ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This a bad commit message. NO idea.

Browse Source
This commit is contained in:
Patrick Toal
2022-02-15 14:56:51 -05:00
parent 4a8ab6fc84
commit 3fb974987c
62 changed files with 421 additions and 1063 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
collections/requirements.yml
View File

@@ -34,5 +34,5 @@ collections:
- name: community.crypto
source: https://galaxy.ansible.com
- name: onepassword.connect
- name: ansible.posix
## - name: onepassword.connect
# - name: ansible.posix

2
context/Containerfile
View File

@@ -1,4 +1,4 @@
ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.10-devel
ARG EE_BASE_IMAGE=registry.redhat.io/ansible-automation-platform-20-early-access/ee-supported-rhel8:latest
ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
FROM $EE_BASE_IMAGE as galaxy

1
context/_build/ansible.cfg
View File

@@ -1,6 +1,5 @@
[defaults]
# Use the YAML callback plugin.
#stdout_callback = yaml
stdout_callback = community.general.yaml
callback_enabled = community.general.yaml
# Profile

4
context/_build/requirements.yml
View File

@@ -34,5 +34,5 @@ collections:
- name: community.crypto
source: https://galaxy.ansible.com
- name: onepassword.connect
- name: ansible.posix
## - name: onepassword.connect
# - name: ansible.posix

2
cvpublish.yml
View File

@@ -25,7 +25,7 @@
- name: Pre-tasks | Extract list of content views
set_fact:
sat6_content_views_list: "{{ sat6_content_views_list|default([]) }} + ['{{ item.name }}' ]"
loop: "{{ list_all_cvs | reject('search', 'Default_Organization_View') | list }}"
loop: "{{ list_all_cvs | reject('search', 'Default Organization View') | list }}"
when: item.composite == false
- name: Publish content

3
execution-environment.yml
View File

@@ -2,11 +2,10 @@
version: 1
build_arg_defaults:
EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.10-devel'
EE_BASE_IMAGE: 'registry.redhat.io/ansible-automation-platform-20-early-access/ee-supported-rhel8:latest'
ansible_config: '../../../.ansible.cfg'
dependencies:
galaxy: collections/requirements.yml
python: requirements.txt
system: bindep.txt

16
rhv_setup.yml
View File

@@ -13,6 +13,8 @@
ignore_errors: yes
register: key_info
- set_fact: have_valid_cert=false
- set_fact:
have_valid_cert: "{{ (key_info.not_after|to_datetime('%Y%m%d%H%M%SZ')).timestamp() > ansible_date_time.epoch|int + 2592000 }}"
when:
@@ -24,8 +26,8 @@
connection: local
gather_facts: false
# This doesn't belong here
vars:
acme_certificate_root_certificate: https://letsencrypt.org/certs/trustid-x3-root.pem.txt
#vars:
# acme_certificate_root_certificate: https://letsencrypt.org/certs/trustid-x3-root.pem.txt
pre_tasks:
@@ -56,7 +58,7 @@
roles:
- name: felixfontein.acme_certificate
when: not have_valid_cert
when: have_valid_cert is defined and not have_valid_cert
post_tasks:
- name: Remove tempfile
@@ -209,3 +211,11 @@
register: networkinfo
- debug: msg="{{networkinfo}}"
- name: Reminder
hosts: localhost
connection: local
tasks:
- name: Reminder
debug: "Don't forget to add tso off gro off gso off lro off to i217-LM NIC's (eg: Dell Optiplex)!"
# https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/administration_guide/sect-hosts_and_networking#Editing_Host_Network_Interfaces_and_Assigning_Logical_Networks_to_Hosts

2
roles/felixfontein.acme_certificate/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Mon Apr 19 15:24:27 2021
install_date: Fri Oct 15 18:59:51 2021
version: 1.1.1

2
roles/geerlingguy.gitlab/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:45 2021
install_date: Fri Oct 15 18:59:12 2021
version: 3.1.0

2
roles/geerlingguy.java/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:44 2021
install_date: Fri Oct 15 18:59:11 2021
version: 1.10.0

2
roles/ikke_t.container_image_cleanup/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:56 2021
install_date: Fri Oct 15 18:59:25 2021
version: master

1
roles/ikke_t.podman_container_systemd/README.md
View File

@@ -98,6 +98,7 @@ Dependencies
------------
* [containers.podman](https://galaxy.ansible.com/containers/podman) (collection)
* [ansible.posix](https://galaxy.ansible.com/ansible/posix) (collection)
Example Playbook
----------------

11
roles/ikke_t.podman_container_systemd/defaults/main.yml
View File

@@ -7,7 +7,7 @@ container_state: running
# see man systemd.service for info
# by default we want to restart failed container
container_restart: on-failure
service_files_dir: /etc/systemd/system
service_files_dir: /usr/local/lib/systemd/system
systemd_scope: system
systemd_TimeoutStartSec: 15
systemd_RestartSec: 30
@@ -17,6 +17,15 @@ container_run_as_user: root
container_run_as_group: root
container_stop_timeout: 15
# SystemD dependencies (some are hardcoded; see templates)
systemd_After: [network.target]
systemd_Before: []
systemd_Conflicts: []
systemd_RequiredBy: []
systemd_Requires: []
systemd_WantedBy: []
systemd_Wants: []
# systemd service name
service_name: "{{ container_name }}-container-pod-{{ container_run_as_user }}.service"

4
roles/ikke_t.podman_container_systemd/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:54 2021
version: 2.1.0
install_date: Fri Oct 15 18:59:22 2021
version: 2.2.0

3
roles/ikke_t.podman_container_systemd/meta/main.yml
View File

@@ -36,7 +36,8 @@ dependencies:
when: >
(ansible_distribution == 'Debian' and
ansible_distribution_release == 'buster') or
ansible_distribution == 'Ubuntu'
(ansible_distribution == 'Ubuntu' and
ansible_distribution_version is version('21.04', '<'))
collections:
- containers.podman

1
roles/ikke_t.podman_container_systemd/requirements.yml
View File

@@ -1,3 +1,4 @@
---
collections:
- ansible.posix
- containers.podman

27
roles/ikke_t.podman_container_systemd/tasks/main.yml
View File

@@ -38,11 +38,20 @@
- name: set systemd scope to system if needed
set_fact:
systemd_scope: system
service_files_dir: '/etc/systemd/system'
service_files_dir: /usr/local/lib/systemd/system
xdg_runtime_dir: "/run/user/{{ container_run_as_uid.stdout }}"
when: container_run_as_user == "root"
changed_when: false
- name: create local systemd directory
when: service_files_dir == '/usr/local/lib/systemd/system'
file:
group: root
mode: u=rwX,go=rX
owner: root
path: /usr/local/lib/systemd/system/
state: directory
- name: check if service file exists already
stat:
path: "{{ service_files_dir }}/{{ service_name }}"
@@ -95,6 +104,7 @@
# https://github.com/containers/libpod/issues/5570
# command: podman inspect -f {{.Id}} "{{ container_image }}"
command: "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}' {{ item }}"
changed_when: false
register: pre_pull_id
ignore_errors: true
when:
@@ -121,6 +131,7 @@
- name: running single container, get image Id if it exists
command:
"podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}' {{ item }}"
changed_when: false
become: true
become_user: "{{ container_run_as_user }}"
register: post_pull_id
@@ -204,6 +215,18 @@
- service_file_before_template.stat.exists
- service_file.changed
- name: ensure auto update is running for images
become: true
become_user: "{{ container_run_as_user }}"
environment:
XDG_RUNTIME_DIR: "{{ xdg_runtime_dir }}"
systemd:
name: podman-auto-update.timer
daemon_reload: true
scope: "{{ systemd_scope }}"
state: started
enabled: true
when: container_state == "running"
- name: configure firewall if container_firewall_ports is defined
@@ -247,7 +270,7 @@
- name: ensure container's exposed ports firewall state
tags: firewall
firewalld:
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
immediate: true

23
roles/ikke_t.podman_container_systemd/templates/systemd-service-pod.j2
View File

@@ -1,6 +1,20 @@
[Unit]
Description={{ container_name }} Podman Container
After=network.target
{% for unit in systemd_After %}
After={{ unit }}
{% endfor %}
{% for unit in systemd_Before %}
Before={{ unit }}
{% endfor %}
{% for unit in systemd_Conflicts %}
Conflicts={{ unit }}
{% endfor %}
{% for unit in systemd_Requires %}
Requires={{ unit }}
{% endfor %}
{% for unit in systemd_Wants %}
Wants={{ unit }}
{% endfor %}
[Service]
Type=forking
@@ -18,6 +32,7 @@ ExecReload=-/usr/bin/podman pod rm -f {{ container_name }}
ExecStop=-/usr/bin/podman pod rm -f {{ container_name }}
Restart={{ container_restart }}
RestartSec={{ systemd_RestartSec }}
Environment=PODMAN_SYSTEMD_UNIT=%n
[Install]
{% if container_run_as_user == 'root' %}
@@ -26,3 +41,9 @@ WantedBy=multi-user.target
{% if container_run_as_user != 'root' %}
WantedBy=default.target
{% endif %}
{% for unit in systemd_RequiredBy %}
RequiredBy={{ unit }}
{% endfor %}
{% for unit in systemd_WantedBy %}
WantedBy={{ unit }}
{% endfor %}

25
roles/ikke_t.podman_container_systemd/templates/systemd-service-single.j2
View File

@@ -1,10 +1,26 @@
[Unit]
Description={{ container_name }} Podman Container
After=network.target
{% for unit in systemd_After %}
After={{ unit }}
{% endfor %}
{% for unit in systemd_Before %}
Before={{ unit }}
{% endfor %}
{% for unit in systemd_Conflicts %}
Conflicts={{ unit }}
{% endfor %}
{% for unit in systemd_Requires %}
Requires={{ unit }}
{% endfor %}
{% for unit in systemd_Wants %}
Wants={{ unit }}
{% endfor %}
[Service]
Type=simple
TimeoutStartSec={{ systemd_TimeoutStartSec }}
ExecStartPre=-/usr/bin/podman stop -t {{ container_stop_timeout|quote }} {{ container_name|quote }}
ExecStartPre=-/usr/bin/podman rm -f {{ container_name|quote }}
ExecStartPre=-/usr/bin/rm -f {{ pidfile }} {{ cidfile }}
{% if container_run_as_user == 'root' %}
User={{ container_run_as_user }}
@@ -22,6 +38,7 @@ Restart={{ container_restart }}
RestartSec={{ systemd_RestartSec }}
KillMode=mixed
PIDFile={{ pidfile }}
Environment=PODMAN_SYSTEMD_UNIT=%n
[Install]
{% if container_run_as_user == 'root' %}
@@ -30,3 +47,9 @@ WantedBy=multi-user.target
{% if container_run_as_user != 'root' %}
WantedBy=default.target
{% endif %}
{% for unit in systemd_RequiredBy %}
RequiredBy={{ unit }}
{% endfor %}
{% for unit in systemd_WantedBy %}
WantedBy={{ unit }}
{% endfor %}

2
roles/oatakan.ansible-role-ovirt/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:51 2021
install_date: Fri Oct 15 18:59:19 2021
version: ''

2
roles/oatakan.ansible-role-ovirt/tasks/deprovision.yml
View File

@@ -58,7 +58,7 @@
until: disks_deletion.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10
with_items: "{{ delete_disks.results }}"
loop: "{{ delete_disks.results }}"
when:
- nodes is defined
- delete_disks.results is defined

10
roles/oatakan.ansible-role-ovirt/tasks/provision.yml
View File

@@ -48,7 +48,7 @@
retries: "{{ instance_wait_retry_limit }}"
delay: 10
no_log: true
with_items: "{{ deploy.results }}"
loop: "{{ deploy.results }}"
when:
- nodes is defined
- deploy.results is defined
@@ -85,7 +85,7 @@
until: disks_creation.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10
with_items: "{{ create_disks.results }}"
loop: "{{ create_disks.results }}"
when:
- nodes is defined
- create_disks.results is defined
@@ -110,7 +110,7 @@
nic_name: "{{ item.networks[0].nic_name | default(item.networks[0].device_name) | default('eth0') }}"
nic_on_boot: true
host_name: "{{ item.name }}.{{ item.domain | default('') }}"
dns_servers: "{{ item.dns_servers|join(' ') | default([]) }}"
dns_servers: "{{ (item.dns_servers | default([])) | join(' ') }}"
custom_script: "{{ item.custom_script | default('') }}"
user_name: "{{ item.user_name | default('') }}"
root_password: "{{ item.root_password | default('') }}"
@@ -144,7 +144,7 @@
- name: combine deployment results
set_fact:
deploy_results: "{{ deploy_results|default([]) + [ item ] }}"
with_items: "{{ deploy_linux.results + deploy_windows.results }}"
loop: "{{ deploy_linux.results + deploy_windows.results }}"
when:
- nodes is defined
- item.ansible_job_id is defined
@@ -156,7 +156,7 @@
until: instances.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10
with_items: "{{ deploy_results }}"
loop: "{{ deploy_results }}"
when:
- nodes is defined
- deploy_results is defined

59
roles/oatakan.ansible-role-ovirt/tasks/wait_for_ip.yml
View File

@@ -1,31 +1,33 @@
---
#- name: waiting for ip address to be assigned
# ovirt_nic_info:
# auth: "{{ ovirt_auth }}"
# vm: "{{ item.vm.name }}"
# name: nic1
# register: nics
# until:
# - nics.ovirt_nics | length > 0
# - nics.ovirt_nics[0].reported_devices | length > 0
# - nics.ovirt_nics[0].reported_devices[0].ips is defined
# - nics.ovirt_nics[0].reported_devices[0].ips | length > 0
# - nics.ovirt_nics[0].reported_devices[0].ips[0].address is defined
# - nics.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
# retries: 300
# delay: 10
# with_items: "{{ instances.results }}"
# when:
# - nodes is defined
# - instances.results is defined
# - item.vm is defined
- name: waiting for ip address to be assigned
ovirt_nic_info:
auth: "{{ ovirt_auth }}"
vm: "{{ item.vm.name }}"
name: nic1
fetch_nested: yes
nested_attributes:
- ips
register: nics
until:
- nics.ovirt_nics | length > 0
- nics.ovirt_nics[0].reported_devices | length > 0
- reported_ipv4_addresses | length
retries: 300
delay: 10
loop: "{{ instances.results }}"
when:
- nodes is defined
- instances.results is defined
- item.vm is defined
vars:
reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"
- name: waiting for servers to come online on predefined ip
wait_for:
host: "{{ item.networks[0].ip }}"
port: "{{ item.ansible_port | default(ansible_port) | default('22') }}"
with_items: "{{ nodes }}"
loop: "{{ nodes }}"
when:
- nodes is defined
- item.networks is defined
@@ -33,9 +35,9 @@
- name: waiting for servers to come online on dhcp ip
wait_for:
host: "{{ (item.ovirt_nics[0].reported_devices[0].ips | json_query('[?version==`v4`].address'))[0] }}"
host: "{{ (item.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address'))[0][0] | default('') }}"
port: "{{ item.item.item.item.ansible_port | default(ansible_port) | default('22') }}"
with_items: "{{ nics.results }}"
loop: "{{ nics.results }}"
when:
- nodes is defined
- nics.results is defined
@@ -55,15 +57,14 @@
until:
- nics.ovirt_nics | length > 0
- nics.ovirt_nics[0].reported_devices | length > 0
- nics.ovirt_nics[0].reported_devices[0].ips | length > 0
- nics.ovirt_nics[0].reported_devices[0].ips[0].address is defined
- nics.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
- nics.ovirt_nics[0].reported_devices[0].ips[0].address == item.networks[0].ip
- item.networks[0].ip in reported_ipv4_addresses
retries: "{{ ip_wait_retry_limit }}"
delay: 10
with_items: "{{ nodes }}"
loop: "{{ nodes }}"
when:
- wait_for_static_ip_assigned|bool
- nodes is defined
- item.networks | length > 0
- item.networks[0].ip is defined
- item.networks[0].ip is defined
vars:
reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"

