+
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows/templates/packages.j2 b/collections/ansible_collections/demo/patching/roles/report_windows/templates/packages.j2
new file mode 100644
index 0000000..f290897
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows/templates/packages.j2
@@ -0,0 +1,29 @@
+
+
+
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows/templates/report.j2 b/collections/ansible_collections/demo/patching/roles/report_windows/templates/report.j2
new file mode 100644
index 0000000..7b9ada5
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows/templates/report.j2
@@ -0,0 +1,101 @@
+
+
+
+
Ansible Windows Automation Report
+
+
+
+
+
+
+
+
+
+
+
+
+ {% include 'header.j2' %}
+
+
+Ansible Windows Automation Report
+
+
+
+
+ Windows Device
+ Operating System
+ Operating System Kernel Version
+
+
+
+{% for windows_host in ansible_play_hosts |sort %}
+
+
+
+
+
+
+ {{hostvars[windows_host]['ansible_os_family']|default("none")}}
+ {{hostvars[windows_host]['ansible_distribution']|default("none")}}
+
+{% endfor %}
+
+
+Created with
+
+
+
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows/templates/services.j2 b/collections/ansible_collections/demo/patching/roles/report_windows/templates/services.j2
new file mode 100644
index 0000000..b443161
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows/templates/services.j2
@@ -0,0 +1,29 @@
+
+
+
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows/vars/main.yml b/collections/ansible_collections/demo/patching/roles/report_windows/vars/main.yml
new file mode 100644
index 0000000..3ec787e
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows/vars/main.yml
@@ -0,0 +1 @@
+file_path: C:\Inetpub\wwwroot\reports
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/README.md b/collections/ansible_collections/demo/patching/roles/report_windows_patching/README.md
new file mode 100644
index 0000000..dec8155
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/README.md
@@ -0,0 +1,36 @@
+build_report_windows_patch
+========
+
+Installs Apache and creates a report based on facts from Windows update job
+
+Requirements
+------------
+
+Must run on Apache server
+
+Role Variables / Configuration
+--------------
+
+N/A
+
+Dependencies
+------------
+
+N/A
+
+Example Playbook
+----------------
+
+The role can be used to create an html patching report on any number of Linux hosts using any number of Windows servers
+
+
+```
+---
+- hosts: all
+
+ tasks:
+ - name: Run Windows Patch Report
+ import_role:
+ name: shadowman.reports.build_report_windows_patch
+
+```
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/defaults/main.yml b/collections/ansible_collections/demo/patching/roles/report_windows_patching/defaults/main.yml
new file mode 100644
index 0000000..aaf5c3d
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/defaults/main.yml
@@ -0,0 +1,3 @@
+EMAIL_FROM: tower@shadowman.dev
+to_emails: alex@shadowman.dev,tower@shadowman.dev
+EMAIL_TO: "{{ to_emails.split(',') }}"
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/example_results/Full_Report.png b/collections/ansible_collections/demo/patching/roles/report_windows_patching/example_results/Full_Report.png
new file mode 100644
index 0000000..615a021
Binary files /dev/null and b/collections/ansible_collections/demo/patching/roles/report_windows_patching/example_results/Full_Report.png differ
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/files/css/main.css b/collections/ansible_collections/demo/patching/roles/report_windows_patching/files/css/main.css
new file mode 100644
index 0000000..dfeb435
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/files/css/main.css
@@ -0,0 +1,111 @@
+p.hostname {
+ color: #000000;
+ font-weight: bolder;
+ font-size: large;
+ }
+
+ #subtable {
+ background: #ebebeb;
+ margin: 0px;
+ }
+
+ #subtable tbody tr td {
+ padding: 5px 5px 5px 5px;
+ }
+
+ #subtable thead th {
+ padding: 5px;
+ }
+
+ * {
+ -moz-box-sizing: border-box;
+ -webkit-box-sizing: border-box;
+ box-sizing: border-box;
+ font-family: "Open Sans", "Helvetica";
+
+ }
+
+ a {
+ color: #ffffff;
+ }
+
+ p {
+ color: #ffffff;
+ }
+ h1 {
+ text-align: center;
+ color: #ffffff;
+ }
+
+ body {
+ background:#353a40;
+ }
+
+ table {
+ border-collapse: separate;
+ background:#fff;
+ @include border-radius(5px);
+ margin:50px auto;
+ @include box-shadow(0px 0px 5px rgba(0,0,0,0.3));
+ }
+
+ thead {
+ @include border-radius(5px);
+ }
+
+ thead th {
+ font-family: 'Patua One', monospace;
+ font-size:16px;
+ font-weight:400;
+ color:#fff;
+ @include text-shadow(1px 1px 0px rgba(0,0,0,0.5));
+ text-align:left;
+ padding:20px;
+ border-top:1px solid #858d99;
+ background: #353a40;
+
+ &:first-child {
+ @include border-top-left-radius(5px);
+ }
+
+ &:last-child {
+ @include border-top-right-radius(5px);
+ }
+ }
+
+ tbody tr td {
+ font-family: 'Open Sans', sans-serif;
+ font-weight:400;
+ color:#5f6062;
+ font-size:13px;
+ padding:20px 20px 20px 20px;
+ border-bottom:1px solid #e0e0e0;
+
+ }
+
+ tbody tr:nth-child(2n) {
+ background:#f0f3f5;
+ }
+
+ tbody tr:last-child td {
+ border-bottom:none;
+ &:first-child {
+ @include border-bottom-left-radius(5px);
+ }
+ &:last-child {
+ @include border-bottom-right-radius(5px);
+ }
+ }
+
+ span.highlight {
+ background-color: yellow;
+ }
+
+ .expandclass {
+ color: #5f6062;
+ }
+
+ .content{
+ display:none;
+ margin: 10px;
+ }
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/files/webpage_logo.png b/collections/ansible_collections/demo/patching/roles/report_windows_patching/files/webpage_logo.png
new file mode 100644
index 0000000..3d99673
Binary files /dev/null and b/collections/ansible_collections/demo/patching/roles/report_windows_patching/files/webpage_logo.png differ
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml
new file mode 100644
index 0000000..83b014c
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: Create HTML report
+ ansible.windows.win_template:
+ src: report.j2
+ dest: "{{ file_path }}/windowspatch.html"
+ check_mode: no
+
+- name: Copy CSS over
+ ansible.windows.win_copy:
+ src: "css"
+ dest: "{{ file_path }}"
+ directory_mode: true
+ check_mode: no
+
+- name: Copy logo over
+ ansible.windows.win_copy:
+ src: "webpage_logo.png"
+ dest: "{{ file_path }}"
+ directory_mode: true
+ check_mode: no
+
+- name: Display link to Patch report
+ ansible.builtin.debug:
+ msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/windowspatch.html"
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/templates/report.j2 b/collections/ansible_collections/demo/patching/roles/report_windows_patching/templates/report.j2
new file mode 100644
index 0000000..3da03ec
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/templates/report.j2
@@ -0,0 +1,113 @@
+
+
+
+
Windows Patch Report
+
+
+
+Ansible Windows Patching Report
+
+
+Download CSV
+
+
+
+
+
+ Hostname
+ Operating System
+ Required Updates
+
+
+
+{% for windows_host in ansible_play_hosts |sort %}
+
+ {{hostvars[windows_host]['inventory_hostname']}}
+ {{hostvars[windows_host]['ansible_distribution']|default("none")}}
+
+
+
+{% if hostvars[windows_host].patchingresult.updates is defined and hostvars[windows_host].patchingresult.found_update_count|int > 0 %}
+{% for update in hostvars[windows_host].patchingresult.updates %}
+{% set updatenum = hostvars[windows_host].patchingresult.updates[update] %}
+ {{updatenum.title}}
+{% endfor %}
+{% else %}
+ Compliant
+{% endif %}
+
+
+
+
+{% endfor %}
+
+
+
Created with Ansible on {{hostvars[inventory_hostname].ansible_date_time.iso8601}}
+
+
+
\ No newline at end of file
diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/vars/main.yml b/collections/ansible_collections/demo/patching/roles/report_windows_patching/vars/main.yml
new file mode 100644
index 0000000..3ec787e
--- /dev/null
+++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/vars/main.yml
@@ -0,0 +1 @@
+file_path: C:\Inetpub\wwwroot\reports
\ No newline at end of file
diff --git a/collections/requirements.yml b/collections/requirements.yml
index 44453ee..85a4c0f 100644
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -12,6 +12,8 @@ collections:
#windows
- chocolatey.chocolatey
- community.windows
+ - name: ansible.windows
+ version: 1.9.0
#cloud
- name: azure.azcollection
version: 1.13.0
diff --git a/linux/inventory.insights.yml b/linux/inventory.insights.yml
index 466bb63..e9a1ebd 100644
--- a/linux/inventory.insights.yml
+++ b/linux/inventory.insights.yml
@@ -6,6 +6,7 @@ groups:
patch_enhancements: insights_patching.rhea_count > 0
patch_security: insights_patching.rhsa_count > 0
get_tags: yes
+selection: none
filter_tags:
- insights-client/purpose=demo
keyed_groups:
diff --git a/windows/active_directory/create_ad_domain.yml b/windows/active_directory/create_ad_domain.yml
index 36ec940..00ee7d2 100644
--- a/windows/active_directory/create_ad_domain.yml
+++ b/windows/active_directory/create_ad_domain.yml
@@ -1,6 +1,7 @@
---
- name: Create Active Directory domain
hosts: "{{ HOSTS | default('windows') }}"
+ gather_facts: false
tasks:
- name: Create new domain in a new forest on the target host
@@ -14,6 +15,14 @@
reboot_timeout: 3600
when: new_forest.reboot_required
+ - name: Wait up to 10min for AD web services to start
+ community.windows.win_wait_for_process:
+ process_name_exact: Microsoft.ActiveDirectory.WebServices
+ pre_wait_delay: 60
+ state: present
+ timeout: 600
+ sleep: 10
+
- name: Create some groups
community.windows.win_domain_group:
name: "{{ item.name }}"
@@ -28,6 +37,7 @@
name: "{{ item.name }}"
groups: "{{ item.groups }}"
password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
+ update_password: on_create
loop:
- { name: "UserA", groups: "GroupA" }
- { name: "UserB", groups: "GroupB" }
diff --git a/windows/active_directory/helpdesk_new_user_portal.yml b/windows/active_directory/helpdesk_new_user_portal.yml
index 58b1e52..a9d61ba 100644
--- a/windows/active_directory/helpdesk_new_user_portal.yml
+++ b/windows/active_directory/helpdesk_new_user_portal.yml
@@ -1,6 +1,7 @@
---
- name: Helpdesk new user portal
hosts: "{{ HOSTS | default('windows') }}"
+ gather_facts: false
tasks:
- name: Setting host facts using complex arguments
@@ -20,13 +21,13 @@
groups:
- "GroupA"
- "GroupB"
- street: 123 4th St.
- city: Sometown
+ street: "{{ street }}"
+ city: "{{ city }}"
state_province: IN
- postal_code: 12345
+ postal_code: "{{ postal_code }}"
country: US
attributes:
- telephoneNumber: 555-123456
+ telephoneNumber: "{{ telephone_number }}"
register: new_user
- name: Display User
diff --git a/windows/patching.yml b/windows/patching.yml
new file mode 100644
index 0000000..dbab74c
--- /dev/null
+++ b/windows/patching.yml
@@ -0,0 +1,22 @@
+---
+- name: Windows updates
+ hosts: "{{ HOSTS | default('os_windows') }}"
+ vars:
+ report_server: win1
+
+ tasks:
+ - include_role:
+ name: demo.patching.patch_windows
+
+ - block:
+ - include_role:
+ name: demo.patching.report_server
+ tasks_from: iis
+
+ - include_role:
+ name: demo.patching.report_windows
+
+ - include_role:
+ name: demo.patching.report_windows_patching
+ delegate_to: "{{ report_server }}"
+ run_once: yes
\ No newline at end of file
diff --git a/windows/powershell_dsc.yml b/windows/powershell_dsc.yml
new file mode 100644
index 0000000..7db3657
--- /dev/null
+++ b/windows/powershell_dsc.yml
@@ -0,0 +1,41 @@
+---
+- name: PowerShell DSC
+ hosts: "{{ HOSTS | default('windows') }}"
+ gather_facts: false
+
+ tasks:
