Commit e222d596 authored by CRAIG BENNER's avatar CRAIG BENNER

Tweaks to the process

parent 8f8af99c
- name: force Name of machine
rename_computer: >
computer_name=develop-dc-01
- name: wait for reboot
local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
- name: generate ca cert key
shell: openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key 4096
delegate_to: localhost
- name: generate ca cert
shell: openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
delegate_to: localhost
- name: create LDAPS local certRequest.inf
delegate_to: localhost
copy:
content: ";----------------- request.inf -----------------
[Version]
Signature=$Windows NT$
[NewRequest]
Subject = \"CN=develop-dc-01.develop.local\" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = \"Microsoft RSA SChannel Cryptographic Provider\"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[Extensions]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-----------------------------------------------"
dest: ./certRequest.inf
- name: create temp directory
win_file:
path: c:\temp
state: directory
- name: copy ldaps inf to server
win_copy:
src: certRequest.inf
dest: c:\temp\certRequest.inf
- name: generate ldaps PEM
win_shell: certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
- name: copy ldaps pem to server
fetch:
src: c:\temp\develop_dc.pem
dest: develop_dc.pem
flat: yes
##### NOT SURE IF NEEDED
#- name: create v3ext.txt
# delegate_to: localhost
# copy:
# content: "keyUsage=digitalSignature,keyEncipherment
# extendedKeyUsage=serverAuth
# subjectKeyIdentifier=hash"
# dest: ./v3ext.txt
- name: create ldaps cert
shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to: localhost
- name: copy ca pub cert to server
win_copy:
src: ca.crt
dest: c:\temp\ca.crt
- name: import certificate into Windows
import_certs: >
name=develop_dc.crt
- name: copy ldaps pub cert to server
win_copy:
src: develop_dc.crt
dest: c:\temp\develop_dc.crt
- name: import certificate into Windows
win_shell: certreq -accept c:\temp\develop_dc.crt
- name: Install AD-Domain-Services feature
win_feature: >
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
- name: Promote to domain controller
domain_controller: >
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register: result
- name: Reboot second
win_shell: restart-computer -force
when: result|changed
- name: wait for reboot
local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
- name: force Name of machine
rename_computer: >
computer_name=develop-dc-01
- name: wait for reboot
local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
- name: generate ca cert key
shell: openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key 4096
delegate_to: localhost
- name: generate ca cert
shell: openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
delegate_to: localhost
- name: create LDAPS local certRequest.inf
delegate_to: localhost
copy:
src: "{{ role_path }}/files/certRequest.inf"
dest: ./certRequest.inf
- name: create temp directory
win_file:
path: c:\temp
state: directory
- name: copy ldaps inf to server
win_copy:
src: certRequest.inf
dest: c:\temp\certRequest.inf
- name: generate ldaps PEM
win_shell: certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
- name: copy ldaps pem to server
fetch:
src: c:\temp\develop_dc.pem
dest: develop_dc.pem
flat: yes
- name: create ldaps cert
shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to: localhost
- name: copy ca pub cert to server
win_copy:
src: ca.crt
dest: c:\temp\ca.crt
- name: import certificate into Windows
import_certs: >
name=develop_dc.crt
- name: copy ldaps pub cert to server
win_copy:
src: develop_dc.crt
dest: c:\temp\develop_dc.crt
- name: import certificate into Windows
win_shell: certreq -accept c:\temp\develop_dc.crt
- name: Install AD-Domain-Services feature
win_feature: >
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
- name: Promote to domain controller
domain_controller: >
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register: result
- name: Reboot second
win_shell: restart-computer -force
when: result|changed
- name: wait for reboot
local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment