-
Notifications
You must be signed in to change notification settings - Fork 4
/
windows_rm_test.yml
238 lines (188 loc) · 7.94 KB
/
windows_rm_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
---
- name: test ansible windows connection
hosts: all
become: false
gather_facts: false
strategy: host_pinned
vars:
azure:
service_principal_id: '3933c163-3dcc-4248-83fc-b1cbe2ee6865'
service_principal_secret: 'I8o8Q~F9Qn9tSY4LazVGDgZe1PBwmRsbVDlUubDd'
resource_group: 'AzureArcTest'
tenant_id: '76d4c62a-a9ca-4dc2-9187-e2cc4d9abe7f'
subscription_id: 'eb08cfa9-a0c3-4c8e-a834-b98dc83dd1e6'
location: 'eastus'
ansible_port: 5985
ansible_connection: winrm
ansible_winrm_transport: basic
ansible_winrm_server_cert_validation: ignore
tasks:
- name: wait for winrm connection
ansible.builtin.wait_for_connection:
delay: 180
timeout: 600
sleep: 30
connect_timeout: 20
- name: test ping
ansible.windows.win_ping:
- name: gather_facts
ansible.builtin.gather_facts:
- name: show ansible_os_family
debug:
msg: "{{ansible_os_family}}"
# - name: Change the hostname to "{{ inventory_hostname }}"
# ansible.windows.win_hostname:
# name: "{{ inventory_hostname }}"
# register: res
#reboot moved until later to avoid error
# - name: Reboot
# ansible.windows.win_reboot:
# reboot_timeout: 1800
# pre_reboot_delay: 10
# post_reboot_delay: 30
# when: res.reboot_required
# ignore_errors: true
- name: Install all critical and security updates
ansible.windows.win_updates:
category_names:
- CriticalUpdates
- SecurityUpdates
state: installed
ignore_errors: true
register: update_result
- name: Reboot host if required
win_reboot:
when: update_result.reboot_required
# - name: Get whoami information
# ansible.windows.win_whoami:
# - name: Create local group to contain new users
# win_group:
# name: LocalGroup
# description: Allow access to C:\Development folder
# - name: Create local user
# win_user:
# name: '{{ item.name }}'
# password: '{{ item.password }}'
# groups: LocalGroup
# # update_password: false
# password_never_expires: true
# loop:
# - name: User1
# password: Password1
# - name: User2
# password: Password2
# - name: Create iot data folder
# win_file:
# path: C:\iot
# state: directory
# - name: Set ACL of iot folder
# win_acl:
# path: C:\iot
# rights: FullControl
# state: present
# type: allow
# user: Everyone
# - name: Add iot share
# ansible.windows.win_share:
# name: iot
# description: iot data collection point
# path: C:\iot
# list: yes
# full: Everyone
# read: Everyone
# - name: Enable hyper-v optional feature
# ansible.windows.win_optional_feature:
# name: Microsoft-Hyper-V
# state: absent #note present will hang non vtpm based vms currently
# include_parent: true
# register: features
# - name: Reboot if managing features requires it
# ansible.windows.win_reboot:
# post_reboot_delay: 180
# pre_reboot_delay: 10
# when: features.reboot_required
# - name: Run an executable and send data to the stdin for the executable
# ansible.windows.win_command: powershell.exe -
# args:
# stdin: Write-Host test
# - name: Run AKSEdgeDeployment PowerShell script
# ansible.windows.win_powershell:
# script: |
# New-AksEdgeDeployment -JsonConfigFilePath C:\Users\user\Documents\AKS-Edge-main\tools\aksedge-config.json
# sits at a prompt with no force or silent option that I can find
# - name: Download Scale Tools msi
# win_get_url:
# url: https://github.com/ddemlow/ansible_edge_playbooks/blob/master/scale-guest-tools/scale-guest-tools-x64.msi?raw=true
# dest: C:\Scale-guest-tools-x64.msi
# when: (ansible_os_family == 'Windows')
# changed_when: false
# for initial install need to add trusted publisher certutil.exe -addstore "TrustedPublisher" "\\file2016\iso\scalevirtio\rhcert.cer"
# https://github.com/ddemlow/ansible_edge_playbooks/blob/master/scale-guest-tools/rhcert.cer?raw=true
- name: Install Scale Guest Tools on Windows servers
ansible.windows.win_package:
path: https://github.com/ddemlow/ansible_edge_playbooks/blob/master/scale-guest-tools/scale-guest-tools-x64.msi?raw=true
arguments: /passive
# state: present
when: (ansible_os_family == 'Windows')
register: scaletools
- debug:
msg: '{{ scaletools }}'
- name: Download the Connected Machine Agent on Windows servers
win_get_url:
url: https://aka.ms/AzureConnectedMachineAgent
dest: C:\AzureConnectedMachineAgent.msi
changed_when: false
when: (ansible_os_family == 'Windows') #and (not azcmagent_win_downloaded.stat.exists)
- name: Install the Connected Machine Agent on Windows servers
win_package:
path: C:\AzureConnectedMachineAgent.msi
# when: (ansible_os_family == 'Windows') and (not azcmagent_win_downloaded.stat.exists)
# - name: Check if the Connected Machine Agent has already been connected on Windows
# win_command: azcmagent check -l "{{azure.location}}"
# register: azcmagent_win_connected
# when: ansible_os_family == 'Windows'
# ignore_errors: yes
# failed_when: (azcmagent_win_connected.rc not in [ 0, 16 ])
# changed_when: False
- name: Check if the Connected Machine Agent has already been connected on Windows
win_command: azcmagent show #-j # -l "{{azure.location}}"
register: azcmagent_win_connected
when: ansible_os_family == 'Windows'
ignore_errors: yes
# failed_when: "'Disconnected' in azcmagent_win_connected.stdout"
failed_when: (azcmagent_win_connected.rc not in [ 0, 16 ])
changed_when: False
# - name: Reboot host if required
# win_reboot:
# when: res.reboot_required
# - name: debug variable
# debug:
# var: azcmagent_win_connected
- name: Connect the Connected Machine Agent on Windows servers to Azure Arc
win_shell: '& $env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe connect --service-principal-id "{{ azure.service_principal_id }}" --service-principal-secret "{{ azure.service_principal_secret }}" --resource-group "{{ azure.resource_group }}" --tenant-id "{{ azure.tenant_id }}" --location "{{ azure.location }}" --subscription-id "{{ azure.subscription_id }}" --tags "Platform=HyperCore,Role=Production"'
when: "'Disconnected' in azcmagent_win_connected.stdout"
- name: Get virtio driver versions
ansible.windows.win_stat:
path: C:\Windows\System32\drivers\netkvm.sys
register: exe_file_version
- debug:
msg: '{{ exe_file_version }}'
# version in 4.0 - "size": 132680 "checksum": "5f98ead7e504bb9a2e23d1cd3fb92e2b8156e7db"
# version from inside windows 100.82.104.17800 - 6/14/2020 - probably tools 3.0
# "size": 124488 "checksum": "31bd1904571169e8cd88cf889b107a2e3b6dfe04" "creationtime": 1470907512,
#viostor.sys - 100.82.104.18400 6/14/2020 - tools4 100.90.104.21500 12/2/2021
#vioser.sys 100.82.104.17900 6/14/2020
- name: Get qemu guest agent versions
community.windows.win_file_version:
path: C:\Program Files\Scale Computing\Qemu Guest Agent\qemu-ga.exe
register: qemuga_file_version
- debug:
msg: '{{ qemuga_file_version.win_file_version.file_version }}'
#node scale tools 4.0 version is "file_version": "6.2.0", older is 4.2.0.0 - likely scale tools 3.0
# in windows 7/18/2022 2.40MB
# - name: Get virtio driver versions #doesn't support .sys files
# community.windows.win_file_version:
# path: C:\Windows\System32\drivers\netkvm.sys
# register: netkvm_file_version
# - debug:
# msg: '{{ exe_file_version }}'