-
- 
-
-
-
-
-
- {% include 'header.j2' %}
-
-
-
-
-
-{% for report in reports.files %}
- {% set page = report.path.split('/')[-1] %}
-
-
-
-
-
-
diff --git a/collections/ansible_collections/demo/reporting/roles/report_server/templates/windows_report.j2 b/collections/ansible_collections/demo/reporting/roles/report_server/templates/windows_report.j2
deleted file mode 100644
index 5690437..0000000
--- a/collections/ansible_collections/demo/reporting/roles/report_server/templates/windows_report.j2
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-
- Ansible Automation Reports
--
|
-
-
- |
- - {{ page }} - | -{% endfor %} -
Created with
-
- {% include 'header.j2' %}
-
-
-
-
-
-{% for report in reports.files %}
- {% set page = report.path.split('\\')[-1] %}
-
-
-
-
-
-
diff --git a/collections/ansible_collections/demo/reporting/roles/report_server/vars/Win32NT.yml b/collections/ansible_collections/demo/reporting/roles/report_server/vars/Win32NT.yml
deleted file mode 100644
index ac4e675..0000000
--- a/collections/ansible_collections/demo/reporting/roles/report_server/vars/Win32NT.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-doc_root: C:\Inetpub\wwwroot
-reports_dir: reports
diff --git a/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml b/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml
index 1f8d01a..8dc130f 100644
--- a/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml
+++ b/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml
@@ -70,7 +70,7 @@
template:
src: openscap_client_config.yaml.j2
dest: /etc/foreman_scap_client/config.yaml
- mode: 0644
+ mode: "0644"
owner: root
group: root
diff --git a/collections/requirements.yml b/collections/requirements.yml
index 67801fa..a8d98a2 100644
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -4,7 +4,7 @@ collections:
version: 4.3.0
- name: redhat_cop.controller_configuration
version: 2.2.5
- #linux
+ # linux
- name: redhat.insights
version: 1.0.7
- name: redhat.rhel_system_roles
@@ -12,18 +12,18 @@ collections:
- name: community.general
version: 6.3.0
- name: containers.podman
- #windows
+ # windows
- name: chocolatey.chocolatey
- name: community.windows
version: 1.12.0
- name: ansible.windows
version: 1.13.0
- #cloud
+ # cloud
- name: azure.azcollection
version: 1.14.0
- name: amazon.aws
version: 5.2.0
- #satellite
+ # satellite
- name: redhat.satellite
version: 3.8.0
#network
diff --git a/linux/compliance.yml b/linux/compliance.yml
index 865dab3..3c4642c 100644
--- a/linux/compliance.yml
+++ b/linux/compliance.yml
@@ -1,14 +1,15 @@
---
-- hosts: "{{ HOSTS }}"
+- name: Apply compliance profile
+ hosts: "{{ _hosts | default(omit) }}"
become: true
vars:
compliance_profile: undef
tasks:
- - name: Check OS Type
- assert:
+ - name: Check os type
+ ansible.builtin.assert:
that: "ansible_os_family == 'RedHat'"
- - name: Run Compliance Profile
- include_role:
- name: "redhatofficial.rhel{{ ansible_distribution_major_version }}_{{ compliance_profile }}"
\ No newline at end of file
+ - name: Run compliance profile
+ ansible.builtin.include_role:
+ name: "redhatofficial.rhel{{ ansible_distribution_major_version }}_{{ compliance_profile }}"
diff --git a/linux/deploy_application.yml b/linux/deploy_application.yml
index 98598b7..eca3563 100644
--- a/linux/deploy_application.yml
+++ b/linux/deploy_application.yml
@@ -1,31 +1,31 @@
---
-- name: application deployment
- hosts: "{{ HOSTS }}"
+- name: Application deployment
+ hosts: "{{ _hosts | default('web') }}"
gather_facts: false
become: true
-
+
tasks:
- - name: make sure application is not empty
- assert:
+ - name: Make sure application is not empty
+ ansible.builtin.assert:
that:
- "application != ''"
- - name: printing to terminal application information
- debug:
- msg: "This Ansible Playbook will install {{application}}"
+ - name: Printing to terminal application information
+ ansible.builtin.debug:
+ msg: "This Ansible Playbook will install {{ application }}"
- - name: install application
- dnf:
- name: "{{application}}"
+ - name: Install application
+ ansible.builtin.dnf:
+ name: "{{ application }}"
allow_downgrade: true
register: result
- - name: printing to terminal application information
- debug:
- msg: "The application: {{application}} has been installed"
- when: result.changed|bool
+ - name: Printing to terminal application information
+ ansible.builtin.debug:
+ msg: "The application: {{ application }} has been installed"
+ when: result.changed | bool
- - name: printing to terminal application information
- debug:
- msg: "The application: {{application}} was already installed"
- when: not result.changed|bool
+ - name: Printing to terminal application information
+ ansible.builtin.debug:
+ msg: "The application: {{ application }} was already installed"
+ when: not result.changed | bool
diff --git a/linux/ec2_register.yml b/linux/ec2_register.yml
index d48705c..789209d 100644
--- a/linux/ec2_register.yml
+++ b/linux/ec2_register.yml
@@ -1,72 +1,73 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Register ec2 instance with subscription mangler
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
tasks:
- - name: check for vars
- assert:
- that:
- - org_id is defined
- - activation_key is defined
- - org_id != ''
- - activation_key != ''
- - org_id != 'undef'
- - activation_key != 'undef'
+ - name: Check for vars
+ ansible.builtin.assert:
+ that:
+ - org_id is defined
+ - activation_key is defined
+ - org_id != ''
+ - activation_key != ''
+ - org_id != 'undef'
+ - activation_key != 'undef'
- - name: set hostname
- hostname:
- name: "{{ inventory_hostname | regex_replace('_','-')}}"
+ - name: Set hostname
+ ansible.builtin.hostname:
+ name: "{{ inventory_hostname | regex_replace('_', '-') }}"
# Install subscription-manager if it's not there
- - name: Install subscription-manager
- ansible.builtin.yum:
- name: subscription-manager
- state: present
+ - name: Install subscription-manager
+ ansible.builtin.yum:
+ name: subscription-manager
+ state: present
- - name: remove rhui client packages
- yum:
- name: rh-amazon-rhui-client*
- state: removed
+ - name: Remove rhui client packages
+ ansible.builtin.yum:
+ name: rh-amazon-rhui-client*
+ state: removed
- - name: get current repos
- command:
- cmd: ls /etc/yum.repos.d/
- register: repos
- changed_when: False
+ - name: Get current repos
+ ansible.builtin.command:
+ cmd: ls /etc/yum.repos.d/
+ register: repos
+ changed_when: false
- - name: remove existing rhui repos
- file:
- path: "/etc/yum.repos.d/{{ item }}"
- state: absent
- loop: "{{ repos.stdout_lines }}"
- when: "'rhui' in item"
+ - name: Remove existing rhui repos
+ ansible.builtin.file:
+ path: "/etc/yum.repos.d/{{ item }}"
+ state: absent
+ loop: "{{ repos.stdout_lines }}"
+ when: "'rhui' in item"
- - name: install katello package
- yum:
- name: "https://{{ sat_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
- state: present
- validate_certs: no
- disable_gpg_check: true
- when: sat_url is defined
+ - name: Install katello package
+ ansible.builtin.yum:
+ name: "https://{{ sat_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
+ state: present
+ validate_certs: false
+ disable_gpg_check: true
+ when: sat_url is defined
- - name: manage repos with subscription mangler
- ansible.builtin.lineinfile:
- path: /etc/rhsm/rhsm.conf
- regexp: '^manage_repos'
- line: 'manage_repos = 1'
+ - name: Manage repos with subscription mangler
+ ansible.builtin.lineinfile:
+ path: /etc/rhsm/rhsm.conf
+ regexp: '^manage_repos'
+ line: 'manage_repos = 1'
- - name: register subscription mangler
- community.general.redhat_subscription:
- state: present
- activationkey: "{{ activation_key }}"
- org_id: "{{ org_id }}"
+ - name: Register subscription mangler
+ community.general.redhat_subscription:
+ state: present
+ activationkey: "{{ activation_key }}"
+ org_id: "{{ org_id }}"
- - name: configure Red Hat insights
- import_role:
- name: redhat.insights.insights_client
- vars:
- insights_display_name: "{{ inventory_hostname }}"
- insights_tags:
- env: "{{ env }}"
- purpose: demo
- group: "{{ insights_tag }}"
+ - name: Configure Red Hat insights
+ ansible.builtin.import_role:
+ name: redhat.insights.insights_client
+ vars:
+ insights_display_name: "{{ inventory_hostname }}"
+ insights_tags:
+ env: "{{ env }}"
+ purpose: demo
+ group: "{{ insights_tag }}"
diff --git a/linux/fact_scan.yml b/linux/fact_scan.yml
index 1c26ff0..94907f3 100644
--- a/linux/fact_scan.yml
+++ b/linux/fact_scan.yml
@@ -1,12 +1,11 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Scan host for facts
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
tasks:
- - name: get packages
- ansible.builtin.package_facts:
+ - name: Get packages
+ ansible.builtin.package_facts:
- - name: get services
- ansible.builtin.service_facts:
-
-
\ No newline at end of file
+ - name: Get services
+ ansible.builtin.service_facts:
diff --git a/linux/hardening.yml b/linux/hardening.yml
index 67f1392..750a120 100644
--- a/linux/hardening.yml
+++ b/linux/hardening.yml
@@ -1,6 +1,6 @@
---
-- name: harden linux systems
- hosts: "{{ HOSTS | default('web') }}"
+- name: Harden linux systems
+ hosts: "{{ _hosts | default('web') }}"
become: true
vars:
- harden_firewall: false
@@ -11,21 +11,21 @@
tasks:
- name: Configure Firewall
when: harden_firewall | bool
- include_role:
+ ansible.builtin.include_role:
name: linux-system-roles.firewall
- name: Configure Timesync
when: harden_time | bool
- include_role:
+ ansible.builtin.include_role:
name: redhat.rhel_system_roles.timesync
- name: SSH Hardening
when: harden_ssh | bool
- include_role:
+ ansible.builtin.include_role:
name: dev-sec.ssh-hardening
# run with --skip-tags accounts_passwords_pam_faillock_deny
- name: Apply PCI Baseline
when: harden_pci | bool
- include_role:
+ ansible.builtin.include_role:
name: redhatofficial.rhel8_pci_dss
diff --git a/linux/insights_compliance_scan.yml b/linux/insights_compliance_scan.yml
index 6faa0d4..69a44f0 100644
--- a/linux/insights_compliance_scan.yml
+++ b/linux/insights_compliance_scan.yml
@@ -1,24 +1,25 @@
---
-- hosts: "{{ HOSTS }}"
+- name: Run compliance scan with Red Hat Insights
+ hosts: "{{ _hosts | default(omit) }}"
become: true
vars:
- #compliance_profile: undef
+ # compliance_profile: undef
tasks:
- name: Check OS Type
- assert:
+ ansible.builtin.assert:
that: "ansible_os_family == 'RedHat'"
- name: Check variable values
- debug:
+ ansible.builtin.debug:
msg: "Value of compliance_profile_configured is {{ compliance_profile_configured }}"
- name: Run Insights Compliance scan
- import_role:
+ ansible.builtin.import_role:
name: redhat.insights.compliance
when: compliance_profile_configured == "Yes"
- name: Notify user that Compliance scan is not being attempted
- debug:
+ ansible.builtin.debug:
msg: "User has not confirmed that all hosts are associated with an Insights Compliance profile. Scan aborted."
when: compliance_profile_configured == "No"
diff --git a/linux/inventory.insights.yml b/linux/inventory.insights.yml
index e9a1ebd..c9e6f79 100644
--- a/linux/inventory.insights.yml
+++ b/linux/inventory.insights.yml
@@ -1,11 +1,11 @@
---
plugin: redhat.insights.insights
-get_patches: yes
+get_patches: true
groups:
patch_bugs: insights_patching.rhba_count > 0
patch_enhancements: insights_patching.rhea_count > 0
patch_security: insights_patching.rhsa_count > 0
-get_tags: yes
+get_tags: true
selection: none
filter_tags:
- insights-client/purpose=demo
diff --git a/linux/patching.yml b/linux/patching.yml
index 582f33e..a4d2e82 100644
--- a/linux/patching.yml
+++ b/linux/patching.yml
@@ -1,43 +1,47 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Linux server patching
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
+ strategy: linear
vars:
report_server: node1
-
+
tasks:
-# Install yum-utils if it's not there
- - name: Install yum-utils
- ansible.builtin.yum:
- name: yum-utils
- state: latest
+ # Install yum-utils if it's not there
+ - name: Install yum-utils
+ ansible.builtin.yum:
+ name: yum-utils
+ state: installed
- - include_role:
- name: demo.patching.patch_linux
+ - name: Include patching role
+ ansible.builtin.include_role:
+ name: demo.patching.patch_linux
- - name: Tell user when Insights Client is not configured
- debug:
- msg: "Insights client does not appear to be configured. Scan will be skipped"
- when:
- - ansible_local.insights.system_id is not defined
+ - name: Tell user when Insights Client is not configured
+ ansible.builtin.debug:
+ msg: "Insights client does not appear to be configured. Scan will be skipped"
+ when:
+ - ansible_local.insights.system_id is not defined
- - name: Run the Insights Client Scan
- command: insights-client
- when:
- - not ansible_check_mode
- - ansible_local.insights.system_id is defined
+ - name: Run the Insights Client Scan
+ ansible.builtin.command: insights-client
+ when:
+ - not ansible_check_mode
+ - ansible_local.insights.system_id is defined
- - block:
+ - name: Deploy report server
+ delegate_to: "{{ report_server }}"
+ run_once: true
+ block:
+ - name: Build report server
+ ansible.builtin.include_role:
+ name: "{{ item }}"
+ loop:
+ - demo.patching.report_server
+ - demo.patching.report_linux
+ - demo.patching.report_linux_patching
- - include_role:
- name: "{{ item }}"
- loop:
- - demo.patching.report_server
- - demo.patching.report_linux
- - demo.patching.report_linux_patching
-
- - include_role:
- name: demo.patching.report_server
- tasks_from: linux_landing_page
-
- delegate_to: "{{ report_server }}"
- run_once: yes
+ - name: Publish landing page
+ ansible.builtin.include_role:
+ name: demo.patching.report_server
+ tasks_from: linux_landing_page
diff --git a/linux/patching_report.yml b/linux/patching_report.yml
deleted file mode 100644
index 3c83a8c..0000000
--- a/linux/patching_report.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-- hosts: "{{ HOSTS }}"
- become: yes
- vars:
- report_server: node1
-
- tasks:
- - include_role:
- name: demo.patching.patch_linux
-
- - block:
- - yum:
- name: httpd
- state: latest
- check_mode: no
-
- - file:
- path: /var/www/html/reports/
- state: directory
- check_mode: no
-
- - copy:
- dest: /var/www/html/reports/.htaccess
- content: Options +Indexes
- check_mode: no
-
- - service:
- name: httpd
- state: started
- check_mode: no
-
- - include_role:
- name: demo.patching.report_linux
-
- - include_role:
- name: demo.patching.report_linux_patching
- delegate_to: "{{ report_server }}"
- run_once: yes
\ No newline at end of file
diff --git a/linux/podman.yml b/linux/podman.yml
index fb295e5..fe8f673 100644
--- a/linux/podman.yml
+++ b/linux/podman.yml
@@ -1,54 +1,53 @@
---
- name: Podman
- hosts: "{{ HOSTS }}"
-
+ hosts: "{{ _hosts | default(omit) }}"
vars:
volume_path: podman
message: undef
tasks:
- - name: Install Podman
- ansible.builtin.dnf:
- name: podman
- state: latest
- become: yes
+ - name: Install Podman
+ ansible.builtin.dnf:
+ name: podman
+ state: installed
+ become: true
- - name: Create volume dir
- ansible.builtin.file:
- path: "{{ volume_path }}"
- state: directory
+ - name: Create volume dir
+ ansible.builtin.file:
+ path: "{{ volume_path }}"
+ state: directory
- - name: Create index.html
- ansible.builtin.copy:
- dest: "{{ volume_path }}/index.html"
- content: "{{ message }}"
+ - name: Create index.html
+ ansible.builtin.copy:
+ dest: "{{ volume_path }}/index.html"
+ content: "{{ message }}"
- - name: Run httpd container
- containers.podman.podman_container:
- name: apache
- image: docker.io/httpd
- state: started
- volume:
- - "./{{ volume_path }}/:/usr/local/apache2/htdocs:z"
- ports:
- - "8080:80"
+ - name: Run httpd container
+ containers.podman.podman_container:
+ name: apache
+ image: docker.io/httpd
+ state: started
+ volume:
+ - "./{{ volume_path }}/:/usr/local/apache2/htdocs:z"
+ ports:
+ - "8080:80"
- - name: Check Web Page
- ansible.builtin.uri:
- url: http://127.0.0.1:8080
- return_content: yes
- register: web_output
- changed_when: false
+ - name: Check Web Page
+ ansible.builtin.uri:
+ url: http://127.0.0.1:8080
+ return_content: true
+ register: web_output
+ changed_when: false
- - name: podman ps
- shell: podman ps
- register: podman_output
- changed_when: false
+ - name: Podman ps
+ ansible.builtin.command: podman ps
+ register: podman_output
+ changed_when: false
- - name: Output
- ansible.builtin.debug:
- msg:
- - "Output of podman ps command:"
- - "{{ podman_output.stdout_lines }}"
- - "Contents of web page:"
- - "{{ web_output.content }}"
+ - name: Output
+ ansible.builtin.debug:
+ msg:
+ - "Output of podman ps command:"
+ - "{{ podman_output.stdout_lines }}"
+ - "Contents of web page:"
+ - "{{ web_output.content }}"
diff --git a/linux/run_script.yml b/linux/run_script.yml
index 8a9ae65..e4159f4 100644
--- a/linux/run_script.yml
+++ b/linux/run_script.yml
@@ -1,20 +1,22 @@
---
- name: Run Shell Script
- hosts: "{{ HOSTS }}"
- become: yes
- gather_facts: no
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
+ gather_facts: false
vars:
shell_script: undef
tasks:
- name: Run Shell Script
- shell: "{{ shell_script }}"
+ ansible.builtin.shell: "{{ shell_script }}"
register: shell_output
+ tags:
+ - skip_ansible_lint # provided variable could require shell modele
- name: Print script output
- debug:
+ ansible.builtin.debug:
var: shell_output.stdout_lines
- - debug:
+ - name: Print message
+ ansible.builtin.debug:
msg: You should really consider converting this script to a playbook!
- run_once: yes
diff --git a/linux/service_start.yml b/linux/service_start.yml
index b8b650a..8e7a8d1 100644
--- a/linux/service_start.yml
+++ b/linux/service_start.yml
@@ -1,15 +1,16 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Start service
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
vars:
service_name: undef
tasks:
- - name: Check Service
- service_facts:
+ - name: Check Service
+ ansible.builtin.service_facts:
- - name: Start Service
- service:
- name: "{{ service_name }}"
- state: started
- when: service_name + '.service' in services
+ - name: Start Service
+ ansible.builtin.service:
+ name: "{{ service_name }}"
+ state: started
+ when: service_name + '.service' in services
diff --git a/linux/service_stop.yml b/linux/service_stop.yml
index 4cfb791..f8104fe 100644
--- a/linux/service_stop.yml
+++ b/linux/service_stop.yml
@@ -1,15 +1,16 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Stop service
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
vars:
service_name: undef
tasks:
- - name: Check Service
- service_facts:
+ - name: Check Service
+ ansible.builtin.service_facts:
- - name: Stop Service
- service:
- name: "{{ service_name }}"
- state: stopped
- when: service_name + '.service' in services
+ - name: Stop Service
+ ansible.builtin.service:
+ name: "{{ service_name }}"
+ state: stopped
+ when: service_name + '.service' in services
diff --git a/linux/setup.yml b/linux/setup.yml
index 6efc910..e2ea28c 100644
--- a/linux/setup.yml
+++ b/linux/setup.yml
@@ -1,6 +1,6 @@
---
user_message:
- - Be sure to update the 'activation_key' and 'org_id' extra variables for 'LINUX / Register with Insights'. https://access.redhat.com/management/activation_keys
+ - Update the 'activation_key' and 'org_id' extra variables for 'LINUX / Register with Insights'. https://access.redhat.com/management/activation_keys
- Update Credential for Insights Inventory with Red Hat account.
- Add variables for system_roles. https://console.redhat.com/ansible/automation-hub/repo/published/redhat/rhel_system_roles
controller_components:
@@ -53,7 +53,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
extra_vars:
activation_key: !unsafe "RHEL{{ ansible_distribution_major_version }}_{{ env }}"
@@ -64,7 +64,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Choose Environment
type: multiplechoice
@@ -93,7 +93,7 @@ controller_templates:
notification_templates_error: Telemetry
use_fact_cache: true
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -101,7 +101,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- name: "LINUX / Temporary Sudo"
@@ -113,7 +113,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -121,7 +121,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: User Name
type: text
@@ -143,9 +143,9 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
use_fact_cache: true
- ask_job_type_on_launch: yes
+ ask_job_type_on_launch: true
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -153,7 +153,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- name: "LINUX / Start Service"
@@ -166,7 +166,7 @@ controller_templates:
notification_templates_error: Telemetry
use_fact_cache: true
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -174,7 +174,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Service Name
type: text
@@ -191,7 +191,7 @@ controller_templates:
notification_templates_error: Telemetry
use_fact_cache: true
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -199,7 +199,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Service Name
type: text
@@ -215,7 +215,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -223,7 +223,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Shell Script
type: textarea
@@ -248,7 +248,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- name: "LINUX / Podman Webserver"
@@ -260,7 +260,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -268,7 +268,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Web Page Message
type: textarea
@@ -284,15 +284,15 @@ controller_templates:
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
- diff_mode: yes
- ask_job_type_on_launch: yes
+ diff_mode: true
+ ask_job_type_on_launch: true
extra_vars:
system_roles:
- selinux
selinux_policy: targeted
selinux_state: enforcing
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -300,7 +300,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- name: "LINUX / Install Web Console (cockpit)"
@@ -311,10 +311,10 @@ controller_templates:
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
- diff_mode: yes
- ask_job_type_on_launch: yes
+ diff_mode: true
+ ask_job_type_on_launch: true
extra_vars:
- system_roles:
+ system_roles:
- cockpit
credentials:
- "Workshop Credential"
@@ -325,7 +325,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Cockpit package load
type: multiplechoice
@@ -346,7 +346,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
extra_vars:
sudo_remove_nopasswd: false
survey_enabled: true
@@ -356,7 +356,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Compliance Profile
type: multiplechoice
@@ -371,7 +371,7 @@ controller_templates:
project: "Ansible official demo project"
playbook: "linux/insights_compliance_scan.yml"
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -379,7 +379,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Have you associated a compliance profile in the Insights Console for all hosts to be scanned? If not, then the scan will fail.
type: multiplechoice
@@ -400,7 +400,7 @@ controller_templates:
notification_templates_error: Telemetry
use_fact_cache: true
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -408,7 +408,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: true
- question_name: Application Package Name
type: text
diff --git a/linux/system_roles.yml b/linux/system_roles.yml
index 6ad1a8f..a6c8fcc 100644
--- a/linux/system_roles.yml
+++ b/linux/system_roles.yml
@@ -1,14 +1,14 @@
---
- name: Apply RHEL System Roles
- hosts: "{{ HOSTS }}"
+ hosts: "{{ _hosts | default(omit) }}"
become: true
vars:
system_roles: undef
tasks:
- name: Apply System Roles
- include_role:
+ ansible.builtin.include_role:
name: "redhat.rhel_system_roles.{{ item }}"
loop: "{{ system_roles }}"
when:
- - system_roles | d("") | length > 0
\ No newline at end of file
+ - system_roles | d("") | length > 0
diff --git a/linux/temp_sudo.yml b/linux/temp_sudo.yml
index b7b6460..87d2e5d 100644
--- a/linux/temp_sudo.yml
+++ b/linux/temp_sudo.yml
@@ -1,8 +1,8 @@
---
- name: Temporary Sudo
- hosts: "{{ HOSTS }}"
- become: yes
- gather_facts: no
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
+ gather_facts: false
vars:
sudo_cleanup: true
sudo_user: undef
@@ -11,31 +11,31 @@
tasks:
- name: Check if sudo user exists on system
- getent:
+ ansible.builtin.getent:
database: passwd
key: "{{ sudo_user }}"
- name: Check Cleanup package
- yum:
+ ansible.builtin.yum:
name: at
state: present
- name: Check Cleanup Service
- service:
+ ansible.builtin.service:
name: atd
state: started
- name: Create Sudo Rule
- copy:
+ ansible.builtin.copy:
dest: "/etc/sudoers.d/{{ sudo_user }}"
owner: root
group: root
- mode: 0640
+ mode: "0640"
content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL"
- name: Set Permission Cleanup
- at:
+ ansible.posix.at:
command: "rm /etc/sudoers.d/{{ sudo_user }}"
count: "{{ sudo_time }}"
units: "{{ sudo_units }}"
- when: sudo_cleanup|bool
+ when: sudo_cleanup | bool
diff --git a/linux/tshoot.yml b/linux/tshoot.yml
index 51c3499..333e4d0 100644
--- a/linux/tshoot.yml
+++ b/linux/tshoot.yml
@@ -1,29 +1,29 @@
---
-- name: gather debug info
- hosts: "{{ HOSTS }}"
- become: yes
+- name: Gather debug info
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
tasks:
- name: Gather recent vmstat info
- command: /bin/vmstat 1 5
+ ansible.builtin.command: /bin/vmstat 1 5
register: vmstat
-
+
- name: Gather top CPU hogs
- command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu
+ ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu
register: pscpu
-
+
- name: Gather top memory hogs
- command: ps -eo user,pid,size,pcpu,cmd --sort=-size
+ ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-size
register: pssize
-
+
- name: Swap + wait states
- debug:
+ ansible.builtin.debug:
var: vmstat.stdout_lines
-
+
- name: Top 3 CPU hogs
- debug:
+ ansible.builtin.debug:
var: pscpu.stdout_lines[:4]
-
+
- name: Top 3 memory hogs
- debug:
- var: pssize.stdout_lines[:4]
\ No newline at end of file
+ ansible.builtin.debug:
+ var: pssize.stdout_lines[:4]
diff --git a/network/report.yml b/network/report.yml
index a475195..4e4eeea 100644
--- a/network/report.yml
+++ b/network/report.yml
@@ -4,7 +4,7 @@
# https://github.com/network-automation/toolkit/blob/master/roles/build_report/tasks/main.yml
- name: Collect facts
- hosts: "{{ HOSTS }}"
+ hosts: "{{ _hosts | default(omit) }}"
gather_facts: false
tasks:
@@ -32,7 +32,7 @@
# ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}"
- hosts: node1
- become: yes
+ become: true
vars:
report_server: node1
web_path: /var/www/html/reports/
@@ -50,7 +50,7 @@
loop:
- demo.patching.report_server
- demo.patching.build_report_network
-
+
- ansible.builtin.include_role:
name: demo.patching.report_server
tasks_from: linux_landing_page
diff --git a/network/setup.yml b/network/setup.yml
index 100bc02..37409d6 100644
--- a/network/setup.yml
+++ b/network/setup.yml
@@ -14,8 +14,8 @@ controller_projects:
organization: Default
scm_type: git
scm_url: https://github.com/nleiva/ansible-net-modules
- update_project: yes
- wait: yes
+ update_project: true
+ wait: true
controller_inventories:
- name: Network Inventory
@@ -47,7 +47,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
ask_limit_on_launch: true
- use_fact_cache: yes
+ use_fact_cache: true
survey:
name: ''
description: ''
@@ -79,7 +79,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
use_fact_cache: true
- ask_job_type_on_launch: yes
+ ask_job_type_on_launch: true
credentials:
- "Workshop Credential"
survey_enabled: true
@@ -89,7 +89,7 @@ controller_templates:
spec:
- question_name: What devices do you want to include in the report?
type: multiplechoice
- variable: HOSTS
+ variable: _hosts
default: routers
required: true
choices:
diff --git a/satellite/server_openscap.yml b/satellite/server_openscap.yml
index ac5129b..0caa1da 100644
--- a/satellite/server_openscap.yml
+++ b/satellite/server_openscap.yml
@@ -1,16 +1,17 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Run openSCAP scan
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
vars:
policy_name: all
roles:
- demo.satellite.scap_client
tasks:
- - name: Randomized startup delay...
- pause: seconds="{{ 5 | random }}"
+ - name: Randomized startup delay...
+ ansible.builtin.pause: seconds="{{ 5 | random }}"
- - name: "Run SCAP Scan"
- shell: "/usr/bin/foreman_scap_client {{ item.id }}"
- loop: "{{ policy }}"
- when: policy_scan == 'all' or item.name in policy_scan
+ - name: Run SCAP Scan
+ ansible.builtin.shell: "/usr/bin/foreman_scap_client {{ item.id }}"
+ loop: "{{ policy }}"
+ when: policy_scan == 'all' or item.name in policy_scan
diff --git a/satellite/server_register.yml b/satellite/server_register.yml
index 0ee988a..c08a0ad 100644
--- a/satellite/server_register.yml
+++ b/satellite/server_register.yml
@@ -1,8 +1,9 @@
---
-- hosts: "{{ HOSTS }}"
- become: yes
+- name: Register host to Satellite
+ hosts: "{{ _hosts | default(omit) }}"
+ become: true
vars:
# env: undef
satellite_url: "{{ lookup('ansible.builtin.env', 'SATELLITE_SERVER') }}"
roles:
- - demo.satellite.register_host
\ No newline at end of file
+ - demo.satellite.register_host
diff --git a/satellite/setup.yml b/satellite/setup.yml
index b8fa354..3beeae3 100644
--- a/satellite/setup.yml
+++ b/satellite/setup.yml
@@ -205,7 +205,7 @@ controller_launch_jobs:
#######################
### Satellite Vars ###
######################
-satellite_components:
+satellite_components:
- content_views
#- content_view_publish
- lifecycle_environments
@@ -229,12 +229,12 @@ satellite_content_views:
- name: RHEL8
content_view: RHEL8
repositories:
- - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
- product: Red Hat Enterprise Linux for x86_64
- - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
- product: Red Hat Enterprise Linux for x86_64
- - name: Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
- product: Red Hat Enterprise Linux for x86_64
+ - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
+ product: Red Hat Enterprise Linux for x86_64
+ - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
+ product: Red Hat Enterprise Linux for x86_64
+ - name: Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
+ product: Red Hat Enterprise Linux for x86_64
satellite_lifecycle_environments:
# Red Hat Enterprise Linux 7
diff --git a/satellite/setup_satellite.yml b/satellite/setup_satellite.yml
index c70fa47..1a298e4 100644
--- a/satellite/setup_satellite.yml
+++ b/satellite/setup_satellite.yml
@@ -49,6 +49,6 @@
name: RHEL7_STIG
organizations: "{{ satellite_organization }}"
scap_file: "{{ item }}"
- loop:
+ loop:
- files/ssg-rhel7-ds-tailoring.xml
- files/ssg-rhel8-ds-tailoring-stig-gui.xml
diff --git a/setup_demo.yml b/setup_demo.yml
index 0850b63..7c62b7a 100644
--- a/setup_demo.yml
+++ b/setup_demo.yml
@@ -54,7 +54,7 @@
- name: "SESSION_COOKIE_AGE"
value: 180000
- - name: "include configuration for {{ demo }}"
+ - name: "Include configuration for {{ demo }}"
ansible.builtin.include_vars: "{{ demo }}/setup.yml"
- name: Demo Components
diff --git a/windows/backup.yml b/windows/backup.yml
index 86081b9..661630a 100644
--- a/windows/backup.yml
+++ b/windows/backup.yml
@@ -3,5 +3,5 @@
name: Rollback playbook
tasks:
- name: "Rollback this step"
- debug:
+ ansible.builtin.debug:
msg: "Rolling back this step"
diff --git a/windows/create_ad_domain.yml b/windows/create_ad_domain.yml
index bddbed6..d17459f 100644
--- a/windows/create_ad_domain.yml
+++ b/windows/create_ad_domain.yml
@@ -1,50 +1,50 @@
---
- name: Create Active Directory domain
- hosts: "{{ HOSTS | default('os_windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- - name: Set Local Admin Password
- ansible.windows.win_user:
- name: Administrator
- password: "{{ ansible_password }}"
+ - name: Set Local Admin Password
+ ansible.windows.win_user:
+ name: Administrator
+ password: "{{ ansible_password }}"
- - name: Create new domain in a new forest on the target host
- ansible.windows.win_domain:
- dns_domain_name: ansible.local
- safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
- register: new_forest
+ - name: Create new domain in a new forest on the target host
+ ansible.windows.win_domain:
+ dns_domain_name: ansible.local
+ safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
+ register: new_forest
- - name: Reboot the target host
- ansible.windows.win_reboot:
- reboot_timeout: 3600
- when: new_forest.reboot_required
+ - name: Reboot the target host
+ ansible.windows.win_reboot:
+ reboot_timeout: 3600
+ when: new_forest.reboot_required
- - name: Wait up to 10min for AD web services to start
- community.windows.win_wait_for_process:
- process_name_exact: Microsoft.ActiveDirectory.WebServices
- pre_wait_delay: 60
- state: present
- timeout: 600
- sleep: 10
- remote_user: Administrator
+ - name: Wait up to 10min for AD web services to start
+ community.windows.win_wait_for_process:
+ process_name_exact: Microsoft.ActiveDirectory.WebServices
+ pre_wait_delay: 60
+ state: present
+ timeout: 600
+ sleep: 10
+ remote_user: Administrator
- - name: Create some groups
- community.windows.win_domain_group:
- name: "{{ item.name }}"
- scope: global
- loop:
- - { name: "GroupA" }
- - { name: "GroupB" }
- - { name: "GroupC" }
+ - name: Create some groups
+ community.windows.win_domain_group:
+ name: "{{ item.name }}"
+ scope: global
+ loop:
+ - { name: "GroupA" }
+ - { name: "GroupB" }
+ - { name: "GroupC" }
- - name: Create some users
- community.windows.win_domain_user:
- name: "{{ item.name }}"
- groups: "{{ item.groups }}"
- password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
- update_password: on_create
- loop:
- - { name: "UserA", groups: "GroupA" }
- - { name: "UserB", groups: "GroupB" }
- - { name: "UserC", groups: "GroupC" }
+ - name: Create some users
+ community.windows.win_domain_user:
+ name: "{{ item.name }}"
+ groups: "{{ item.groups }}"
+ password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
+ update_password: on_create
+ loop:
+ - { name: "UserA", groups: "GroupA" }
+ - { name: "UserB", groups: "GroupB" }
+ - { name: "UserC", groups: "GroupC" }
diff --git a/windows/helpdesk_new_user_portal.yml b/windows/helpdesk_new_user_portal.yml
index a9d61ba..a5dc320 100644
--- a/windows/helpdesk_new_user_portal.yml
+++ b/windows/helpdesk_new_user_portal.yml
@@ -1,39 +1,39 @@
---
- name: Helpdesk new user portal
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('windows') }}"
gather_facts: false
tasks:
- - name: Setting host facts using complex arguments
- set_fact:
- temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
- # Example result: ['&Qw2|E[-']
+ - name: Setting host facts using complex arguments
+ ansible.builtin.set_fact:
+ temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
+ # Example result: ['&Qw2|E[-']
- - name: Create new user
- community.windows.win_domain_user:
- name: "{{ firstname }} {{ surname }}"
- firstname: "{{ firstname }}"
- surname: "{{ surname }}"
- sam_account_name: "{{ firstname[0] }}{{ surname }}"
- company: BobCo
- password: "{{ temp_password }}"
- state: present
- groups:
- - "GroupA"
- - "GroupB"
- street: "{{ street }}"
- city: "{{ city }}"
- state_province: IN
- postal_code: "{{ postal_code }}"
- country: US
- attributes:
- telephoneNumber: "{{ telephone_number }}"
- register: new_user
+ - name: Create new user
+ community.windows.win_domain_user:
+ name: "{{ firstname }} {{ surname }}"
+ firstname: "{{ firstname }}"
+ surname: "{{ surname }}"
+ sam_account_name: "{{ firstname[0] }}{{ surname }}"
+ company: BobCo
+ password: "{{ temp_password }}"
+ state: present
+ groups:
+ - "GroupA"
+ - "GroupB"
+ street: "{{ street }}"
+ city: "{{ city }}"
+ state_province: IN
+ postal_code: "{{ postal_code }}"
+ country: US
+ attributes:
+ telephoneNumber: "{{ telephone_number }}"
+ register: new_user
- - name: Display User
- debug:
- var: new_user
+ - name: Display User
+ ansible.builtin.debug:
+ var: new_user
- - name: Show temp password
- debug:
- var: temp_password
+ - name: Show temp password
+ ansible.builtin.debug:
+ var: temp_password
diff --git a/windows/install_iis.yml b/windows/install_iis.yml
index 2b84612..eb15c8c 100644
--- a/windows/install_iis.yml
+++ b/windows/install_iis.yml
@@ -1,25 +1,25 @@
---
- name: Install IIS
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('windows') }}"
vars:
iis_message: undef
tasks:
- name: Install IIS
- win_feature:
+ ansible.windows.win_feature:
name: Web-Server
state: present
- name: Start IIS service
- win_service:
+ ansible.windows.win_service:
name: W3Svc
state: started
- name: Create website index.html
- win_copy:
+ ansible.windows.win_copy:
content: "{{ iis_message }}"
dest: C:\Inetpub\wwwroot\index.html
- name: Show website address
- debug:
+ ansible.builtin.debug:
msg: http://{{ ansible_host }}
diff --git a/windows/patching.yml b/windows/patching.yml
index ab7f3c0..d6a8ec0 100644
--- a/windows/patching.yml
+++ b/windows/patching.yml
@@ -1,25 +1,28 @@
---
- name: Windows updates
- hosts: "{{ HOSTS | default('os_windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
+ strategy: linear
vars:
report_server: win1
-
+
tasks:
- - include_role:
- name: demo.patching.patch_windows
+ - name: Patch windows server
+ ansible.builtin.include_role:
+ name: demo.patching.patch_windows
- - block:
+ - name: Build report server
+ delegate_to: "{{ report_server }}"
+ run_once: true
+ block:
+ - name: Install report server
+ ansible.builtin.include_role:
+ name: "{{ item }}"
+ loop:
+ - demo.patching.report_server
+ - demo.patching.report_windows
+ - demo.patching.report_windows_patching
- - include_role:
- name: "{{ item }}"
- loop:
- - demo.patching.report_server
- - demo.patching.report_windows
- - demo.patching.report_windows_patching
-
- - include_role:
- name: demo.patching.report_server
- tasks_from: windows_landing_page
-
- delegate_to: "{{ report_server }}"
- run_once: yes
+ - name: Update landing page
+ ansible.builtin.include_role:
+ name: demo.patching.report_server
+ tasks_from: windows_landing_page
diff --git a/windows/powershell.yml b/windows/powershell.yml
index ccba36f..ed9d348 100644
--- a/windows/powershell.yml
+++ b/windows/powershell.yml
@@ -1,16 +1,17 @@
---
- name: Run PowerShell
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
vars:
ps_script: undef
tasks:
- - name: Run PowerShell
- ansible.windows.win_powershell:
- script: |
- {{ ps_script }}
- register: ps_output
+ - name: Run PowerShell
+ ansible.windows.win_powershell:
+ script: |
+ {{ ps_script }}
+ register: ps_output
- - debug:
- msg: "{{ ps_output.output }}"
+ - name: Print output
+ ansible.builtin.debug:
+ msg: "{{ ps_output.output }}"
diff --git a/windows/powershell_dsc.yml b/windows/powershell_dsc.yml
index f283041..dc91e42 100644
--- a/windows/powershell_dsc.yml
+++ b/windows/powershell_dsc.yml
@@ -1,42 +1,42 @@
---
- name: PowerShell DSC
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- - name: Setup the SecurityPolicyDSC module
- community.windows.win_psmodule:
- name: SecurityPolicyDSC
- module_version: 2.10.0.0
- state: present
- accept_license: yes
-
- - name: Set password history
- ansible.windows.win_dsc:
- resource_name: AccountPolicy
- Name: Enforce_password_history
- Enforce_password_history: 24
+ - name: Setup the SecurityPolicyDSC module
+ community.windows.win_psmodule:
+ name: SecurityPolicyDSC
+ module_version: 2.10.0.0
+ state: present
+ accept_license: true
- - name: Set maximum password age
- ansible.windows.win_dsc:
- resource_name: AccountPolicy
- Name: Maximum_Password_Age
- Maximum_Password_Age: 60
+ - name: Set password history
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Enforce_password_history
+ Enforce_password_history: 24
- - name: Set minimum password age
- ansible.windows.win_dsc:
- resource_name: AccountPolicy
- Name: Minimum_Password_Age
- Maximum_Password_Age: 20
+ - name: Set maximum password age
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Maximum_Password_Age
+ Maximum_Password_Age: 60
- - name: Set minimum password length
- ansible.windows.win_dsc:
- resource_name: AccountPolicy
- Name: Minimum_Password_Length
- Maximum_Password_Age: 8
+ - name: Set minimum password age
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Minimum_Password_Age
+ Maximum_Password_Age: 20
- - name: Set password complexity requirements
- ansible.windows.win_dsc:
- resource_name: AccountPolicy
- Name: Password_must_meet_complexity_requirements
- Password_must_meet_complexity_requirements: Enabled
+ - name: Set minimum password length
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Minimum_Password_Length
+ Maximum_Password_Age: 8
+
+ - name: Set password complexity requirements
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Password_must_meet_complexity_requirements
+ Password_must_meet_complexity_requirements: Enabled
diff --git a/windows/powershell_script.yml b/windows/powershell_script.yml
index 48ca142..c887f81 100644
--- a/windows/powershell_script.yml
+++ b/windows/powershell_script.yml
@@ -1,20 +1,22 @@
---
- name: PowerShell Script
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
vars:
remote_dest: "C:\\query_services.ps1"
- tasks:
- - name: Copy script to remote
- ansible.windows.win_copy:
- src: "{{playbook_dir}}/query_services.ps1"
- dest: "{{ remote_dest }}"
-
- - name: Run Script
- ansible.windows.win_powershell:
- script: |
- {{ remote_dest }} -ServiceState {{ service_state }}
- register: ps_output
- - debug:
- var: ps_output
+ tasks:
+ - name: Copy script to remote
+ ansible.windows.win_copy:
+ src: "{{ playbook_dir }}/query_services.ps1"
+ dest: "{{ remote_dest }}"
+
+ - name: Run Script
+ ansible.windows.win_powershell:
+ script: |
+ {{ remote_dest }} -ServiceState {{ service_state }}
+ register: ps_output
+
+ - name: Print output
+ ansible.builtin.debug:
+ var: ps_output
diff --git a/windows/setup.yml b/windows/setup.yml
index 967a848..d979461 100644
--- a/windows/setup.yml
+++ b/windows/setup.yml
@@ -22,7 +22,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -30,7 +30,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- question_name: web content
type: text
@@ -40,7 +40,7 @@ controller_templates:
- name: "WINDOWS / Patching"
use_fact_cache: true
job_type: check
- ask_job_type_on_launch: yes
+ ask_job_type_on_launch: true
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/patching.yml"
@@ -49,7 +49,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -57,7 +57,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- question_name: Update categories
type: multiselect
@@ -94,7 +94,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -102,7 +102,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- name: "WINDOWS / Chocolatey install specific"
@@ -114,7 +114,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -122,7 +122,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- question_name: Package name
type: text
@@ -138,7 +138,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -146,9 +146,9 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- - question_name: PowerShell Script
+ - question_name: PowerShell Script
type: textarea
variable: ps_script
default: "Get-Service | Where-Object -FilterScript {$_.Status -eq 'running'} | Select-Object -Property 'Name'"
@@ -163,7 +163,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -171,7 +171,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- question_name: Service state to query?
type: multiplechoice
@@ -191,7 +191,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -199,7 +199,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- name: "WINDOWS / AD /Create Domain"
@@ -211,7 +211,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -219,7 +219,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
- variable: HOSTS
+ variable: _hosts
required: false
- name: "WINDOWS / AD / New User"
@@ -231,7 +231,7 @@ controller_templates:
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- - "Workshop Credential"
+ - "Workshop Credential"
survey_enabled: true
survey:
name: ''
diff --git a/windows/snow.yml b/windows/snow.yml
deleted file mode 100644
index 4b1aa1b..0000000
--- a/windows/snow.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-- name: open a change request
- hosts: student1-ansible-1
- vars:
- change_request:
- severity: 2
- priority: 2
- description: Automated Provisioning
- justification: Ansible Triggered
- implementation_plan: Updated by Red Hat AAP
- risk_impact_analysis: Changes are made automatically based on approved changes
- test_plan: Run synthetic validation tests post-deployment
- short_description: Automated Provisioning
- tasks:
- - name: Create a change request
- servicenow.itsm.change_request:
- instance:
- host: "https://{{ snow_instance }}.service-now.com"
- username: "{{ snow_username }}"
- password: "{{ snow_password }}"
- type: standard
- state: new
- requested_by: admin
- short_description: "{{ change_request.short_description }}"
- description: "{{ change_request.description }}"
- priority: moderate
- risk: low
- impact: low
- register: new_incident
-
- - debug:
- var: new_incident.record.number
diff --git a/windows/windows_choco_multiple.yml b/windows/windows_choco_multiple.yml
index d9c226d..dfeca17 100644
--- a/windows/windows_choco_multiple.yml
+++ b/windows/windows_choco_multiple.yml
@@ -1,27 +1,28 @@
---
- name: Chocolatey install multiple
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
vars:
choco_packages:
- name: nodejs
- name: python
tasks:
- - name: Install specific versions of packages sequentially
- win_chocolatey:
- name: "{{ item.name }}"
- state: latest
- loop: "{{ choco_packages }}"
+ - name: Install specific versions of packages sequentially
+ chocolatey.chocolatey.win_chocolatey:
+ name: "{{ item.name }}"
+ state: installed
+ loop: "{{ choco_packages }}"
- - name: Check python version
- win_command: python --version
- register: check_python_version
- changed_when: false
+ - name: Check python version
+ ansible.windows.win_command: python --version
+ register: check_python_version
+ changed_when: false
- - name: Check nodejs version
- win_command: node --version
- register: check_node_version
- changed_when: false
+ - name: Check nodejs version
+ ansible.windows.win_command: node --version
+ register: check_node_version
+ changed_when: false
- - debug:
- msg: Python Version is {{ check_python_version.stdout_lines[0] }} and NodeJS version is {{ check_node_version.stdout_lines[0] }}
+ - name: Print message
+ ansible.builtin.debug:
+ msg: Python Version is {{ check_python_version.stdout_lines[0] }} and NodeJS version is {{ check_node_version.stdout_lines[0] }}
diff --git a/windows/windows_choco_specific.yml b/windows/windows_choco_specific.yml
index 5f034ec..7f86851 100644
--- a/windows/windows_choco_specific.yml
+++ b/windows/windows_choco_specific.yml
@@ -1,9 +1,9 @@
---
- name: Chocolatey install specific
- hosts: "{{ HOSTS | default('windows') }}"
+ hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- - name: Install choco package with specific version
- win_chocolatey:
- name: "{{ package_name }}"
+ - name: Install choco package with specific version
+ chocolatey.chocolatey.win_chocolatey:
+ name: "{{ package_name }}"
Ansible Automation Reports
--
|
-
-
- |
- - {{ page }} - | -{% endfor %} -
Created with
-