the
 folder ``/vagrant`` inside the repository.
 
-Change the ``2016`` in the examples below to ``2012`` if you want to test against that version of windows server.
-**But don't run both of them at the same time**
-
 #. Navigate to the directory where you cloned/downloaded the github repository.
 #. Bring up the ADFS server by running the command::
 
-    vagrant up adfs2016
+    vagrant up adfs
 
 #. Wait as the vagrant box is downloaded and the needed software installed. **For this windows box, it takes a couple
    of coffees before it's done.**
 #. Next, open window showing the login screen of the windows server. The login credentials are::
 
-    username: administrator
+    username: vagrant
     password: vagrant
 
 #. Once logged in, install a browser like Chrome of Firefox.
 #. Next, in that browser on the windows server, verify you can open the page
    `http://web.example.com:8000 <http://web.example.com:8000>`__
 
-In the AD FS management console, you can check how the example project is configured. For windows 2016 the config is in
-the **Application Groups** folder. For windows 2012 it's in the **Trust Relationships** ➜ **Relying Party Trusts**.
+In the AD FS management console, you can check how the example project is configured. The config is in the
+**Application Groups** folder.
 
 .. note::
 

diff --git a/vagrant/01-setup-domain.ps1 b/vagrant/01-setup-domain.ps1
@@ -3,29 +3,27 @@ $domainName = "example.com"
 $netbiosName = "EXAMPLE"
 $safeModePwd = "Password123"
 # #############################
-
+Set-LocalUser `
+    -name "administrator" `
+    -AccountNeverExpires `
+    -Password (Convertto-SecureString -AsPlainText "Vagrant123" -Force) `
+    -PasswordNeverExpires $true
 # Install and configure domain controller role
 # --------------------------------------------
 Write-Host "Installing domain features..."
 Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
-
 Write-Host "Promoting DC..."
-If ([Environment]::OSVersion.version.major -ge 10) {
-    $mode = "WinThreshold"
-} Else {
-    $mode = "Win2012R2"
-}
 Import-Module ADDSDeployment
 Install-ADDSForest `
--CreateDnsDelegation:$false `
--DatabasePath "C:\Windows\NTDS" `
--DomainMode $mode `
--DomainName $domainName `
--DomainNetbiosName $netbiosName `
--ForestMode $mode `
--InstallDns:$true `
--LogPath "C:\Windows\NTDS" `
--SysvolPath "C:\Windows\SYSVOL" `
--Force:$true `
--SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText $safeModePwd -Force) `
--NoRebootOnCompletion
+  -CreateDnsDelegation:$false `
+  -DatabasePath "C:\Windows\NTDS" `
+  -DomainMode "WinThreshold" `
+  -DomainName $domainName `
+  -DomainNetbiosName $netbiosName `
+  -ForestMode "WinThreshold" `
+  -InstallDns:$true `
+  -LogPath "C:\Windows\NTDS" `
+  -SysvolPath "C:\Windows\SYSVOL" `
+  -Force:$true `
+  -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText $safeModePwd -Force) `
+  -NoRebootOnCompletion
diff --git a/vagrant/02-setup-vagrant-user.ps1 b/vagrant/02-setup-vagrant-user.ps1
@@ -0,0 +1,16 @@
+Write-Host "Waiting for domain controller to become reachable."
+$isUp = $false
+while($isUp -eq $false) {
+    Try {
+        $domain = Get-ADDomain
+        $isUp = $true
+    } Catch [Microsoft.ActiveDirectory.Management.ADServerDownException] {
+        Write-Host "Retrying in 30 seconds"
+        $isUp = $false
+        Start-Sleep 30
+    }
+}
+
+Add-ADGroupMember -Identity "Domain Admins" -Members vagrant
+Add-ADGroupMember -Identity "Enterprise Admins" -Members vagrant
+Add-ADGroupMember -Identity "Schema Admins" -Members vagrant
diff --git a/vagrant/03-example-adfs-config.ps1 b/vagrant/03-example-adfs-config.ps1