From a7f5ba7672cb676cf2ce940abfbe61de77200e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillaume=20Cor=C3=A9?= Date: Mon, 25 Sep 2017 17:02:30 +0200 Subject: [PATCH 1/4] install AD for first windows server WIP error is : TASK [/home/user/Git/ansible_agnostic_deployer/ansible/roles/windows-ad : Promote to domain controller] *********************************************************************************************************** fatal: [ec2-18-194-77-76.eu-central-1.compute.amazonaws.com]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Exception calling \"Run\" with \"1\" argument(s): \"Exception calling \"Invoke\" with \r\n\"0\" argument(s): \"Command execution stopped because the preference variable \r\n\"ErrorActionPreference\" or common parameter is set to Stop: Verification of \r\nuser credential permissions failed. An Ac tive Directory domain controller for \r\nthe domain \"windows1.testgucore.internal\" could not be contacted.\r\nEnsure that you supplied the correct DNS domain name.\r\n\"\"\r\nAt line:47 char:5\r\n+ $output = $entrypoint.Run($payload)\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordE \r\n xception\r\n + FullyQualifiedErrorId : Script MethodRuntimeException\r\n \r\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} --- .../configs/ans-tower-lab/post_software.yml | 21 +++++++++++++++++++ ansible/roles/windows-ad/defaults/main.yml | 5 +++++ ansible/roles/windows-ad/tasks/main.yml | 15 +++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 ansible/roles/windows-ad/defaults/main.yml create mode 100644 ansible/roles/windows-ad/tasks/main.yml diff --git a/ansible/configs/ans-tower-lab/post_software.yml b/ansible/configs/ans-tower-lab/post_software.yml index a3c2045d951..f3c8bafd1ff 100644 --- a/ansible/configs/ans-tower-lab/post_software.yml +++ b/ansible/configs/ans-tower-lab/post_software.yml @@ -8,6 +8,27 @@ - debug: msg: "Post-Software tasks Started" +- name: Configure windows AD on first windows machine + hosts: + - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_ostype_windows') | replace('-', '_') }}[0]" + gather_facts: False + vars_files: + - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" + - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" + - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml" + tags: + - step004 + - common_tasks + - windows_tasks + roles: + - role: "{{ ANSIBLE_REPO_PATH }}/roles/windows-ad" + tasks: + - name: Reboot upon promotion + win_reboot: + + - name: Wait for connection + wait_for_connection: + - name: PostSoftware flight-check hosts: localhost connection: local diff --git a/ansible/roles/windows-ad/defaults/main.yml b/ansible/roles/windows-ad/defaults/main.yml new file mode 100644 index 00000000000..e3ddc16e6d8 --- /dev/null +++ b/ansible/roles/windows-ad/defaults/main.yml @@ -0,0 +1,5 @@ +--- +ad_domain_name: "{{ ec2_tag_internaldns }}" +ad_safe_mode_password: "{{ windows_password | default(generated_windows_password) }}" +ad_admin_user: "admin@{{ ad_domain_name}}" +ad_admin_password: "{{ windows_password | default(generated_windows_password) }}" diff --git a/ansible/roles/windows-ad/tasks/main.yml b/ansible/roles/windows-ad/tasks/main.yml new file mode 100644 index 00000000000..6cced2eca58 --- /dev/null +++ b/ansible/roles/windows-ad/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Install AD-Domain-Services feature + win_feature: + name: AD-Domain-Services + include_management_tools: yes + include_sub_features: yes + +- name: Promote to domain controller + win_domain_controller: + dns_domain_name: "{{ ad_domain_name }}" + safe_mode_password: "{{ ad_safe_mode_password }}" + domain_admin_user: "{{ ad_admin_user }}" + domain_admin_password: "{{ ad_admin_password }}" + state: domain_controller + register: result From 4e49fc2ff1a204d2b0aca0c6d7f4b65767182652 Mon Sep 17 00:00:00 2001 From: sborenst Date: Tue, 26 Sep 2017 16:56:08 +1000 Subject: [PATCH 2/4] initial working version of windows-ad for ans-tower-lab --- ansible/configs/ans-tower-lab/env_vars.yml | 6 +++- .../cloud_providers/ec2_cloud_template.j2 | 31 +++++++++++++++++-- ansible/configs/ans-tower-lab/pre_infra.yml | 1 + .../configs/ans-tower-lab/pre_software.yml | 2 ++ .../set-repositories/tasks/rhn-repos.yml | 2 +- ansible/roles/windows-ad/defaults/main.yml | 3 +- ansible/roles/windows-ad/tasks/main.yml | 23 +++++++++----- ansible/roles/windows-common/tasks/main.yml | 9 ++++++ 8 files changed, 65 insertions(+), 12 deletions(-) diff --git a/ansible/configs/ans-tower-lab/env_vars.yml b/ansible/configs/ans-tower-lab/env_vars.yml index f27d5d2f2d2..54f1809bf41 100644 --- a/ansible/configs/ans-tower-lab/env_vars.yml +++ b/ansible/configs/ans-tower-lab/env_vars.yml @@ -16,7 +16,7 @@ ### Common Host settings repo_method: file # Other Options are: file, satellite and rhn - +windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==' # Do you want to run a full yum update update_packages: false @@ -133,6 +133,10 @@ tower_public_dns: "towerlb.{{subdomain_base}}." #tower_public_dns: "tower.{{subdomain_base}}." bastion_public_dns: "bastion.{{subdomain_base}}." bastion_public_dns_chomped: "bastion.{{subdomain_base}}" + +activedirectory_public_dns: "ad.{{subdomain_base}}." +activedirectory_public_dns_chomped: "ad.{{subdomain_base}}" + vpcid_cidr_block: "192.168.0.0/16" vpcid_name_tag: "{{subdomain_base}}" diff --git a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 index a83fa0b3008..b958dffb55b 100644 --- a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 +++ b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 @@ -31,7 +31,7 @@ "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315" }, "ap-southeast-2": { - "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-468f9225" + "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925" }, "sa-east-1": { "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4" @@ -226,6 +226,28 @@ } } }, + "WindowsDNS": { + "Type": "AWS::Route53::RecordSetGroup", + "DependsOn": [ "Windows1EIP" ], + "Properties": { + "HostedZoneId": "{{HostedZoneId}}", + "RecordSets": [ + { + "Name": "{{activedirectory_public_dns}}", + "Type": "A", + "TTL": "10", + "ResourceRecords": [ + { + "Fn::GetAtt": [ + "windows1", + "PublicIp" + ] + } + ] + } + ] + } + }, "BastionDNS": { "Type": "AWS::Route53::RecordSetGroup", "DependsOn": [ "BastionEIP" ], @@ -833,7 +855,12 @@ } }, - + "Windows{{loop.index}}EIP" : { + "Type" : "AWS::EC2::EIP", + "DependsOn": [ "windows{{loop.index}}" ], + "Properties" : { + "InstanceId" : { "Ref" : "windows{{loop.index}}" } + }}, "windows{{loop.index}}DNS": { "Type": "AWS::Route53::RecordSetGroup", "Properties": { diff --git a/ansible/configs/ans-tower-lab/pre_infra.yml b/ansible/configs/ans-tower-lab/pre_infra.yml index 76f731358c1..1c729639fdd 100644 --- a/ansible/configs/ans-tower-lab/pre_infra.yml +++ b/ansible/configs/ans-tower-lab/pre_infra.yml @@ -32,6 +32,7 @@ - name: set_fact windows_password (just generated) set_fact: generated_windows_password: "{{ password_gen_r.stdout }}" + windows_password: "{{ password_gen_r.stdout }}" when: not passwordfile.stat.exists - name: set_fact windows_password (previously generated) diff --git a/ansible/configs/ans-tower-lab/pre_software.yml b/ansible/configs/ans-tower-lab/pre_software.yml index ede5a7e19ba..d228103ed00 100644 --- a/ansible/configs/ans-tower-lab/pre_software.yml +++ b/ansible/configs/ans-tower-lab/pre_software.yml @@ -69,6 +69,7 @@ - name: Place Tower License from env_secret_vars on bastion hosts: "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') }}" + become: yes vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" @@ -77,6 +78,7 @@ - place_tower_license_file tasks: - blockinfile: + create: yes path: /root/tower_license.txt block: "{{tower_license}}" when: tower_license is defined diff --git a/ansible/roles/set-repositories/tasks/rhn-repos.yml b/ansible/roles/set-repositories/tasks/rhn-repos.yml index 053ca2b9055..5d0073e6038 100644 --- a/ansible/roles/set-repositories/tasks/rhn-repos.yml +++ b/ansible/roles/set-repositories/tasks/rhn-repos.yml @@ -21,7 +21,7 @@ # TODO: should take pool ids from a var - name: get product pool id - shell: /usr/bin/subscription-manager list --all --available --matches="*OpenShift Container Platform*" | awk '/Pool ID/ {print $3}' | head -1 + shell: /usr/bin/subscription-manager list --all --available --matches="*{{rhn_pool_id_string}}*" | awk '/Pool ID/ {print $3}' | head -1 # command: subscription-manager list --all --available --matches="OpenShift Container Platform" | awk '/Pool ID/ {print $3}' | head -1 register: pool_id until: pool_id | succeeded diff --git a/ansible/roles/windows-ad/defaults/main.yml b/ansible/roles/windows-ad/defaults/main.yml index e3ddc16e6d8..f6db94524e3 100644 --- a/ansible/roles/windows-ad/defaults/main.yml +++ b/ansible/roles/windows-ad/defaults/main.yml @@ -1,5 +1,6 @@ --- -ad_domain_name: "{{ ec2_tag_internaldns }}" +#ad_domain_name: "{{ ec2_tag_internaldns }}" +ad_domain_name: "{{activedirectory_public_dns_chomped}}" ad_safe_mode_password: "{{ windows_password | default(generated_windows_password) }}" ad_admin_user: "admin@{{ ad_domain_name}}" ad_admin_password: "{{ windows_password | default(generated_windows_password) }}" diff --git a/ansible/roles/windows-ad/tasks/main.yml b/ansible/roles/windows-ad/tasks/main.yml index 6cced2eca58..3b0cd1e451e 100644 --- a/ansible/roles/windows-ad/tasks/main.yml +++ b/ansible/roles/windows-ad/tasks/main.yml @@ -5,11 +5,20 @@ include_management_tools: yes include_sub_features: yes -- name: Promote to domain controller - win_domain_controller: + +- name: Setup Active Directory Controller + win_domain: dns_domain_name: "{{ ad_domain_name }}" - safe_mode_password: "{{ ad_safe_mode_password }}" - domain_admin_user: "{{ ad_admin_user }}" - domain_admin_password: "{{ ad_admin_password }}" - state: domain_controller - register: result + safe_mode_password: "{{ windows_password }}" + register: active_directory_controllers + +- name: reboot once DC created + win_reboot: + when: active_directory_controllers.reboot_required + +- name: List DCs in domain + win_shell: "nltest /dclist:{{ ad_domain_name }}" + register: domain_list + +- debug: + var: domain_list diff --git a/ansible/roles/windows-common/tasks/main.yml b/ansible/roles/windows-common/tasks/main.yml index e7783901972..224a0fdcd9f 100644 --- a/ansible/roles/windows-common/tasks/main.yml +++ b/ansible/roles/windows-common/tasks/main.yml @@ -1,3 +1,12 @@ --- +# pip install pywinrm + + - include: sshd.yml when: install_win_ssh | bool + +- win_shell: "systeminfo | findstr /C:OS" + register: windows_system_info + +- debug: + var: windows_system_info From 06ab454224388279397be13b2b818b929e4d565d Mon Sep 17 00:00:00 2001 From: sborenst Date: Tue, 26 Sep 2017 16:57:29 +1000 Subject: [PATCH 3/4] initial working version of windows-ad for ans-tower-lab --- ansible/configs/three-tier-app/README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/configs/three-tier-app/README.adoc b/ansible/configs/three-tier-app/README.adoc index 75a0663de81..720ebd1081d 100644 --- a/ansible/configs/three-tier-app/README.adoc +++ b/ansible/configs/three-tier-app/README.adoc @@ -86,6 +86,7 @@ HOSTZONEID='Z3IHLWJZOU9SRT' BASESUFFIX='.example.opentlc.com' #To Destroy an Env ansible-playbook -i inventory/${CLOUDPROVIDER}.py ./configs/${ENVTYPE}/destroy_env.yml \ + -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ -e "guid=${GUID}" -e "env_type=${ENVTYPE}" -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}" \ -e "HostedZoneId=${HOSTZONEID}" -e "key_name=${KEYNAME}" -e "subdomain_base_suffix=${BASESUFFIX}" From ae3085d831888c1a1f3bb885c1921eae746638dc Mon Sep 17 00:00:00 2001 From: sborenst Date: Tue, 26 Sep 2017 17:25:09 +1000 Subject: [PATCH 4/4] updated windows2012r2 ami to correct ami for all regions --- .../cloud_providers/ec2_cloud_template.j2 | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 index b958dffb55b..1dedd143bc5 100644 --- a/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 +++ b/ansible/configs/ans-tower-lab/files/cloud_providers/ec2_cloud_template.j2 @@ -4,40 +4,41 @@ "Mappings": { "RegionMapping": { "us-east-1": { - "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-7da4ab6b" + "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd" }, "us-east-2": { - "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-ffae8f9a" + "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938" }, "us-west-1": { - "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-a11836c1" + "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5" }, "us-west-2": { - "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-a1c1ddd8" + "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944" }, "eu-west-1": { - "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-cc8e98a8" + "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214" }, "eu-central-1": { - "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-da1ebdb5" + "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec" }, "ap-northeast-1": { - "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-4312cc2d" + "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4" }, "ap-northeast-2": { - "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-68756f0f" + "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267" }, "ap-southeast-1": { - "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315" + "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab" }, "ap-southeast-2": { "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925" }, "sa-east-1": { - "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4" + "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c +" }, "ap-south-1": { - "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-8eafd6e1" + "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed" } }, "DNSMapping": {