github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity
jumpserver/apps/terminal/automations/deploy_applet_host/playbook.yml

276 lines
9.4 KiB
YAML
Raw Blame History

---
- hosts: all
vars:
APPLET_DOWNLOAD_HOST: https://demo.jumpserver.org
IGNORE_VERIFY_CERTS: true
HOST_NAME: test
HOST_ID: 00000000-0000-0000-0000-000000000000
CORE_HOST: https://demo.jumpserver.org
BOOTSTRAP_TOKEN: PleaseChangeMe
RDS_Licensing: false
RDS_LicenseServer: 127.0.0.1
RDS_LicensingMode: 4
RDS_fSingleSessionPerUser: 1
RDS_MaxDisconnectionTime: 60000
RDS_RemoteAppLogoffTimeLimit: 0
TinkerInstaller: Tinker_Installer.exe
tasks:
- name: Install RDS-RD-Server (RDS)
ansible.windows.win_feature:
name: RDS-RD-Server
state: present
include_management_tools: yes
register: rds_install
- name: Stop Tinker before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'tinker' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM tinker.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Stop Tinkerd before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Service -Name 'JumpServer Tinker' -ErrorAction SilentlyContinue) {
Stop-Service -Name 'JumpServer Tinker' -Force
}
else {
$Ansible.Changed = $false
}
- name: Download JumpServer Tinker installer (jumpserver)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/{{ TinkerInstaller }}"
dest: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Install JumpServer Tinker (jumpserver)
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\{{ TinkerInstaller }}"
arguments:
- /VERYSILENT
- /SUPPRESSMSGBOXES
- /NORESTART
state: present
- name: Set Tinkerd on the global system path (jumpserver)
ansible.windows.win_path:
elements:
- '%USERPROFILE%\AppData\Local\Programs\Tinker\'
scope: user
- name: Download python-3.11.6
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/python-3.11.6-amd64.exe"
dest: "{{ ansible_env.TEMP }}\\python-3.11.6-amd64.exe"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Install the python-3.11.6
ansible.windows.win_package:
path: "{{ ansible_env.TEMP }}\\python-3.11.6-amd64.exe"
arguments:
- /quiet
- InstallAllUsers=1
- PrependPath=1
- Include_test=0
- Include_launcher=0
state: present
register: win_install_python
- name: Check pip command exists
ansible.windows.win_powershell:
script: |
if (Get-Command -Name 'pip' -ErrorAction SilentlyContinue) {
$Ansible.Changed = $false
}
else {
$Ansible.Changed = $true
}
register: check_pip_command
ignore_errors: yes
- name: Reboot if installing requires it
ansible.windows.win_reboot:
post_reboot_delay: 10
test_command: whoami
when: check_pip_command.changed or rds_install.reboot_required or win_install_python.reboot_required
- name: Set RDS LicenseServer (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicenseServers
data: "{{ RDS_LicenseServer }}"
type: string
when: RDS_Licensing
- name: Set RDS LicensingMode (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: LicensingMode
data: "{{ RDS_LicensingMode }}"
type: dword
when: RDS_Licensing
- name: Set RDS fSingleSessionPerUser (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: fSingleSessionPerUser
data: "{{ RDS_fSingleSessionPerUser }}"
type: dword
when: RDS_Licensing
- name: Set RDS MaxDisconnectionTime (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: MaxDisconnectionTime
data: "{{ RDS_MaxDisconnectionTime }}"
type: dword
when: RDS_MaxDisconnectionTime >= 60000
- name: Set RDS RemoteAppLogoffTimeLimit (regedit)
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: RemoteAppLogoffTimeLimit
data: "{{ RDS_RemoteAppLogoffTimeLimit }}"
type: dword
- name: Download pip packages
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/pip_packages.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Unzip pip_packages
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\pip_packages.zip"
dest: "{{ ansible_env.TEMP }}\\pip_packages"
- name: Install python requirements offline
ansible.windows.win_powershell:
script: |
pip install -r '{{ ansible_env.TEMP }}\pip_packages\pip_packages\requirements.txt' --no-index --find-links='{{ ansible_env.TEMP }}\pip_packages\pip_packages'
- name: Stop chromedriver before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'chromedriver' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM chromedriver.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Download chromedriver (Chrome)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chromedriver-win64.zip"
dest: "{{ ansible_env.TEMP }}\\chromedriver-win64.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Remove old chromedriver (Chrome)
ansible.windows.win_file:
path: "{{ item }}"
state: absent
with_items:
- C:\Program Files\JumpServer\drivers\chromedriver-win32
- C:\Program Files\JumpServer\drivers\chromedriver_win32
- C:\Program Files\JumpServer\drivers\chromedriver-win64
- C:\Program Files\JumpServer\drivers\chromedriver_win64
- name: Unzip chromedriver (Chrome)
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\chromedriver-win64.zip"
dest: C:\Program Files\JumpServer\drivers
- name: Stop Chrome before install (jumpserver)
ansible.windows.win_powershell:
script: |
if (Get-Process -Name 'chrome' -ErrorAction SilentlyContinue) {
TASKKILL /F /IM chrome.exe /T
}
else {
$Ansible.Changed = $false
}
- name: Download Chrome zip package (Chrome)
ansible.windows.win_get_url:
url: "{{ APPLET_DOWNLOAD_HOST }}/download/applets/chrome-win.zip"
dest: "{{ ansible_env.TEMP }}\\chrome-win.zip"
validate_certs: "{{ not IGNORE_VERIFY_CERTS }}"
- name: Remove old Chrome (Chrome)
ansible.windows.win_file:
path: "{{ item }}"
state: absent
with_items:
- C:\Program Files\JumpServer\applications\Chrome
- C:\Program Files\Chrome\chrome-win32
- C:\Program Files\Chrome\chrome-win
- C:\Program Files\chrome-win
- name: Unzip Chrome (Chrome)
community.windows.win_unzip:
src: "{{ ansible_env.TEMP }}\\chrome-win.zip"
dest: C:\Program Files\JumpServer\applications
- name: Check and Clean global system path (Chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\Python310\Scripts\'
- 'C:\Program Files\Python310\'
- 'C:\Program Files\JumpServer\drivers\chromedriver-win32'
- 'C:\Program Files\JumpServer\drivers\chromedriver_win32'
- 'C:\Program Files\Chrome\chrome-win32'
- 'C:\Program Files\Chrome\chrome-win'
- 'C:\Program Files\chrome-win'
state: absent
- name: Set Chrome and driver on the global system path (Chrome)
ansible.windows.win_path:
elements:
- 'C:\Program Files\JumpServer\applications\Chrome\Application'
- 'C:\Program Files\JumpServer\drivers\chromedriver-win64'
- name: Set Chrome variables disable Google Api (Chrome)
ansible.windows.win_environment:
level: machine
variables:
GOOGLE_API_KEY: ''
GOOGLE_DEFAULT_CLIENT_ID: ''
GOOGLE_DEFAULT_CLIENT_SECRET: ''
- name: Generate tinkerd component config
ansible.windows.win_powershell:
script: |
tinkerd config --hostname {{ HOST_NAME }} --core_host {{ CORE_HOST }} --token {{ BOOTSTRAP_TOKEN }} --host_id {{ HOST_ID }} --ignore-verify-certs {{ IGNORE_VERIFY_CERTS }}
- name: Install tinkerd service
ansible.windows.win_powershell:
script: |
tinkerd service install
- name: Start tinkerd service
ansible.windows.win_powershell:
script: |
tinkerd service start
- name: Wait Tinker api health
ansible.windows.win_uri:
url: http://localhost:6068/api/health/
status_code: 200
method: GET
register: _result
until: _result.status_code == 200
retries: 30
delay: 5
- name: Sync all remote applets
ansible.windows.win_powershell:
script: |
tinkerd install all
Reference in New Issue View Git Blame Copy Permalink