Merge pull request redhat-cop#84 from sborenst/ans-tower-windows-ad

Ans tower windows ad
bbethell-1 · Sep 27, 2017 · 8776cd5 · 8776cd5
2 parents 99d4287 + ae3085d
commit 8776cd5
Show file tree

Hide file tree

Showing 10 changed files with 111 additions and 15 deletions.
diff --git a/ansible/configs/ans-tower-lab/env_vars.yml b/ansible/configs/ans-tower-lab/env_vars.yml
@@ -16,7 +16,7 @@
 ### Common Host settings
 
 repo_method: file # Other Options are: file, satellite and rhn
-
+windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg=='
 
 # Do you want to run a full yum update
 update_packages: false
@@ -133,6 +133,10 @@ tower_public_dns: "towerlb.{{subdomain_base}}."
 #tower_public_dns: "tower.{{subdomain_base}}."
 bastion_public_dns: "bastion.{{subdomain_base}}."
 bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
+
+activedirectory_public_dns: "ad.{{subdomain_base}}."
+activedirectory_public_dns_chomped: "ad.{{subdomain_base}}"
+
 vpcid_cidr_block: "192.168.0.0/16"
 vpcid_name_tag: "{{subdomain_base}}"
 

diff --git a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2
@@ -4,40 +4,41 @@
   "Mappings": {
     "RegionMapping": {
       "us-east-1": {
-        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-7da4ab6b"
+        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd"
       },
       "us-east-2": {
-        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-ffae8f9a"
+        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938"
       },
       "us-west-1": {
-        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-a11836c1"
+        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5"
       },
       "us-west-2": {
-        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-a1c1ddd8"
+        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944"
       },
       "eu-west-1": {
-        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-cc8e98a8"
+        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214"
       },
       "eu-central-1": {
-        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-da1ebdb5"
+        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec"
       },
       "ap-northeast-1": {
-        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-4312cc2d"
+        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4"
       },
       "ap-northeast-2": {
-        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-68756f0f"
+        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267"
       },
       "ap-southeast-1": {
-        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315"
+        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab"
       },
       "ap-southeast-2": {
-        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-468f9225"
+        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925"
       },
       "sa-east-1": {
-        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4"
+        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c
+"
       },
       "ap-south-1": {
-        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-8eafd6e1"
+        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed"
       }
     },
     "DNSMapping": {
@@ -226,6 +227,28 @@
         }
       }
     },
+    "WindowsDNS": {
+      "Type": "AWS::Route53::RecordSetGroup",
+      "DependsOn": [ "Windows1EIP" ],
+      "Properties": {
+        "HostedZoneId": "{{HostedZoneId}}",
+        "RecordSets": [
+          {
+            "Name": "{{activedirectory_public_dns}}",
+            "Type": "A",
+            "TTL": "10",
+            "ResourceRecords": [
+              {
+                "Fn::GetAtt": [
+                  "windows1",
+                  "PublicIp"
+                ]
+              }
+            ]
+          }
+        ]
+      }
+    },
     "BastionDNS": {
       "Type": "AWS::Route53::RecordSetGroup",
       "DependsOn": [ "BastionEIP" ],
@@ -857,7 +880,12 @@
       }
 
     },
-
+    "Windows{{loop.index}}EIP" : {
+    "Type" : "AWS::EC2::EIP",
+    "DependsOn": [ "windows{{loop.index}}" ],
+    "Properties" : {
+     "InstanceId" : { "Ref" : "windows{{loop.index}}" }
+    }},
     "windows{{loop.index}}DNS": {
       "Type": "AWS::Route53::RecordSetGroup",
       "Properties": {

diff --git a/ansible/configs/ans-tower-lab/post_software.yml b/ansible/configs/ans-tower-lab/post_software.yml
@@ -8,6 +8,27 @@
     - debug:
         msg: "Post-Software tasks Started"
 
+- name: Configure windows AD on first windows machine
+  hosts:
+    - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_ostype_windows') | replace('-', '_') }}[0]"
+  gather_facts: False
+  vars_files:
+    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
+    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
+    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
+  tags:
+    - step004
+    - common_tasks
+    - windows_tasks
+  roles:
+    - role: "{{ ANSIBLE_REPO_PATH }}/roles/windows-ad"
+  tasks:
+    - name: Reboot upon promotion
+      win_reboot:
+
+    - name: Wait for connection
+      wait_for_connection:
+
 - name: PostSoftware flight-check
   hosts: localhost
   connection: local

diff --git a/ansible/configs/ans-tower-lab/pre_infra.yml b/ansible/configs/ans-tower-lab/pre_infra.yml
@@ -32,6 +32,7 @@
       - name: set_fact windows_password (just generated)
         set_fact:
           generated_windows_password: "{{ password_gen_r.stdout }}"
+          windows_password: "{{ password_gen_r.stdout }}"
         when: not passwordfile.stat.exists
 
       - name: set_fact windows_password (previously generated)

diff --git a/ansible/configs/ans-tower-lab/pre_software.yml b/ansible/configs/ans-tower-lab/pre_software.yml
@@ -69,6 +69,7 @@
 
 - name: Place Tower License from env_secret_vars on bastion
   hosts: "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') }}"
+  become: yes
   vars_files:
     - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
     - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
@@ -77,6 +78,7 @@
     - place_tower_license_file
   tasks:
     - blockinfile:
+        create: yes
         path: /root/tower_license.txt
         block: "{{tower_license}}"
       when: tower_license is defined

diff --git a/ansible/configs/three-tier-app/README.adoc b/ansible/configs/three-tier-app/README.adoc
@@ -87,6 +87,7 @@ HOSTZONEID='Z3IHLWJZOU9SRT'
 BASESUFFIX='.example.opentlc.com'
 #To Destroy an Env
 ansible-playbook -i inventory/${CLOUDPROVIDER}.py ./configs/${ENVTYPE}/destroy_env.yml \
+    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
  -e "guid=${GUID}" -e "env_type=${ENVTYPE}"  -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}"  \
  -e "HostedZoneId=${HOSTZONEID}"  -e "key_name=${KEYNAME}"  -e "subdomain_base_suffix=${BASESUFFIX}"
 

diff --git a/ansible/roles/set-repositories/tasks/rhn-repos.yml b/ansible/roles/set-repositories/tasks/rhn-repos.yml
@@ -21,7 +21,7 @@
 
 # TODO: should take pool ids from a var
 - name: get product pool id
-  shell: /usr/bin/subscription-manager list --all --available --matches="*OpenShift Container Platform*" | awk '/Pool ID/ {print $3}' | head -1
+  shell: /usr/bin/subscription-manager list --all --available --matches="*{{rhn_pool_id_string}}*" | awk '/Pool ID/ {print $3}' | head -1
   # command: subscription-manager list --all --available --matches="OpenShift Container Platform" | awk '/Pool ID/ {print $3}' | head -1
   register: pool_id
   until: pool_id | succeeded

diff --git a/ansible/roles/windows-ad/defaults/main.yml b/ansible/roles/windows-ad/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+#ad_domain_name: "{{ ec2_tag_internaldns }}"
+ad_domain_name: "{{activedirectory_public_dns_chomped}}"
+ad_safe_mode_password: "{{ windows_password | default(generated_windows_password) }}"
+ad_admin_user: "admin@{{ ad_domain_name}}"
+ad_admin_password: "{{ windows_password | default(generated_windows_password) }}"
diff --git a/ansible/roles/windows-ad/tasks/main.yml b/ansible/roles/windows-ad/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Install AD-Domain-Services feature
+  win_feature:
+    name: AD-Domain-Services
+    include_management_tools: yes
+    include_sub_features: yes
+
+
+- name: Setup Active Directory Controller
+  win_domain:
+    dns_domain_name: "{{ ad_domain_name }}"
+    safe_mode_password: "{{ windows_password }}"
+  register: active_directory_controllers
+
+- name: reboot once DC created
+  win_reboot:
+  when: active_directory_controllers.reboot_required
+
+- name: List DCs in domain
+  win_shell: "nltest /dclist:{{ ad_domain_name }}"
+  register: domain_list
+
+- debug:
+    var: domain_list
diff --git a/ansible/roles/windows-common/tasks/main.yml b/ansible/roles/windows-common/tasks/main.yml
@@ -1,3 +1,12 @@
 ---
+# pip install pywinrm
+
+
 - include: sshd.yml
   when: install_win_ssh | bool
+
+- win_shell: "systeminfo | findstr /C:OS"
+  register: windows_system_info
+
+- debug:
+    var: windows_system_info