--- - hosts: all vars: APPLET_DOWNLOAD_HOST: https://demo.jumpserver.org IGNORE_VERIFY_CERTS: true HOST_NAME: test HOST_ID: 00000000-0000-0000-0000-000000000000 CORE_HOST: https://demo.jumpserver.org BOOTSTRAP_TOKEN: PleaseChangeMe RDS_Licensing: false RDS_LicenseServer: 127.0.0.1 RDS_LicensingMode: 4 RDS_fSingleSessionPerUser: 1 RDS_MaxDisconnectionTime: 60000 RDS_RemoteAppLogoffTimeLimit: 0 INSTALL_APPLETS: true PYTHON_VERSION: 3.11.6 CHROME_VERSION: 118.0.5993.118 CHROME_DRIVER_VERSION: 118.0.5993.70 TINKER_VERSION: v0.1.7 tasks: - block: - name: Check if CORE_HOST is redirects ansible.windows.win_uri: url: "{{ CORE_HOST }}" method: GET follow_redirects: none status_code: [200, 301, 302, 303, 307, 308] validate_certs: "{{ not IGNORE_VERIFY_CERTS }}" register: core_host_redirects - name: Check failed fail: msg: "CORE_HOST {{ CORE_HOST }} is redirecting to {{ core_host_redirects.location }}, please use the final url" when: core_host_redirects.status_code >= 300 and core_host_redirects.status_code < 400 - name: Install RDS-RD-Server (RDS) ansible.windows.win_feature: name: RDS-RD-Server state: present include_management_tools: yes register: rds_install - name: Stop Tinker before install ansible.windows.win_powershell: script: | if (Get-Process -Name 'tinker' -ErrorAction SilentlyContinue) { TASKKILL /F /IM tinker.exe /T } else { $Ansible.Changed = $false } - name: Download JumpServer Tinker installer ansible.windows.win_get_url: url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/Tinker_Installer_{{ TINKER_VERSION }}.exe" dest: "{{ ansible_env.TEMP }}\\Tinker_Installer_{{ TINKER_VERSION }}.exe" validate_certs: "{{ not IGNORE_VERIFY_CERTS }}" - name: Install JumpServer Tinker ansible.windows.win_package: path: "{{ ansible_env.TEMP }}\\Tinker_Installer_{{ TINKER_VERSION }}.exe" arguments: - /VERYSILENT - /SUPPRESSMSGBOXES - /NORESTART state: present - name: Set Tinkerd on the global system path ansible.windows.win_path: elements: - '%USERPROFILE%\AppData\Local\Programs\Tinker\' scope: user - name: Download python-{{ PYTHON_VERSION }} ansible.windows.win_get_url: url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-{{ PYTHON_VERSION }}-amd64.exe" dest: "{{ ansible_env.TEMP }}\\python-{{ PYTHON_VERSION }}-amd64.exe" validate_certs: "{{ not IGNORE_VERIFY_CERTS }}" - name: Install the python-{{ PYTHON_VERSION }} ansible.windows.win_package: path: "{{ ansible_env.TEMP }}\\python-{{ PYTHON_VERSION }}-amd64.exe" arguments: - /quiet - InstallAllUsers=1 - PrependPath=1 - Include_test=0 - Include_launcher=0 state: present register: win_install_python - name: Check pip command exists ansible.windows.win_powershell: script: | if (Get-Command -Name 'pip' -ErrorAction SilentlyContinue) { $Ansible.Changed = $false } else { $Ansible.Changed = $true } ignore_errors: yes register: check_pip_command - name: Reboot if installing requires it ansible.windows.win_reboot: post_reboot_delay: 10 test_command: whoami when: check_pip_command.changed or rds_install.reboot_required or win_install_python.reboot_required - name: Set RDS LicenseServer (regedit) ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services name: LicenseServers data: "{{ RDS_LicenseServer }}" type: string when: RDS_Licensing - name: Set RDS LicensingMode (regedit) ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services name: LicensingMode data: "{{ RDS_LicensingMode }}" type: dword when: RDS_Licensing - name: Set RDS fSingleSessionPerUser (regedit) ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services name: fSingleSessionPerUser data: "{{ RDS_fSingleSessionPerUser }}" type: dword when: RDS_Licensing - name: Set RDS MaxDisconnectionTime (regedit) ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services name: MaxDisconnectionTime data: "{{ RDS_MaxDisconnectionTime }}" type: dword when: RDS_MaxDisconnectionTime >= 60000 - name: Set RDS RemoteAppLogoffTimeLimit (regedit) ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services name: RemoteAppLogoffTimeLimit data: "{{ RDS_RemoteAppLogoffTimeLimit }}" type: dword - name: Download pip packages ansible.windows.win_get_url: url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/pip_packages.zip" dest: "{{ ansible_env.TEMP }}\\pip_packages.zip" validate_certs: "{{ not IGNORE_VERIFY_CERTS }}" - name: Unzip pip_packages community.windows.win_unzip: src: "{{ ansible_env.TEMP }}\\pip_packages.zip" dest: "{{ ansible_env.TEMP }}\\pip_packages" - name: Install python requirements offline ansible.windows.win_powershell: script: | pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages' - name: Stop chromedriver before install ansible.windows.win_powershell: script: | if (Get-Process -Name 'chromedriver' -ErrorAction SilentlyContinue) { TASKKILL /F /IM chromedriver.exe /T } else { $Ansible.Changed = $false } - name: Remove old chromedriver (Chrome) ansible.windows.win_file: path: "{{ item }}" state: absent with_items: - C:\Program Files\JumpServer\drivers\chromedriver-win32 - C:\Program Files\JumpServer\drivers\chromedriver_win32 - C:\Program Files\JumpServer\drivers\chromedriver-win64 - C:\Program Files\JumpServer\drivers\chromedriver_win64 - name: Download chromedriver (Chrome) ansible.windows.win_get_url: url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver-{{ CHROME_DRIVER_VERSION }}-win64.zip" dest: "{{ ansible_env.TEMP }}\\chromedriver-{{ CHROME_DRIVER_VERSION }}-win64.zip" validate_certs: "{{ not IGNORE_VERIFY_CERTS }}" - name: Unzip chromedriver (Chrome) community.windows.win_unzip: src: "{{ ansible_env.TEMP }}\\chromedriver-{{ CHROME_DRIVER_VERSION }}-win64.zip" dest: C:\Program Files\JumpServer\drivers - name: Download Chrome zip package (Chrome) ansible.windows.win_get_url: url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-{{ CHROME_VERSION }}-win.zip" dest: "{{ ansible_env.TEMP }}\\chrome-{{ CHROME_VERSION }}-win.zip" validate_certs: "{{ not IGNORE_VERIFY_CERTS }}" - name: Stop Chrome before install ansible.windows.win_powershell: script: | if (Get-Process -Name 'chrome' -ErrorAction SilentlyContinue) { TASKKILL /F /IM chrome.exe /T } else { $Ansible.Changed = $false } - name: Remove old Chrome (Chrome) ansible.windows.win_file: path: "{{ item }}" state: absent with_items: - C:\Program Files\JumpServer\applications\Chrome - C:\Program Files\Chrome\chrome-win32 - C:\Program Files\Chrome\chrome-win - C:\Program Files\chrome-win - name: Unzip Chrome (Chrome) community.windows.win_unzip: src: "{{ ansible_env.TEMP }}\\chrome-{{ CHROME_VERSION }}-win.zip" dest: C:\Program Files\JumpServer\applications - name: Check and Clean global system path (Chrome) ansible.windows.win_path: elements: - 'C:\Program Files\Python310\Scripts\' - 'C:\Program Files\Python310\' - 'C:\Program Files\JumpServer\drivers\chromedriver-win32' - 'C:\Program Files\JumpServer\drivers\chromedriver_win32' - 'C:\Program Files\Chrome\chrome-win32' - 'C:\Program Files\Chrome\chrome-win' - 'C:\Program Files\chrome-win' state: absent - name: Set Chrome and driver on the global system path (Chrome) ansible.windows.win_path: elements: - 'C:\Program Files\JumpServer\applications\Chrome\Application' - 'C:\Program Files\JumpServer\drivers\chromedriver-win64' - name: Set Chrome variables disable Google Api (Chrome) ansible.windows.win_environment: level: machine variables: GOOGLE_API_KEY: '' GOOGLE_DEFAULT_CLIENT_ID: '' GOOGLE_DEFAULT_CLIENT_SECRET: '' - name: Generate tinkerd component config ansible.windows.win_powershell: script: | tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }} --token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }} --ignore-verify-certs {{ IGNORE_VERIFY_CERTS }} - name: Install tinkerd service ansible.windows.win_powershell: script: | tinkerd service install - name: Start tinkerd service ansible.windows.win_powershell: script: | tinkerd service start - name: Wait Tinker api health ansible.windows.win_uri: url: http://localhost:6068/api/health/ status_code: 200 method: GET register: _result until: _result.status_code == 200 retries: 30 delay: 5 - name: Sync all remote applets ansible.windows.win_powershell: script: | tinkerd install all register: sync_remote_applets when: INSTALL_APPLETS rescue: - debug: var: ansible_failed_result - fail: msg: "Failed to deploy applet host"