ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge of RedHatGov/product-demos (#56)

Browse Source 
Co-authored-by: MKletz <michael.kletz.27@gmail.com>
Co-authored-by: Ajay Chenampara <ajay.chenampara@gmail.com>
Co-authored-by: dlemons-redhat <69318976+dlemons-redhat@users.noreply.github.com>
Co-authored-by: Nicolas Leiva <nicolasleiva@gmail.com>
Co-authored-by: benblasco <42140583+benblasco@users.noreply.github.com>
Co-authored-by: Benjamin Blasco <bblasco@redhat.com>
Co-authored-by: calvingsmith <4283930+calvingsmith@users.noreply.github.com>
Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com>
Co-authored-by: Hicham Mourad <43329991+HichamMourad@users.noreply.github.com>
This commit is contained in:
willtome
2023-03-17 09:07:02 -04:00
committed by GitHub
parent 8acff9c9b1
commit c18a206499
279 changed files with 5191 additions and 4649 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
windows/README.md Normal file
View File

@@ -0,0 +1,29 @@
# Windows Demos
## Table of Contents
- [Windows Demos](#windows-demos)
- [Table of Contents](#table-of-contents)
- [About These Demos](#about-these-demos)
- [Jobs](#jobs)
- [Suggested Usage](#suggested-usage)
## About These Demos
This category of demos shows examples of Windows Server operations and management with Ansible Automation Platform. The list of demos can be found below. See the [Suggested Usage](#suggested-usage) section of this document for recommendations on how to best use these demos.
### Jobs
- [**WINDOWS / Install IIS**](install_iis.yml) - Install IIS feature with a configurable index.html
- [**WINDOWS / Patching**](patching.yml) - Apply Windows updates by category and create report
- [**WINDOWS / Chocolatey install multiple**](windows_choco_multiple.yml) - Install multiple packages using Chocolatey and check versions
- [**WINDOWS / Chocolatey install specific**](windows_choco_specific.yml) - Install a single given package using Chocolatey
- [**WINDOWS / Arbitrary Powershell**](arbitrary_powershell.yml) - Run given Powershell script (default: retrieve cat fact from API)
- [**WINDOWS / Powershell Script**](powershell_script.yml) - Run a Powershell script stored in source control to query services
- [**WINDOWS / Powershell DSC configuring password requirements**](powershell_dsc.yml) - Configure password complexity with Powershell desired state config
- [**WINDOWS / Create Active Directory Domain**](active_directory/create_ad_domain.yml) - Create a new AD Domain
- [**WINDOWS / Helpdesk new user portal**](active_directory/helpdesk_new_user_portal.yml) - Create user in AD Domain
## Suggested Usage
**WINDOWS / Create Active Directory Domain** - This job can take some to complete. It is recommended to run ahead of time if you would like to demo creating a helpdesk user.
**WINDOWS / Helpdesk new user portal** - This job is dependant on the Create Active Directory Domain completing before users can be created.

44
windows/active_directory/create_ad_domain.yml
View File

@@ -1,44 +0,0 @@
---
- name: Create Active Directory domain
hosts: "{{ HOSTS | default('windows') }}"
gather_facts: false
tasks:
- name: Create new domain in a new forest on the target host
ansible.windows.win_domain:
dns_domain_name: ansible.local
safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
register: new_forest
- name: Reboot the target host
ansible.windows.win_reboot:
reboot_timeout: 3600
when: new_forest.reboot_required
- name: Wait up to 10min for AD web services to start
community.windows.win_wait_for_process:
process_name_exact: Microsoft.ActiveDirectory.WebServices
pre_wait_delay: 60
state: present
timeout: 600
sleep: 10
- name: Create some groups
community.windows.win_domain_group:
name: "{{ item.name }}"
scope: global
loop:
- { name: "GroupA" }
- { name: "GroupB" }
- { name: "GroupC" }
- name: Create some users
community.windows.win_domain_user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
update_password: on_create
loop:
- { name: "UserA", groups: "GroupA" }
- { name: "UserB", groups: "GroupB" }
- { name: "UserC", groups: "GroupC" }

