Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ericcames/aap.dailydemo.windows
Ansible Automation Platform Daily Demo for Windows
https://github.com/ericcames/aap.dailydemo.windows
Last synced: 10 days ago
JSON representation
Ansible Automation Platform Daily Demo for Windows
- Host: GitHub
- URL: https://github.com/ericcames/aap.dailydemo.windows
- Owner: ericcames
- License: mit
- Created: 2024-06-04T22:24:38.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-10-31T18:08:00.000Z (17 days ago)
- Last Synced: 2024-10-31T18:21:03.991Z (17 days ago)
- Language: Jinja
- Homepage:
- Size: 856 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Ansible Automation Platform Daily Demo for Windows
=========
A demo designed to showcase many of the use cases that people are looking for. We are using the workflow visualizer to show how the various building blocks are put together and enable the delivery on demand of a custom website. The playbooks call roles, the roles allow for ease of sharing the code and also allow for documentation of the various things needed in each role. The demo is designed to be integrated with an IT Service Management (ITSM) system. Everything will be documented in ITSM system via the skillfull use of automation. Check out the video below to see that "the art of the possible."
# The workflow
**The playbooks**
[1. Create our network container](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/create_vpc_01.yml "create_vpc_01.yml")
[2. Create our virtual machine](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/create_instance_02.yml "create_instance_02.yml")
[3. Update our inventory](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/add_inventory_03.yml "add_inventory_03.yml")
Custom Ansible Controller Credential
Input configuration
```
fields:
- id: url
type: string
label: Controller URL
- id: user
type: string
label: Controller Username
- id: password
type: string
label: Controller Password
secret: true
required:
- url
- user
- password
```
Injector configuration
```
extra_vars:
controller_url: '{{url}}'
controller_user: '{{user}}'
controller_passwd: '{{password}}'
```
[4. Gather instance information](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/get_instance_info_04.yml "get_instance_info_04.yml")
[5. Powershell Improvement](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/powershell_improve_05.yml "powershell_improve_05.yml")
[6. User access](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/windows_account_create_06.yml "windows_account_create_06.yml")
[6. Website deployment](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/website_setup_06.yml "website_setup_06.yml")
[7. Patching](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/provision_user_access_07.yml "windows_patching_07.yml")
[8. Send notification that the website is ready](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/sendmail_10.yml "sendmail_10.yml")
Custom Mail Server credential
Input configuration
```
fields:
- id: smtp_server
type: string
label: Mail Server
- id: smtp_port
type: string
label: Mail Server Port
- id: smtp_username
type: string
label: Mail Server Username
- id: smtp_password
type: string
label: Mail Server Password
secret: true
required:
- smtp_server
- smtp_port
- smtp_username
- smtp_password
```
Injector configuration
```
extra_vars:
MAILHOST: '{{smtp_server}}'
MAILHOST_PORT: '{{smtp_port}}'
MAILHOST_PASSWORD: '{{smtp_password}}'
MAILHOST_USERNAME: '{{smtp_username}}'
```
[Site Delete will clean everything up](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/site_delete.yml "site_delete.yml")
ServiceNow
========
**The playbooks**
[Create a CMDB record](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/servicenow/create_ci.yml "create_ci.yml")
[Create a CMDB relationship](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/servicenow/create_cmdb_relationship.yml "create_cmdb_relationship.yml")
[Create incident ticket](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/servicenow/incident_create.yml "incident_create.yml")
[Update requested item ticket](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/servicenow/update_sn_req_itm.yml "update_sn_req_itm.yml")
ServiceNow credential
Input configuration
```
fields:
- id: instance
type: string
label: Instance
- id: username
type: string
label: username
- id: password
type: string
label: password
secret: true
required:
- instance
- username
- password
```
Injector configuration
```
env:
SN_HOST: '{{instance}}'
SN_PASSWORD: '{{password}}'
SN_USERNAME: '{{username}}'
```
- ServiceNow Ansible spoke setup
[Ansible spoke setup - Alex Dworjan](https://github.com/shadowman-lab/Ansible-SNOW/tree/master/SNOWSetup#servicenowaap-integration-instructions-using-ansible-spoke "Ansible spoke setup - Alex")
[Ansible spoke youtube - Alex Dworjan](https://www.youtube.com/watch?v=DmPXiRHjgRY "Ansible spoke youtube - Alex Dworjan")
- ServiceNow Ansible spoke setup additional Ansible controllers
```
Flow Designer -> Connections -> Add Connection
Connection Name: ericamesAAPalias
Connection URL: https://ericames.ddns.net
Credential Name: Eric Ames AAP Spoke Credentials
Application Registry Name: Eric Ames Spoke Registry
OAuth Client ID: %SECRETID%
OAuth Client Secret: %SECRETGOESHERE%
Oauth Entity Profile Name: Eric Ames Spoke Registry default_profile
OAuth Entity Scope: write
Authorization URL: https://ericames.ddns.net/api/o/authorize/
Token URL: https://ericames.ddns.net/api/o/token/
OAuth Redirect URL: https://ven05433.service-now.com/api/sn_ansible_spoke/ansible_oauth_redirect
```
- Automated incident management example
[Example Error Handling in support of incident enrichment](https://github.com/ericcames/aap.dailydemo.windows/blob/main/roles/instance_create_aws/tasks/main.yml "Example Error Handling")
[Youtube video on Automated Incident enrichment](https://youtu.be/ieO-cbzNqjU?si=z28o3rpAgLTDqdnB "Youtube video on Automated Incident enrichment")
```
- name: Adding incident management error handling
block:
PUT YOUR TASKS HERE
rescue:
- name: Capture the error message
register: my_error
ansible.builtin.set_stats:
data:
my_error: "{{ ansible_failed_result.msg }}"
- name: Capture the Job ID
register: my_job_id
ansible.builtin.set_stats:
data:
my_job_id: "{{ tower_job_id }}"
- name: Capture the Job Template name
register: my_job_template_name
ansible.builtin.set_stats:
data:
my_job_template_name: "{{ tower_job_template_name }}"
- name: Fail the job even though the rescue worked
ansible.builtin.fail:
msg: failing so we create the incident ticket
```
# The website
# A youtube video of the demo
- [AAP Daily Demo Windows](https://youtu.be/RNwel6BeCVI?si=ruIwcDFp6dyyAkjO "AAP Daily Demo Windows")
# Looking for the Linux Daily Demo?
- [AAP Daily Demo Linux](https://github.com/ericcames/aap.dailydemo.linux "AAP Daily Demo Linux")
# Important Note
The user_data line in the task listed below is designed to work with a template to set the password on the machine as it is built. It works with a machine credential in the ansible automation platform.
[Windows Machine Instance Creation](https://github.com/ericcames/aap.dailydemo.windows/blob/main/roles/instance_create_aws/tasks/main.yml "Windows Machine Instance Creation")
```
- name: "Creating AWS VMs in {{ region }}"
register: instance
amazon.aws.ec2_instance:
name: "Windows Daily Demo"
state: running
region: "{{ region }}"
key_name: "{{ my_ssh_key }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
instance_type: "{{ instance_type }}"
security_group: "{{ ec2_security_group_name }}"
network:
assign_public_ip: "{{ assign_public_ip }}"
image_id: "{{ image }}"
tags:
Environment: windows-dailydemo
AlwaysUp: "{{ alwaysup }}"
Createdby: Ansible Controller
Contact: "{{ my_email_address }}"
DeletebBy: "{{ ec2_ansible_group }}"
info: "This instance was built by the Sales Team"
user_data: "{{ lookup('template', 'scripts/aws_userdata') }}"
wait: true
wait_timeout: 600
```
# Day 2 Operations
**Audit**
Audit registry entries and repair if needed. Document the work in a CSV file.
[Audit](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/auditme.yml "auditme.yml")
**Patching**
We are using a survey to select what windows patches we want to apply as well as whether or not to reboot the machine.
[Patching](https://github.com/ericcames/aap.dailydemo.windows/blob/main/playbooks/windows_patching_07.yml "windows_patching_07.yml")
# Adhoc windows commands
```
win_ping
win_shell -> Get-Service
win_shell -> Get-Process
setup
win_shell -> Add-WindowsCapability -Online -Name OpenSSH.Server
win_shell -> Start-Service sshd
win_shell -> Set-Service -Name sshd -StartupType ‘Automatic’
win_service -> name=sshd
```