improve docs, allow all kind of passwords

2022-01-02 19:04:13 +01:00 · 2022-01-02 19:04:13 +01:00 · ce8466eb48
commit ce8466eb48
parent b596e01068
5 changed files with 33 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -1,20 +1,24 @@
 win_ansible_role_base_setup
 =============================

-WINDOWS Ansible role to create a little base Setup for my Ansible Managed Windows 10 Enterprise Hosts
-
-## Please not, this is my first windows role and highly experimental!
+WINDOWS Ansible role to create a little base Setup to manage Windows 10 Enterprise Hosts

 Requirements
 ----------------
-+ **Pass or gopass** is required to store passwords.
-  + See [ansible docs](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html)
-  + Have a password store setup. Either create a symlink from pass to gopass or use pass nativly.
+ A Windows 10 Host ready to get ansible deployed

 What this role does:
 ---------------------
-
+ Create a 'Ansibles' Group and a 'ansible' Administrator user.
+  Use these variables to set a username and a password:
+  * ``win_base_init__created_user_name: 'ansible'``
+  * ``win_base_init__created_user_password: 'ChangeToSecurePassword'``
+ Set the ``inventory_hostname`` as hostname and reboots.
+  * Disable automatic reboot using ``win_base_init__allow_reboot: false``
 + Optionally setting OS description, owner and org if you define them in these variables:
  - ``win_base_init__os_description: ''``
  - ``win_base_init__os_organization: ''``
  - ``win_base_init__os_owner: ''``
+ Installs some packages using chocolatey, defined in:
+  ``win_base_init__packages: [git, Firefox, mpvio, vlc]``
+ Search for updates and log available updates to ``C:\ansible_updates.txt``. *(search only, no installation)*
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,5 +1,7 @@
 ---
-win_base_init__pass_prefix: 'ansible/windows'
+win_base_init__created_user_name: 'ansible'
+win_base_init__created_user_password: 'ChangeToSecurePassword'
+win_base_init__allow_reboot: true
 win_base_init__packages:
  - git
  - Firefox
--- a/tasks/ansible_user.yml
+++ b/tasks/ansible_user.yml
@ -1,15 +1,20 @@
 ---
- name: Create Windows group ansibles
+- name: "Create Windows group 'Ansibles'"
  ansible.windows.win_group:
    name: 'Ansibles'
    description: 'Group for Ansible Management'
    state: present

+- name: fail if win_obs_init__password is unset
+  ansible.builtin.fail:
+    msg: "Please define a password for the user {{ win_base_init__created_user_name }} using 'win_base_init__created_user_password'!"
+  when: win_base_init__created_user_password == 'ChangeToSecurePassword'
+
 - name: create ansible User
  ansible.windows.win_user:
-    name: 'ansible'
+    name: "{{ win_base_init__created_user_name }}"
    state: present
-    password: "{{ lookup('community.general.passwordstore', win_base_init__pass_prefix + '/' + inventory_hostname + '/login/ansible create=true length=42 nosymbols=true') }}"
+    password: "{{ win_base_init__created_user_password }}"
    account_disabled: false
    description: 'Account to run ansible commands at this WINDOWS host'
    groups_action: 'add'
--- a/tasks/hostname.yml
+++ b/tasks/hostname.yml
@ -7,4 +7,14 @@
 - name: host is rebooting in 15 sec!!
  ansible.windows.win_reboot:
    pre_reboot_delay: 15
-  when: res.reboot_required
+  when:
+    - res.reboot_required | bool
+    - win_base_init__allow_reboot | bool
+
+- name: host is rebooting in 15 sec!!
+  ansible.builtin.fail:
+    msg: "Hostname changed. Please reboot to apply changes!"
+  ignore_errors: true
+  when:
+    - res.reboot_required | bool
+    - not win_base_init__allow_reboot | bool
--- a/tasks/variables.yml
+++ b/tasks/variables.yml
@ -4,7 +4,6 @@
  vars:
    params:
      files:
-        - "windows_{{ win_base_init__os_language }}.yml"
        - 'windows_default.yml'
      paths:
        - 'vars'