github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'v4' of github.com:jumpserver/jumpserver into v4

pull/13122/head
ibuler 2024-04-17 14:09:25 +08:00
parent 5b41eddacc f987515b89
commit f8953441e3
1 changed files with 221 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

444
apps/terminal/automations/deploy_applet_host/playbook.yml
View File

@ -17,259 +17,257 @@
TinkerInstaller: Tinker_Installer.exe
tasks:
- name: Install RDS-RD-Server (RDS)
ansible.windows.win_feature:
name: RDS-RD-Server
state: present
include_management_tools: yes
register: rds_install
- block:
- name: Install RDS-RD-Server (RDS)
ansible.windows.win_feature:
name: RDS-RD-Server
state: present
include_management_tools: yes
register: rds_install
- name: Stop Tinker before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'tinker' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM tinker.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Stop Tinker before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'tinker' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM tinker.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Stop Tinkerd before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Service -Name 'JumpServer Tinker' -ErrorAction SilentlyContinue) {
Stop-Service -Name 'JumpServer Tinker' -Force
}
else {
$Ansible.Changed = $false
}
- name: Download JumpServer Tinker installer (jumpserver)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/{{ TinkerInstaller }}"
dest: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Download JumpServer Tinker installer (jumpserver)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/{{ TinkerInstaller }}"
dest: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Install JumpServer Tinker (jumpserver)
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
arguments:
- /VERYSILENT
- /SUPPRESSMSGBOXES
- /NORESTART
state: present
- name: Install JumpServer Tinker (jumpserver)
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
arguments:
- /VERYSILENT
- /SUPPRESSMSGBOXES
- /NORESTART
state: present
- name: Set Tinkerd on the global system path (jumpserver)
ansible.windows.win_path:
elements:
- '%USERPROFILE%\AppData\Local\Programs\Tinker\'
scope: user
- name: Set Tinkerd on the global system path (jumpserver)
ansible.windows.win_path:
elements:
- '%USERPROFILE%\AppData\Local\Programs\Tinker\'
scope: user
- name: Download python-3.11.6
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.11.6-amd64.exe"
dest: "{{ ansible_env.TEMP }}\\python-3.11.6-amd64.exe"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Download python-3.11.6
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.11.6-amd64.exe"
dest: "{{ ansible_env.TEMP }}\\python-3.11.6-amd64.exe"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Install the python-3.11.6
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\python-3.11.6-amd64.exe"
arguments:
- /quiet
- InstallAllUsers=1
- PrependPath=1
- Include_test=0
- Include_launcher=0
state: present
register: win_install_python
- name: Install the python-3.11.6
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\python-3.11.6-amd64.exe"
arguments:
- /quiet
- InstallAllUsers=1
- PrependPath=1
- Include_test=0
- Include_launcher=0
state: present
register: win_install_python
- name: Check pip command exists
ansible.windows.win_powershell:
script: |
if (Get-Command -Name 'pip' -ErrorAction SilentlyContinue) {
$Ansible.Changed = $false
}
else {
$Ansible.Changed = $true
}
ignore_errors: yes
register: check_pip_command
- name: Check pip command exists
ansible.windows.win_powershell:
script: |
if (Get-Command -Name 'pip' -ErrorAction SilentlyContinue) {
$Ansible.Changed = $false
}
else {
$Ansible.Changed = $true
}
register: check_pip_command
ignore_errors: yes
- name: Reboot if installing requires it
ansible.windows.win_reboot:
post_reboot_delay: 10
test_command: whoami
when: check_pip_command.changed or rds_install.reboot_required or win_install_python.reboot_required
- name: Reboot if installing requires it
ansible.windows.win_reboot:
post_reboot_delay: 10
test_command: whoami
when: check_pip_command.changed or rds_install.reboot_required or win_install_python.reboot_required
- name: Set RDS LicenseServer (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicenseServers
data: "{{ RDS_LicenseServer }}"
type: string
when: RDS_Licensing
- name: Set RDS LicenseServer (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicenseServers
data: "{{ RDS_LicenseServer }}"
type: string
when: RDS_Licensing
- name: Set RDS LicensingMode (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicensingMode
data: "{{ RDS_LicensingMode }}"
type: dword
when: RDS_Licensing
- name: Set RDS LicensingMode (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicensingMode
data: "{{ RDS_LicensingMode }}"
type: dword
when: RDS_Licensing
- name: Set RDS fSingleSessionPerUser (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: fSingleSessionPerUser
data: "{{ RDS_fSingleSessionPerUser }}"
type: dword
when: RDS_Licensing
- name: Set RDS fSingleSessionPerUser (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: fSingleSessionPerUser
data: "{{ RDS_fSingleSessionPerUser }}"
type: dword
when: RDS_Licensing
- name: Set RDS MaxDisconnectionTime (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: MaxDisconnectionTime
data: "{{ RDS_MaxDisconnectionTime }}"
type: dword
when: RDS_MaxDisconnectionTime >= 60000
- name: Set RDS MaxDisconnectionTime (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: MaxDisconnectionTime
data: "{{ RDS_MaxDisconnectionTime }}"
type: dword
when: RDS_MaxDisconnectionTime >= 60000
- name: Set RDS RemoteAppLogoffTimeLimit (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: RemoteAppLogoffTimeLimit
data: "{{ RDS_RemoteAppLogoffTimeLimit }}"
type: dword
- name: Set RDS RemoteAppLogoffTimeLimit (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: RemoteAppLogoffTimeLimit
data: "{{ RDS_RemoteAppLogoffTimeLimit }}"
type: dword
- name: Download pip packages
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/pip_packages.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Download pip packages
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/pip_packages.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Unzip pip_packages
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\pip_packages.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages"
- name: Unzip pip_packages
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\pip_packages.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages"
- name: Install python requirements offline
ansible.windows.win_powershell:
script: |
pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages'
- name: Install python requirements offline
ansible.windows.win_powershell:
script: |
pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages'
- name: Stop chromedriver before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'chromedriver' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM chromedriver.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Stop chromedriver before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'chromedriver' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM chromedriver.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Download chromedriver (Chrome)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver-win64.zip"
dest: "{{ ansible_env.TEMP }}\\chromedriver-win64.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Download chromedriver (Chrome)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver-win64.zip"
dest: "{{ ansible_env.TEMP }}\\chromedriver-win64.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Remove old chromedriver (Chrome)
ansible.windows.win_file:
path: "{{ item }}"
state: absent
with_items:
- C:\Program Files\JumpServer\drivers\chromedriver-win32
- C:\Program Files\JumpServer\drivers\chromedriver_win32
- C:\Program Files\JumpServer\drivers\chromedriver-win64
- C:\Program Files\JumpServer\drivers\chromedriver_win64
- name: Remove old chromedriver (Chrome)
ansible.windows.win_file:
path: "{{ item }}"
state: absent
with_items:
- C:\Program Files\JumpServer\drivers\chromedriver-win32
- C:\Program Files\JumpServer\drivers\chromedriver_win32
- C:\Program Files\JumpServer\drivers\chromedriver-win64
- C:\Program Files\JumpServer\drivers\chromedriver_win64
- name: Unzip chromedriver (Chrome)
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\chromedriver-win64.zip"
dest: C:\Program Files\JumpServer\drivers
- name: Unzip chromedriver (Chrome)
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\chromedriver-win64.zip"
dest: C:\Program Files\JumpServer\drivers
- name: Stop Chrome before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'chrome' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM chrome.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Stop Chrome before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'chrome' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM chrome.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Download Chrome zip package (Chrome)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-win.zip"
dest: "{{ ansible_env.TEMP }}\\chrome-win.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Download Chrome zip package (Chrome)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-win.zip"
dest: "{{ ansible_env.TEMP }}\\chrome-win.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Remove old Chrome (Chrome)
ansible.windows.win_file:
path: "{{ item }}"
state: absent
with_items:
- C:\Program Files\JumpServer\applications\Chrome
- C:\Program Files\Chrome\chrome-win32
- C:\Program Files\Chrome\chrome-win
- C:\Program Files\chrome-win
- name: Remove old Chrome (Chrome)
ansible.windows.win_file:
path: "{{ item }}"
state: absent
with_items:
- C:\Program Files\JumpServer\applications\Chrome
- C:\Program Files\Chrome\chrome-win32
- C:\Program Files\Chrome\chrome-win
- C:\Program Files\chrome-win
- name: Unzip Chrome (Chrome)
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\chrome-win.zip"
dest: C:\Program Files\JumpServer\applications
- name: Unzip Chrome (Chrome)
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\chrome-win.zip"
dest: C:\Program Files\JumpServer\applications
- name: Check and Clean global system path (Chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\Python310\Scripts\'
- 'C:\Program Files\Python310\'
- 'C:\Program Files\JumpServer\drivers\chromedriver-win32'
- 'C:\Program Files\JumpServer\drivers\chromedriver_win32'
- 'C:\Program Files\Chrome\chrome-win32'
- 'C:\Program Files\Chrome\chrome-win'
- 'C:\Program Files\chrome-win'
state: absent
- name: Check and Clean global system path (Chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\Python310\Scripts\'
- 'C:\Program Files\Python310\'
- 'C:\Program Files\JumpServer\drivers\chromedriver-win32'
- 'C:\Program Files\JumpServer\drivers\chromedriver_win32'
- 'C:\Program Files\Chrome\chrome-win32'
- 'C:\Program Files\Chrome\chrome-win'
- 'C:\Program Files\chrome-win'
state: absent
- name: Set Chrome and driver on the global system path (Chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\JumpServer\applications\Chrome\Application'
- 'C:\Program Files\JumpServer\drivers\chromedriver-win64'
- name: Set Chrome and driver on the global system path (Chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\JumpServer\applications\Chrome\Application'
- 'C:\Program Files\JumpServer\drivers\chromedriver-win64'
- name: Set Chrome variables disable Google Api (Chrome)
ansible.windows.win_environment:
level: machine
variables:
GOOGLE_API_KEY: ''
GOOGLE_DEFAULT_CLIENT_ID: ''
GOOGLE_DEFAULT_CLIENT_SECRET: ''
- name: Set Chrome variables disable Google Api (Chrome)
ansible.windows.win_environment:
level: machine
variables:
GOOGLE_API_KEY: ''
GOOGLE_DEFAULT_CLIENT_ID: ''
GOOGLE_DEFAULT_CLIENT_SECRET: ''
- name: Generate tinkerd component config
ansible.windows.win_powershell:
script: |
tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }} --token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }} --ignore-verify-certs {{ IGNORE_VERIFY_CERTS }}
- name: Generate tinkerd component config
ansible.windows.win_powershell:
script: |
tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }} --token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }} --ignore-verify-certs {{ IGNORE_VERIFY_CERTS }}
- name: Install tinkerd service
ansible.windows.win_powershell:
script: |
tinkerd service install
- name: Install tinkerd service
ansible.windows.win_powershell:
script: |
tinkerd service install
- name: Start tinkerd service
ansible.windows.win_powershell:
script: |
tinkerd service start
- name: Start tinkerd service
ansible.windows.win_powershell:
script: |
tinkerd service start
- name: Wait Tinker api health
ansible.windows.win_uri:
url: http://localhost:6068/api/health/
status_code: 200
method: GET
register: _result
until: _result.status_code == 200
retries: 30
delay: 5
- name: Wait Tinker api health
ansible.windows.win_uri:
url: http://localhost:6068/api/health/
status_code: 200
method: GET
register: _result
until: _result.status_code == 200
retries: 30
delay: 5
- name: Sync all remote applets
ansible.windows.win_powershell:
script: |
tinkerd install all
register: sync_remote_applets
- name: Sync all remote applets
ansible.windows.win_powershell:
script: |
tinkerd install all
rescue:
- debug:
var: ansible_failed_result
- fail:
msg: "Failed to deploy applet host"