diff options
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/.env.proxmox.example | 32 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/cleanup.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/init.yaml | 9 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/install_software.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/join_domain.yaml | 13 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/main.yaml | 40 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/reboot.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/set_hostname.yaml | 2 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/setup_mssql.yaml | 7 | ||||
| -rw-r--r-- | ansible/roles/mssql02/tasks/setup_mssql_link.yaml | 5 | ||||
| -rw-r--r-- | ansible/roles/websql01/tasks/setup_websql.yaml | 2 | ||||
| -rw-r--r-- | ansible/scripts/populate-ad.ps1 | 18 | ||||
| -rw-r--r-- | ansible/scripts/setup-websql.ps1 | 3 |
13 files changed, 115 insertions, 25 deletions
diff --git a/ansible/.env.proxmox.example b/ansible/.env.proxmox.example index 7b9a1d6..b1e272b 100644 --- a/ansible/.env.proxmox.example +++ b/ansible/.env.proxmox.example @@ -28,26 +28,22 @@ export main_domain_name="contoso.com" export main_dc01_vmid="5000" export main_dc01_hostname="dc01" -export main_dc01_ip_address="192.168.1.50" +export main_dc01_ip_address="192.168.1.100" export main_linux_srv01_vmid="5001" export main_linux_srv01_hostname="srv01" -export main_linux_srv01_ip_address="192.168.1.51" +export main_linux_srv01_ip_address="192.168.1.101" -export network_gateway="192.168.1.1" +export main_adcs01_vmid="5002" +export main_adcs01_hostname="adcs01" +export main_adcs01_ip_address="192.168.1.102" + +export main_websql01_vmid="5003" +export main_websql01_hostname="websql01" +export main_websql01_ip_address="192.168.1.103" -#export mssql01_hostname="mssql01" -#export mssql02_hostname="mssql02" -#export web01_hostname="web01" -#export adcs01_hostname="adcs01" -#export workstation01_hostname="workstation01" -#export linux_srv01_hostname="srv01" -#export kali_attackbox_hostname="kali-attackbox" -# -#export mssql01_ip_address="192.168.1.111" -#export mssql02_ip_address="192.168.1.112" -#export web01_ip_address="192.168.1.113" -#export adcs01_ip_address="192.168.1.114" -#export workstation01_ip_address="192.168.1.115" -#export linux_srv01_ip_address="192.168.1.116" -#export kali_attackbox_ip_address="192.168.1.120" +export main_mssql02_vmid="5004" +export main_mssql02_hostname="mssql02" +export main_mssql02_ip_address="192.168.1.104" + +export network_gateway="192.168.1.1" diff --git a/ansible/roles/mssql02/tasks/cleanup.yaml b/ansible/roles/mssql02/tasks/cleanup.yaml new file mode 100644 index 0000000..0e59407 --- /dev/null +++ b/ansible/roles/mssql02/tasks/cleanup.yaml @@ -0,0 +1,3 @@ +- name: execute cleanup.ps1 + ansible.windows.win_powershell: + script: C:\scripts\cleanup.ps1 diff --git a/ansible/roles/mssql02/tasks/init.yaml b/ansible/roles/mssql02/tasks/init.yaml new file mode 100644 index 0000000..a75d6cc --- /dev/null +++ b/ansible/roles/mssql02/tasks/init.yaml @@ -0,0 +1,9 @@ +- name: execute init.ps1 + ansible.windows.win_powershell: + script: C:\scripts\init.ps1 + +- name: copy mssql installer + ansible.builtin.copy: + src: files/SQL2019-SSEI-Expr.exe + dest: C:\setup\SQL2019-SSEI-Expr.exe + diff --git a/ansible/roles/mssql02/tasks/install_software.yaml b/ansible/roles/mssql02/tasks/install_software.yaml new file mode 100644 index 0000000..a5018a8 --- /dev/null +++ b/ansible/roles/mssql02/tasks/install_software.yaml @@ -0,0 +1,3 @@ +- name: execute install-software.ps1 + ansible.windows.win_powershell: + script: C:\scripts\install-software.ps1 diff --git a/ansible/roles/mssql02/tasks/join_domain.yaml b/ansible/roles/mssql02/tasks/join_domain.yaml new file mode 100644 index 0000000..6736ba2 --- /dev/null +++ b/ansible/roles/mssql02/tasks/join_domain.yaml @@ -0,0 +1,13 @@ +- name: join domain + ansible.windows.win_domain_membership: + dns_domain_name: "{{ main_domain_name }}" + domain_admin_user: "{{ main_domain_name }}\\Administrator" + domain_admin_password: "{{ default_win_password }}" + state: domain + register: domain_state + +- name: reboot + win_reboot: + reboot_timeout: 3600 + when: domain_state.reboot_required + diff --git a/ansible/roles/mssql02/tasks/main.yaml b/ansible/roles/mssql02/tasks/main.yaml new file mode 100644 index 0000000..64c2469 --- /dev/null +++ b/ansible/roles/mssql02/tasks/main.yaml @@ -0,0 +1,40 @@ +- name: wait for winrm to be available + ansible.builtin.wait_for: + host: "{{ ansible_host }}" + port: "{{ ansible_port }}" + timeout: 300 + delegate_to: localhost + +- name: execute init.ps1 + import_tasks: init.yaml + +- name: set hostname + import_tasks: set_hostname.yaml + +- name: reboot after hostname change + import_tasks: reboot.yaml + +- name: join domain and reboot + import_tasks: join_domain.yaml + +- name: execute setup-mssql.ps1 + import_tasks: setup_mssql.yaml + +- name: reboot after mssql setup + import_tasks: reboot.yaml + +- name: pause 5 minutes for mssql setup to complete + pause: + minutes: 5 + +- name: execute setup-mssql-link.ps1 + import_tasks: setup_mssql_link.yaml + +- name: reboot after mssql link setup + import_tasks: reboot.yaml + +- name: execute install-software.ps1 + import_tasks: install_software.yaml + +- name: execute cleanup.ps1 + import_tasks: cleanup.yaml diff --git a/ansible/roles/mssql02/tasks/reboot.yaml b/ansible/roles/mssql02/tasks/reboot.yaml new file mode 100644 index 0000000..a7266d0 --- /dev/null +++ b/ansible/roles/mssql02/tasks/reboot.yaml @@ -0,0 +1,3 @@ +- name: reboot + win_reboot: + reboot_timeout: 3600 diff --git a/ansible/roles/mssql02/tasks/set_hostname.yaml b/ansible/roles/mssql02/tasks/set_hostname.yaml new file mode 100644 index 0000000..7c53a16 --- /dev/null +++ b/ansible/roles/mssql02/tasks/set_hostname.yaml @@ -0,0 +1,2 @@ +- name: set hostname + win_shell: Rename-Computer -NewName "{{ main_websql01_hostname }}" -Force diff --git a/ansible/roles/mssql02/tasks/setup_mssql.yaml b/ansible/roles/mssql02/tasks/setup_mssql.yaml new file mode 100644 index 0000000..a219c82 --- /dev/null +++ b/ansible/roles/mssql02/tasks/setup_mssql.yaml @@ -0,0 +1,7 @@ +- name: execute setup-mssql.ps1 + ansible.windows.win_powershell: + script: C:\scripts\setup-mssql.ps1 + parameters: + DomainName: "{{ main_domain_name }}" + SvcUsername: svc_mssql02 + SvcPassword: "{{ default_win_svc_password }}" diff --git a/ansible/roles/mssql02/tasks/setup_mssql_link.yaml b/ansible/roles/mssql02/tasks/setup_mssql_link.yaml new file mode 100644 index 0000000..0e22754 --- /dev/null +++ b/ansible/roles/mssql02/tasks/setup_mssql_link.yaml @@ -0,0 +1,5 @@ +- name: execute setup-mssql-link.ps1 + ansible.windows.win_powershell: + script: C:\scripts\setup-mssql-link.ps1 + parameters: + LinkServer: websql01 diff --git a/ansible/roles/websql01/tasks/setup_websql.yaml b/ansible/roles/websql01/tasks/setup_websql.yaml index ea527b6..d82831d 100644 --- a/ansible/roles/websql01/tasks/setup_websql.yaml +++ b/ansible/roles/websql01/tasks/setup_websql.yaml @@ -3,5 +3,5 @@ script: C:\scripts\setup-websql.ps1 parameters: DomainName: "{{ main_domain_name }}" - SvcUsername: svc_mssql02 + SvcUsername: svc_websql01 SvcPassword: "{{ default_win_svc_password }}" diff --git a/ansible/scripts/populate-ad.ps1 b/ansible/scripts/populate-ad.ps1 index 17801e0..3d8917a 100644 --- a/ansible/scripts/populate-ad.ps1 +++ b/ansible/scripts/populate-ad.ps1 @@ -125,6 +125,7 @@ Write-Host "[inf] Created computers: $($created_computers -Join ', ')" $svc_users = @{ "svc_mssql01" = @{"type" = "spn"; "value" = "MSSQLSVC"} "svc_mssql02" = @{"type" = "spn"; "value" = "MSSQLSVC"} + "svc_websql01" = @{"type" = "spn"; "value" = @("MSSQLSVC", "HTTP")} "svc_cifs01" = @{"type" = "spn"; "value" = "CIFS"} "svc_cifs02" = @{"type" = "spn"; "value" = "CIFS"} "svc_iis01" = @{"type" = "spn"; "value" = "HTTP"} @@ -161,12 +162,21 @@ ForEach ($user in $svc_users.keys) { -Enabled $true ` -PasswordNeverExpires $true ` -PassThru - Set-ADUser -Identity "$u" -ServicePrincipalNames @{Add="$value/$comp"} - Set-ADObject $u -Description "SPN on $value/$comp" - $created_svc_users += "$user ($value/$comp)" + $spns = @() + if ($value -is [string]) { + $spns += "$value/$comp" + } else { + foreach ($v in $value) { + $spns += "$v/$comp" + } + } + + Set-ADUser -Identity "$u" -ServicePrincipalNames @{Add=$spns} + Set-ADObject $u -Description ("SPNs: " + ($spns -join ", ")) + $created_svc_users += "$user ($($spns -join ', '))" } catch { - Write-Host "[err] Failed to create $value/$comp for $user" + Write-Host "[err] Failed to create SPNs for $user" } } "group" { diff --git a/ansible/scripts/setup-websql.ps1 b/ansible/scripts/setup-websql.ps1 index 02e370b..7881291 100644 --- a/ansible/scripts/setup-websql.ps1 +++ b/ansible/scripts/setup-websql.ps1 @@ -1,7 +1,6 @@ param ( [string]$DomainName = "contoso.com", - #[string]$SvcUsername = "svc_websql01", - [string]$SvcUsername = "svc_mssql02", + [string]$SvcUsername = "svc_websql01", [string]$SvcPassword = "Svc1234!" ) |