ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update roles

Browse Source
This commit is contained in:
Patrick Toal
2024-02-08 16:20:39 -05:00
parent bb21e8d5c6
commit f9db71bdb7
30 changed files with 1152 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/geerlingguy.java/.ansible-lint Normal file
View File

@@ -0,0 +1,3 @@
skip_list:
- 'yaml'
- 'role-name'

71
roles/geerlingguy.java/.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,71 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 7 * * 2"
defaults:
run:
working-directory: 'geerlingguy.java'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.java'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux9
- rockylinux8
- ubuntu2204
- ubuntu2004
- debian12
- debian11
- amazonlinux2023
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.java'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule molecule-plugins[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
roles/geerlingguy.java/.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.java'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.java'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

5
roles/geerlingguy.java/tasks/setup-Amazon.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Ensure Java is installed.
package:
name: "{{ java_packages }}"
state: present

8
roles/geerlingguy.java/vars/Amazon-2.yml Normal file
View File

@@ -0,0 +1,8 @@
---
# JDK version options include:
# - java-1.7.0-openjdk
# - java-1.8.0-openjdk
# - java-11-amazon-corretto
# - java-17-amazon-corretto
__java_packages:
- java-17-amazon-corretto

8
roles/geerlingguy.java/vars/Amazon-2023.yml Normal file
View File

@@ -0,0 +1,8 @@
---
# JDK version options include:
# - java-1.8.0-openjdk
# - java-11-amazon-corretto
# - java-17-amazon-corretto
# - java-21-amazon-corretto
__java_packages:
- java-11-amazon-corretto

6
roles/geerlingguy.java/vars/Debian-11.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# JDK version options include:
# - java
# - openjdk-11-jdk
__java_packages:
- openjdk-11-jdk

6
roles/geerlingguy.java/vars/Debian-12.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# JDK version options include:
# - java
# - openjdk-17-jdk
__java_packages:
- openjdk-17-jdk

7
roles/geerlingguy.java/vars/RedHat-9.yml Normal file
View File

@@ -0,0 +1,7 @@
---
# JDK version options include:
# - java-1.8.0-openjdk
# - java-11-openjdk
# - java-17-openjdk
__java_packages:
- java-17-openjdk

6
roles/geerlingguy.java/vars/Ubuntu-22.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# JDK version options include:
# - java
# - openjdk-18-jdk
__java_packages:
- openjdk-17-jdk

58
roles/ikke_t.podman_container_systemd/tasks/deploy_pod_yaml.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Deploy container-pod-yaml with validation
block:
- name: Make sure unzip is installed
become: true
ansible.builtin.package:
name: unzip
state: present
- name: Set correct kubeval version for 64bit
ansible.builtin.set_fact:
kubeval_arch: amd64
when: ansible_architecture == "x86_64"
- name: Set correct kubeval version for 64bit
ansible.builtin.set_fact:
kubeval_arch: 386
when: ansible_architecture == "i386"
- name: Continue without validation as we can't get kubeval for this arch
ansible.builtin.set_fact:
container_pod_yaml_template_validation: false
when: kubeval_arch is undefined
- name: Get latest kubeval version
become: true
ansible.builtin.unarchive:
src: "{{ kubeval_url }}/download/kubeval-linux-{{ kubeval_arch }}.tar.gz"
dest: "/usr/local/bin"
owner: "root"
group: "root"
mode: "0755"
exclude:
- README.md
- LICENSE
remote_src: true
keep_newer: true
- name: Deploy container configuration
ansible.builtin.template:
src: "{{ container_pod_yaml_template }}"
dest: "{{ container_pod_yaml }}"
owner: "{{ container_run_as_user }}"
group: "{{ container_run_as_group }}"
mode: '0640'
validate: /usr/local/bin/kubeval %s
notify: restart service
when: container_pod_yaml_template_validation
- name: container-pod-yaml without validation
ansible.builtin.template:
src: "{{ container_pod_yaml_template }}"
dest: "{{ container_pod_yaml }}"
owner: "{{ container_run_as_user }}"
group: "{{ container_run_as_group }}"
mode: '0640'
notify: restart service
when: not container_pod_yaml_template_validation

98
roles/ikke_t.podman_container_systemd/templates/container-pod-yaml.j2 Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: {{ container_pod_apiversion | default('v1') }}
kind: Pod
metadata:
{% if container_pod_labels is defined %}
labels:
{% for key, value in container_pod_labels.items() %}
{{ key }}: {{ value }}
{% endfor %}
{% endif %}
name: {{ container_name }}
spec:
{% if container_pod_volumes is defined %}
#
# define exported volumes for permanent data
#
volumes:
{% for volume in container_pod_volumes %}
- name: {{ volume.name }}
{% for key, value in volume.items() %}
{% if key != 'name' %}
{% if value is mapping %}
{{ key }}:
{% for key, value in value.items() %}
{{ key }}: {{ value }}
{% endfor %}
{% else %}
{{ key }}: {{ value }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
{% if container_pod_containers is defined %}
#
# container definition
#
containers:
{% for container in container_pod_containers %}
- name: {{ container.name }}
{% if container.command is defined %}
commmand: {{ container.command }}
{% endif %}
{% if container.args is defined %}
args: {{ container.args }}
{% endif %}
{% if container.workingDir is defined %}
workingDir: {{ container.workingDir }}
{% endif %}
image: {{ container.image }}
{% if container.env is defined %}
env:
{% for key, value in container.env.items() %}
- name: {{ key }}
value: {{ value }}
{% endfor %}
{% endif %}
{% if container.volumeMounts is defined %}
volumeMounts:
{% for volume in container.volumeMounts %}
- name: {{ volume.name }}
mountPath: {{ volume.mountPath }}
{% endfor %}
{% endif %}
{% if container.ports is defined %}
ports:
{% for port in container.ports %}
- containerPort: {{ port.containerPort }}
{% if port.hostIP is defined %}
hostIP: {{ port.hostIP }}
{% endif %}
{% if port.hostPort is defined %}
hostPort: {{ port.hostPort }}
{% endif %}
{% if port.name is defined %}
name: {{ port.name }}
{% endif %}
{% if port.protocol is defined %}
protocol: {{ port.protocol }}
{% endif %}
{% endfor %}
{% endif %}
{% if container.securityContext is defined %}
securityContext:
{% for key, value in container.securityContext.items() %}
{% if value is mapping %}
{{ key }}:
{% for key, value in value.items() %}
{{ key }}: {{ value }}
{% endfor %}
{% else %}
{{ key }}: {{ value }}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}

116
roles/oatakan.rhel_ovirt_template/tasks/provision.yml Normal file
View File

@@ -0,0 +1,116 @@
---
- block:
- include_tasks: make_iso.yml
- include_tasks: provision_vm.yml
- name: refresh inventory
meta: refresh_inventory
- name: clear gathered facts
meta: clear_facts
- name: clear any host errors
meta: clear_host_errors
- name: add host
add_host:
hostname: template_vm
ansible_host: '{{ template_vm_ip_address }}'
host_key_checking: false
ansible_user: "{{ local_account_username }}"
ansible_password: "{{ local_account_password }}"
ansible_port: "{{ vm_ansible_port | default('22') }}"
ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null'
ansible_python_interpreter: auto
- name: run setup module
setup:
delegate_to: template_vm
connection: ssh
- block:
- include_role:
name: oatakan.rhn
apply:
delegate_to: template_vm
connection: ssh
become: yes
- include_role:
name: oatakan.rhel_upgrade
apply:
delegate_to: template_vm
connection: ssh
become: yes
when: install_updates|bool
- include_role:
name: oatakan.rhel_template_build
apply:
delegate_to: template_vm
connection: ssh
become: yes
vars:
target_ovirt: yes
always:
- include_role:
name: oatakan.rhn
apply:
delegate_to: template_vm
connection: ssh
become: yes
vars:
role_action: unregister
- name: force handlers to run before stoppping the vm
meta: flush_handlers
- name: refresh SSO credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: stop_vm.yml
- include_tasks: convert_to_template.yml
- include_tasks: export_ovf.yml
when: export_ovf|bool
rescue:
- name: refresh SSO credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: remove_template.yml
when: remove_vm_on_error|bool
always:
- name: refresh SSO credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: remove_vm.yml
- include_tasks: datastore_iso_remove.yml
- name: remove temporary directory
file:
path: "{{ temp_directory }}"
state: absent
- name: logout from oVirt
ovirt.ovirt.ovirt_auth:
state: absent
ovirt_auth: "{{ ovirt_auth }}"

115
roles/oatakan.rhel_ovirt_template/templates/rhel9/ks.cfg.j2 Normal file
View File

@@ -0,0 +1,115 @@
firewall --disabled
cdrom
lang en_US.UTF-8
keyboard us
timezone UTC
{% if template.networks is defined and template.networks[0].ip is defined and template.networks[0].gateway is defined and template.networks[0].netmask is defined %}
network --bootproto=static --ip={{ template.networks[0].ip }} --netmask={{ template.networks[0].netmask }} --gateway={{ template.networks[0].gateway }}{% if template.networks[0].dns_servers is defined %} --nameserver={{ template.networks[0].dns_servers|join(',') }}{% endif %}
{% else %}
network --bootproto=dhcp
{% endif %}
network --hostname=localhost.localdomain
rootpw {{ local_administrator_password }}
authselect --enableshadow --passalgo=sha512
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
selinux --disabled
{% endif %}
text
skipx
eula --agreed
bootloader --append="no_timer_check"
clearpart --all --initlabel
part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" --asprimary
part /boot --fstype="xfs" --size=1024 --asprimary
part pv.00 --fstype="lvmpv" --size=1 --grow --asprimary
volgroup vg00 --pesize=4096 pv.00
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
authselect --useshadow --enablemd5
firstboot --disabled
services --enabled=NetworkManager,sshd
reboot
# this doesn't seem to work in RHEL 8.0
#user --name={{ local_account_username }} --plaintext --password {{ local_account_password }} --groups={{ local_account_username }},wheel
%packages --ignoremissing --excludedocs
@Base
@Core
openssh-clients
sudo
openssl-devel
readline-devel
zlib-devel
kernel-headers
kernel-devel
gcc
make
perl
curl
wget
ntp
nfs-utils
net-tools
vim
curl
unbound-libs
bzip2
sshpass
openssl
# unnecessary firmware
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
%end
%post
# update root certs
# wget -O/etc/pki/tls/certs/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem --no-check-certificate
# yum reinstall ca-certificates
{% if permit_root_login_with_password %}
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
{% endif %}
# sudo
groupadd {{ local_account_username }}
useradd -g {{ local_account_username }} -G {{ local_account_username }},wheel -d /home/{{ local_account_username }} -m -p $(openssl passwd -1 {{ local_account_password }}) {{ local_account_username }}
yum install -y sudo
echo "{{ local_account_username }} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/{{ local_account_username }}
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config
{% endif %}
yum clean all
%end

3
roles/oatakan.rhel_template_build/.ansible-lint Normal file
View File

@@ -0,0 +1,3 @@
skip_list:
- 'name[casing]'
- 'key-order[task]'

3
roles/oatakan.rhel_template_build/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
parallels_tools_iso_file: "/home/{{ local_account_username }}/prl-tools-lin.iso"

41
roles/oatakan.windows_template_build/tasks/clean_up.yml Normal file
View File

@@ -0,0 +1,41 @@
---
- name: remove page file
win_regedit:
path: HKLM:\System\CurrentControlSet\Control\Session Manager\Memory Management
name: PagingFiles
data: ""
state: present
register: cleanup_pagefile_removal
- name: reboot server after clearing page file
win_reboot:
when: cleanup_pagefile_removal is changed
- name: cleanup the temp folders
win_file:
path: '{{ item }}'
state: absent
ignore_errors: true
loop:
- C:\Temp
- C:\Windows\Panther
- C:\Windows\Temp
- name: cleanup the C:\Recovery folder
win_shell: Remove-Item -Path C:\Recovery -Force -Recurse
ignore_errors: true
- name: check to see if WinSXS ManifestCache folder exist
win_stat:
path: '{{ ansible_env.windir }}\winsxs\ManifestCache'
register: winsxs_dir
- name: clear out the WinSXS ManifestCache folder
win_shell: |
&cmd.exe /c Takeown /f %windir%\winsxs\ManifestCache\*
&cmd.exe /c Icacls %windir%\winsxs\ManifestCache\* /GRANT administrators:F
&cmd.exe /c Del /q %windir%\winsxs\ManifestCache\*
when:
- winsxs_dir.stat is defined
- winsxs_dir.stat.exists

14
roles/oatakan.windows_template_build/tasks/clean_up_components.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: clean up components and update files
win_shell: Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
when: "'Windows Server 2008' not in ansible_distribution"
ignore_errors: true
- include_tasks: clean_up_with_cleanmgr.yml
when: "'Windows Server 2008' in ansible_distribution"
- name: clean up components and update files
win_shell: Dism.exe /online /Cleanup-Image /SpSuperseded
when: "'Windows Server 2008' in ansible_distribution"
ignore_errors: true

64
roles/oatakan.windows_template_build/tasks/clean_up_with_cleanmgr.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- block:
- name: check for cleanmgr executable
win_stat:
path: '{{ ansible_env.windir }}\System32\cleanmgr.exe'
register: check_cleanmgr_file
- include_tasks: copy_cleanmgr.yml
vars:
os_short_name: 2008r2
when:
- not check_cleanmgr_file.stat.exists
- ('Windows Server 2008 R2' in ansible_distribution)
- include_tasks: copy_cleanmgr.yml
vars:
os_short_name: 2012
when:
- not check_cleanmgr_file.stat.exists
- ('Windows Server 2012' in ansible_distribution)
- (not 'Windows Server 2012 R2' in ansible_distribution)
- name: get free space
win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
register: free_space_before_cleanup
- name: ensure cleanup registry paths exist
win_regedit:
path: HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\{{ item }}
loop: "{{ cleanup_registry_keys }}"
- name: set cleanup registry keys
win_regedit:
path: HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\{{ item }}
name: StateFlags0012
data: 2
type: dword
loop: "{{ cleanup_registry_keys }}"
- name: run cleanmgr
win_shell: cleanmgr /sagerun:12
- name: wait for cleanmgr to finish
win_shell: (get-wmiobject win32_process | where-object {$_.processname -eq 'cleanmgr.exe'} | measure).count
register: check_cleanmgr_process
until: check_cleanmgr_process.stdout is defined and check_cleanmgr_process.stdout|int == 0
delay: 5
retries: 300
- name: get free space
win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
register: free_space_after_cleanup
- debug:
msg:
- "Free space before cleanup: {{ ((free_space_before_cleanup.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }} GB"
- "Free space after cleanup: {{ ((free_space_after_cleanup.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }} GB"
rescue:
- name: ignore any errors
debug:
msg: "ignoring any error with clean up with cleanmgr"

8
roles/oatakan.windows_template_build/tasks/disable_auto_logon.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: disable auto login
win_regedit:
path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
name: "{{ item.name }}"
state: absent
loop: "{{ autologin_registry }}"

18
roles/oatakan.windows_template_build/tasks/enable_rdp.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: enable RDP port
win_firewall_rule:
name: Remote Desktop
localport: 3389
action: allow
direction: in
protocol: tcp
state: present
enabled: true
- name: enable RDP
win_regedit:
path: HKLM:\System\CurrentControlSet\Control\Terminal Server
name: fDenyTSConnections
data: 0
type: dword

43
roles/oatakan.windows_template_build/tasks/enable_tlsv12.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- block:
- name: test SSL connection
win_shell: "[System.Net.WebRequest]::Create('https://github.com').GetResponse()"
rescue:
- name: enable TLSv1.2 support
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
name: '{{ item.property }}'
data: '{{ item.value }}'
type: dword
state: present
register: enable_tls12
loop:
- type: Server
property: Enabled
value: 1
- type: Server
property: DisabledByDefault
value: 0
- type: Client
property: Enabled
value: 1
- type: Client
property: DisabledByDefault
value: 0
- name: enable strong crypto
win_regedit:
path: HKLM:\{{ item }}
name: SchUseStrongCrypto
data: 1
type: dword
state: present
loop:
- 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
- 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
- name: reboot if TLS config was applied
win_reboot:
when: enable_tls12 is changed

66
roles/oatakan.windows_template_build/tasks/install_dism.yml Normal file
View File

