Commit 74b461e9 authored by CRAIG BENNER's avatar CRAIG BENNER

Adding base-winsvr2012 box and roles activedirectory and oneforestconfig

parent 48958702
...@@ -27,7 +27,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| ...@@ -27,7 +27,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# Create a private network, which allows host-only access to the machine # Create a private network, which allows host-only access to the machine
# using a specific IP. # using a specific IP.
config.vm.network "private_network", ip: "192.168.33.10", hostname: "vm" config.vm.network "private_network", ip: "192.168.33.10", hostname: "vm", virtualbox__intnet: "vboxnet0"
config.ssh.insert_key = false config.ssh.insert_key = false
......
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "base-winsvr2012"
#config.vm.box_url = "file:///home/cpb113/base_vagrant/psu_winsvr2012_baseBox_1_0_0.tar.gz"
config.vm.box_url = "https://nexus.ci.psu.edu/repository/vagrant-boxes/base-winsvr2012.json"
config.winrm.username = "vagrant"
config.winrm.password = "P@ssw0rd"
config.vm.network "forwarded_port", guest: 3389, host: 3389
config.vm.network "private_network", ip: "192.168.33.11", virtualbox__intnet: "vboxnet0"
config.ssh.insert_key = false
config.vm.provider :virtualbox do |vb|
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
end
config.vm.provider :virtualbox do |vb|
vb.customize ["modifyvm", :id, "--memory", "1024"]
end
# Enable provisioning with Ansible
config.vm.provision :ansible do |ansible|
ansible.playbook = "playbook.yml"
ansible.groups = {
"vagrant" => ["default"],
}
end
end
[defaults]
roles_path = ../../roles
---
# file: base-winsvr2012.yml
- hosts: vagrant
roles:
- { role: ActiveDirectory }
- { role: ONEForest }
vars:
ad_domain_name: develop.local
ad_safe_mode_password: FtPX38qhuaHTaTS4CkZ6Fpsgg5wL883N
local_dev_username: secSvc
local_dev_password: ONEforestIsAw3some!
\ No newline at end of file
#!powershell
# WANT_JSON
# POWERSHELL_COMMON
$params = Parse-Args $args;
$result = New-Object PSObject -Property @{
changed = $false
}
If ($params.domain_name) {
$domainName = $params.domain_name
}
Else {
Fail-Json $result "missing required argument: domain_name"
}
If ($params.safe_mode_password) {
$safeModePassword = $params.safe_mode_password
}
Else {
Fail-Json $result "missing required argument: safe_mode_password"
}
try {
Import-Module ADDSDeployment
}
catch {
Fail-Json $result $_.Exception.Message
}
try {
Get-ADDomainController | Out-Null
Exit-Json $result
}
catch {
}
$secureSafeModePassword = ConvertTo-SecureString "$safeModePassword" -AsPlainText -Force
try {
Install-ADDSForest `
-DomainName "$domainName" `
-SafeModeAdministratorPassword $secureSafeModePassword `
-InstallDns:$true `
-NoRebootOnCompletion:$true `
-Force:$true
$result.changed = $true
Exit-Json $result
}
catch {
Fail-Json $result $_.Exception.Message
}
\ No newline at end of file
- name: Install AD-Domain-Services feature
win_feature: >
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
- name: Promote to domain controller
domain_controller: >
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register: result
- name: Reboot
win_shell: restart-computer -force
when: result|changed
#- name: pause for reboot
# pause: seconds=30
#- name: wait for machine start up
# win_ping:
# register: result
# until: result.rc == 0
# retries: 30
# delay: 10
- name: wait for reboot
local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
\ No newline at end of file
#!powershell
# WANT_JSON
# POWERSHELL_COMMON
$ErrorActionPreference = "Stop"
