improve user setup, manage sshd and winrm

This commit is contained in:
L3D 2022-12-29 04:32:45 +01:00
parent b194632a44
commit f999c15675
Signed by: l3d
GPG key ID: CD08445BFF4313D1
7 changed files with 15 additions and 22 deletions

3
.gitmodules vendored
View file

@ -31,3 +31,6 @@
[submodule "roles/do1jlr.win_firewall_icmp"] [submodule "roles/do1jlr.win_firewall_icmp"]
path = roles/do1jlr.win_firewall_icmp path = roles/do1jlr.win_firewall_icmp
url = https://backwesen.de/voc/win_ansible_role_firewall_icmp.git url = https://backwesen.de/voc/win_ansible_role_firewall_icmp.git
[submodule "roles/do1jlr.win_sshd"]
path = roles/do1jlr.win_sshd
url = https://backwesen.de/voc/win_ansible_role_sshd.git

View file

@ -46,29 +46,15 @@ Ansible Requirements
ansible-galaxy install -r requirements.yml ansible-galaxy install -r requirements.yml
``` ```
And PyWinRM Python mdule Install sshpass fo SSH with Passwords to windowsvia ansible
```bash ```bash
pip3 install pywinrm sudo apt install sshpass
``` ```
Configure Ansible Access (WinRM Setup) Configure Ansible Access (Windows SSH Server Setup)
---------------------------------------- ----------------------------------------
### configure WinRM Access Have a look at the [official Ansible Docs](https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html#windows-ssh-setup) and install [OpenSSH Server](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell) on Windows or WinRM by running the [ConfigureReotingForAnsible.ps1](https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureReotingForAnsible.ps1) script.
Configure WinRM with the ``ConfigureRemotingForAnsible.ps1`` Script as described in [docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup](https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup) in your WINDOWS PowerShell.
### configure ansible setup for new hosts
+ add your host to the ``hosts.ini`` file.
+ add the following variables in the ``host_vars``:
```yaml
---
# host_vars/$hostname/vars.yml
ansible_connection: winrm
ansible_user: 'Windows_Admin_User'
ansible_password: 'Your_Windows_Admin_Password'
ansible_winrm_server_cert_validation: ignore
```
Gopass Passwords Gopass Passwords
------------------ ------------------

View file

@ -8,8 +8,10 @@ win_obs_init__powerplan_enabled: true
win_obs_init_powerplan_mode: 'high performance' win_obs_init_powerplan_mode: 'high performance'
# connect # connect
ansible_connection: winrm ansible_connection: ssh
ansible_shell_type: "powershell"
ansible_winrm_server_cert_validation: ignore ansible_winrm_server_cert_validation: ignore
ansible_pipelining: true
ansible_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/' + ansible_user) }}" ansible_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/' + ansible_user) }}"
# credetials # credetials
@ -19,7 +21,7 @@ win_obs_init__password: "{{ lookup('community.general.passwordstore', gopass_pas
# manage autologon # manage autologon
win_obs_init__autologon: true win_obs_init__autologon: true
win_obs_init__autologon_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/obs') }}" win_obs_init__autologon_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/voc') }}"
# define obs szene # define obs szene
win_obs_szene__project: 'swiss_python_summit_2022' win_obs_szene__project: 'swiss_python_summit_2022'

View file

@ -2,4 +2,4 @@
obs-white ansible_host=obs-white.local obs-white ansible_host=obs-white.local
obs-yellow ansible_host=obs-yellow.local obs-yellow ansible_host=obs-yellow.local
obs-blue ansible_host=obs-blue.local obs-blue ansible_host=obs-blue.local
obs-spare ansible_host=obs-spare.local obs-misc ansible_host=obs-misc.local

@ -1 +1 @@
Subproject commit 6b86e9d710ed073088e82b4d0b343dc932cb2920 Subproject commit 6249b9b886a4561fa1eab6978453d699bd8c7f4c

1
roles/do1jlr.win_sshd Submodule

@ -0,0 +1 @@
Subproject commit 61b785cae02215e0d7dc3878da5d792e198a595c

View file

@ -12,6 +12,7 @@
- {role: do1jlr.win_base_setup, tags: [user, setup]} - {role: do1jlr.win_base_setup, tags: [user, setup]}
- {role: do1jlr.win_zeroconf, tags: zeroconf} - {role: do1jlr.win_zeroconf, tags: zeroconf}
- {role: do1jlr.win_firewall_icmp, tags: firewall} - {role: do1jlr.win_firewall_icmp, tags: firewall}
- {role: do1jlr.win_sshd, tags: sshd}
- {role: do1jlr.win_obs_setup, tags: [user, obs]} - {role: do1jlr.win_obs_setup, tags: [user, obs]}
- {role: do1jlr.win_parsec, tags: parsec} - {role: do1jlr.win_parsec, tags: parsec}
- {role: do1jlr.win_streamdeck, tags: streamdeck} - {role: do1jlr.win_streamdeck, tags: streamdeck}