jumpserver/apps/terminal/automations/deploy_applet_host/playbook.yml

183 lines
5.8 KiB
YAML
Raw Normal View History

2022-10-26 09:21:52 +00:00
---
2022-10-26 11:25:34 +00:00
2022-10-28 10:19:44 +00:00
- hosts: all
2022-10-26 09:21:52 +00:00
vars:
2022-11-01 09:04:44 +00:00
DownloadHost: https://demo.jumpserver.org/download
Initial: 0
HOST_NAME: test
2022-11-03 10:03:46 +00:00
HOST_ID: 00000000-0000-0000-0000-000000000000
2022-11-01 09:04:44 +00:00
CORE_HOST: https://demo.jumpserver.org
BOOTSTRAP_TOKEN: PleaseChangeMe
2022-11-01 10:40:42 +00:00
RDS_Licensing: true
2022-11-01 09:04:44 +00:00
RDS_LicenseServer: 127.0.0.1
RDS_LicensingMode: 4
RDS_fSingleSessionPerUser: 1
RDS_MaxDisconnectionTime: 60000
RDS_RemoteAppLogoffTimeLimit: 0
2022-11-07 11:17:38 +00:00
TinkerInstaller: Tinker_Installer_v0.0.1.exe
2022-10-26 11:25:34 +00:00
2022-10-26 09:21:52 +00:00
tasks:
2022-10-26 11:25:34 +00:00
- name: Install RDS-Licensing (RDS)
ansible.windows.win_feature:
name: RDS-Licensing
state: present
include_management_tools: yes
2022-11-01 10:40:42 +00:00
when: RDS_Licensing
2022-10-26 11:25:34 +00:00
- name: Install RDS-RD-Server (RDS)
ansible.windows.win_feature:
name: RDS-RD-Server
state: present
include_management_tools: yes
register: rds_install
2022-11-07 11:17:38 +00:00
- name: Download JumpServer Tinker installer (jumpserver)
2022-10-28 09:12:18 +00:00
ansible.windows.win_get_url:
2022-11-03 07:11:20 +00:00
url: "{{ DownloadHost }}/{{ TinkerInstaller }}"
dest: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
2022-10-28 09:12:18 +00:00
2022-11-07 11:17:38 +00:00
- name: Install JumpServer Tinker (jumpserver)
2022-10-28 09:12:18 +00:00
ansible.windows.win_package:
2022-11-03 07:11:20 +00:00
path: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
2022-11-03 10:03:46 +00:00
arguments:
2022-11-03 07:11:20 +00:00
- /VERYSILENT
- /SUPPRESSMSGBOXES
- /NORESTART
2022-10-28 09:12:18 +00:00
state: present
2022-11-03 07:11:20 +00:00
- name: Set remote-server on the global system path (remote-server)
ansible.windows.win_path:
elements:
2022-11-07 11:17:38 +00:00
- '%USERPROFILE%\AppData\Local\Programs\Tinker\'
2022-11-03 07:11:20 +00:00
scope: user
2022-10-28 09:12:18 +00:00
- name: Download python-3.10.8
ansible.windows.win_get_url:
url: "{{ DownloadHost }}/python-3.10.8-amd64.exe"
dest: "{{ ansible_env.TEMP }}\\python-3.10.8-amd64.exe"
- name: Install the python-3.10.8
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\python-3.10.8-amd64.exe"
product_id: '{371d0d73-d418-4ffe-b280-58c3e7987525}'
arguments:
- /quiet
- InstallAllUsers=1
- PrependPath=1
- Include_test=0
- Include_launcher=0
state: present
register: win_install_python
- name: Reboot if installing requires it
2022-10-26 11:25:34 +00:00
ansible.windows.win_reboot:
post_reboot_delay: 10
test_command: whoami
2022-10-28 09:12:18 +00:00
when: rds_install.reboot_required or win_install_python.reboot_required
2022-10-26 11:25:34 +00:00
- name: Set RDS LicenseServer (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicenseServers
data: "{{ RDS_LicenseServer }}"
type: string
- name: Set RDS LicensingMode (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicensingMode
data: "{{ RDS_LicensingMode }}"
type: dword
- name: Set RDS fSingleSessionPerUser (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: fSingleSessionPerUser
data: "{{ RDS_fSingleSessionPerUser }}"
type: dword
- name: Set RDS MaxDisconnectionTime (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: MaxDisconnectionTime
data: "{{ RDS_MaxDisconnectionTime }}"
type: dword
when: RDS_MaxDisconnectionTime >= 60000
- name: Set RDS RemoteAppLogoffTimeLimit (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: RemoteAppLogoffTimeLimit
data: "{{ RDS_RemoteAppLogoffTimeLimit }}"
type: dword
- name: Download pip packages
ansible.windows.win_get_url:
url: "{{ DownloadHost }}/pip_packages_v0.0.1.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages_v0.0.1.zip"
- name: Unzip pip_packages
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\pip_packages_v0.0.1.zip"
dest: "{{ ansible_env.TEMP }}"
- name: Install python requirements offline
2022-10-31 02:57:19 +00:00
ansible.windows.win_shell: >
pip install -r '{{ ansible_env.TEMP }}\pip_packages_v0.0.1\requirements.txt'
--no-index --find-links='{{ ansible_env.TEMP }}\pip_packages_v0.0.1'
2022-10-26 11:25:34 +00:00
- name: Download chromedriver (chrome)
ansible.windows.win_get_url:
2022-11-03 07:11:20 +00:00
url: "{{ DownloadHost }}/chromedriver_win32.107.zip"
dest: "{{ ansible_env.TEMP }}\\chromedriver_win32.107.zip"
2022-10-26 11:25:34 +00:00
- name: Unzip chromedriver (chrome)
community.windows.win_unzip:
2022-11-03 07:11:20 +00:00
src: "{{ ansible_env.TEMP }}\\chromedriver_win32.107.zip"
2022-10-26 11:25:34 +00:00
dest: C:\Program Files\JumpServer\drivers
- name: Set chromedriver on the global system path (chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\JumpServer\drivers'
- name: Download chrome msi package (chrome)
ansible.windows.win_get_url:
url: "{{ DownloadHost }}/googlechromestandaloneenterprise64.msi"
dest: "{{ ansible_env.TEMP }}\\googlechromestandaloneenterprise64.msi"
- name: Install chrome (chrome)
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\googlechromestandaloneenterprise64.msi"
state: present
arguments:
- /quiet
2022-11-01 09:04:44 +00:00
2022-11-07 11:17:38 +00:00
- name: Generate tinkerd component config
2022-11-03 07:11:20 +00:00
ansible.windows.win_shell:
2022-11-07 11:17:38 +00:00
"tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }}
2022-11-03 10:03:46 +00:00
--token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }}"
2022-11-03 07:11:20 +00:00
2022-11-07 11:17:38 +00:00
- name: Install tinkerd service
2022-11-03 07:11:20 +00:00
ansible.windows.win_shell:
2022-11-07 11:17:38 +00:00
"tinkerd service install"
2022-11-03 07:11:20 +00:00
2022-11-07 11:17:38 +00:00
- name: Start tinkerd service
2022-11-03 07:11:20 +00:00
ansible.windows.win_shell:
2022-11-07 11:17:38 +00:00
"tinkerd service start"
2022-11-03 07:11:20 +00:00
- name: Wait Tinker api health
ansible.windows.win_uri:
url: http://localhost:6068/api/health/
status_code: 200
method: GET
register: _result
until: _result.status_code == 200
retries: 30
delay: 5
2022-11-01 09:04:44 +00:00
- name: Sync all remote applets
ansible.windows.win_shell: >
echo "TODO: Sync all remote applets"
when: Initial