39
windows/active_directory/helpdesk_new_user_portal.yml
View File

@@ -1,39 +0,0 @@
---
- name: Helpdesk new user portal
hosts: "{{ HOSTS | default('windows') }}"
gather_facts: false
tasks:
- name: Setting host facts using complex arguments
set_fact:
temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
# Example result: ['&Qw2|E[-']
- name: Create new user
community.windows.win_domain_user:
name: "{{ firstname }} {{ surname }}"
firstname: "{{ firstname }}"
surname: "{{ surname }}"
sam_account_name: "{{ firstname[0] }}{{ surname }}"
company: BobCo
password: "{{ temp_password }}"
state: present
groups:
- "GroupA"
- "GroupB"
street: "{{ street }}"
city: "{{ city }}"
state_province: IN
postal_code: "{{ postal_code }}"
country: US
attributes:
telephoneNumber: "{{ telephone_number }}"
register: new_user
- name: Display User
debug:
var: new_user
- name: Show temp password
debug:
var: temp_password

16
windows/arbitrary_powershell.yml
View File

@@ -1,16 +0,0 @@
---
- name: Arbitrary PowerShell
hosts: "{{ HOSTS | default('windows') }}"
gather_facts: false
vars:
ps_script: undef
tasks:
- name: Run PowerShell
ansible.windows.win_powershell:
script: |
{{ ps_script }}
register: ps_output
- debug:
msg: "{{ ps_output.output }}"

2
windows/backup.yml
View File

@@ -3,5 +3,5 @@
name: Rollback playbook
tasks:
- name: "Rollback this step"
debug:
ansible.builtin.debug:
msg: "Rolling back this step"

54
windows/create_ad_domain.yml Normal file
View File

@@ -0,0 +1,54 @@
---
- name: Create Active Directory domain
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- name: Set Local Admin Password
ansible.windows.win_user:
name: Administrator
password: "{{ ansible_password }}"
- name: Create new domain in a new forest on the target host
ansible.windows.win_domain:
dns_domain_name: ansible.local
safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
register: new_forest
- name: Reboot the target host
ansible.windows.win_reboot:
reboot_timeout: 3600
when: new_forest.reboot_required
- name: Wait up to 10min for AD web services to start
community.windows.win_wait_for_process:
process_name_exact: Microsoft.ActiveDirectory.WebServices
pre_wait_delay: 60
state: present
timeout: 600
sleep: 10
remote_user: Administrator
- name: Create some groups
community.windows.win_domain_group:
name: "{{ item.name }}"
scope: global
loop:
- { name: "GroupA" }
- { name: "GroupB" }
- { name: "GroupC" }
retries: 5
delay: 10
- name: Create some users
community.windows.win_domain_user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
update_password: on_create
loop:
- { name: "UserA", groups: "GroupA" }
- { name: "UserB", groups: "GroupB" }
- { name: "UserC", groups: "GroupC" }
retries: 5
delay: 10

2
windows/group_vars/os_windows.yml
View File

@@ -2,4 +2,4 @@
ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
ansible_port: 5986
ansible_port: 5986

39
windows/helpdesk_new_user_portal.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: Helpdesk new user portal
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- name: Setting host facts using complex arguments
ansible.builtin.set_fact:
temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
# Example result: ['&Qw2|E[-']
- name: Create new user
community.windows.win_domain_user:
name: "{{ firstname }} {{ surname }}"
firstname: "{{ firstname }}"
surname: "{{ surname }}"
sam_account_name: "{{ firstname[0] }}{{ surname }}"
company: BobCo
password: "{{ temp_password }}"
state: present
groups:
- "GroupA"
- "GroupB"
street: "{{ street }}"
city: "{{ city }}"
state_province: IN
postal_code: "{{ postal_code }}"
country: US
attributes:
telephoneNumber: "{{ telephone_number }}"
register: new_user
- name: Display User
ansible.builtin.debug:
var: new_user
- name: Show temp password
ansible.builtin.debug:
var: temp_password

10
windows/install_iis.yml
View File

@@ -1,25 +1,25 @@
---
- name: Install IIS
hosts: "{{ HOSTS | default('windows') }}"
hosts: "{{ _hosts | default('windows') }}"
vars:
iis_message: undef
tasks:
- name: Install IIS
win_feature:
ansible.windows.win_feature:
name: Web-Server
state: present
- name: Start IIS service
win_service:
ansible.windows.win_service:
name: W3Svc
state: started
- name: Create website index.html
win_copy:
ansible.windows.win_copy:
content: "{{ iis_message }}"
dest: C:\Inetpub\wwwroot\index.html
- name: Show website address
debug:
ansible.builtin.debug:
msg: http://{{ ansible_host }}

