Build Windows Templates in RHV

roles/oatakan.windows_template_build/tasks/enable_tls_system_default.yml

@@ -0,0 +1,51 @@
+# on Windows 7 SP1, TLS 1.1 and 1.2 is not enabled by default
+# this hotfix is needed to fix that
+# see https://support.microsoft.com/en-us/topic/support-for-tls-system-default-versions-included-in-the-net-framework-3-5-1-on-windows-7-sp1-and-server-2008-r2-sp1-5ef38dda-8e6c-65dc-c395-62d2df58715a
+
+- name: download hotfix
+  raw: '(New-Object -TypeName System.Net.WebClient).DownloadFile("{{ enable_tls_support_hotfix.url }}", "{{ enable_tls_support_hotfix_download_location }}\\{{ enable_tls_support_hotfix.file }}")'
+  changed_when: False
+  check_mode: no
+  register: download_hotfix
+  until: download_hotfix is success
+  delay: 3
+  retries: 5
+
+- name: delete scheduled task if it exists (hotfix)
+  raw: 'SCHTASKS /Delete /TN hotfix_install /f'
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+  ignore_errors: yes
+
+- name: create a scheduled task to install hotfix
+  raw: SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN hotfix_install /TR "{{ enable_tls_support_hotfix_download_location }}\\{{ enable_tls_support_hotfix.file }} /quiet /norestart"
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+
+- name: run scheduled task (hotfix)
+  raw: 'SCHTASKS /Run /TN hotfix_install'
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+
+- pause:
+    seconds: 30
+
+- name: delete scheduled task (hotfix)
+  raw: 'SCHTASKS /Delete /TN hotfix_install /f'
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+  ignore_errors: yes
+
+- name: remove hotfix file
+  raw: 'Remove-Item -Path {{ enable_tls_support_hotfix_download_location }}\{{ enable_tls_support_hotfix.file }} -Force'
+  changed_when: False
+  check_mode: no
+  ignore_errors: yes

roles/oatakan.windows_template_build/tasks/security-update-win2012.yml

@@ -0,0 +1,32 @@
+---
+# this update is needed to enable .NET clients to use https (tslv12) on Windows 8.1 and Windows Server 2012 R2
+# see https://www.microsoft.com/en-us/download/confirmation.aspx?id=42883
+
+- name: download hotfix
+  win_get_url:
+    url: '{{ dot_net_security_hotfix.url }}'
+    dest: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
+  register: download_hotfix
+  until: download_hotfix is success
+  delay: 3
+  retries: 5
+
+- name: install hotfix (PS >= 4)
+  win_hotfix:
+    source: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
+    state: present
+  register: hotfix_install
+  when: ansible_powershell_version is version('4', '>=')
+
+- name: debug hotfix installation result
+  debug:
+    var: hotfix_install
+
+- name: ensure hotfix file is removed
+  win_file:
+    path: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
+    state: absent
+
+- name: reboot if needed
+  win_reboot:
+  when: hotfix_install.reboot_required | default(False)

roles/oatakan.windows_template_build/tasks/update-agent-win2008.yml

@@ -0,0 +1,13 @@
+---
+# this updates windows update which is needed to install further updates
+# see https://docs.microsoft.com/en-US/troubleshoot/windows-client/deployment/update-windows-update-agent
+
+- name: ensure Windows Update Agent on 2008 is installed
+  win_package:
+    path: "{{ windows_update_agent_url }}"
+    arguments:
+      - /quiet
+      - /norestart
+      - /wuforce
+    creates_path: C:\Windows\System32\wuaueng.dll
+    creates_version: 7.6.7600.320

roles/oatakan.windows_template_build/tasks/winrm-memfix.yml

@@ -0,0 +1,69 @@
+---
+
+# see https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-memory-hotfix
+
+- name: download script
+  raw: '[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072); (New-Object -TypeName System.Net.WebClient).DownloadFile("{{ ps_memfix_script_url }}", "{{ ps_memfix_script_file }}")'
+  changed_when: False
+  check_mode: no
+  register: download_script
+
+- name: set execution policy
+  raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
+  changed_when: False
+  check_mode: no
+  ignore_errors: yes
+
+- name: delete scheduled task if it exists
+  raw: 'SCHTASKS /Delete /TN memfix /f'
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+  failed_when: False
+
+- name: create a scheduled task to run powershell script
+  raw: >
+    SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN memfix /TR "powershell.exe -Command
+    '& {{ ps_memfix_script_file }} -Verbose'"
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+
+- name: run scheduled task
+  raw: 'SCHTASKS /Run /TN memfix'
+  args:
+    executable: cmd.exe
+  changed_when: False
+  check_mode: no
+
+- name: wait for system to reboot after fix
+  wait_for_connection:
+    delay: 240
+    sleep: 30
+    timeout: 300
+
+- name: wait for powershell memfix task to finish
+  raw: '((schtasks /query /TN memfix)[4] -split " +")[-2]'
+  changed_when: False
+  check_mode: no
+  register: memfix_status_check
+  failed_when: false
+  until: (memfix_status_check.stdout | trim | lower) == 'ready'
+  delay: 10
+  retries: 30
+
+- name: delete scheduled task
+  win_scheduled_task:
+    name: memfix
+    state: absent
+  register: delete_scheduled_task
+  until: delete_scheduled_task is success
+  delay: 10
+  retries: 10
+
+- name: delete script
+  win_file:
+    path: "{{ ps_memfix_script_file }}"
+    state: absent