54
roles/oatakan.ansible-role-ovirt/tasks/wait_for_ip_pre29.yml
View File

@@ -1,31 +1,30 @@
---
#- name: waiting for ip address to be assigned (<2.9)
# ovirt_nic_facts:
# auth: "{{ ovirt_auth }}"
# vm: "{{ item.vm.name }}"
# name: nic1
# register: nics
# until:
# - nics.ansible_facts.ovirt_nics | length > 0
# - nics.ansible_facts.ovirt_nics[0].reported_devices | length > 0
# - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips is defined
# - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips | length > 0
# - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].address is defined
# - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
# retries: 300
# delay: 10
# with_items: "{{ instances.results }}"
# when:
# - nodes is defined
# - instances.results is defined
# - item.vm is defined
- name: waiting for ip address to be assigned (<2.9)
ovirt_nic_facts:
auth: "{{ ovirt_auth }}"
vm: "{{ item.vm.name }}"
name: nic1
register: nics
until:
- nics.ansible_facts.ovirt_nics | length > 0
- nics.ansible_facts.ovirt_nics[0].reported_devices | length > 0
- reported_ipv4_addresses | length
retries: 300
delay: 10
loop: "{{ instances.results }}"
when:
- nodes is defined
- instances.results is defined
- item.vm is defined
vars:
reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"
- name: waiting for servers to come online on predefined ip
wait_for:
host: "{{ item.networks[0].ip }}"
port: "{{ item.ansible_port | default(ansible_port) | default('22') }}"
with_items: "{{ nodes }}"
loop: "{{ nodes }}"
when:
- nodes is defined
- item.networks is defined
@@ -35,7 +34,7 @@
wait_for:
host: "{{ (item.ansible_facts.ovirt_nics[0].reported_devices[0].ips | json_query('[?version==`v4`].address'))[0] }}"
port: "{{ item.item.item.item.ansible_port | default(ansible_port) | default('22') }}"
with_items: "{{ nics.results }}"
loop: "{{ nics.results }}"
when:
- nodes is defined
- nics.results is defined
@@ -55,15 +54,14 @@
until:
- nics.ansible_facts.ovirt_nics | length > 0
- nics.ansible_facts.ovirt_nics[0].reported_devices | length > 0
- nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips | length > 0
- nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].address is defined
- nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
- nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].address == item.networks[0].ip
- item.networks[0].ip in reported_ipv4_addresses
retries: "{{ ip_wait_retry_limit }}"
delay: 10
with_items: "{{ nodes }}"
loop: "{{ nodes }}"
when:
- wait_for_static_ip_assigned|bool
- nodes is defined
- item.networks | length > 0
- item.networks[0].ip is defined
- item.networks[0].ip is defined
vars:
reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"

2
roles/oatakan.ansible-role-windows-ad-controller/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:47 2021
install_date: Fri Oct 15 18:59:14 2021
version: ''

2
roles/oatakan.rhel_ovirt_template/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:53 2021
install_date: Fri Oct 15 18:59:21 2021
version: master

3
roles/oatakan.rhel_ovirt_template/templates/rhel8/ks.cfg.j2
View File

@@ -1,6 +1,5 @@
firewall --disabled
install
cdrom
lang en_US.UTF-8
keyboard us
@@ -34,7 +33,7 @@ volgroup vg00 --pesize=4096 pv.00
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
auth --useshadow --enablemd5
authselect --useshadow --enablemd5
firstboot --disabled
services --enabled=NetworkManager,sshd
reboot

2
roles/oatakan.rhel_template_build/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:52 2021
install_date: Fri Oct 15 18:59:20 2021
version: master

2
roles/oatakan.windows_ovirt_guest_agent/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:48 2021
install_date: Fri Oct 15 18:59:15 2021
version: master

4
roles/oatakan.windows_ovirt_template/defaults/main.yml
View File

@@ -3,6 +3,7 @@
install_updates: yes
instance_wait_retry_limit: 300
instance_wait_connection_timeout: 400
instance_stop_retry_limit: 60
# this will remove existing template with the same name
template_force: no
@@ -73,4 +74,5 @@ os_short_names:
win2012: 2k12R2
win2016: 2k16
win2019: 2k19
win10: 10
win2022: 2k19 # 2k22 is not *yet* available on virtio iso
win10: w10

2
roles/oatakan.windows_ovirt_template/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:45 2021
install_date: Fri Oct 15 18:59:12 2021
version: ''

16
roles/oatakan.windows_ovirt_template/tasks/stop_vm.yml
View File

@@ -17,9 +17,19 @@
when: ansible_version.full is version('2.9', '>=')
rescue:
- name: ignoring any error
debug:
msg: "ignoring error..."
- name: stop vm
ovirt.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
cluster: "{{ providers.ovirt.cluster }}"
name: "{{ template.name }}"
state: stopped
when: template is defined
- include_tasks: wait_vm_poweredoff_pre29.yml
when: ansible_version.full is version('2.9', '<')
- include_tasks: wait_vm_poweredoff.yml
when: ansible_version.full is version('2.9', '>=')
- name: reconfigure vm
ovirt.ovirt.ovirt_vm:

2
roles/oatakan.windows_ovirt_template/tasks/wait_vm_poweredoff.yml
View File

@@ -10,4 +10,4 @@
- ovirt_vm_info_result.ovirt_vms|length > 0
- ovirt_vm_info_result.ovirt_vms[0].status == 'down'
delay: 5
retries: 30
retries: "{{ instance_stop_retry_limit }}"

2
roles/oatakan.windows_ovirt_template/tasks/wait_vm_poweredoff_pre29.yml
View File

@@ -9,4 +9,4 @@
- ovirt_vms|length > 0
- ovirt_vms[0].status == 'down'
delay: 5
retries: 30
retries: "{{ instance_stop_retry_limit }}"

1
roles/oatakan.windows_template_build/README.md
View File

@@ -21,6 +21,7 @@ A list of roles that this role utilizes:
- oatakan.windows_ec2_ena_driver
- oatakan.windows_ovirt_guest_agent
- oatakan.windows_powershell_upgrade
- oatakan.windows_update
- oatakan.windows_virtio
- oatakan.windows_vmware_tools

35
roles/oatakan.windows_template_build/defaults/main.yml
View File

@@ -5,16 +5,10 @@ remove_apps: no
clean_up_components: yes
upgrade_powershell: no
powershell_target_version: 3.0
temp_directory: "{{ ansible_env.TEMP }}"
default_temp_directory: 'C:\Windows\Temp'
update_retry_limit: 10
upgrade_wait_timeout: 600
powershell_script_url: https://raw.githubusercontent.com/oatakan/ansible-role-windows-template-build/master/files/Upgrade-PowerShell.ps1
powershell_upgrade_script_file: 'C:\Upgrade-PowerShell.ps1'
ps_memfix_script_url: https://raw.githubusercontent.com/oatakan/ansible-role-windows-template-build/master/files/Install-WMF3Hotfix.ps1
ps_memfix_script_file: 'C:\Install-WMF3Hotfix.ps1'
set_network_to_private: '([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))).GetNetworkConnections() | % {$_.GetNetwork().SetCategory(1)}'
enable_tlsv12_hotfix_download_location: "{{ ansible_env.TEMP }}"
@@ -24,24 +18,36 @@ enable_tlsv12_hotfix:
url: https://download.microsoft.com/download/F/4/1/F4154AD2-2119-48B4-BF99-CC15F68E110D/Windows6.1-KB3080079-x64.msu
enable_tls_support_hotfix_download_location: 'C:\Windows\Temp'
# no longer available
#enable_tls_support_hotfix:
# kb: kb3154518
# file: windows6.1-kb3154518-x64.msu
# url: http://download.microsoft.com/download/6/8/0/680ee424-358c-4fdf-a0de-b45dee07b711/windows6.1-kb3154518-x64.msu
# fix: https://support.microsoft.com/en-us/topic/security-and-quality-rollup-for-net-framework-3-5-1-for-windows-7-sp1-and-windows-server-2008-r2-sp1-kb-4040980-71f9f600-4878-a9d4-6b36-93cafad2eefe
enable_tls_support_hotfix:
kb: kb3154518
file: windows6.1-kb3154518-x64.msu
url: http://download.microsoft.com/download/6/8/0/680ee424-358c-4fdf-a0de-b45dee07b711/windows6.1-kb3154518-x64.msu
kb: kb4040980
file: windows6.1-kb4040980-x64_83282fb5210091802984ead0d4175879056d602c.msu
url: http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/09/windows6.1-kb4040980-x64_83282fb5210091802984ead0d4175879056d602c.msu
dot_net_security_hotfix_download_location: 'C:\Windows\Temp'
# no longer available
#dot_net_security_hotfix:
# kb: KB2898850
# file: Windows8.1-KB2898850-x64.msu
# url: http://download.microsoft.com/download/C/6/9/C690CC33-18F7-405D-B18A-0A8E199E531C/Windows8.1-KB2898850-x64.msu
dot_net_security_hotfix:
kb: KB2898850
file: Windows8.1-KB2898850-x64.msu
url: http://download.microsoft.com/download/C/6/9/C690CC33-18F7-405D-B18A-0A8E199E531C/Windows8.1-KB2898850-x64.msu
file: windows8.1-kb2898850-x64_9ffdfdeac9011569d1b14cf2dbf926257c50186d.msu
url: http://download.windowsupdate.com/d/msdownload/update/software/secu/2014/04/windows8.1-kb2898850-x64_9ffdfdeac9011569d1b14cf2dbf926257c50186d.msu
windows_update_agent_url: http://download.windowsupdate.com/windowsupdate/redist/standalone/7.6.7600.320/windowsupdateagent-7.6-x64.exe
#sdelete_download_url: http://web.archive.org/web/20140902022253/http://download.sysinternals.com/files/SDelete.zip
bleachbit_download_url: https://download.bleachbit.org/BleachBit-4.0.0-portable.zip
sdelete_download_url: https://download.sysinternals.com/files/SDelete.zip
#ultradefrag_download_url: http://downloads.sourceforge.net/project/ultradefrag/stable-release/6.1.0/ultradefrag-portable-6.1.0.bin.amd64.zip
ultradefrag_download_url: https://sourceforge.net/projects/ultradefrag/files/stable-release/7.1.4/ultradefrag-portable-7.1.4.bin.amd64.zip/download
ultradefrag_download_url: https://downloads.sourceforge.net/project/ultradefrag/stable-release/7.1.4/ultradefrag-portable-7.1.4.bin.amd64.zip
enable_auto_logon: yes
@@ -59,6 +65,7 @@ virtio_role: oatakan.windows_virtio
vmware_tools_role: oatakan.windows_vmware_tools
virtualbox_guest_additions_role: oatakan.windows_virtualbox_guest_additions
windows_update_role: oatakan.windows_update
windows_powershell_upgrade_role: oatakan.windows_powershell_upgrade
policy:
allow_unauthenticated_guest_access: no