35
windows/patching.yml
View File

@@ -1,22 +1,27 @@
---
- name: Windows updates
hosts: "{{ HOSTS | default('os_windows') }}"
hosts: "{{ _hosts | default('os_windows') }}"
vars:
report_server: win1
tasks:
- include_role:
name: demo.patching.patch_windows
- name: Patch windows server
ansible.builtin.include_role:
name: demo.patching.patch_windows
- block:
- include_role:
name: demo.patching.report_server
tasks_from: iis
- name: Build report server
delegate_to: "{{ report_server }}"
run_once: true # noqa: run-once[task]
block:
- name: Install report server
ansible.builtin.include_role:
name: "{{ item }}"
loop:
- demo.patching.report_server
- demo.patching.report_windows
- demo.patching.report_windows_patching
- include_role:
name: demo.patching.report_windows
- include_role:
name: demo.patching.report_windows_patching
delegate_to: "{{ report_server }}"
run_once: yes
- name: Update landing page
ansible.builtin.include_role:
name: demo.patching.report_server
tasks_from: windows_landing_page

17
windows/powershell.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Run PowerShell
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
vars:
ps_script: undef
tasks:
- name: Run PowerShell
ansible.windows.win_powershell:
script: |
{{ ps_script }}
register: ps_output
- name: Print output
ansible.builtin.debug:
msg: "{{ ps_output.output }}"

65
windows/powershell_dsc.yml
View File

@@ -1,41 +1,42 @@
---
- name: PowerShell DSC
hosts: "{{ HOSTS | default('windows') }}"
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- name: Setup the SecurityPolicyDSC module
community.windows.win_psmodule:
name: SecurityPolicyDSC
module_version: 2.10.0.0
state: present
- name: Set password history
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Enforce_password_history
Enforce_password_history: 24
- name: Setup the SecurityPolicyDSC module
community.windows.win_psmodule:
name: SecurityPolicyDSC
module_version: 2.10.0.0
state: present
accept_license: true
- name: Set maximum password age
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Maximum_Password_Age
Maximum_Password_Age: 60
- name: Set password history
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Enforce_password_history
Enforce_password_history: 24
- name: Set minimum password age
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Minimum_Password_Age
Maximum_Password_Age: 20
- name: Set maximum password age
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Maximum_Password_Age
Maximum_Password_Age: 60
- name: Set minimum password length
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Minimum_Password_Length
Maximum_Password_Age: 8
- name: Set minimum password age
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Minimum_Password_Age
Maximum_Password_Age: 20
- name: Set password complexity requirements
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Password_must_meet_complexity_requirements
Password_must_meet_complexity_requirements: Enabled
- name: Set minimum password length
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Minimum_Password_Length
Maximum_Password_Age: 8
- name: Set password complexity requirements
ansible.windows.win_dsc:
resource_name: AccountPolicy
Name: Password_must_meet_complexity_requirements
Password_must_meet_complexity_requirements: Enabled

32
windows/powershell_script.yml
View File

@@ -1,20 +1,22 @@
---
- name: PowerShell Script
hosts: "{{ HOSTS | default('windows') }}"
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
vars:
remote_dest: "C:\\sample_script.ps1"
tasks:
- name: Copy script to remote
ansible.windows.win_copy:
src: "{{playbook_dir}}/sample_script.ps1"
dest: "{{ remote_dest }}"
- name: Run Script
ansible.windows.win_powershell:
script: |
{{ remote_dest }} -ServiceState {{ service_state }}
register: ps_output
remote_dest: "C:\\query_services.ps1"
- debug:
var: ps_output
tasks:
- name: Copy script to remote
ansible.windows.win_copy:
src: "{{ playbook_dir }}/query_services.ps1"
dest: "{{ remote_dest }}"
- name: Run Script
ansible.windows.win_powershell:
script: |
{{ remote_dest }} -ServiceState {{ service_state }}
register: ps_output
- name: Print output
ansible.builtin.debug:
var: ps_output

