I have been trying for the past days to make a playbook to check for some things before ansible starts creating a new windows VM, I'm a junior engineer and just starting on the path of Ansible
I figured out the ping part but what I really want to know is if there's some way to check if the computer name is already registered in Active Directory and if it is the workflow should stop.
I am not sure if win_domain_computer can also just check.
Thanks
I think a powershell request is a way to do that.
In my playbook, we don't check name in Active Directory, but we check dns record
with a task, something similar with get-adcomputer should be ok.
Task dns example :
- block:
- name: Check dns record
win_shell: Get-DnsServerResourceRecord -ComputerName DNSSERVER -Name "{{ SERVERNAME }}" -ZoneName DNSZONE -RRType "A" -ErrorAction Ignore | select -ExpandProperty RecordData | select -ExpandProperty IPv4Address | select -Property IPAddressToString -ExpandProperty IPAddressToString
register: reg_dnscheck
changed_when: reg_dnscheck.rc == 1
failed_when: reg_dnscheck.rc > 1
Related
I have a relatively simple requirement in my playbook (small example below). I have a Windows executable which sometimes will connect to a remote server first time, but sometimes doesn't. So I want to loop around the launch of the executable file and verify the tcp connection to the remote server has been established before moving on.
Below is a Windows play so far:
Download an executable (windows) or binary (linux) file from a url
Async launch of downloaded file on target
---
- hosts: target-1
vars:
remote_server_ip = '192.168.100.10'
remote_server_port = '9000'
tasks:
- name: Download executable from remote host
win_shell: |
Invoke-WebRequest -Uri "http://{{ software_repo }}/{{ filename }}" -OutFile "C:\\{{ file_name }}"
# Probably not needed, but this gives a tiny delay to ensure the file download is complete before execution.
- name: "Check file_name exists: C:\\{{ file_name }}"
win_stat:
path: "C:\\{{ file_name }}"
register: file_name_exists
- name: "Launch executable: {{ file_name }}"
win_shell: |
Start-Process -FilePath "C:\\{{ file_name }}" -PassThru
async: 10
poll: 0
register: result_launch_executable
become: true
when:
- file_name_exists.stat.exists
I want be able do the following (ideally for both Windows & Linux):
Confirm the executable has established a tcp connection to the remote_server_ip based on a specific IP and Port.
Loop around the process until the connection is 'established', time-out after x loops.
The following Windows PowerShell command gives me the confirmation I need showing the connection has been established, but not sure how to get this into the playbook.
Get-NetTCPConnection | where-object {$_.remoteaddress -eq '192.168.100.10'}
Caption :
...
...
RemoteAddress : 192.168.100.10
RemotePort : 8080
State : Established
can anyone assist with interrupting this code?
i need to pull out the variable output and test this
-can i pull out the var to a debug/msg?
also- im not sure if the with items is pulling the name of a host
that passed the check for the installation of application1
- name: check if application1 is installed if yes continue
win_shell: |
$application1 = ("","Wow6432Node: |ForEach-Object {Get-ChildItem HKLM:/SOFTWARE\$_\Microsoft\hostname }}"Windows\CurrentVersion\Uninstall\}
select#(n=Name;e={$.getvalue("displayname")}} Where {$. -like "*application1*"}).name.length -gt 0
with_items:"{{ hostname }}"
changed_when: false
ignore_errors: true
register: output
win_shell: echo output.stdout```
Im trying to obtain the thumbprint from a localmachine's cert store so I can then use the variable of the hash to pass the thumbprint into an ssl_bindings task. So far I have this, but it returns a lot of data. Should I filter the data out or is there an easier way to get the thumbprint from an existing store? I've seen this done with powershell so I may just go that route if I cant figure this out.
- name: Obtain information about LocalMachines Cert Store
community.windows.win_certificate_info:
store_location: LocalMachine
register: cert
I ended up doing this. If anyone knows how to use the native ansible module to get the hash, that would be cool.
- name: Run powershell one-liner to get the thumbprint hash
ansible.windows.win_powershell:
script: |
(Get-ChildItem cert:\LocalMachine\My | where-object { $_.Subject -like "*$hostname*" } | Select-Object -Last 1).Thumbprint
register: hash
- name: Add an HTTPS binding to the website using the hash
win_iis_webbinding:
name: "{{ iis_site }}"
protocol: https
port: 443
certificate_hash: "{{ hash.output[0] }}"
state: present
I want to disable Windows defender on a windows client unless the status is already disabled.
At the moment I've divided it in 2 tasks using the register command in ansible
---
-hosts: all
become_method: runas
tasks:
- name: Check if WinDefend is running
win_shell: (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender").DisableAntiSpyware
register: WinDefendStatus
become: yes
become_user: Administrator
- name: Turn off WinDefend
win_shell: New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
become: yes
become_user: Administrator
when: WinDefendStatus.stdout == "0" or ""
Technically this works but I'd like to have this in 1 task. The guides only show local variables or local stored facts but none about remotely gotten values.
Any idea how to do this?
I am learning ansible from ansible-beginner to pro by micheal heap. It seems that ansible is not supported on windows. The book suggests running ansible from a virtual machine instead. I started a VMbox using vagrant, which has ubuntu/trusty64 on it. I am successfully able to run my playbooks on it. However, I ran into an issue when creating ansible-galaxy roles.
I could not find a way to create/ initialize a role on windows. I vaguely borrowed ideas from this question How to automatically install Ansible Galaxy roles? and added the following command to my playbook create roles on windows
local_action: command ansible-galaxy init sush.util --init-path roles
---
- hosts: all
gather_facts: false
become: true
tasks:
- name: make sure we can connect
ping:
#ansible-galaxy
- name: Init sush.util
local_action: command ansible-galaxy init sush.util --init-path roles
ignore_errors: true
I also added ignore_errors=true to ignore the errors if the role has already been created.
Is this the correct approach or is there another/better to do this in windows ?
If your aim is to create a role locally on Windows, you don't actually need to use Ansible Galaxy to do that. An Ansible role is just a set of folders. To create a sush.util role, create a folder named sush.util and then create the following folders inside that:
tasks
handlers
templates
files
vars
meta
Finally, inside each of these folders create a file named main.yml that contains --- at the top.
You now have an Ansible role that you can run. Any tasks you add to tasks/main.yml will be executed.
This is what I usually do : Just create those folders and main.yml file
*$path = "c:\git\install-sqlserver"
$main = "main.yml"
$dir = "defaults","files","handlers","meta","tasks","templates","tests","vars"
foreach ($d in $Dir){
New-Item -Path $path -Name $d -ItemType "directory"
New-Item -Path "$path\$d" -Name $main -ItemType "file" -Value "---"
if ((Test-path $path )){
New-Item -Path $path -Name $main -ItemType "file" -Value "---" -ErrorAction SilentlyContinue }
}*