152
roles/oatakan.windows_template_build/files/Install-WMF3Hotfix.ps1
View File

@@ -1,152 +0,0 @@
#Requires -Version 3.0
<#PSScriptInfo
.VERSION 1.0
.GUID 6cf319d1-8c50-460b-99ee-71b11cf7270d
.AUTHOR
Jordan Borean <jborean93@gmail.com>
.COPYRIGHT
Jordan Borean 2017
.TAGS
PowerShell,Ansible,WinRM,WMF,Hotfix
.LICENSEURI https://github.com/jborean93/ansible-windows/blob/master/LICENSE
.PROJECTURI https://github.com/jborean93/ansible-windows
.RELEASENOTES
Version 1.0: 2017-09-27
Initial script created
#>
<#
.DESCRIPTION
The script will install the WinRM hotfix KB2842230 which fixes the memory
issues that occur when running over WinRM with WMF 3.0.
The script will;
1. Detect if running on PS version 3.0 and exit if it is not
2. Check if KB2842230 is already installed and exit if it is
3. Download the hotfix from Microsoft server's based on the OS version
4. Extract the .msu file from the downloaded hotfix
5. Install the .msu silently
6. Detect if a reboot is required and prompt whether the user wants to restart
Once the install is complete, if the install process returns an exit
code of 3010, it will ask the user whether to restart the computer now
or whether it will be done later.
See https://github.com/jborean93/ansible-windows/tree/master/scripts for more
details.
.PARAMETER Verbose
[switch] - Whether to display Verbose logs on the console
.EXAMPLE
powershell.exe -ExecutionPolicy ByPass -File Install-WMF3Hotfix.ps1
.EXAMPLE
powershell.exe -ExecutionPolicy ByPass -File Install-WMF3Hotfix.ps1 -Verbose
#>
[CmdletBinding()]
Param()
$ErrorActionPreference = "Stop"
if ($verbose) {
$VerbosePreference = "Continue"
}
Function Run-Process($executable, $arguments) {
$process = New-Object -TypeName System.Diagnostics.Process
$psi = $process.StartInfo
$psi.FileName = $executable
$psi.Arguments = $arguments
Write-Verbose -Message "starting new process '$executable $arguments'"
$process.Start() | Out-Null
$process.WaitForExit() | Out-Null
$exit_code = $process.ExitCode
Write-Verbose -Message "process completed with exit code '$exit_code'"
return $exit_code
}
Function Download-File($url, $path) {
Write-Verbose -Message "downloading url '$url' to '$path'"
$client = New-Object -TypeName System.Net.WebClient
$client.DownloadFile($url, $path)
}
Function Extract-Zip($zip, $dest) {
Write-Verbose -Message "extracting '$zip' to '$dest'"
try {
Add-Type -AssemblyName System.IO.Compression.FileSystem > $null
$legacy = $false
} catch {
$legacy = $true
}
if ($legacy) {
$shell = New-Object -ComObject Shell.Application
$zip_src = $shell.NameSpace($zip)
$zip_dest = $shell.NameSpace($dest)
$zip_dest.CopyHere($zip_src.Items(), 1044)
} else {
[System.IO.Compression.ZipFile]::ExtractToDirectory($zip, $dest)
}
}
$tmp_dir = $env:temp
$kb = "KB2842230"
if ($PSVersionTable.PSVersion.Major -ne 3) {
Write-Verbose -Message "$kb is only applicable with Powershell v3, no action required"
exit 0
}
$hotfix_installed = Get-Hotfix -Id $kb -ErrorAction SilentlyContinue
if ($hotfix_installed -ne $null) {
Write-Verbose -Message "$kb is already installed"
exit 0
}
if (-not (Test-Path -Path $tmp_dir)) {
New-Item -Path $tmp_dir -ItemType Directory > $null
}
$os_version = [Version](Get-Item -Path "$env:SystemRoot\System32\kernel32.dll").VersionInfo.ProductVersion
$host_string = "$($os_version.Major).$($os_version.Minor)-$($env:PROCESSOR_ARCHITECTURE)"
switch($host_string) {
# These URLS point to the Ansible Core CI S3 bucket, MS no longer provide a link to Server 2008 so we need to
# rely on this URL. There are no guarantees this will stay up in the future.
"6.0-x86" {
$url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/464091_intl_i386_zip.exe"
}
"6.0-AMD64" {
$url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/464090_intl_x64_zip.exe"
}
"6.1-x86" {
$url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463983_intl_i386_zip.exe"
}
"6.1-AMD64" {
$url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463984_intl_x64_zip.exe"
}
"6.2-x86" {
$url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463940_intl_i386_zip.exe"
}
"6.2-AMD64" {
$url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463941_intl_x64_zip.exe"
}
}
$filename = $url.Split("/")[-1]
$compressed_file = "$tmp_dir\$($filename).zip"
Download-File -url $url -path $compressed_file
Extract-Zip -zip $compressed_file -dest $tmp_dir
$file = Get-Item -Path "$tmp_dir\*$kb*.msu"
if ($file -eq $null) {
Write-Error -Message "unable to find extracted msu file for hotfix KB"
exit 1
}
$exit_code = Run-Process -executable $file.FullName -arguments "/quiet /norestart"
if ($exit_code -eq 3010) {
Write-Verbose "need to restart computer after hotfix $kb install"
Restart-Computer -Force
} elseif ($exit_code -ne 0) {
Write-Error -Message "failed to install hotfix $($kb): exit code $exit_code"
} else {
Write-Verbose -Message "hotfix $kb install complete"
}
exit $exit_code

400
roles/oatakan.windows_template_build/files/Upgrade-PowerShell.ps1
View File

@@ -1,400 +0,0 @@
# PSScriptInfo
# .VERSION 1.0
# .GUID 23743bae-7604-459d-82c5-a23d36b0820e
# .AUTHOR
# Jordan Borean <jborean93@gmail.com>
# .COPYRIGHT
# Jordan Borean 2017
# .TAGS
# PowerShell,Ansible
# .LICENSEURI https://github.com/jborean93/ansible-windows/blob/master/LICENSE
# .PROJECTURI https://github.com/jborean93/ansible-windows
# .RELEASENOTES
# Version 1.0: 2017-09-27
# Initial script created
# .DESCRIPTION
# The script will upgrade the powershell version to whatever is supplied as
# the 'version' on the host. The current versions can be set as the target
# 'version':
# - 3.0
# - 4.0
# - 5.1 (default if -Version not set)
#
# This script can be run on the following OS'
# Windows Server 2008 (with SP2) - only supported version 3.0
# Windows Server 2008 R2 (with SP1)
# Windows Server 2012
# Windows Server 2012 R2
# Windows Server 2016
#
# Windows 7 (with SP1)
# Windows 8.1
# Windows 10
#
# All OS' can be upgraded to 5.1 except for Windows Server 2008. If running
# on Powershell 1.0 then this script will first upgrade the version to 2.0
# before running the checks. This is because a lot of the upgrade paths need
# this version installed as a baseline. If the .NET Framework version
# installed is less than 4.5.2, it will be upgraded to 4.5.2 as this is
# supported on all hosts and is required for v5.0.
#
# As multiple packages can be installed in this process, multiple reboots may
# be required to continue with the install. If a reboot is required the
# script will detect if the 'username' and 'password' parameters have been
# supplied. If they have been supplied it will automatically reboot and login
# to continue the install process until it is all complete. If these
# parameters are not set then it will prompt the user for a reboot and
# require the user to log back in manually after the reboot before
# continuing.
#
# A log of this process is created in
# $env:SystemDrive\temp\upgrade_powershell.log which is usually C:\temp\. This
# log can used to see how the script faired after an automatic reboot.
#
# See https://github.com/jborean93/ansible-windows/tree/master/scripts for more
# details.
# .PARAMETER version
# [string] - The target powershell version to upgrade to. This can be;
# 3.0,
# 4.0, or
# 5.1 (default)
# Depending on the circumstances, the process to reach the target version
# may require multiple reboots.
# .PARAMETER username
# [string] - The username of a local admin user that will be automatically
# logged in after a reboot to continue the script install. The 'password'
# parameter is also required if this is set.
# .PARAMETER password
# [string] - The password for 'username', this is required if the 'username'
# parameter is also set.
# .PARAMETER Verbose
# [switch] - Whether to display Verbose logs on the console
# .EXAMPLE
# # upgrade from powershell 1.0 to 3.0 with automatic login and reboots
# Set-ExecutionPolicy Unrestricted -Force
# &.\Upgrade-PowerShell.ps1 -version 3.0 -username "Administrator" -password "Password" -Verbose
# .EXAMPLE
# # upgrade to 5.1 with defaults and manual login and reboots
# powershell.exe -ExecutionPolicy ByPass -File Upgrade-PowerShell.ps1
# .EXAMPLE
# # upgrade to powershell 4.0 with automatic login and reboots
# powershell.exe -ExecutionPolicy ByPass -File Upgrade-PowerShell.ps1 -version 4.0 -username "Administrator" -password "Password" -Verbose
Param(
[string]$version = "5.1",
[string]$username,
[string]$password,
[switch]$verbose = $false
)
$ErrorActionPreference = 'Stop'
if ($verbose) {
$VerbosePreference = "Continue"
}
$tmp_dir = $env:temp
if (-not (Test-Path -Path $tmp_dir)) {
New-Item -Path $tmp_dir -ItemType Directory > $null
}
Function Write-Log($message, $level="INFO") {
# Poor man's implementation of Log4Net
$date_stamp = Get-Date -Format s
$log_entry = "$date_stamp - $level - $message"
$log_file = "$tmp_dir\upgrade_powershell.log"
Write-Verbose -Message $log_entry
Add-Content -Path $log_file -Value $log_entry
}
Function Reboot-AndResume {
Write-Log -message "adding script to run on next logon"
$script_path = $script:MyInvocation.MyCommand.Path
$ps_path = "$env:SystemDrive\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$arguments = "-version $version"
if ($username -and $password) {
$arguments = "$arguments -username `"$username`" -password `"$password`""
}
if ($verbose) {
$arguments = "$arguments -Verbose"
}
$command = "$ps_path -ExecutionPolicy ByPass -File $script_path $arguments"
$reg_key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
$reg_property_name = "ps-upgrade"
Set-ItemProperty -Path $reg_key -Name $reg_property_name -Value $command
if ($username -and $password) {
$reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 1
Set-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -Value $username
Set-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -Value $password
Write-Log -message "rebooting server to continue powershell upgrade"
} else {
Write-Log -message "need to reboot server to continue powershell upgrade"
$reboot_confirmation = Read-Host -Prompt "need to reboot server to continue powershell upgrade, do you wish to proceed (y/n)"
if ($reboot_confirmation -ne "y") {
$error_msg = "please reboot server manually and login to continue upgrade process, the script will restart on the next login automatically"
Write-Log -message $error_msg -level "ERROR"
throw $error_msg
}
}
if (Get-Command -Name Restart-Computer -ErrorAction SilentlyContinue) {
Restart-Computer -Force
} else {
# PS v1 (Server 2008) doesn't have the cmdlet Restart-Computer, use el-traditional
shutdown /r /t 0
}
}
Function Run-Process($executable, $arguments) {
$process = New-Object -TypeName System.Diagnostics.Process
$psi = $process.StartInfo
$psi.FileName = $executable
$psi.Arguments = $arguments
Write-Log -message "starting new process '$executable $arguments'"
$process.Start() | Out-Null
$process.WaitForExit() | Out-Null
$exit_code = $process.ExitCode
Write-Log -message "process completed with exit code '$exit_code'"
return $exit_code
}
Function Download-File($url, $path) {
Write-Log -message "downloading url '$url' to '$path'"
$client = New-Object -TypeName System.Net.WebClient
$client.DownloadFile($url, $path)
}
Function Clear-AutoLogon {
$reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Write-Log -message "clearing auto logon registry properties"
Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 0
Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -ErrorAction SilentlyContinue
}
Function Download-Wmf5Server2008($architecture) {
if ($architecture -eq "x64") {
$zip_url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip"
$file = "$tmp_dir\Win7AndW2K8R2-KB3191566-x64.msu"
} else {
$zip_url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7-KB3191566-x86.zip"
$file = "$tmp_dir\Win7-KB3191566-x86.msu"
}
if (Test-Path -Path $file) {
return $file
}
$filename = $zip_url.Split("/")[-1]
$zip_file = "$tmp_dir\$filename"
Download-File -url $zip_url -path $zip_file
Write-Log -message "extracting '$zip_file' to '$tmp_dir'"
try {
Add-Type -AssemblyName System.IO.Compression.FileSystem > $null
$legacy = $false
} catch {
$legacy = $true
}
if ($legacy) {
$shell = New-Object -ComObject Shell.Application
$zip_src = $shell.NameSpace($zip_file)
$zip_dest = $shell.NameSpace($tmp_dir)
$zip_dest.CopyHere($zip_src.Items(), 1044)
} else {
[System.IO.Compression.ZipFile]::ExtractToDirectory($zip_file, $tmp_dir)
}
return $file
}
Write-Log -message "starting script"
# on PS v1.0, upgrade to 2.0 and then run the script again
if ($PSVersionTable -eq $null) {
Write-Log -message "upgrading powershell v1.0 to v2.0"
$architecture = $env:PROCESSOR_ARCHITECTURE
if ($architecture -eq "AMD64") {
# this url not working
#$url = "https://download.microsoft.com/download/2/8/6/28686477-3242-4E96-9009-30B16BED89AF/Windows6.0-KB968930-x64.msu"
$url = "http://download.windowsupdate.com/msdownload/update/software/updt/2011/02/windows6.0-kb968930-x64_4de013d593181a2a04217ce3b0e7536ab56995aa.msu"
} else {
# this url not working
#$url = "https://download.microsoft.com/download/F/9/E/F9EF6ACB-2BA8-4845-9C10-85FC4A69B207/Windows6.0-KB968930-x86.msu"
$url = "http://download.windowsupdate.com/msdownload/update/software/updt/2011/02/windows6.0-kb968930-x86_16fd2e93be2e7265821191119ddfc0cdaa6f4243.msu"
}
$filename = $url.Split("/")[-1]
$file = "$tmp_dir\$filename"
Download-File -url $url -path $file
$exit_code = Run-Process -executable $file -arguments "/quiet /norestart"
if ($exit_code -ne 0 -and $exit_code -ne 3010) {
$error_msg = "failed to update Powershell from 1.0 to 2.0: exit code $exit_code"
Write-Log -message $error_msg -level "ERROR"
throw $error_msg
}
Reboot-AndResume
}
# exit if the target version is the same as the actual version
$current_ps_version = [version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor)"
if ($current_ps_version -eq [version]$version) {
Write-Log -message "current and target PS version are the same, no action is required"
Clear-AutoLogon
exit 0
}
$os_version = [Version](Get-Item -Path "$env:SystemRoot\System32\kernel32.dll").VersionInfo.ProductVersion
$architecture = $env:PROCESSOR_ARCHITECTURE
if ($architecture -eq "AMD64") {
$architecture = "x64"
} else {
$architecture = "x86"
}
$actions = @()
switch ($version) {
"3.0" {
$actions += "3.0"
break
}
"4.0" {
if ($os_version -lt [version]"6.1") {
$error_msg = "cannot upgrade Server 2008 to Powershell v4, v3 is the latest supported"
Write-Log -message $error_msg -level "ERROR"
throw $error_msg
}
$actions += "4.0"
break
}
"5.1" {
if ($os_version -lt [version]"6.1") {
$error_msg = "cannot upgrade Server 2008 to Powershell v5.1, v3 is the latest supported"
Write-Log -message $error_msg -level "ERROR"
throw $error_msg
}
# check if WMF 3 is installed, need to be uninstalled before 5.1
if ($os_version.Minor -lt 2) {
$wmf3_installed = Get-Hotfix -Id "KB2506143" -ErrorAction SilentlyContinue
if ($wmf3_installed) {
$actions += "remove-3.0"
}
}
$actions += "5.1"
break
}
default {
$error_msg = "version '$version' is not supported in this upgrade script"
Write-Log -message $error_msg -level "ERROR"
throw $error_msg
}
}
# detect if .NET 4.5.2 is not installed and add to the actions
$dotnet_path = "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
if (-not (Test-Path -Path $dotnet_path)) {
$dotnet_upgrade_needed = $true
} else {
$dotnet_version = Get-ItemProperty -Path $dotnet_path -Name Release -ErrorAction SilentlyContinue
if ($dotnet_version) {
# 379893 == 4.5.2
if ($dotnet_version.Release -lt 379893) {
$dotnet_upgrade_needed = $true
}
} else {
$dotnet_upgrade_needed = $true
}
}
if ($dotnet_upgrade_needed) {
$actions = @("dotnet") + $actions
}
Write-Log -message "The following actions will be performed: $($actions -join ", ")"
foreach ($action in $actions) {
$url = $null
$file = $null
$arguments = "/quiet /norestart"
switch ($action) {
"dotnet" {
Write-Log -message "running .NET update to 4.5.2"
$url = "https://download.microsoft.com/download/E/2/1/E21644B5-2DF2-47C2-91BD-63C560427900/NDP452-KB2901907-x86-x64-AllOS-ENU.exe"
$error_msg = "failed to update .NET to 4.5.2"
$arguments = "/q /norestart"
break
}
"remove-3.0" {
# this is only run before a 5.1 install on Windows 7/2008 R2, the
# install zip needs to be downloaded and extracted before
# removing 3.0 as then the FileSystem assembly cannot be loaded
Write-Log -message "downloading WMF/PS v5.1 and removing WMF/PS v3 before version 5.1 install"
Download-Wmf5Server2008 -architecture $architecture > $null
$file = "wusa.exe"
$arguments = "/uninstall /KB:2506143 /quiet /norestart"
break
}
"3.0" {
Write-Log -message "running powershell update to version 3"
if ($os_version.Minor -eq 1) {
$url = "https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.1-KB2506143-$($architecture).msu"
} else {
$url = "https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.0-KB2506146-$($architecture).msu"
}
$error_msg = "failed to update Powershell to version 3"
break
}
"4.0" {
Write-Log -message "running powershell update to version 4"
if ($os_version.Minor -eq 1) {
$url = "https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows6.1-KB2819745-$($architecture)-MultiPkg.msu"
} else {
$url = "https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows8-RT-KB2799888-x64.msu"
}
$error_msg = "failed to update Powershell to version 4"
break
}
"5.1" {
Write-Log -message "running powershell update to version 5.1"
if ($os_version.Minor -eq 1) {
# Server 2008 R2 and Windows 7, already downloaded in remove-3.0
$file = Download-Wmf5Server2008 -architecture $architecture
} elseif ($os_version.Minor -eq 2) {
# Server 2012
$url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/W2K12-KB3191565-x64.msu"
} else {
# Server 2012 R2 and Windows 8.1
if ($architecture -eq "x64") {
$url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1AndW2K12R2-KB3191564-x64.msu"
} else {
$url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1-KB3191564-x86.msu"
}
}
break
}
default {
$error_msg = "unknown action '$action'"
Write-Log -message $error_msg -level "ERROR"
}
}
if ($file -eq $null) {
$filename = $url.Split("/")[-1]
$file = "$tmp_dir\$filename"
}
if ($url -ne $null) {
Download-File -url $url -path $file
}
$exit_code = Run-Process -executable $file -arguments $arguments
if ($exit_code -ne 0 -and $exit_code -ne 3010) {
$log_msg = "$($error_msg): exit code $exit_code"
Write-Log -message $log_msg -level "ERROR"
throw $log_msg
}
if ($exit_code -eq 3010) {
Reboot-AndResume
break
}
}

10
roles/oatakan.windows_template_build/handlers/main.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: ensure Windows ADK with DISM is removed
win_chocolatey:
name: windows-adk-deploy
state: absent
register: remove_win_adk_dism
until: remove_win_adk_dism is success
delay: 3
retries: 5

2
roles/oatakan.windows_template_build/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:46 2021
install_date: Fri Oct 15 18:59:14 2021
version: master

12
roles/oatakan.windows_template_build/tasks/compact.yml
View File

@@ -73,12 +73,13 @@
- name: clean with bleachbit
win_shell: >
'{{ ansible_user_dir }}\BleachBit-Portable\bleachbit_console.exe --clean deepscan.backup
'{{ ansible_user_dir }}\BleachBit-Portable\bleachbit_console.exe'
--clean deepscan.backup
deepscan.ds_store deepscan.thumbs_db deepscan.tmp internet_explorer.cookies internet_explorer.forms
internet_explorer.history internet_explorer.temporary_files system.clipboard system.custom system.logs
system.memory_dump system.muicache system.prefetch system.recycle_bin system.tmp system.updates
windows_defender.history windows_explorer.mru windows_explorer.recent_documents windows_explorer.run
windows_explorer.search_history windows_explorer.thumbnails > NUL'
windows_explorer.search_history windows_explorer.thumbnails 2> nul
args:
executable: cmd
when:
@@ -164,6 +165,9 @@
- name: remove bleachbit files
win_file:
path: '{{ ansible_user_dir }}\BleachBit-Portable'
path: '{{ item }}'
state: absent
when: download_bleachbit is success
when: download_bleachbit is success
loop:
- '{{ temp_directory }}\BleachBit-portable.zip'
- '{{ ansible_user_dir }}\BleachBit-Portable'

130
roles/oatakan.windows_template_build/tasks/enable-tlsv12.yml
View File

@@ -1,97 +1,43 @@
---
- name: ensure Windows ADK with DISM is installed
win_chocolatey:
name: windows-adk-deploy
state: present
version: 10.0.17134.0
register: install_windows_adk_deploy
- block:
- name: test SSL connection
win_shell: "[System.Net.WebRequest]::Create('https://github.com').GetResponse()"
- name: ensure PATH contains Windows ADK
win_path:
scope: machine
state: present
elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
rescue:
- name: enable TLSv1.2 support
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
name: '{{ item.property }}'
data: '{{ item.value }}'
type: dword
state: present
register: enable_tls12
loop:
- type: Server
property: Enabled
value: 1
- type: Server
property: DisabledByDefault
value: 0
- type: Client
property: Enabled
value: 1
- type: Client
property: DisabledByDefault
value: 0
- pause:
seconds: 10
- name: enable strong crypto
win_regedit:
path: HKLM:\{{ item }}
name: SchUseStrongCrypto
data: 1
type: dword
state: present
loop:
- 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
- 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
- name: download hotfix
win_get_url:
url: '{{ enable_tlsv12_hotfix.url }}'
dest: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
register: download_hotfix
until: download_hotfix is success
delay: 3
retries: 5
- name: install hotfix (PS >= 4)
win_hotfix:
source: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
state: present
register: hotfix_install
when: ansible_powershell_version is version('4', '>=')
- name: install hotfix (PS == 3)
win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
register: hotfix_install
when: ansible_powershell_version is version('3', '==')
- name: debug hotfix installation result
debug:
var: hotfix_install
- name: ensure hotfix file is removed
win_file:
path: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
state: absent
- name: reboot if needed
win_reboot:
when: hotfix_install.reboot_required | default(False)
- name: enable TLSv1.2 support
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
name: '{{ item.property }}'
data: '{{ item.value }}'
type: dword
state: present
register: enable_tls12
loop:
- type: Server
property: Enabled
value: 1
- type: Server
property: DisabledByDefault
value: 0
- type: Client
property: Enabled
value: 1
- type: Client
property: DisabledByDefault
value: 0
- name: enable strong crypto
win_regedit:
path: HKLM:\{{ item }}
name: SchUseStrongCrypto
data: 1
type: dword
state: present
loop:
- 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
- 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
- name: ensure Windows ADK with DISM is removed
win_chocolatey:
name: windows-adk-deploy
state: absent
register: remove_win_adk_dism
until: remove_win_adk_dism is success
delay: 3
retries: 5
- name: reboot if TLS config was applied
win_reboot:
when: enable_tls12 is changed
- name: reboot if TLS config was applied
win_reboot:
when: enable_tls12 is changed

32
roles/oatakan.windows_template_build/tasks/enable_powershell.yml
View File

@@ -1,32 +0,0 @@
---
- name: check if powershell is available
raw: 'Get-Host'
failed_when: False
check_mode: no
register: check_powershell
- block:
- name: enable powershell
raw: '{{ item }}'
args:
executable: cmd.exe
changed_when: False
check_mode: no
loop:
- dism /online /enable-feature /featurename:NetFx2-ServerCore
- dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell
- dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets
- name: reboot system
raw: shutdown /r /t 5
args:
executable: cmd.exe
changed_when: False
check_mode: no
- pause:
seconds: 30
when:
- check_powershell.stderr is defined
- ('is not recognized' in check_powershell.stderr)

51
roles/oatakan.windows_template_build/tasks/enable_tls_system_default.yml
View File

@@ -1,51 +0,0 @@
# on Windows 7 SP1, TLS 1.1 and 1.2 is not enabled by default
# this hotfix is needed to fix that
# see https://support.microsoft.com/en-us/topic/support-for-tls-system-default-versions-included-in-the-net-framework-3-5-1-on-windows-7-sp1-and-server-2008-r2-sp1-5ef38dda-8e6c-65dc-c395-62d2df58715a
- name: download hotfix
raw: '(New-Object -TypeName System.Net.WebClient).DownloadFile("{{ enable_tls_support_hotfix.url }}", "{{ enable_tls_support_hotfix_download_location }}\\{{ enable_tls_support_hotfix.file }}")'
changed_when: False
check_mode: no
register: download_hotfix
until: download_hotfix is success
delay: 3
retries: 5
- name: delete scheduled task if it exists (hotfix)
raw: 'SCHTASKS /Delete /TN hotfix_install /f'
args:
executable: cmd.exe
changed_when: False
check_mode: no
ignore_errors: yes
- name: create a scheduled task to install hotfix
raw: SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN hotfix_install /TR "{{ enable_tls_support_hotfix_download_location }}\\{{ enable_tls_support_hotfix.file }} /quiet /restart"
args:
executable: cmd.exe
changed_when: False
check_mode: no
- name: run scheduled task (hotfix)
raw: 'SCHTASKS /Run /TN hotfix_install'
args:
executable: cmd.exe
changed_when: False
check_mode: no
- pause:
seconds: 60
- name: delete scheduled task (hotfix)
raw: 'SCHTASKS /Delete /TN hotfix_install /f'
args:
executable: cmd.exe
changed_when: False
check_mode: no
ignore_errors: yes
- name: remove hotfix file
raw: 'Remove-Item -Path {{ enable_tls_support_hotfix_download_location }}\{{ enable_tls_support_hotfix.file }} -Force'
changed_when: False
check_mode: no
ignore_errors: yes

53
roles/oatakan.windows_template_build/tasks/hotfix-tlsv12.yml Normal file
View File

@@ -0,0 +1,53 @@
---
- name: ensure Windows ADK with DISM is installed
win_chocolatey:
name: windows-adk-deploy
state: present
version: 10.0.17134.0
register: install_windows_adk_deploy
notify: ensure Windows ADK with DISM is removed
- name: ensure PATH contains Windows ADK
win_path:
scope: machine
state: present
elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
- pause:
seconds: 10
- name: download hotfix
win_get_url:
url: '{{ enable_tlsv12_hotfix.url }}'
dest: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
register: download_hotfix
until: download_hotfix is success
delay: 3
retries: 5
- block:
- name: install hotfix (PS >= 4)
win_hotfix:
source: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
state: present
register: hotfix_install
when: ansible_powershell_version is version('4', '>=')
rescue:
- name: install hotfix using shell
win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
register: hotfix_install
- name: install hotfix (PS == 3)
win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
register: hotfix_install
when: ansible_powershell_version is version('3', '==')
- name: ensure hotfix file is removed
win_file:
path: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
state: absent
- name: reboot if needed
win_reboot:
when: hotfix_install.reboot_required | default(False)

19
roles/oatakan.windows_template_build/tasks/main.yml
View File

@@ -1,13 +1,16 @@
---
- include_tasks: powershell-upgrade.yml
- include_role:
name: "{{ windows_powershell_upgrade_role }}"
when: upgrade_powershell | bool
- name: run setup module
setup:
- include_tasks: hotfix-tlsv12.yml
when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
- include_tasks: enable-tlsv12.yml
when: upgrade_powershell | bool
- include_tasks: update-agent-win2008.yml
when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
@@ -42,7 +45,7 @@
- include_tasks: policy.yml
- include_tasks: power.yml
when: "'Server' not in ansible_distribution"
when: (ansible_os_product_type == 'workstation') | default(False)
- include_tasks: enable-rdp.yml
@@ -55,15 +58,21 @@
- not target_ovirt | bool
- not target_vagrant | bool
- include_tasks: remove-apps-alt-2.yml
- block:
- include_tasks: remove-apps-alt-2.yml
- include_tasks: remove-onedrive.yml
when:
- remove_apps | bool
- "'Server' not in ansible_distribution"
- (ansible_os_product_type == 'workstation') | default(False)
- include_role:
name: "{{ ec2_ena_driver_role }}"
when: target_ec2 | bool
- name: run all handlers here
meta: flush_handlers
- include_tasks: clean-up-components.yml
when: clean_up_components | bool

102
roles/oatakan.windows_template_build/tasks/powershell-upgrade.yml
View File

@@ -1,102 +0,0 @@
---
- include_tasks: enable_powershell.yml
- include_tasks: enable_tls_system_default.yml
- name: download script
raw: '[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072); (New-Object -TypeName System.Net.WebClient).DownloadFile("{{ powershell_script_url }}", "{{ powershell_upgrade_script_file }}")'
changed_when: False
check_mode: no
register: download_script
- name: set execution policy
raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
changed_when: False
check_mode: no
ignore_errors: yes
- name: delete scheduled task if it exists
raw: 'SCHTASKS /Delete /TN upgrade /f'
args:
executable: cmd.exe
changed_when: False
check_mode: no
failed_when: False
- name: create a scheduled task to run powershell script
raw: >
SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN upgrade /TR "powershell.exe -Command
'& {{ powershell_upgrade_script_file }} -Version {{ powershell_target_version }}
-Username {{ ansible_user }} -Password {{ ansible_password }}'"
args:
executable: cmd.exe
changed_when: False
check_mode: no
- name: start windows update service
raw: net start wuauserv
args:
executable: cmd.exe
failed_when: false
- pause:
seconds: 60
- name: run scheduled task
raw: 'SCHTASKS /Run /TN upgrade'
args:
executable: cmd.exe
changed_when: False
check_mode: no
- pause:
seconds: "{{ upgrade_wait_timeout }}"
- name: wait for powershell upgrade task to finish
raw: '((schtasks /query /TN upgrade)[4] -split " +")[-2]'
changed_when: False
check_mode: no
register: upgrade_status_check
failed_when: false
until: (upgrade_status_check.stdout | trim | lower) == 'ready'
delay: 10
retries: 10
- debug:
msg: "{{ powershell_target_version }}"
# apply winrm memory hotfix for powershell 3.0
- include_tasks: winrm-memfix.yml
when: powershell_target_version is version('3.0', '==')
- name: wait for system to reboot after upgrade
wait_for_connection:
sleep: 60
timeout: 400
- name: delete scheduled task
win_scheduled_task:
name: upgrade
state: absent
- name: delete script
win_file:
path: "{{ powershell_upgrade_script_file }}"
state: absent
- name: ensure auto login is disabled
win_regedit:
path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
name: AutoAdminLogon
data: 0
type: string
- name: ensure auto login creds are removed
win_regedit:
path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
name: "{{ item }}"
state: absent
loop:
- DefaultUserName
- DefaultPassword

4
roles/oatakan.windows_template_build/tasks/remove-onedrive.yml
View File

@@ -8,6 +8,10 @@
win_shell: '{{ ansible_env.SystemRoot }}\SysWOW64\OneDriveSetup.exe /uninstall'
ignore_errors: yes
- name: remove onedrivesync package
win_shell: get-appxpackage *Microsoft.OneDriveSync* | remove-appxpackage -AllUsers
ignore_errors: yes
- name: remove onedrive directories
win_file:
path: '{{ item }}'

24
roles/oatakan.windows_template_build/tasks/security-update-win2012.yml
View File

@@ -11,16 +11,22 @@
delay: 3
retries: 5
- name: install hotfix (PS >= 4)
win_hotfix:
source: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
state: present
register: hotfix_install
when: ansible_powershell_version is version('4', '>=')
- block:
- name: install hotfix (PS >= 4)
win_hotfix:
source: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
state: present
register: hotfix_install
when: ansible_powershell_version is version('4', '>=')
rescue:
- name: install hotfix using shell
win_shell: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }} /quiet /norestart'
register: hotfix_install
- name: debug hotfix installation result
debug:
var: hotfix_install
- name: install hotfix (PS == 3)
win_shell: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }} /quiet /norestart'
register: hotfix_install
when: ansible_powershell_version is version('3', '==')
- name: ensure hotfix file is removed
win_file:

69
roles/oatakan.windows_template_build/tasks/winrm-memfix.yml
View File

@@ -1,69 +0,0 @@
---
# see https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-memory-hotfix
- name: download script
raw: '[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072); (New-Object -TypeName System.Net.WebClient).DownloadFile("{{ ps_memfix_script_url }}", "{{ ps_memfix_script_file }}")'
changed_when: False
check_mode: no
register: download_script
- name: set execution policy
raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
changed_when: False
check_mode: no
ignore_errors: yes
- name: delete scheduled task if it exists
raw: 'SCHTASKS /Delete /TN memfix /f'
args:
executable: cmd.exe
changed_when: False
check_mode: no
failed_when: False
- name: create a scheduled task to run powershell script
raw: >
SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN memfix /TR "powershell.exe -Command
'& {{ ps_memfix_script_file }} -Verbose'"
args:
executable: cmd.exe
changed_when: False
check_mode: no
- name: run scheduled task
raw: 'SCHTASKS /Run /TN memfix'
args:
executable: cmd.exe
changed_when: False
check_mode: no
- name: wait for system to reboot after fix
wait_for_connection:
delay: 300
sleep: 30
timeout: 300
- name: wait for powershell memfix task to finish
raw: '((schtasks /query /TN memfix)[4] -split " +")[-2]'
changed_when: False
check_mode: no
register: memfix_status_check
failed_when: false
until: (memfix_status_check.stdout | trim | lower) == 'ready'
delay: 10
retries: 30
- name: delete scheduled task
win_scheduled_task:
name: memfix
state: absent
register: delete_scheduled_task
until: delete_scheduled_task is success
delay: 10
retries: 10
- name: delete script
win_file:
path: "{{ ps_memfix_script_file }}"
state: absent

2
roles/oatakan.windows_template_build/vars/main.yml
View File

@@ -1,5 +1,7 @@
---
temp_directory: "{{ ansible_env.TEMP | default(default_temp_directory) }}"
unattend:
administrator_password: "{{ local_administrator_password }}"
local_accounts:

1
roles/oatakan.windows_update/defaults/main.yml
View File

@@ -1,5 +1,6 @@
---
update_retry_count: 0
update_retry_limit: 10
win_update_category_names:
- CriticalUpdates

10
roles/oatakan.windows_update/handlers/main.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: ensure Windows ADK with DISM is removed
win_chocolatey:
name: windows-adk-deploy
state: absent
register: remove_win_adk_dism
until: remove_win_adk_dism is success
delay: 3
retries: 5

2
roles/oatakan.windows_update/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:50 2021
install_date: Fri Oct 15 18:59:19 2021
version: master

8
roles/oatakan.windows_update/tasks/updates-all.yml
View File

@@ -10,9 +10,11 @@
- debug:
msg: |
{{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
{% for key, value in available_updates.updates.items() %}
- {{ value.title }}
{% for update in updates %}
- {{ update.title }}
{% endfor %}
vars:
updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
when: available_updates.updates is defined
- include_tasks: updates-with-retry.yml
@@ -20,7 +22,7 @@
- available_updates.updates is defined
- available_updates.found_update_count > 0
- name: check for missing updates.
- name: check for missing updates
win_updates:
state: searched
register: available_updates

12
roles/oatakan.windows_update/tasks/updates-powershell.yml
View File

@@ -16,9 +16,11 @@
- debug:
msg: |
{{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
{% for key, value in available_updates.updates.items() %}
- {{ value.title }}
{% for update in updates %}
- {{ update.title }}
{% endfor %}
vars:
updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
when: available_updates.updates is defined
- block:
@@ -67,9 +69,11 @@
- debug:
msg: |
{{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
{% for key, value in missing_updates.updates.items() %}
- {{ value.title }}
{% for update in updates %}
- {{ update.title }}
{% endfor %}
vars:
updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
when: missing_updates.updates is defined
- block:

36
roles/oatakan.windows_update/tasks/updates-win2008r2.yml
View File

@@ -6,6 +6,7 @@
state: present
version: 10.0.17134.0
register: install_windows_adk_deploy
notify: ensure Windows ADK with DISM is removed
- name: ensure PATH contains Windows ADK
win_path:
@@ -13,19 +14,25 @@
state: present
elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
- name: download hotfix group 1 (PS >= 4)
- name: download hotfix group 1
win_get_url:
url: '{{ item.url }}'
dest: '{{ hotfix_download_location }}\{{ item.file }}'
loop: "{{ hotfixes_group_1 }}"
- name: install hotfix group 1
win_hotfix:
source: '{{ hotfix_download_location }}\{{ item.file }}'
state: present
register: hotfix_install_group_1
loop: "{{ hotfixes_group_1 }}"
when: ansible_powershell_version is version('4', '>=')
- block:
- name: install hotfix group 1 (PS >= 4)
win_hotfix:
source: '{{ hotfix_download_location }}\{{ item.file }}'
state: present
register: hotfix_install_group_1
loop: "{{ hotfixes_group_1 }}"
when: ansible_powershell_version is version('4', '>=')
rescue:
- name: install hotfix using shell
win_shell: '{{ hotfix_download_location }}\{{ item.file }} /quiet /norestart'
register: hotfix_install_group_1
loop: "{{ hotfixes_group_1 }}"
- name: install hotfix (PS == 3)
win_shell: '{{ hotfix_download_location }}\{{ item.file }} /quiet /norestart'
@@ -56,9 +63,11 @@
- debug:
msg: |
{{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
{% for key, value in available_updates.updates.items() %}
- {{ value.title }}
{% for update in updates %}
- {{ update.title }}
{% endfor %}
vars:
updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
when: available_updates.updates is defined
- include_tasks: updates-with-retry.yml
@@ -73,9 +82,4 @@
- name: list missing updates
debug:
var: available_updates
- name: make sure Windows ADK with DISM for Server 2008 R2 is not installed
win_chocolatey:
name: windows-adk-deploy
state: absent
var: available_updates

6
roles/oatakan.windows_update/tasks/updates-with-retry.yml
View File

@@ -58,9 +58,11 @@
- debug:
msg: |
{{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
{% for key, value in missing_updates.updates.items() %}
- {{ value.title }}
{% for update in updates %}
- {{ update.title }}
{% endfor %}
vars:
updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
when: missing_updates.updates is defined
- name: still more updates - need to retry

4
roles/oatakan.windows_virtio/defaults/main.yml
View File

@@ -11,7 +11,9 @@ virtio_win_ovirt: false
virtio_win_facts: "{{ ansible_env.SystemDrive }}\\{{ source_of_supply_name | default('Support') }}\\facts.d"
virtio_driver_directory: >-
{% if 'Windows Server 2019' in ansible_distribution -%}
{% if 'Windows Server 2022' in ansible_distribution -%}
{% set virt_dir = '2k19' %}
{% elif 'Windows Server 2019' in ansible_distribution -%}
{% set virt_dir = '2k19' %}
{% elif 'Windows Server 2016' in ansible_distribution -%}
{% set virt_dir = '2k16' %}

2
roles/oatakan.windows_virtio/handlers/main.yml
View File

@@ -4,7 +4,7 @@
win_disk_image:
image_path: "{{ ansible_env.TEMP }}\\{{ virtio_win_iso_name }}"
state: absent
when: win_disk_image.mount_path is defined
when: win_disk_image.mount_paths is defined
- name: Delete downloaded
win_file:

2
roles/oatakan.windows_virtio/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Wed Jun 30 01:12:49 2021
install_date: Fri Oct 15 18:59:17 2021
version: master

4
roles/oatakan.windows_virtio/tasks/install.yml
View File

@@ -2,8 +2,8 @@
- name: Set the virtio_win_iso_path and virtio_win_virtio_path
set_fact:
virtio_win_iso_path: '{{ win_disk_image.mount_path | default(virtio_iso_mount_drive) }}'
virtio_win_virtio_path: "{{ (win_disk_image.mount_path | default(virtio_iso_mount_drive)) + '\\virtio' if virtio_win_ovirt else (win_disk_image.mount_path | default(virtio_iso_mount_drive)) }}"
virtio_win_iso_path: '{{ win_disk_image.mount_paths[0] | default(virtio_iso_mount_drive) }}'
virtio_win_virtio_path: "{{ (win_disk_image.mount_paths[0] | default(virtio_iso_mount_drive)) + '\\virtio' if virtio_win_ovirt else (win_disk_image.mount_paths[0] | default(virtio_iso_mount_drive)) }}"
virtio_win_iso_name: "{{ virtio_win_iso_name }}"
when:
- virtio_iso_mount_drive | length > 0 or ('Windows Server 2008' not in ansible_distribution and 'Windows 7' not in ansible_distribution)