added adcs role

author: heqnx <root@heqnx.com> 2025-07-13 10:57:47 +0300
committer: heqnx <root@heqnx.com> 2025-07-13 10:57:47 +0300
commit: 285c042610ea4b7fe77ddeff7a258c3bfd310668 (patch)
tree: f1aad91d0b3c98b2615f275b7aeed1b2a70d3d41 /ansible
parent: 79b262d6e75ad3ad7c2522a490446c4b72dc6232 (diff)
download: ansible-active-directory-range-285c042610ea4b7fe77ddeff7a258c3bfd310668.tar.gz
ansible-active-directory-range-285c042610ea4b7fe77ddeff7a258c3bfd310668.zip
9 files changed, 97 insertions, 0 deletions
diff --git a/ansible/roles/adcs01/tasks/cleanup.yaml b/ansible/roles/adcs01/tasks/cleanup.yaml
new file mode 100644
index 0000000..0e59407
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/cleanup.yaml
@@ -0,0 +1,3 @@
+- name: execute cleanup.ps1
+  ansible.windows.win_powershell:
+    script: C:\scripts\cleanup.ps1
diff --git a/ansible/roles/adcs01/tasks/init.yaml b/ansible/roles/adcs01/tasks/init.yaml
new file mode 100644
index 0000000..418bb5d
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/init.yaml
@@ -0,0 +1,18 @@
+- name: execute init.ps1
+  ansible.windows.win_powershell:
+    script: C:\scripts\init.ps1
+
+- name: create C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate
+  win_file:
+    path: C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate
+    state: directory
+
+- name: upload ADCSTemplate module
+  ansible.builtin.copy:
+    src: ../../../files/adcs/ADCSTemplate
+    dest: C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate
+
+- name: upload adcs templates
+  ansible.builtin.copy:
+    src: ../../../files/adcs/templates
+    dest: C:\setup
diff --git a/ansible/roles/adcs01/tasks/install_software.yaml b/ansible/roles/adcs01/tasks/install_software.yaml
new file mode 100644
index 0000000..a5018a8
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/install_software.yaml
@@ -0,0 +1,3 @@
+- name: execute install-software.ps1
+  ansible.windows.win_powershell:
+    script: C:\scripts\install-software.ps1
diff --git a/ansible/roles/adcs01/tasks/join_domain.yaml b/ansible/roles/adcs01/tasks/join_domain.yaml
new file mode 100644
index 0000000..6736ba2
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/join_domain.yaml
@@ -0,0 +1,13 @@
+- name: join domain
+  ansible.windows.win_domain_membership:
+    dns_domain_name: "{{ main_domain_name }}"
+    domain_admin_user: "{{ main_domain_name }}\\Administrator"
+    domain_admin_password: "{{ default_win_password }}"
+    state: domain
+  register: domain_state
+
+- name: reboot
+  win_reboot:
+    reboot_timeout: 3600
+  when: domain_state.reboot_required
+
diff --git a/ansible/roles/adcs01/tasks/main.yaml b/ansible/roles/adcs01/tasks/main.yaml
new file mode 100644
index 0000000..e3f8923
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/main.yaml
@@ -0,0 +1,40 @@
+- name: wait for winrm to be available
+  ansible.builtin.wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ ansible_port }}"
+    timeout: 300
+  delegate_to: localhost
+
+- name: execute init.ps1
+  import_tasks: init.yaml
+
+- name: set hostname
+  import_tasks: set_hostname.yaml
+
+- name: reboot after hostname change
+  import_tasks: reboot.yaml
+
+- name: join domain and reboot
+  import_tasks: join_domain.yaml
+
+- name: execute setup-adcs.ps1
+  import_tasks: setup_adcs.yaml
+
+- name: reboot after adcs setup
+  import_tasks: reboot.yaml
+
+- name: pause 5 minutes for adcs setup to complete
+  pause:
+    minutes: 5
+
+- name: execute setup-adcs-esc.ps1
+  import_tasks: setup_adcs_esc.yaml
+
+- name: reboot after adcs esc setup
+  import_tasks: reboot.yaml
+
+- name: execute install-software.ps1
+  import_tasks: install_software.yaml
+
+- name: execute cleanup.ps1
+  import_tasks: cleanup.yaml
diff --git a/ansible/roles/adcs01/tasks/reboot.yaml b/ansible/roles/adcs01/tasks/reboot.yaml
new file mode 100644
index 0000000..a7266d0
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/reboot.yaml
@@ -0,0 +1,3 @@
+- name: reboot
+  win_reboot:
+    reboot_timeout: 3600
diff --git a/ansible/roles/adcs01/tasks/set_hostname.yaml b/ansible/roles/adcs01/tasks/set_hostname.yaml
new file mode 100644
index 0000000..141268d
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/set_hostname.yaml
@@ -0,0 +1,2 @@
+- name: set hostname
+  win_shell: Rename-Computer -NewName "{{ main_adcs01_hostname }}" -Force
diff --git a/ansible/roles/adcs01/tasks/setup_adcs.yaml b/ansible/roles/adcs01/tasks/setup_adcs.yaml
new file mode 100644
index 0000000..9c6140e
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/setup_adcs.yaml
@@ -0,0 +1,7 @@
+- name: setup adcs
+  ansible.windows.win_powershell:
+    script: C:\scripts\setup-adcs.ps1
+    parameters:
+      DomainName: "{{ main_domain_name }}"
+      Username: "Administrator"
+      Password: "{{ default_win_password }}"
diff --git a/ansible/roles/adcs01/tasks/setup_adcs_esc.yaml b/ansible/roles/adcs01/tasks/setup_adcs_esc.yaml
new file mode 100644
index 0000000..352d698
--- /dev/null
+++ b/ansible/roles/adcs01/tasks/setup_adcs_esc.yaml
@@ -0,0 +1,8 @@
+- name: setup adcs templates
+  win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-adcs-esc.ps1 -DomainName "{{ main_domain_name }}"
+  become: yes
+  become_method: runas
+  become_user: "{{ main_domain_name }}\\Administrator"
+  vars:
+    ansible_become_password: "{{ default_win_password }}"
+
author	heqnx <root@heqnx.com>	2025-07-13 10:57:47 +0300
committer	heqnx <root@heqnx.com>	2025-07-13 10:57:47 +0300
commit	285c042610ea4b7fe77ddeff7a258c3bfd310668 (patch)
tree	f1aad91d0b3c98b2615f275b7aeed1b2a70d3d41 /ansible
parent	79b262d6e75ad3ad7c2522a490446c4b72dc6232 (diff)
download	ansible-active-directory-range-285c042610ea4b7fe77ddeff7a258c3bfd310668.tar.gz ansible-active-directory-range-285c042610ea4b7fe77ddeff7a258c3bfd310668.zip