From e222d5963f8db60736f312654d6272e8ba3b8b11 Mon Sep 17 00:00:00 2001
From: Craig Benner <cpb113@psu.edu>
Date: Wed, 28 Jun 2017 10:19:42 -0400
Subject: [PATCH] Tweaks to the process

---
 roles/ActiveDirectory/tasks/main.yml | 198 +++++++++++----------------
 1 file changed, 83 insertions(+), 115 deletions(-)

diff --git a/roles/ActiveDirectory/tasks/main.yml b/roles/ActiveDirectory/tasks/main.yml
index 8092060..d54c49a 100644
--- a/roles/ActiveDirectory/tasks/main.yml
+++ b/roles/ActiveDirectory/tasks/main.yml
@@ -1,115 +1,83 @@
-- name: force Name of machine
-  rename_computer: >
-    computer_name=develop-dc-01
-
-- name: wait for reboot
-  local_action: wait_for 
-  args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
-
-- name: generate ca cert key
-  shell: openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key 4096
-  delegate_to: localhost
-
-- name: generate ca cert
-  shell: openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
-  delegate_to: localhost
-
-- name: create LDAPS local certRequest.inf
-  delegate_to: localhost
-  copy:
-     content: ";----------------- request.inf -----------------
-[Version]
-Signature=$Windows NT$
-[NewRequest]
-Subject = \"CN=develop-dc-01.develop.local\" ; replace with the FQDN of the DC
-KeySpec = 1
-KeyLength = 2048
-; Can be 1024, 2048, 4096, 8192, or 16384.
-; Larger key sizes are more secure, but have
-; a greater impact on performance.
-Exportable = TRUE
-MachineKeySet = TRUE
-SMIME = False
-PrivateKeyArchive = FALSE
-UserProtected = FALSE
-UseExistingKeySet = FALSE
-ProviderName = \"Microsoft RSA SChannel Cryptographic Provider\"
-ProviderType = 12
-RequestType = PKCS10
-KeyUsage = 0xa0
-[Extensions]
-OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
-
-;-----------------------------------------------"
-     dest: ./certRequest.inf
-
-
-- name: create temp directory
-  win_file:
-     path: c:\temp
-     state: directory
-
-- name: copy ldaps inf to server
-  win_copy:
-     src: certRequest.inf
-     dest: c:\temp\certRequest.inf
-
-- name: generate ldaps PEM
-  win_shell: certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
-
-- name: copy ldaps pem to server
-  fetch:
-     src: c:\temp\develop_dc.pem
-     dest: develop_dc.pem
-     flat: yes
-
-##### NOT SURE IF NEEDED
-#- name: create v3ext.txt
-#  delegate_to: localhost
-#  copy:
-#     content: "keyUsage=digitalSignature,keyEncipherment
-# extendedKeyUsage=serverAuth
-# subjectKeyIdentifier=hash"
-#     dest: ./v3ext.txt
-
-- name: create ldaps cert
-  shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
-  delegate_to: localhost
-
-- name: copy ca pub cert to server
-  win_copy:
-     src: ca.crt
-     dest: c:\temp\ca.crt
-
-- name: import certificate into Windows
-  import_certs: >
-    name=develop_dc.crt
-
-- name: copy ldaps pub cert to server
-  win_copy:
-     src: develop_dc.crt
-     dest: c:\temp\develop_dc.crt
-
-- name: import certificate into Windows
-  win_shell: certreq -accept c:\temp\develop_dc.crt
-
-- name: Install AD-Domain-Services feature
-  win_feature: >
-    name=AD-Domain-Services
-    include_management_tools=yes
-    include_sub_features=yes
-    state=present
-    
-- name: Promote to domain controller
-  domain_controller: >
-    domain_name={{ ad_domain_name }}
-    safe_mode_password={{ ad_safe_mode_password }}
-  register: result
-
-- name: Reboot second
-  win_shell: restart-computer -force
-  when: result|changed
-  
-- name: wait for reboot
-  local_action: wait_for 
-  args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
+- name: force Name of machine
+  rename_computer: >
+    computer_name=develop-dc-01
+
+- name: wait for reboot
+  local_action: wait_for 
+  args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
+
+- name: generate ca cert key
+  shell: openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key 4096
+  delegate_to: localhost
+
+- name: generate ca cert
+  shell: openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
+  delegate_to: localhost
+
+- name: create LDAPS local certRequest.inf
+  delegate_to: localhost
+  copy:
+     src: "{{ role_path }}/files/certRequest.inf"
+     dest: ./certRequest.inf
+
+
+- name: create temp directory
+  win_file:
+     path: c:\temp
+     state: directory
+
+- name: copy ldaps inf to server
+  win_copy:
+     src: certRequest.inf
+     dest: c:\temp\certRequest.inf
+
+- name: generate ldaps PEM
+  win_shell: certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
+
+- name: copy ldaps pem to server
+  fetch:
+     src: c:\temp\develop_dc.pem
+     dest: develop_dc.pem
+     flat: yes
+
+- name: create ldaps cert
+  shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
+  delegate_to: localhost
+
+- name: copy ca pub cert to server
+  win_copy:
+     src: ca.crt
+     dest: c:\temp\ca.crt
+
+- name: import certificate into Windows
+  import_certs: >
+    name=develop_dc.crt
+
+- name: copy ldaps pub cert to server
+  win_copy:
+     src: develop_dc.crt
+     dest: c:\temp\develop_dc.crt
+
+- name: import certificate into Windows
+  win_shell: certreq -accept c:\temp\develop_dc.crt
+
+- name: Install AD-Domain-Services feature
+  win_feature: >
+    name=AD-Domain-Services
+    include_management_tools=yes
+    include_sub_features=yes
+    state=present
+    
+- name: Promote to domain controller
+  domain_controller: >
+    domain_name={{ ad_domain_name }}
+    safe_mode_password={{ ad_safe_mode_password }}
+  register: result
+
+- name: Reboot second
+  win_shell: restart-computer -force
+  when: result|changed
+  
+- name: wait for reboot
+  local_action: wait_for 
+  args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
-- 
GitLab