@@ -0,0 +1,66 @@
---
- block:
- name: ensure Windows ADK with DISM is installed
win_package:
path: https://go.microsoft.com/fwlink/?linkid=873065 # version 10.0.17134.0
product_id: '{{ _product_id }}'
expected_return_code:
- 0
- 3010
arguments: "{{ _arguments | join(' ') }}"
notify:
- get Windows ADK uninstall command
- uninstall Windows ADK
rescue:
- block:
- name: download DISM
win_get_url:
url: https://go.microsoft.com/fwlink/?linkid=873065
dest: '{{ temp_directory }}\adksetup.exe'
register: download_dism
retries: 5
delay: 5
until: download_dism is success
- name: ensure Windows ADK with DISM is installed (retry)
win_package:
path: '{{ temp_directory }}\adksetup.exe' # version 10.0.17134.0
product_id: '{{ _product_id }}'
expected_return_code:
- 0
- 3010
arguments: "{{ _arguments | join(' ') }}"
register: install_dism
ignore_errors: true
notify:
- get Windows ADK uninstall command
- uninstall Windows ADK
rescue:
- name: ensure Windows ADK with DISM is installed (chocolatey)
win_chocolatey:
name: windows-adk-deploy
state: present
version: 10.0.17134.0
register: install_windows_adk_deploy
ignore_errors: true
notify: ensure Windows ADK with DISM is removed
vars:
_product_id: '{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}'
_arguments:
- /quiet
- /norestart
- /features {{ _features | join(' ') }}
_features:
- OptionId.DeploymentTools
- OptionId.WindowsPreinstallationEnvironment
- OptionId.ImagingAndConfigurationDesigner
- OptionId.UserStateMigrationTool
- name: ensure PATH contains Windows ADK
win_path:
scope: machine
state: present
elements: 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM'
- pause:
seconds: 10

96
roles/oatakan.windows_template_build/tasks/remove_apps-alt-2.yml Normal file
View File

@@ -0,0 +1,96 @@
---
- name: remove default apps
win_shell: |
$ErrorActionPreference = "Stop"
$apps = @(
"Microsoft.3DBuilder",
"Microsoft.Appconnector",
"Microsoft.BingFinance",
"Microsoft.BingNews",
"Microsoft.BingSports",
"Microsoft.BingWeather",
"Microsoft.FreshPaint",
"Microsoft.Getstarted",
"Microsoft.MicrosoftOfficeHub",
"Microsoft.MicrosoftSolitaireCollection",
"Microsoft.MicrosoftStickyNotes",
"Microsoft.Office.OneNote",
"Microsoft.OneConnect",
"Microsoft.People",
"Microsoft.SkypeApp",
"Microsoft.Windows.Photos",
"Microsoft.WindowsAlarms",
"Microsoft.WindowsCalculator",
"Microsoft.WindowsCamera",
"Microsoft.WindowsMaps",
"Microsoft.WindowsPhone",
"Microsoft.WindowsSoundRecorder",
"Microsoft.XboxApp",
"Microsoft.ZuneMusic",
"Microsoft.ZuneVideo",
"Microsoft.WindowsCommunicationsApps",
"Microsoft.MinecraftUWP",
"Microsoft.MicrosoftPowerBIForWindows",
"Microsoft.NetworkSpeedTest",
"Microsoft.CommsPhone",
"Microsoft.ConnectivityStore",
"Microsoft.Messaging",
"Microsoft.Office.Sway",
"Microsoft.OneConnect",
"Microsoft.WindowsFeedbackHub",
"Microsoft.BingFoodAndDrink",
"Microsoft.BingTravel",
"Microsoft.BingHealthAndFitness",
"Microsoft.WindowsReadingList",
"Microsoft.MSPaint",
"Microsoft.Microsoft3DViewer",
"Microsoft.Print3D",
"9E2F88E3.Twitter",
"PandoraMediaInc.29680B314EFC2",
"Flipboard.Flipboard",
"ShazamEntertainmentLtd.Shazam",
"king.com.CandyCrushSaga",
"king.com.CandyCrushSodaSaga",
"king.com.*",
"ClearChannelRadioDigital.iHeartRadio",
"4DF9E0F8.Netflix",
"6Wunderkinder.Wunderlist",
"Drawboard.DrawboardPDF",
"2FE3CB00.PicsArt-PhotoStudio",
"D52A8D61.FarmVille2CountryEscape",
"TuneIn.TuneInRadio",
"GAMELOFTSA.Asphalt8Airborne",
"TheNewYorkTimes.NYTCrossword",
"DB6EA5DB.CyberLinkMediaSuiteEssentials",
"Facebook.Facebook",
"flaregamesGmbH.RoyalRevolt2",
"Playtika.CaesarsSlotsFreeCasino",
"A278AB0D.MarchofEmpires",
"KeeperSecurityInc.Keeper",
"ThumbmunkeysLtd.PhototasticCollage",
"XINGAG.XING",
"89006A2E.AutodeskSketchBook",
"D5EA27B7.Duolingo-LearnLanguagesforFree",
"46928bounde.EclipseManager",
"ActiproSoftwareLLC.562882FEEB491"
)
foreach ($app in $apps) {
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like $app } | Remove-AppxProvisionedPackage -Online
}
register: cleanup_win10_remove
until: cleanup_win10_remove is successful
retries: 5
delay: 1
ignore_errors: true
- name: prevent suggested applications from returning
win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content
name: DisableWindowsConsumerFeatures
data: 1
datatype: dword
- name: reboot to effect pending changes
win_reboot:

