2022-10-26 09:21:52 +00:00
|
|
|
---
|
2022-10-26 11:25:34 +00:00
|
|
|
|
2022-10-28 10:19:44 +00:00
|
|
|
- hosts: all
|
2022-10-26 09:21:52 +00:00
|
|
|
vars:
|
2022-11-17 08:02:22 +00:00
|
|
|
APPLET_DOWNLOAD_HOST: https://demo.jumpserver.org
|
2023-03-08 05:27:03 +00:00
|
|
|
IGNORE_VERIFY_CERTS: true
|
2022-11-01 09:04:44 +00:00
|
|
|
HOST_NAME: test
|
2022-11-03 10:03:46 +00:00
|
|
|
HOST_ID: 00000000-0000-0000-0000-000000000000
|
2022-11-01 09:04:44 +00:00
|
|
|
CORE_HOST: https://demo.jumpserver.org
|
|
|
|
BOOTSTRAP_TOKEN: PleaseChangeMe
|
2023-02-28 10:00:08 +00:00
|
|
|
RDS_Licensing: false
|
2022-11-01 09:04:44 +00:00
|
|
|
RDS_LicenseServer: 127.0.0.1
|
|
|
|
RDS_LicensingMode: 4
|
|
|
|
RDS_fSingleSessionPerUser: 1
|
|
|
|
RDS_MaxDisconnectionTime: 60000
|
|
|
|
RDS_RemoteAppLogoffTimeLimit: 0
|
2023-02-01 02:27:12 +00:00
|
|
|
TinkerInstaller: Tinker_Installer.exe
|
2022-10-26 11:25:34 +00:00
|
|
|
|
2022-10-26 09:21:52 +00:00
|
|
|
tasks:
|
2022-11-14 10:48:21 +00:00
|
|
|
- name: Install RDS-RD-Server (RDS)
|
|
|
|
ansible.windows.win_feature:
|
|
|
|
name: RDS-RD-Server
|
|
|
|
state: present
|
|
|
|
include_management_tools: yes
|
|
|
|
register: rds_install
|
|
|
|
|
2023-02-20 09:54:10 +00:00
|
|
|
- name: Stop Tinker before install (jumpserver)
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
script: |
|
|
|
|
if (Get-Service -Name 'JumpServer Tinker' -ErrorAction SilentlyContinue) {
|
|
|
|
Stop-Service -Name 'JumpServer Tinker' -Force
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$Ansible.Changed = $false
|
|
|
|
}
|
|
|
|
|
2022-11-14 10:48:21 +00:00
|
|
|
- name: Download JumpServer Tinker installer (jumpserver)
|
|
|
|
ansible.windows.win_get_url:
|
2022-11-17 08:02:22 +00:00
|
|
|
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/{{ TinkerInstaller }}"
|
2022-11-03 07:11:20 +00:00
|
|
|
dest: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
|
2023-03-08 14:31:10 +00:00
|
|
|
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
|
2022-10-28 09:12:18 +00:00
|
|
|
|
2022-11-14 10:48:21 +00:00
|
|
|
- name: Install JumpServer Tinker (jumpserver)
|
|
|
|
ansible.windows.win_package:
|
|
|
|
path: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
|
|
|
|
arguments:
|
|
|
|
- /VERYSILENT
|
|
|
|
- /SUPPRESSMSGBOXES
|
|
|
|
- /NORESTART
|
|
|
|
state: present
|
|
|
|
|
2023-02-20 09:54:10 +00:00
|
|
|
- name: Set Tinkerd on the global system path (jumpserver)
|
2022-11-14 10:48:21 +00:00
|
|
|
ansible.windows.win_path:
|
|
|
|
elements:
|
|
|
|
- '%USERPROFILE%\AppData\Local\Programs\Tinker\'
|
|
|
|
scope: user
|
|
|
|
|
|
|
|
- name: Download python-3.10.8
|
|
|
|
ansible.windows.win_get_url:
|
2022-11-17 08:02:22 +00:00
|
|
|
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.10.8-amd64.exe"
|
2022-11-14 10:48:21 +00:00
|
|
|
dest: "{{ ansible_env.TEMP }}\\python-3.10.8-amd64.exe"
|
2023-03-08 14:31:10 +00:00
|
|
|
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Install the python-3.10.8
|
|
|
|
ansible.windows.win_package:
|
|
|
|
path: "{{ ansible_env.TEMP }}\\python-3.10.8-amd64.exe"
|
|
|
|
product_id: '{371d0d73-d418-4ffe-b280-58c3e7987525}'
|
|
|
|
arguments:
|
|
|
|
- /quiet
|
|
|
|
- InstallAllUsers=1
|
|
|
|
- PrependPath=1
|
|
|
|
- Include_test=0
|
|
|
|
- Include_launcher=0
|
|
|
|
state: present
|
|
|
|
register: win_install_python
|
|
|
|
|
2023-02-28 10:00:08 +00:00
|
|
|
- name: Check pip command exists
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
script: |
|
|
|
|
if (Get-Command -Name 'pip' -ErrorAction SilentlyContinue) {
|
|
|
|
$Ansible.Changed = $false
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$Ansible.Changed = $true
|
|
|
|
}
|
|
|
|
register: check_pip_command
|
|
|
|
ignore_errors: yes
|
|
|
|
|
2022-11-14 10:48:21 +00:00
|
|
|
- name: Reboot if installing requires it
|
|
|
|
ansible.windows.win_reboot:
|
|
|
|
post_reboot_delay: 10
|
|
|
|
test_command: whoami
|
2023-02-28 10:00:08 +00:00
|
|
|
when: check_pip_command.changed or rds_install.reboot_required or win_install_python.reboot_required
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Set RDS LicenseServer (regedit)
|
|
|
|
ansible.windows.win_regedit:
|
|
|
|
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
|
|
|
|
name: LicenseServers
|
|
|
|
data: "{{ RDS_LicenseServer }}"
|
|
|
|
type: string
|
2023-02-28 10:00:08 +00:00
|
|
|
when: RDS_Licensing
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Set RDS LicensingMode (regedit)
|
|
|
|
ansible.windows.win_regedit:
|
|
|
|
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
|
|
|
|
name: LicensingMode
|
|
|
|
data: "{{ RDS_LicensingMode }}"
|
|
|
|
type: dword
|
2023-02-28 10:00:08 +00:00
|
|
|
when: RDS_Licensing
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Set RDS fSingleSessionPerUser (regedit)
|
|
|
|
ansible.windows.win_regedit:
|
|
|
|
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
|
|
|
|
name: fSingleSessionPerUser
|
|
|
|
data: "{{ RDS_fSingleSessionPerUser }}"
|
|
|
|
type: dword
|
2023-02-28 10:00:08 +00:00
|
|
|
when: RDS_Licensing
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Set RDS MaxDisconnectionTime (regedit)
|
|
|
|
ansible.windows.win_regedit:
|
|
|
|
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
|
|
|
|
name: MaxDisconnectionTime
|
|
|
|
data: "{{ RDS_MaxDisconnectionTime }}"
|
|
|
|
type: dword
|
|
|
|
when: RDS_MaxDisconnectionTime >= 60000
|
|
|
|
|
|
|
|
- name: Set RDS RemoteAppLogoffTimeLimit (regedit)
|
|
|
|
ansible.windows.win_regedit:
|
|
|
|
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
|
|
|
|
name: RemoteAppLogoffTimeLimit
|
|
|
|
data: "{{ RDS_RemoteAppLogoffTimeLimit }}"
|
|
|
|
type: dword
|
|
|
|
|
|
|
|
- name: Download pip packages
|
|
|
|
ansible.windows.win_get_url:
|
2022-11-17 08:02:22 +00:00
|
|
|
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/pip_packages.zip"
|
|
|
|
dest: "{{ ansible_env.TEMP }}\\pip_packages.zip"
|
2023-03-08 14:31:10 +00:00
|
|
|
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Unzip pip_packages
|
|
|
|
community.windows.win_unzip:
|
2022-11-17 08:02:22 +00:00
|
|
|
src: "{{ ansible_env.TEMP }}\\pip_packages.zip"
|
|
|
|
dest: "{{ ansible_env.TEMP }}\\pip_packages"
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Install python requirements offline
|
2023-03-30 04:09:03 +00:00
|
|
|
ansible.windows.win_powershell:
|
|
|
|
script: |
|
|
|
|
pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages'
|
2022-10-26 11:25:34 +00:00
|
|
|
|
2023-02-03 06:28:35 +00:00
|
|
|
- name: Download chromedriver (Chromium)
|
2022-11-14 10:48:21 +00:00
|
|
|
ansible.windows.win_get_url:
|
2022-11-17 08:02:22 +00:00
|
|
|
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver_win32.zip"
|
|
|
|
dest: "{{ ansible_env.TEMP }}\\chromedriver_win32.zip"
|
2023-03-08 14:31:10 +00:00
|
|
|
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
|
2022-11-14 10:48:21 +00:00
|
|
|
|
2023-02-03 06:28:35 +00:00
|
|
|
- name: Unzip chromedriver (Chromium)
|
2022-11-14 10:48:21 +00:00
|
|
|
community.windows.win_unzip:
|
2022-11-17 08:02:22 +00:00
|
|
|
src: "{{ ansible_env.TEMP }}\\chromedriver_win32.zip"
|
2022-11-14 10:48:21 +00:00
|
|
|
dest: C:\Program Files\JumpServer\drivers
|
|
|
|
|
2023-02-03 06:28:35 +00:00
|
|
|
- name: Download chromium zip package (Chromium)
|
|
|
|
ansible.windows.win_get_url:
|
|
|
|
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-win.zip"
|
|
|
|
dest: "{{ ansible_env.TEMP }}\\chrome-win.zip"
|
2023-03-08 14:31:10 +00:00
|
|
|
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
|
2023-02-03 06:28:35 +00:00
|
|
|
|
2023-02-03 06:48:41 +00:00
|
|
|
- name: Unzip Chromium (Chromium)
|
2023-02-03 06:28:35 +00:00
|
|
|
community.windows.win_unzip:
|
|
|
|
src: "{{ ansible_env.TEMP }}\\chrome-win.zip"
|
2023-02-03 06:41:50 +00:00
|
|
|
dest: C:\Program Files\Chrome
|
2023-02-03 06:28:35 +00:00
|
|
|
|
|
|
|
- name: Set chromium and driver on the global system path (Chromium)
|
2022-11-14 10:48:21 +00:00
|
|
|
ansible.windows.win_path:
|
|
|
|
elements:
|
2023-02-03 06:41:50 +00:00
|
|
|
- 'C:\Program Files\Chrome\chrome-win'
|
2023-02-03 06:48:41 +00:00
|
|
|
- 'C:\Program Files\JumpServer\drivers\chromedriver_win32'
|
2022-11-14 10:48:21 +00:00
|
|
|
|
2023-03-08 08:16:10 +00:00
|
|
|
- name: Set Chromium variables disable Google Api (Chromium)
|
2023-02-03 06:28:35 +00:00
|
|
|
ansible.windows.win_environment:
|
|
|
|
level: machine
|
|
|
|
variables:
|
|
|
|
GOOGLE_API_KEY: ''
|
|
|
|
GOOGLE_DEFAULT_CLIENT_ID: ''
|
|
|
|
GOOGLE_DEFAULT_CLIENT_SECRET: ''
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Generate tinkerd component config
|
2023-03-30 04:09:03 +00:00
|
|
|
ansible.windows.win_powershell:
|
2023-04-04 04:32:54 +00:00
|
|
|
script: |
|
|
|
|
tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }} --token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }} --ignore-verify-certs {{ IGNORE_VERIFY_CERTS }}
|
2022-11-03 07:11:20 +00:00
|
|
|
|
2022-11-14 10:48:21 +00:00
|
|
|
- name: Install tinkerd service
|
2023-03-30 04:09:03 +00:00
|
|
|
ansible.windows.win_powershell:
|
|
|
|
script: |
|
|
|
|
tinkerd service install
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Start tinkerd service
|
2023-03-30 04:09:03 +00:00
|
|
|
ansible.windows.win_powershell:
|
|
|
|
script: |
|
|
|
|
tinkerd service start
|
2022-11-14 10:48:21 +00:00
|
|
|
|
|
|
|
- name: Wait Tinker api health
|
|
|
|
ansible.windows.win_uri:
|
|
|
|
url: http://localhost:6068/api/health/
|
|
|
|
status_code: 200
|
|
|
|
method: GET
|
|
|
|
register: _result
|
|
|
|
until: _result.status_code == 200
|
|
|
|
retries: 30
|
|
|
|
delay: 5
|
|
|
|
|
|
|
|
- name: Sync all remote applets
|
2023-03-30 04:09:03 +00:00
|
|
|
ansible.windows.win_powershell:
|
|
|
|
script: |
|
|
|
|
tinkerd install all
|