############################################### functions #######################################################
function createOU([String]$inOuName, [String]$inBaseDN)
{
$ou = Get-ADOrganizationalUnit -filter {name -eq $inOuName}
if ($ou.Name -ne $inOuName) {
New-ADOrganizationalUnit $inOuName -Path $inBaseDN
}
}
function createGroup([String]$inGroupName, [String]$inDN)
{
$group = Get-ADGroup -filter {name -eq $inGroupName}
if ($group.Name -ne $inGroupName) {
New-ADGroup $inGroupName -Path $inDN -GroupScope Global
}
}
function createUser([String]$inUserName, [String]$inDN, [String]$inPassword)
{
$user = Get-ADUser -filter {name -eq $inUserName}
if ($user.Name -ne $inUserName) {
$securePassword = ConvertTo-SecureString $inPassword -AsPlainText -Force
New-ADUser $inUserName -Path $inDN -AccountPassword $securePassword
}
}
function grantUserPermssion($inUsername, $inPermissionApplyToDN, $inPermissionType)
{
$acl = get-acl "ad:$inPermissionApplyToDN"
$acl.access
$user = get-aduser $inUsername
$sid = [System.Security.Principal.SecurityIdentifier] $user.SID
$identity = [System.Security.Principal.IdentityReference] $sid
$adRights = [System.DirectoryServices.ActiveDirectoryRights] $inPermissionType
$type = [System.Security.AccessControl.AccessControlType] "Allow"
$inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
$ACE = new-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity, $adRights, $type, $inheritanceType
$acl.AddAccessRule($ace)
$newACL = set-acl -aclobject $acl "ad:$inPermissionApplyToDN"
}
################################################### actual code to execute ##########################################################3
$params = Parse-Args $args;
$result = New-Object PSObject -Property @{
changed = $false
}
If ($params.domain_name) {
$domainName = $params.domain_name
}
Else {
Fail-Json $result "missing required argument: domain_name"
}
If ($params.localDevUsername) {
$localDevUsername = $params.localDevUsername
}
Else {
Fail-Json $result "missing required argument: localDevUsername"
}
If ($params.localDevPassword) {
$localDevPassword = $params.localDevPassword
}
Else {
Fail-Json $result "missing required argument: localDevPassword"
}
#ONEForest Structure
try {
Import-Module ActiveDirectory
#Get Base DN
$baseDN = $(Get-ADDomain $domainName).DistinguishedName
#OU Structure
createOU "PSU-Users" $baseDN
createOU "Inactive-Users" "OU=PSU-Users,$baseDN"
createOU "Deprovisioned" "OU=Inactive-Users,OU=PSU-Users,$baseDN"
createOU "Security-Disabled" "OU=Inactive-Users,OU=PSU-Users,$baseDN"
createOU "PSU-Groups" $baseDN
createOU "PSU-AD-Groups" "OU=PSU-Groups,$baseDN"
#Groups
$adGroupsDN = "OU=PSU-AD-Groups,OU=PSU-Groups,$baseDN"
createGroup "PSU-Users" $adGroupsDN
createGroup "PSU-Inactive-Users" $adGroupsDN
createGroup "PSU-Security-Disabled-Users" $adGroupsDN
createGroup "PSU-Deprovisioned-Users" $adGroupsDN
#### LOCAL Configuration ####
createOU "LocalConfig" $baseDN
createUser $localDevUsername "OU=LocalConfig,$baseDN" $localDevPassword
grantUserPermssion $localDevUsername "OU=PSU-Users,$baseDN" "GenericAll"
grantUserPermssion $localDevUsername "OU=PSU-Groups,$baseDN" "GenericAll"
$result.changed = $true
Exit-Json $result
}
catch {
Fail-Json $result $_.Exception.Message
}
\ No newline at end of file
- name: Configure OU Structure, Groups, and Local Development Users
ONEForest_Config: >
domain_name={{ ad_domain_name }}
localDevUsername={{ local_dev_username }}
localDevPassword={{ local_dev_password }}
register: result
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment