Skip to content

Commit

Permalink
Fixes #37903 - Parse Ansible password in Windows default provisioning…
Browse files Browse the repository at this point in the history
… template correctly
  • Loading branch information
nadjaheitmann committed Oct 10, 2024
1 parent 699995e commit f989982
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 3 deletions.
30 changes: 29 additions & 1 deletion app/services/foreman/template_snapshot_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,34 @@ def define_host_params(host)
host
end

def define_host_params_windows(host)
host_params = {
"package_upgrade" => "true",
"ansible_tower_provisioning" => "true",
"schedule_reboot" => "true",
"fips_enabled" => "true",
"force-puppet" => "true",
"remote_execution_create_user" => "true",
"blacklist_kernel_modules" => "amodule",
"activation_key" => "key",
"host_registration_insights" => "true",
"syspurpose_usage" => "Development/Test",
"syspurpose_sla" => "Self-Support",
"syspurpose_addons" => "first addon, second addon, third addon",
'ansible_user' => 'win_ansible_user',
'create_ansible_user' => 'true',
'ansible_ssh_pass' => 'win_ansible_user_ssh_pass',
}
host_params.each_pair do |name, value|
FactoryBot.build(:host_parameter, host: host, name: name, value: value)
end
host.define_singleton_method(:params) { host_params }
host.define_singleton_method(:host_param) do |name|
host_params[name]
end
host
end

def ipv4_interface
FactoryBot.build(:nic_primary_and_provision, identifier: 'eth0',
mac: '00-f0-54-1a-7e-e0',
Expand Down Expand Up @@ -214,7 +242,7 @@ def windows10_dhcp
name: 'snapshot-ipv4-dhcp-windows10',
subnet: FactoryBot.build(:subnet_ipv4_dhcp_for_snapshots),
interfaces: [ipv4_interface])
define_host_params(host)
define_host_params_windows(host)
end

private
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ description: |
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>![CDATA[<%= host_param('ansible_ssh_pass') %>]]</Value>
<Value><![CDATA[<%= host_param('ansible_ssh_pass') %>]]></Value>
<PlainText>true</PlainText>
</Password>
<Description>Ansible login service user</Description>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ w32tm /resync

powershell /c "Get-NetConnectionProfile -InterfaceAlias \"Ethernet0\" | Set-NetConnectionProfile -NetworkCategory Private"

powershell /c "set-localuser -name win_ansible_user -passwordneverexpires 1"
powershell /c "Enable-PSRemoting"
cmd /c "netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow"
cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
cmd /c winrm set winrm/config/client/auth @{Basic="true"}
cmd /c winrm set winrm/config/service/auth @{Basic="true"}



Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,19 @@
<Value>$1$rtd8Ub7R$5Ohzuy8WXlkaK9cA2T1wb0</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
</UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value><![CDATA[win_ansible_user_ssh_pass]]></Value>
<PlainText>true</PlainText>
</Password>
<Description>Ansible login service user</Description>
<DisplayName>win_ansible_user</DisplayName>
<Group>Administrators</Group>
<Name>win_ansible_user</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<TimeZone>GMT Standard Time</TimeZone>
<OOBE>
<HideEULAPage>true</HideEULAPage>
Expand Down

0 comments on commit f989982

Please sign in to comment.