+ - name: Setup the SecurityPolicyDSC module
+ community.windows.win_psmodule:
+ name: SecurityPolicyDSC
+ module_version: 2.10.0.0
+ state: present
+
+ - name: Set password history
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Enforce_password_history
+ Enforce_password_history: 24
+
+ - name: Set maximum password age
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Maximum_Password_Age
+ Maximum_Password_Age: 60
+
+ - name: Set minimum password age
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Minimum_Password_Age
+ Maximum_Password_Age: 20
+
+ - name: Set minimum password length
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Minimum_Password_Length
+ Maximum_Password_Age: 8
+
+ - name: Set password complexity requirements
+ ansible.windows.win_dsc:
+ resource_name: AccountPolicy
+ Name: Password_must_meet_complexity_requirements
+ Password_must_meet_complexity_requirements: Enabled
diff --git a/windows/setup.yml b/windows/setup.yml
index 64508b5..7cb235b 100644
--- a/windows/setup.yml
+++ b/windows/setup.yml
@@ -7,7 +7,7 @@ controller_components:
- credential_types
- credentials
- job_templates
- - workflow_job_templates
+ #- workflow_job_templates
controller_projects:
- name: Fact Scan
@@ -74,11 +74,13 @@ controller_templates:
variable: iis_message
required: true
- - name: "WINDOWS / Windows updates"
- job_type: run
+ - name: "WINDOWS / Patching"
+ use_fact_cache: true
+ job_type: check
+ ask_job_type_on_launch: yes
inventory: "Workshop Inventory"
project: "Ansible official demo project"
- playbook: "windows/windows_updates.yml"
+ playbook: "windows/patching.yml"
execution_environment: Default execution environment
credentials:
- "Workshop Credential"
@@ -92,8 +94,8 @@ controller_templates:
variable: HOSTS
required: false
- question_name: Update categories
- type: multiplechoice
- variable: categories
+ type: multiselect
+ variable: win_update_categories
required: false
default: SecurityUpdates
choices:
@@ -110,7 +112,7 @@ controller_templates:
- Updates
- question_name: Reboot after install?
type: multiplechoice
- variable: reboot_server
+ variable: allow_reboot
required: false
default: 'Yes'
choices:
@@ -205,6 +207,24 @@ controller_templates:
- 'Running'
- 'Stopped'
+ - name: "WINDOWS / PowerShell DSC configuring password requirements"
+ job_type: run
+ inventory: "Workshop Inventory"
+ project: "Ansible official demo project"
+ playbook: "windows/powershell_dsc.yml"
+ execution_environment: Default execution environment
+ credentials:
+ - "Workshop Credential"
+ survey_enabled: true
+ survey:
+ name: ''
+ description: ''
+ spec:
+ - question_name: Server Name or Pattern
+ type: text
+ variable: HOSTS
+ required: false
+
- name: "ACTIVE DIRECTORY / Create Active Directory domain"
job_type: run
inventory: "Workshop Inventory"
@@ -244,6 +264,26 @@ controller_templates:
type: text
variable: surname
required: true
+ - question_name: Street
+ type: text
+ variable: street
+ default: 123 4th St.
+ required: false
+ - question_name: City
+ type: text
+ variable: city
+ default: Sometown
+ required: false
+ - question_name: Postal code
+ type: text
+ variable: postal_code
+ default: IN
+ required: false
+ - question_name: Telephone number
+ type: text
+ variable: telephone_number
+ default: 555-123456
+ required: false
- name: "Rollback"
job_type: run
diff --git a/windows/windows_updates.yml b/windows/windows_updates.yml
deleted file mode 100644
index ac97e3e..0000000
--- a/windows/windows_updates.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- name: Windows updates
- hosts: "{{ HOSTS | default('windows') }}"
-
- tasks:
- - name: Install Windows Updates
- win_updates:
- category_names: "{{ categories | default(omit) }}"
- reboot: '{{ reboot_server | default(yes) }}'
+
+ 
+
{{ hostvars[windows_host]['inventory_hostname'].split('.')[0] }}