This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
computerOU: "{{ 'OU=Linux,OU=Servers,OU=Computers,OU=Managed,DC=nl,DC=mdb-lab,DC=com' if ansible_domain == 'nl.mdb-lab.com' else 'OU=Linux,OU=Servers,OU=Computers,OU=Managed,DC=uk,DC=mdb-lab,DC=com' if ansible_domain == 'uk.mdb-lab.com'}}" | |
admin_group: "{{ lookup('hashi_vault', 'secret=credentials/groups/admins/linuxadmins:GroupName')}}" | |
admin_group_cn: "{{ lookup('hashi_vault', 'secret=credentials/groups/admins/linuxadmins:cn')}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Extract the serverName and standbyRota from the custom properties (payload) | |
var custProps = inputProperties.get("customProperties"); | |
// Extract computer name | |
attVm = custProps.get("serverName"); | |
// Extract domain name and calculate OU | |
var adDomain = custProps.get("domain"); | |
if (adDomain != '' && != null){ | |
switch(adDomain){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault write auth/approle/role/sa_ansible \ | |
token_num_uses=0 \ | |
token_ttl=0m \ | |
secret_id_num_uses=0 \ | |
token_no_default_policy=false \ | |
token_policies="acl_sa_ansible" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
path "credentials/computers/production/*" { | |
capabilities = [ "read" ] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: Windows | |
gather_facts: true | |
tasks: | |
- name: "What's my name again?" | |
debug: | |
msg: '{{ ansible_user }}' | |
become: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
ansible_shell_type: powershell | |
ansible_become: yes | |
ansible_become_method: runas | |
ansible_become_user: Administrator | |
ansible_become_password: "{{ lookup('hashi_vault', 'secret=creds/production/{{ inventory_hostname }}:Password')}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Variables | |
$length = 10 ## characters | |
$nonAlphaChars = 5 | |
Add-Type -AssemblyName 'System.Web' | |
# Create the user | |
$user = "sa_ansible" | |
$pass = ([System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars)) | |
$secureString = ConvertTo-SecureString $pass -AsPlainText -Force | |
New-LocalUser -Name $user -Password $secureString |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install OenSSH | |
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
# Set service to automatic and start | |
Set-Service sshd -StartupType Automatic | |
Start-Service sshd | |
# Configure PowerShell as the default shell | |
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force |