30
roles/oatakan.windows_template_build/tasks/remove_apps-alt.yml Normal file
View File

@@ -0,0 +1,30 @@
---
- name: remove user apps
script: RemoveUserApps.ps1
register: cleanup_win10_remove
until: cleanup_win10_remove is successful
retries: 3
delay: 1
ignore_errors: true
#- name: disable windows store
# win_regedit:
# path: HKLM:\Software\Policies\Microsoft\WindowsStore
# name: AutoDownload
# data: 00000002
# type: dword
#
#- name: disable content delivery manager
# win_regedit:
# path: HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
# name: SilentInstalledAppsEnabled
# data: 00000000
# type: dword
#
#- name: disable windows store
# win_regedit:
# path: HKLM:\Software\Policies\Microsoft\Windows\CloudContent
# name: DisableWindowsConsumerFeatures
# data: 00000001
# type: dword

97
roles/oatakan.windows_template_build/tasks/remove_apps.yml Normal file
View File

@@ -0,0 +1,97 @@
---
- name: Setup the xWebAdministration module
win_psmodule:
name: DSCR_AppxPackage
state: present
- name: remove packages
win_dsc:
resource_name: cAppxProvisionedPackageSet
Ensure: Absent
PackageName:
- Microsoft.3DBuilder
- Microsoft.Appconnector
- Microsoft.BingFinance
- Microsoft.BingNews
- Microsoft.BingSports
- Microsoft.BingWeather
- Microsoft.FreshPaint
- Microsoft.Getstarted
- Microsoft.MicrosoftOfficeHub
- Microsoft.MicrosoftSolitaireCollection
- Microsoft.MicrosoftStickyNotes
- Microsoft.Office.OneNote
- Microsoft.OneConnect
- Microsoft.People
- Microsoft.SkypeApp
- Microsoft.Windows.Photos
- Microsoft.WindowsAlarms
- Microsoft.WindowsCalculator
- Microsoft.WindowsCamera
- Microsoft.WindowsMaps
- Microsoft.WindowsPhone
- Microsoft.WindowsSoundRecorder
- Microsoft.XboxApp
- Microsoft.ZuneMusic
- Microsoft.ZuneVideo
- Microsoft.WindowsCommunicationsApps
- Microsoft.MinecraftUWP
- Microsoft.MicrosoftPowerBIForWindows
- Microsoft.NetworkSpeedTest
- Microsoft.CommsPhone
- Microsoft.ConnectivityStore
- Microsoft.Messaging
- Microsoft.Office.Sway
- Microsoft.OneConnect
- Microsoft.WindowsFeedbackHub
- Microsoft.BingFoodAndDrink
- Microsoft.BingTravel
- Microsoft.BingHealthAndFitness
- Microsoft.WindowsReadingList
- Microsoft.MSPaint
- Microsoft.Microsoft3DViewer
- Microsoft.Print3D
- 9E2F88E3.Twitter
- PandoraMediaInc.29680B314EFC2
- Flipboard.Flipboard
- ShazamEntertainmentLtd.Shazam
- king.com.CandyCrushSaga
- king.com.CandyCrushSodaSaga
- king.com.*
- ClearChannelRadioDigital.iHeartRadio
- 4DF9E0F8.Netflix
- 6Wunderkinder.Wunderlist
- Drawboard.DrawboardPDF
- 2FE3CB00.PicsArt-PhotoStudio
- D52A8D61.FarmVille2CountryEscape
- TuneIn.TuneInRadio
- GAMELOFTSA.Asphalt8Airborne
- TheNewYorkTimes.NYTCrossword
- DB6EA5DB.CyberLinkMediaSuiteEssentials
- Facebook.Facebook
- flaregamesGmbH.RoyalRevolt2
- Playtika.CaesarsSlotsFreeCasino
- A278AB0D.MarchofEmpires
- KeeperSecurityInc.Keeper
- ThumbmunkeysLtd.PhototasticCollage
- XINGAG.XING
- 89006A2E.AutodeskSketchBook
- D5EA27B7.Duolingo-LearnLanguagesforFree
- 46928bounde.EclipseManager
- ActiproSoftwareLLC.562882FEEB491-
register: cleanup_win10_remove
until: cleanup_win10_remove is successful
retries: 3
delay: 1
ignore_errors: true
- name: prevent suggested applications from returning
win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content
name: DisableWindowsConsumerFeatures
data: 1
datatype: dword
- name: reboot to effect pending changes
win_reboot:

33
roles/oatakan.windows_template_build/tasks/remove_onedrive.yml Normal file
View File

@@ -0,0 +1,33 @@
---
- name: kill onedrive process
win_shell: Stop-Process -Name OneDrive
ignore_errors: true
- name: uninstall onedrive
win_shell: '{{ ansible_env.SystemRoot }}\SysWOW64\OneDriveSetup.exe /uninstall'
ignore_errors: true
- name: remove onedrivesync package
win_shell: get-appxpackage *Microsoft.OneDriveSync* | remove-appxpackage -AllUsers
ignore_errors: true
- name: remove onedrive directories
win_file:
path: '{{ item }}'
state: absent
ignore_errors: true
loop:
- '{{ ansible_env.USERPROFILE }}\OneDrive'
- '{{ ansible_env.LOCALAPPDATA }}\Microsoft\OneDrive'
- '{{ ansible_env.ProgramData }}\Microsoft OneDrive'
- C:\OneDriveTemp
- name: delete registry keys
win_regedit:
path: '{{ item }}'
state: absent
delete_key: true
loop:
- HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}
- HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}

13
roles/oatakan.windows_template_build/tasks/update_agent_win2008.yml Normal file
View File

@@ -0,0 +1,13 @@
---
# this updates windows update which is needed to install further updates
# see https://docs.microsoft.com/en-US/troubleshoot/windows-client/deployment/update-windows-update-agent
- name: ensure Windows Update Agent on 2008 is installed
win_package:
path: "{{ windows_update_agent_url }}"
arguments:
- /quiet
- /norestart
- /wuforce
creates_path: C:\Windows\System32\wuaueng.dll
creates_version: 7.6.7600.320

10
roles/oatakan.windows_update/tasks/force_user_registry.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: disable force unload registry - {{ task_state | default('present') }}
win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\System
name: DisableForceUnload
data: 1
type: dword
state: "{{ task_state | default('present') }}"
register: disable_force_unload_registry

66
roles/oatakan.windows_update/tasks/install_dism.yml Normal file
View File

@@ -0,0 +1,66 @@
---
- block:
- name: ensure Windows ADK with DISM is installed
win_package:
path: https://go.microsoft.com/fwlink/?linkid=873065 # version 10.0.17134.0
product_id: '{{ _product_id }}'
expected_return_code:
- 0
- 3010
arguments: "{{ _arguments | join(' ') }}"
notify:
- get Windows ADK uninstall command
- uninstall Windows ADK
rescue:
- block:
- name: download DISM
win_get_url:
url: https://go.microsoft.com/fwlink/?linkid=873065
dest: '{{ temp_directory }}\adksetup.exe'
register: download_dism
retries: 5
delay: 5
until: download_dism is success
- name: ensure Windows ADK with DISM is installed (retry)
win_package:
path: '{{ temp_directory }}\adksetup.exe' # version 10.0.17134.0
product_id: '{{ _product_id }}'
expected_return_code:
- 0
- 3010
arguments: "{{ _arguments | join(' ') }}"
register: install_dism
ignore_errors: true
notify:
- get Windows ADK uninstall command
- uninstall Windows ADK
rescue:
- name: ensure Windows ADK with DISM is installed (chocolatey)
win_chocolatey:
name: windows-adk-deploy
state: present
version: 10.0.17134.0
register: install_windows_adk_deploy
ignore_errors: true
notify: ensure Windows ADK with DISM is removed
vars:
_product_id: '{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}'
_arguments:
- /quiet
- /norestart
- /features {{ _features | join(' ') }}
_features:
- OptionId.DeploymentTools
- OptionId.WindowsPreinstallationEnvironment
- OptionId.ImagingAndConfigurationDesigner
- OptionId.UserStateMigrationTool
- name: ensure PATH contains Windows ADK
win_path:
scope: machine
state: present
elements: 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM'
- pause:
seconds: 10