Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
Infrastructure
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
2
Issues
2
List
Boards
Labels
Service Desk
Milestones
Merge Requests
2
Merge Requests
2
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
EIT-SWE
Infrastructure
Commits
e222d596
Commit
e222d596
authored
Jun 28, 2017
by
CRAIG BENNER
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Tweaks to the process
parent
8f8af99c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
83 additions
and
115 deletions
+83
-115
roles/ActiveDirectory/tasks/main.yml
roles/ActiveDirectory/tasks/main.yml
+83
-115
No files found.
roles/ActiveDirectory/tasks/main.yml
View file @
e222d596
-
name
:
force Name of machine
rename_computer
:
>
computer_name=develop-dc-01
-
name
:
wait for reboot
local_action
:
wait_for
args
:
host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
-
name
:
generate ca cert key
shell
:
openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key
4096
delegate_to
:
localhost
-
name
:
generate ca cert
shell
:
openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
delegate_to
:
localhost
-
name
:
create LDAPS local certRequest.inf
delegate_to
:
localhost
copy
:
content
:
"
;-----------------
request.inf
-----------------
[Version]
Signature=$Windows
NT$
[NewRequest]
Subject
=
\"
CN=develop-dc-01.develop.local
\"
;
replace
with
the
FQDN
of
the
DC
KeySpec
=
1
KeyLength
=
2048
;
Can
be
1024,
2048,
4096,
8192,
or
16384.
;
Larger
key
sizes
are
more
secure,
but
have
;
a
greater
impact
on
performance.
Exportable
=
TRUE
MachineKeySet
=
TRUE
SMIME
=
False
PrivateKeyArchive
=
FALSE
UserProtected
=
FALSE
UseExistingKeySet
=
FALSE
ProviderName
=
\"
Microsoft
RSA
SChannel
Cryptographic
Provider
\"
ProviderType
=
12
RequestType
=
PKCS10
KeyUsage
=
0xa0
[Extensions]
OID=1.3.6.1.5.5.7.3.1
;
this
is
for
Server
Authentication
;-----------------------------------------------"
dest
:
./certRequest.inf
-
name
:
create temp directory
win_file
:
path
:
c:\temp
state
:
directory
-
name
:
copy ldaps inf to server
win_copy
:
src
:
certRequest.inf
dest
:
c:\temp\certRequest.inf
-
name
:
generate ldaps PEM
win_shell
:
certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
-
name
:
copy ldaps pem to server
fetch
:
src
:
c:\temp\develop_dc.pem
dest
:
develop_dc.pem
flat
:
yes
##### NOT SURE IF NEEDED
#- name: create v3ext.txt
# delegate_to: localhost
# copy:
# content: "keyUsage=digitalSignature,keyEncipherment
# extendedKeyUsage=serverAuth
# subjectKeyIdentifier=hash"
# dest: ./v3ext.txt
-
name
:
create ldaps cert
shell
:
openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to
:
localhost
-
name
:
copy ca pub cert to server
win_copy
:
src
:
ca.crt
dest
:
c:\temp\ca.crt
-
name
:
import certificate into Windows
import_certs
:
>
name=develop_dc.crt
-
name
:
copy ldaps pub cert to server
win_copy
:
src
:
develop_dc.crt
dest
:
c:\temp\develop_dc.crt
-
name
:
import certificate into Windows
win_shell
:
certreq -accept c:\temp\develop_dc.crt
-
name
:
Install AD-Domain-Services feature
win_feature
:
>
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
-
name
:
Promote to domain controller
domain_controller
:
>
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register
:
result
-
name
:
Reboot second
win_shell
:
restart-computer -force
when
:
result|changed
-
name
:
wait for reboot
local_action
:
wait_for
args
:
host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
-
name
:
force Name of machine
rename_computer
:
>
computer_name=develop-dc-01
-
name
:
wait for reboot
local_action
:
wait_for
args
:
host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
-
name
:
generate ca cert key
shell
:
openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key
4096
delegate_to
:
localhost
-
name
:
generate ca cert
shell
:
openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
delegate_to
:
localhost
-
name
:
create LDAPS local certRequest.inf
delegate_to
:
localhost
copy
:
src
:
"
{{
role_path
}}/files/certRequest.inf"
dest
:
./certRequest.inf
-
name
:
create temp directory
win_file
:
path
:
c:\temp
state
:
directory
-
name
:
copy ldaps inf to server
win_copy
:
src
:
certRequest.inf
dest
:
c:\temp\certRequest.inf
-
name
:
generate ldaps PEM
win_shell
:
certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
-
name
:
copy ldaps pem to server
fetch
:
src
:
c:\temp\develop_dc.pem
dest
:
develop_dc.pem
flat
:
yes
-
name
:
create ldaps cert
shell
:
openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to
:
localhost
-
name
:
copy ca pub cert to server
win_copy
:
src
:
ca.crt
dest
:
c:\temp\ca.crt
-
name
:
import certificate into Windows
import_certs
:
>
name=develop_dc.crt
-
name
:
copy ldaps pub cert to server
win_copy
:
src
:
develop_dc.crt
dest
:
c:\temp\develop_dc.crt
-
name
:
import certificate into Windows
win_shell
:
certreq -accept c:\temp\develop_dc.crt
-
name
:
Install AD-Domain-Services feature
win_feature
:
>
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
-
name
:
Promote to domain controller
domain_controller
:
>
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register
:
result
-
name
:
Reboot second
win_shell
:
restart-computer -force
when
:
result|changed
-
name
:
wait for reboot
local_action
:
wait_for
args
:
host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment