Mark Brookfield virtualhobbit

## createRole.hcl
vault write auth/approle/role/sa_ansible \
    token_num_uses=0 \
    token_ttl=0m \
    secret_id_num_uses=0 \
    token_no_default_policy=false \
    token_policies="acl_sa_ansible"

## acl_sa_ansible.hcl
path "credentials/computers/production/*" {
  capabilities = [ "read" ]
}

## gatherFacts.yml
---
- hosts: Windows
  gather_facts: true

  tasks:
  - name: "What's my name again?"
    debug:
       msg: '{{ ansible_user }}'
    become: yes

## variables.yaml
---
ansible_shell_type: powershell
ansible_become: yes
ansible_become_method: runas
ansible_become_user: Administrator
ansible_become_password: "{{ lookup('hashi_vault', 'secret=creds/production/{{ inventory_hostname }}:Password')}}"

## Configure-AnsibleUser.ps1
# Variables
$length = 10 ## characters
$nonAlphaChars = 5
Add-Type -AssemblyName 'System.Web'

# Create the user
$user = "sa_ansible"
$pass = ([System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars))
$secureString = ConvertTo-SecureString $pass -AsPlainText -Force
New-LocalUser -Name $user -Password $secureString

## Install-Ssh.ps1
# Install OenSSH
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# Set service to automatic and start
Set-Service sshd -StartupType Automatic
Start-Service sshd

# Configure PowerShell as the default shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

## yumUpdates.yml
---
- hosts: Linux
  gather_facts: true

  tasks:
  - name: Upgrade all yum packages
    yum:
      name: "*"
      state: latest
    become: yes

## lookup.yml
---
ansible_become_password: "{{ lookup('hashi_vault', 'secret=credentials/computers/production/{{ inventory_hostname }}:Password')}}"
ansible_become_method: su

## injectorConfiguration.yml
env:
  VAULT_ADDR: '{{ vault_server }}'
  VAULT_AUTH_METHOD: approle
  VAULT_ROLE_ID: '{{ vault_role_id }}'
  VAULT_SECRET_ID: '{{ vault_secret_id }}'

## inputConfiguration.yml
fields:
  - id: vault_server
    type: string
    label: URL for Vault Server
  - id: vault_role_id
    type: string
    label: Vault AppRole ID
  - id: vault_secret_id
    type: string
    label: Vault Secret ID
	vault write auth/approle/role/sa_ansible \
	token_num_uses=0 \
	token_ttl=0m \
	secret_id_num_uses=0 \
	token_no_default_policy=false \
	token_policies="acl_sa_ansible"
	path "credentials/computers/production/*" {
	capabilities = [ "read" ]
	}
	---
	- hosts: Windows
	gather_facts: true

	tasks:
	- name: "What's my name again?"
	debug:
	msg: '{{ ansible_user }}'
	become: yes
	---
	ansible_shell_type: powershell
	ansible_become: yes
	ansible_become_method: runas
	ansible_become_user: Administrator
	ansible_become_password: "{{ lookup('hashi_vault', 'secret=creds/production/{{ inventory_hostname }}:Password')}}"
	# Variables
	$length = 10 ## characters
	$nonAlphaChars = 5
	Add-Type -AssemblyName 'System.Web'

	# Create the user
	$user = "sa_ansible"
	$pass = ([System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars))
	$secureString = ConvertTo-SecureString $pass -AsPlainText -Force
	New-LocalUser -Name $user -Password $secureString
	# Install OenSSH
	Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

	# Set service to automatic and start
	Set-Service sshd -StartupType Automatic
	Start-Service sshd

	# Configure PowerShell as the default shell
	New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
	---
	- hosts: Linux
	gather_facts: true

	tasks:
	- name: Upgrade all yum packages
	yum:
	name: "*"
	state: latest
	become: yes
	---
	ansible_become_password: "{{ lookup('hashi_vault', 'secret=credentials/computers/production/{{ inventory_hostname }}:Password')}}"
	ansible_become_method: su
	env:
	VAULT_ADDR: '{{ vault_server }}'
	VAULT_AUTH_METHOD: approle
	VAULT_ROLE_ID: '{{ vault_role_id }}'
	VAULT_SECRET_ID: '{{ vault_secret_id }}'
	fields:
	- id: vault_server
	type: string
	label: URL for Vault Server
	- id: vault_role_id
	type: string
	label: Vault AppRole ID
	- id: vault_secret_id
	type: string
	label: Vault Secret ID