Commit e222d596 authored by CRAIG BENNER's avatar CRAIG BENNER

Tweaks to the process

parent 8f8af99c
- name: force Name of machine - name: force Name of machine
rename_computer: > rename_computer: >
computer_name=develop-dc-01 computer_name=develop-dc-01
- name: wait for reboot - name: wait for reboot
local_action: wait_for local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
- name: generate ca cert key - name: generate ca cert key
shell: openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key 4096 shell: openssl genrsa -des3 -passout pass:{{ ad_safe_mode_password }} -out ca.key 4096
delegate_to: localhost delegate_to: localhost
- name: generate ca cert - name: generate ca cert
shell: openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local" shell: openssl req -new -x509 -days 3650 -passin pass:{{ ad_safe_mode_password }} -key ca.key -out ca.crt -subj "/C=US/ST=Pennsylvania/L=University Park/O=Pennsylvania State University/OU=IT/CN=CA.develop.local"
delegate_to: localhost delegate_to: localhost
- name: create LDAPS local certRequest.inf - name: create LDAPS local certRequest.inf
delegate_to: localhost delegate_to: localhost
copy: copy:
content: ";----------------- request.inf ----------------- src: "{{ role_path }}/files/certRequest.inf"
[Version] dest: ./certRequest.inf
Signature=$Windows NT$
[NewRequest]
Subject = \"CN=develop-dc-01.develop.local\" ; replace with the FQDN of the DC - name: create temp directory
KeySpec = 1 win_file:
KeyLength = 2048 path: c:\temp
; Can be 1024, 2048, 4096, 8192, or 16384. state: directory
; Larger key sizes are more secure, but have
; a greater impact on performance. - name: copy ldaps inf to server
Exportable = TRUE win_copy:
MachineKeySet = TRUE src: certRequest.inf
SMIME = False dest: c:\temp\certRequest.inf
PrivateKeyArchive = FALSE
UserProtected = FALSE - name: generate ldaps PEM
UseExistingKeySet = FALSE win_shell: certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem
ProviderName = \"Microsoft RSA SChannel Cryptographic Provider\"
ProviderType = 12 - name: copy ldaps pem to server
RequestType = PKCS10 fetch:
KeyUsage = 0xa0 src: c:\temp\develop_dc.pem
[Extensions] dest: develop_dc.pem
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication flat: yes
;-----------------------------------------------" - name: create ldaps cert
dest: ./certRequest.inf shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to: localhost
- name: create temp directory - name: copy ca pub cert to server
win_file: win_copy:
path: c:\temp src: ca.crt
state: directory dest: c:\temp\ca.crt
- name: copy ldaps inf to server - name: import certificate into Windows
win_copy: import_certs: >
src: certRequest.inf name=develop_dc.crt
dest: c:\temp\certRequest.inf
- name: copy ldaps pub cert to server
- name: generate ldaps PEM win_copy:
win_shell: certreq -new c:\temp\certRequest.inf c:\temp\develop_dc.pem src: develop_dc.crt
dest: c:\temp\develop_dc.crt
- name: copy ldaps pem to server
fetch: - name: import certificate into Windows
src: c:\temp\develop_dc.pem win_shell: certreq -accept c:\temp\develop_dc.crt
dest: develop_dc.pem
flat: yes - name: Install AD-Domain-Services feature
win_feature: >
##### NOT SURE IF NEEDED name=AD-Domain-Services
#- name: create v3ext.txt include_management_tools=yes
# delegate_to: localhost include_sub_features=yes
# copy: state=present
# content: "keyUsage=digitalSignature,keyEncipherment
# extendedKeyUsage=serverAuth - name: Promote to domain controller
# subjectKeyIdentifier=hash" domain_controller: >
# dest: ./v3ext.txt domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
- name: create ldaps cert register: result
shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to: localhost - name: Reboot second
win_shell: restart-computer -force
- name: copy ca pub cert to server when: result|changed
win_copy:
src: ca.crt - name: wait for reboot
dest: c:\temp\ca.crt local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
- name: import certificate into Windows
import_certs: >
name=develop_dc.crt
- name: copy ldaps pub cert to server
win_copy:
src: develop_dc.crt
dest: c:\temp\develop_dc.crt
- name: import certificate into Windows
win_shell: certreq -accept c:\temp\develop_dc.crt
- name: Install AD-Domain-Services feature
win_feature: >
name=AD-Domain-Services
include_management_tools=yes
include_sub_features=yes
state=present
- name: Promote to domain controller
domain_controller: >
domain_name={{ ad_domain_name }}
safe_mode_password={{ ad_safe_mode_password }}
register: result
- name: Reboot second
win_shell: restart-computer -force
when: result|changed
- name: wait for reboot
local_action: wait_for
args: host={{ inventory_hostname }} port=5985 delay=1 timeout=120 state=started
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment