Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
Infrastructure
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
2
Issues
2
List
Boards
Labels
Service Desk
Milestones
Merge Requests
2
Merge Requests
2
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
EIT-SWE
Infrastructure
Commits
74b461e9
Commit
74b461e9
authored
Jun 07, 2017
by
CRAIG BENNER
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Adding base-winsvr2012 box and roles activedirectory and oneforestconfig
parent
48958702
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
272 additions
and
1 deletion
+272
-1
base-boxes/base-centos/Vagrantfile
base-boxes/base-centos/Vagrantfile
+1
-1
base-boxes/base-winsvr2012/Vagrantfile
base-boxes/base-winsvr2012/Vagrantfile
+35
-0
base-boxes/base-winsvr2012/ansible.cfg
base-boxes/base-winsvr2012/ansible.cfg
+3
-0
base-boxes/base-winsvr2012/playbook.yml
base-boxes/base-winsvr2012/playbook.yml
+11
-0
roles/ActiveDirectory/library/domain_controller.ps1
roles/ActiveDirectory/library/domain_controller.ps1
+56
-0
roles/ActiveDirectory/library/domain_controller.py
roles/ActiveDirectory/library/domain_controller.py
+1
-0
roles/ActiveDirectory/tasks/main.yml
roles/ActiveDirectory/tasks/main.yml
+30
-0
roles/ONEForest/library/ONEForest_Config.ps1
roles/ONEForest/library/ONEForest_Config.ps1
+128
-0
roles/ONEForest/library/ONEForest_Config.py
roles/ONEForest/library/ONEForest_Config.py
+1
-0
roles/ONEForest/tasks/main.yml
roles/ONEForest/tasks/main.yml
+6
-0
No files found.
base-boxes/base-centos/Vagrantfile
View file @
74b461e9
...
@@ -27,7 +27,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
...
@@ -27,7 +27,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# Create a private network, which allows host-only access to the machine
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# using a specific IP.
config
.
vm
.
network
"private_network"
,
ip:
"192.168.33.10"
,
hostname:
"vm"
config
.
vm
.
network
"private_network"
,
ip:
"192.168.33.10"
,
hostname:
"vm"
,
virtualbox__intnet:
"vboxnet0"
config
.
ssh
.
insert_key
=
false
config
.
ssh
.
insert_key
=
false
...
...
base-boxes/base-winsvr2012/Vagrantfile
0 → 100644
View file @
74b461e9
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant
.
configure
(
"2"
)
do
|
config
|
config
.
vm
.
box
=
"base-winsvr2012"
#config.vm.box_url = "file:///home/cpb113/base_vagrant/psu_winsvr2012_baseBox_1_0_0.tar.gz"
config
.
vm
.
box_url
=
"https://nexus.ci.psu.edu/repository/vagrant-boxes/base-winsvr2012.json"
config
.
winrm
.
username
=
"vagrant"
config
.
winrm
.
password
=
"P@ssw0rd"
config
.
vm
.
network
"forwarded_port"
,
guest:
3389
,
host:
3389
config
.
vm
.
network
"private_network"
,
ip:
"192.168.33.11"
,
virtualbox__intnet:
"vboxnet0"
config
.
ssh
.
insert_key
=
false
config
.
vm
.
provider
:virtualbox
do
|
vb
|
vb
.
customize
[
"modifyvm"
,
:id
,
"--natdnshostresolver1"
,
"on"
]
end
config
.
vm
.
provider
:virtualbox
do
|
vb
|
vb
.
customize
[
"modifyvm"
,
:id
,
"--memory"
,
"1024"
]
end
# Enable provisioning with Ansible
config
.
vm
.
provision
:ansible
do
|
ansible
|
ansible
.
playbook
=
"playbook.yml"
ansible
.
groups
=
{
"vagrant"
=>
[
"default"
],
}
end
end
base-boxes/base-winsvr2012/ansible.cfg
0 → 100644
View file @
74b461e9
[defaults]
roles_path = ../../roles
base-boxes/base-winsvr2012/playbook.yml
0 → 100644
View file @
74b461e9
---
# file: base-winsvr2012.yml
-
hosts
:
vagrant
roles
:
-
{
role
:
ActiveDirectory
}
-
{
role
:
ONEForest
}
vars
:
ad_domain_name
:
develop.local
ad_safe_mode_password
:
FtPX38qhuaHTaTS4CkZ6Fpsgg5wL883N
local_dev_username
:
secSvc
local_dev_password
:
ONEforestIsAw3some!
\ No newline at end of file
roles/ActiveDirectory/library/domain_controller.ps1
0 → 100644
View file @
74b461e9
#!powershell
# WANT_JSON
# POWERSHELL_COMMON
$params
=
Parse-Args
$args
;
$result
=
New-Object
PSObject
-Property
@{
changed
=
$false
}
If
(
$params
.
domain_name
)
{
$domainName
=
$params
.
domain_name
}
Else
{
Fail-Json
$result
"missing required argument: domain_name"
}
If
(
$params
.
safe_mode_password
)
{
$safeModePassword
=
$params
.
safe_mode_password
}
Else
{
Fail-Json
$result
"missing required argument: safe_mode_password"
}
try
{
Import-Module
ADDSDeployment
}
catch
{
Fail-Json
$result
$_
.
Exception
.
Message
}
try
{
Get-ADDomainController
|
Out-Null
Exit-Json
$result
}
catch
{
}
$secureSafeModePassword
=
ConvertTo-SecureString
"
$safeModePassword
"
-AsPlainText
-Force
try
{
Install-ADDSForest
`
-DomainName
"
$domainName
"
`
-SafeModeAdministratorPassword
$secureSafeModePassword
`
-InstallDns
:
$true
`
-NoRebootOnCompletion
:
$true
`
-Force
:
$true
$result
.
changed
=
$true
Exit-Json
$result
}
catch
{
Fail-Json
$result
$_
.
Exception
.
Message
}
\ No newline at end of file
roles/ActiveDirectory/library/domain_controller.py
0 → 100644
View file @
74b461e9
#!/usr/bin/python
roles/ActiveDirectory/tasks/main.yml
0 → 100644
View file @
74b461e9
-
name
:
Install AD-Domain-Services feature
win_feature
:
>
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
-
name
:
Promote to domain controller
domain_controller
:
>
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register
:
result
-
name
:
Reboot
win_shell
:
restart-computer -force
when
:
result|changed
#- name: pause for reboot
# pause: seconds=30
#- name: wait for machine start up
# win_ping:
# register: result
# until: result.rc == 0
# retries: 30
# delay: 10
-
name
:
wait for reboot
local_action
:
wait_for
args
:
host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
\ No newline at end of file
roles/ONEForest/library/ONEForest_Config.ps1
0 → 100644
View file @
74b461e9
#!powershell
# WANT_JSON
# POWERSHELL_COMMON
$Error
ActionPreference
=
"Stop"
############################################### functions #######################################################
function
createOU
([
String
]
$inOuName
,
[
String
]
$inBaseDN
)
{
$ou
=
Get-ADOrganizationalUnit
-filter
{
name
-eq
$inOuName
}
if
(
$ou
.
Name
-ne
$inOuName
)
{
New-ADOrganizationalUnit
$inOuName
-Path
$inBaseDN
}
}
function
createGroup
([
String
]
$inGroupName
,
[
String
]
$inDN
)
{
$group
=
Get-ADGroup
-filter
{
name
-eq
$inGroupName
}
if
(
$group
.
Name
-ne
$inGroupName
)
{
New-ADGroup
$inGroupName
-Path
$inDN
-GroupScope
Global
}
}
function
createUser
([
String
]
$inUserName
,
[
String
]
$inDN
,
[
String
]
$inPassword
)
{
$user
=
Get-ADUser
-filter
{
name
-eq
$inUserName
}
if
(
$user
.
Name
-ne
$inUserName
)
{
$securePassword
=
ConvertTo-SecureString
$inPassword
-AsPlainText
-Force
New-ADUser
$inUserName
-Path
$inDN
-AccountPassword
$securePassword
}
}
function
grantUserPermssion
(
$inUsername
,
$inPermissionApplyToDN
,
$inPermissionType
)
{
$acl
=
get-acl
"ad:
$inPermissionApplyToDN
"
$acl
.
access
$user
=
get-aduser
$inUsername
$sid
=
[
System.Security.Principal.SecurityIdentifier
]
$user
.
SID
$identity
=
[
System.Security.Principal.IdentityReference
]
$sid
$adRights
=
[
System.DirectoryServices.ActiveDirectoryRights
]
$inPermissionType
$type
=
[
System.Security.AccessControl.AccessControlType
]
"Allow"
$inheritanceType
=
[
System.DirectoryServices.ActiveDirectorySecurityInheritance
]
"All"
$ACE
=
new-Object
System.DirectoryServices.ActiveDirectoryAccessRule
$identity
,
$adRights
,
$type
,
$inheritanceType
$acl
.
AddAccessRule
(
$ace
)
$newACL
=
set-acl
-aclobject
$acl
"ad:
$inPermissionApplyToDN
"
}
################################################### actual code to execute ##########################################################3
$params
=
Parse-Args
$args
;
$result
=
New-Object
PSObject
-Property
@{
changed
=
$false
}
If
(
$params
.
domain_name
)
{
$domainName
=
$params
.
domain_name
}
Else
{
Fail-Json
$result
"missing required argument: domain_name"
}
If
(
$params
.
localDevUsername
)
{
$localDevUsername
=
$params
.
localDevUsername
}
Else
{
Fail-Json
$result
"missing required argument: localDevUsername"
}
If
(
$params
.
localDevPassword
)
{
$localDevPassword
=
$params
.
localDevPassword
}
Else
{
Fail-Json
$result
"missing required argument: localDevPassword"
}
#ONEForest Structure
try
{
Import-Module
ActiveDirectory
#Get Base DN
$baseDN
=
$
(
Get-ADDomain
$domainName
)
.
DistinguishedName
#OU Structure
createOU
"PSU-Users"
$baseDN
createOU
"Inactive-Users"
"OU=PSU-Users,
$baseDN
"
createOU
"Deprovisioned"
"OU=Inactive-Users,OU=PSU-Users,
$baseDN
"
createOU
"Security-Disabled"
"OU=Inactive-Users,OU=PSU-Users,
$baseDN
"
createOU
"PSU-Groups"
$baseDN
createOU
"PSU-AD-Groups"
"OU=PSU-Groups,
$baseDN
"
#Groups
$adGroupsDN
=
"OU=PSU-AD-Groups,OU=PSU-Groups,
$baseDN
"
createGroup
"PSU-Users"
$adGroupsDN
createGroup
"PSU-Inactive-Users"
$adGroupsDN
createGroup
"PSU-Security-Disabled-Users"
$adGroupsDN
createGroup
"PSU-Deprovisioned-Users"
$adGroupsDN
#### LOCAL Configuration ####
createOU
"LocalConfig"
$baseDN
createUser
$localDevUsername
"OU=LocalConfig,
$baseDN
"
$localDevPassword
grantUserPermssion
$localDevUsername
"OU=PSU-Users,
$baseDN
"
"GenericAll"
grantUserPermssion
$localDevUsername
"OU=PSU-Groups,
$baseDN
"
"GenericAll"
$result
.
changed
=
$true
Exit-Json
$result
}
catch
{
Fail-Json
$result
$_
.
Exception
.
Message
}
\ No newline at end of file
roles/ONEForest/library/ONEForest_Config.py
0 → 100644
View file @
74b461e9
#!/usr/bin/python
roles/ONEForest/tasks/main.yml
0 → 100644
View file @
74b461e9
-
name
:
Configure OU Structure, Groups, and Local Development Users
ONEForest_Config
:
>
domain_name={{ ad_domain_name }}
localDevUsername={{ local_dev_username }}
localDevPassword={{ local_dev_password }}
register
:
result
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment