From 4e49fc2ff1a204d2b0aca0c6d7f4b65767182652 Mon Sep 17 00:00:00 2001
From: sborenst <shachar.borenstein@gmail.com>
Date: Tue, 26 Sep 2017 16:56:08 +1000
Subject: [PATCH] initial working version of windows-ad for ans-tower-lab

---
 ansible/configs/ans-tower-lab/env_vars.yml    |  6 +++-
 .../cloud_providers/ec2_cloud_template.j2     | 31 +++++++++++++++++--
 ansible/configs/ans-tower-lab/pre_infra.yml   |  1 +
 .../configs/ans-tower-lab/pre_software.yml    |  2 ++
 .../set-repositories/tasks/rhn-repos.yml      |  2 +-
 ansible/roles/windows-ad/defaults/main.yml    |  3 +-
 ansible/roles/windows-ad/tasks/main.yml       | 23 +++++++++-----
 ansible/roles/windows-common/tasks/main.yml   |  9 ++++++
 8 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/ansible/configs/ans-tower-lab/env_vars.yml b/ansible/configs/ans-tower-lab/env_vars.yml
index f27d5d2f2d2..54f1809bf41 100644
--- a/ansible/configs/ans-tower-lab/env_vars.yml
+++ b/ansible/configs/ans-tower-lab/env_vars.yml
@@ -16,7 +16,7 @@
 ### Common Host settings
 
 repo_method: file # Other Options are: file, satellite and rhn
-
+windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg=='
 
 # Do you want to run a full yum update
 update_packages: false
@@ -133,6 +133,10 @@ tower_public_dns: "towerlb.{{subdomain_base}}."
 #tower_public_dns: "tower.{{subdomain_base}}."
 bastion_public_dns: "bastion.{{subdomain_base}}."
 bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
+
+activedirectory_public_dns: "ad.{{subdomain_base}}."
+activedirectory_public_dns_chomped: "ad.{{subdomain_base}}"
+
 vpcid_cidr_block: "192.168.0.0/16"
 vpcid_name_tag: "{{subdomain_base}}"
 
diff --git a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2
index a83fa0b3008..b958dffb55b 100644
--- a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2
+++ b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2
@@ -31,7 +31,7 @@
         "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315"
       },
       "ap-southeast-2": {
-        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-468f9225"
+        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925"
       },
       "sa-east-1": {
         "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4"
@@ -226,6 +226,28 @@
         }
       }
     },
+    "WindowsDNS": {
+      "Type": "AWS::Route53::RecordSetGroup",
+      "DependsOn": [ "Windows1EIP" ],
+      "Properties": {
+        "HostedZoneId": "{{HostedZoneId}}",
+        "RecordSets": [
+          {
+            "Name": "{{activedirectory_public_dns}}",
+            "Type": "A",
+            "TTL": "10",
+            "ResourceRecords": [
+              {
+                "Fn::GetAtt": [
+                  "windows1",
+                  "PublicIp"
+                ]
+              }
+            ]
+          }
+        ]
+      }
+    },
     "BastionDNS": {
       "Type": "AWS::Route53::RecordSetGroup",
       "DependsOn": [ "BastionEIP" ],
@@ -833,7 +855,12 @@
       }
 
     },
-
+    "Windows{{loop.index}}EIP" : {
+    "Type" : "AWS::EC2::EIP",
+    "DependsOn": [ "windows{{loop.index}}" ],
+    "Properties" : {
+     "InstanceId" : { "Ref" : "windows{{loop.index}}" }
+    }},
     "windows{{loop.index}}DNS": {
       "Type": "AWS::Route53::RecordSetGroup",
       "Properties": {
diff --git a/ansible/configs/ans-tower-lab/pre_infra.yml b/ansible/configs/ans-tower-lab/pre_infra.yml
index 76f731358c1..1c729639fdd 100644
--- a/ansible/configs/ans-tower-lab/pre_infra.yml
+++ b/ansible/configs/ans-tower-lab/pre_infra.yml
@@ -32,6 +32,7 @@
       - name: set_fact windows_password (just generated)
         set_fact:
           generated_windows_password: "{{ password_gen_r.stdout }}"
+          windows_password: "{{ password_gen_r.stdout }}"
         when: not passwordfile.stat.exists
 
       - name: set_fact windows_password (previously generated)
diff --git a/ansible/configs/ans-tower-lab/pre_software.yml b/ansible/configs/ans-tower-lab/pre_software.yml
index ede5a7e19ba..d228103ed00 100644
--- a/ansible/configs/ans-tower-lab/pre_software.yml
+++ b/ansible/configs/ans-tower-lab/pre_software.yml
@@ -69,6 +69,7 @@
 
 - name: Place Tower License from env_secret_vars on bastion
   hosts: "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') }}"
+  become: yes
   vars_files:
     - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
     - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
@@ -77,6 +78,7 @@
     - place_tower_license_file
   tasks:
     - blockinfile:
+        create: yes
         path: /root/tower_license.txt
         block: "{{tower_license}}"
       when: tower_license is defined
diff --git a/ansible/roles/set-repositories/tasks/rhn-repos.yml b/ansible/roles/set-repositories/tasks/rhn-repos.yml
index 053ca2b9055..5d0073e6038 100644
--- a/ansible/roles/set-repositories/tasks/rhn-repos.yml
+++ b/ansible/roles/set-repositories/tasks/rhn-repos.yml
@@ -21,7 +21,7 @@
 
 # TODO: should take pool ids from a var
 - name: get product pool id
-  shell: /usr/bin/subscription-manager list --all --available --matches="*OpenShift Container Platform*" | awk '/Pool ID/ {print $3}' | head -1
+  shell: /usr/bin/subscription-manager list --all --available --matches="*{{rhn_pool_id_string}}*" | awk '/Pool ID/ {print $3}' | head -1
   # command: subscription-manager list --all --available --matches="OpenShift Container Platform" | awk '/Pool ID/ {print $3}' | head -1
   register: pool_id
   until: pool_id | succeeded
diff --git a/ansible/roles/windows-ad/defaults/main.yml b/ansible/roles/windows-ad/defaults/main.yml
index e3ddc16e6d8..f6db94524e3 100644
--- a/ansible/roles/windows-ad/defaults/main.yml
+++ b/ansible/roles/windows-ad/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
-ad_domain_name: "{{ ec2_tag_internaldns }}"
+#ad_domain_name: "{{ ec2_tag_internaldns }}"
+ad_domain_name: "{{activedirectory_public_dns_chomped}}"
 ad_safe_mode_password: "{{ windows_password | default(generated_windows_password) }}"
 ad_admin_user: "admin@{{ ad_domain_name}}"
 ad_admin_password: "{{ windows_password | default(generated_windows_password) }}"
diff --git a/ansible/roles/windows-ad/tasks/main.yml b/ansible/roles/windows-ad/tasks/main.yml
index 6cced2eca58..3b0cd1e451e 100644
--- a/ansible/roles/windows-ad/tasks/main.yml
+++ b/ansible/roles/windows-ad/tasks/main.yml
@@ -5,11 +5,20 @@
     include_management_tools: yes
     include_sub_features: yes
 
-- name: Promote to domain controller
-  win_domain_controller:
+
+- name: Setup Active Directory Controller
+  win_domain:
     dns_domain_name: "{{ ad_domain_name }}"
-    safe_mode_password: "{{ ad_safe_mode_password }}"
-    domain_admin_user: "{{ ad_admin_user }}"
-    domain_admin_password: "{{ ad_admin_password }}"
-    state: domain_controller
-  register: result
+    safe_mode_password: "{{ windows_password }}"
+  register: active_directory_controllers
+
+- name: reboot once DC created
+  win_reboot:
+  when: active_directory_controllers.reboot_required
+
+- name: List DCs in domain
+  win_shell: "nltest /dclist:{{ ad_domain_name }}"
+  register: domain_list
+
+- debug:
+    var: domain_list
diff --git a/ansible/roles/windows-common/tasks/main.yml b/ansible/roles/windows-common/tasks/main.yml
index e7783901972..224a0fdcd9f 100644
--- a/ansible/roles/windows-common/tasks/main.yml
+++ b/ansible/roles/windows-common/tasks/main.yml
@@ -1,3 +1,12 @@
 ---
+# pip install pywinrm
+
+
 - include: sshd.yml
   when: install_win_ssh | bool
+
+- win_shell: "systeminfo | findstr /C:OS"
+  register: windows_system_info
+
+- debug:
+    var: windows_system_info