0
windows/sample_script.ps1 → windows/query_services.ps1
View File

94
windows/setup.yml
View File

@@ -18,9 +18,11 @@ controller_templates:
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/install_iis.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -28,7 +30,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- question_name: web content
type: text
@@ -38,13 +40,16 @@ controller_templates:
- name: "WINDOWS / Patching"
use_fact_cache: true
job_type: check
ask_job_type_on_launch: yes
ask_job_type_on_launch: true
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/patching.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -52,7 +57,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- question_name: Update categories
type: multiselect
@@ -85,9 +90,11 @@ controller_templates:
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/windows_choco_multiple.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -95,7 +102,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- name: "WINDOWS / Chocolatey install specific"
@@ -103,9 +110,11 @@ controller_templates:
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/windows_choco_specific.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -113,20 +122,23 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- question_name: Package name
type: text
variable: package_name
required: true
- name: "WINDOWS / Arbitrary PowerShell"
- name: "WINDOWS / Run PowerShell"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/arbitrary_powershell.yml"
execution_environment: Default execution environment
playbook: "windows/powershell.yml"
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -134,22 +146,24 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- question_name: PowerShell Script (Default returns random cat fact)
- question_name: PowerShell Script
type: textarea
variable: ps_script
default: "(Invoke-RestMethod -Method 'GET' -Uri 'https://catfact.ninja/fact').fact"
default: "Get-Service | Where-Object -FilterScript {$_.Status -eq 'running'} | Select-Object -Property 'Name'"
required: true
- name: "WINDOWS / PowerShell Script"
- name: "WINDOWS / Query Services"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/powershell_script.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -157,7 +171,7 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- question_name: Service state to query?
type: multiplechoice
@@ -168,14 +182,16 @@ controller_templates:
- 'Running'
- 'Stopped'
- name: "WINDOWS / PowerShell DSC configuring password requirements"
- name: "WINDOWS / Configuring Password Requirements"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/powershell_dsc.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -183,17 +199,19 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- name: "ACTIVE DIRECTORY / Create Active Directory domain"
- name: "WINDOWS / AD /Create Domain"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/active_directory/create_ad_domain.yml"
execution_environment: Default execution environment
playbook: "windows/create_ad_domain.yml"
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -201,17 +219,19 @@ controller_templates:
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
variable: _hosts
required: false
- name: "ACTIVE DIRECTORY / Helpdesk new user portal"
- name: "WINDOWS / AD / New User"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/active_directory/helpdesk_new_user_portal.yml"
execution_environment: Default execution environment
playbook: "windows/helpdesk_new_user_portal.yml"
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
@@ -244,4 +264,4 @@ controller_templates:
type: text
variable: telephone_number
default: 555-123456
required: false
required: false

32
windows/snow.yml
View File

@@ -1,32 +0,0 @@
---
- name: open a change request
hosts: student1-ansible-1
vars:
change_request:
severity: 2
priority: 2
description: Automated Provisioning
justification: Ansible Triggered
implementation_plan: Updated by Red Hat AAP
risk_impact_analysis: Changes are made automatically based on approved changes
test_plan: Run synthetic validation tests post-deployment
short_description: Automated Provisioning
tasks:
- name: Create a change request
servicenow.itsm.change_request:
instance:
host: "https://{{ snow_instance }}.service-now.com"
username: "{{ snow_username }}"
password: "{{ snow_password }}"
type: standard
state: new
requested_by: admin
short_description: "{{ change_request.short_description }}"
description: "{{ change_request.description }}"
priority: moderate
risk: low
impact: low
register: new_incident
- debug:
var: new_incident.record.number

35
windows/windows_choco_multiple.yml
View File

@@ -1,29 +1,28 @@
---
- name: Chocolatey install multiple
hosts: "{{ HOSTS | default('windows') }}"
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
vars:
choco_packages:
- name: nodejs
version: 13.0.0
- name: python
version: 3.6.0
tasks:
- name: Install specific versions of packages sequentially
win_chocolatey:
name: "{{ item.name }}"
version: "{{ item.version }}"
loop: "{{ choco_packages }}"
- name: Install specific versions of packages sequentially
chocolatey.chocolatey.win_chocolatey:
name: "{{ item.name }}"
state: present
loop: "{{ choco_packages }}"
- name: Check python version
win_command: python --version
register: check_python_version
changed_when: false
- name: Check python version
ansible.windows.win_command: python --version
register: check_python_version
changed_when: false
- name: Check nodejs version
win_command: node --version
register: check_node_version
changed_when: false
- name: Check nodejs version
ansible.windows.win_command: node --version
register: check_node_version
changed_when: false
- debug:
msg: Python Version is {{ check_python_version.stdout_lines[0] }} and NodeJS version is {{ check_node_version.stdout_lines[0] }}
- name: Print message
ansible.builtin.debug:
msg: Python Version is {{ check_python_version.stdout_lines[0] }} and NodeJS version is {{ check_node_version.stdout_lines[0] }}

8
windows/windows_choco_specific.yml
View File

@@ -1,9 +1,9 @@
---
- name: Chocolatey install specific
hosts: "{{ HOSTS | default('windows') }}"
hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false
tasks:
- name: Install choco package with specific version
win_chocolatey:
name: "{{ package_name }}"
- name: Install choco package with specific version
chocolatey.chocolatey.win_chocolatey:
name: "{{ package_name }}"