```
ansible-playbook -i hosts [-l SUBSET] site.yaml
```
+
+# Bootstrapping hosts
+
+## Windows
+
+1. Configure either SSH or WinRM connection: see https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html
+2. For arm64 hosts:
+ * Install the necessary optional features (eg. OpenSSH, Hyper-V) since Windows RSAT isn't available on Arm64 yet
--- /dev/null
+---
+ansible_connection: ssh
+ansible_shell_type: powershell
+ansible_python_interpreter: 'c:/windows/py.exe'
#cloud06.internal.efficios.com
#cloud07.internal.efficios.com
#cloud08.internal.efficios.com
+ci-host-win11-arm64-01.internal.efficios.com
+
+[windows]
+ci-host-win11-arm64-01.internal.efficios.com
[infra_lava]
lava-master-03.internal.efficios.com
- include: setup-Suse.yml
when: ansible_os_family == 'Suse'
+- include: setup-Windows.yml
+ when: ansible_os_family == "Windows"
+
- name: Set up authorized_keys for the root user
authorized_key:
user: 'root'
key: "{% for key in query('fileglob', 'public_keys/*.pub') %}{{ lookup('file', key) ~ '\n'}}{% endfor %}"
exclusive: true
+ when: ansible_os_family != 'Windows'
-- name: Remove ubuntu user
- user:
- name: ubuntu
- state: absent
- remove: yes
-
-- name: Remove debian user
- user:
- name: debian
- state: absent
- remove: yes
-
-- name: Create jenkins user
- when: jenkins_user | bool
- user:
- name: 'jenkins'
-
-- name: Set up authorized_keys for the jenkins user
- when: jenkins_user | bool
- authorized_key:
- user: 'jenkins'
- key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA3fwpioVLDoCQsQkYK5bOwPb8N0EXeYm2MleBQTfqxtKaqWWbmUtFXAiyclKHRspjcAiIKwwqLyhPopHBqJzmXnB0GsfGmxXJ6wSBgKJ4kdBVRM+nKlK0wCl1oQkFeV/Xl3jzt1Ey96XiNWlesfkvgcMCpsJzQ7/xRb9IcghskzlQbLOwDNir/156JgAYUYvOLqNCcE+xcgPxJGanfZDXTLkfBYxaeaB8isBPeEU6fhPvu/W055M1uB7E0qhcbFtuKCBu1Fg4jzsW4yDU8+ZB1b5mAXwEAuMbVGMrOf4rjtTpGpQd6XFsXpFT28NU1u5j2cUbtANJalkNDX/UY6XJ jenkins@ci-master-02'
-
-#- name: Create sudoers.d directory.
-# file:
-# path: /etc/sudoers.d
-# owner: root
-# group: root
-# mode: 0755
-# state: directory
-#
-#- name: Set includedir in /etc/sudoers.
-# lineinfile:
-# dest: /etc/sudoers
-# line: "#includedir /etc/sudoers.d"
-# state: present
-# validate: "/usr/sbin/visudo -cf %s"
-#
-#- name: Create jenkins sudoers file.
-# copy:
-# dest: "/etc/sudoers.d/jenkins"
-# content: "jenkins ALL=NOPASSWD: ALL"
-# mode: 0440
-# owner: root
-# group: root
-# validate: "/usr/sbin/visudo -cf %s"
+- include: users-Windows.yml
+ when: ansible_os_family == "Windows"
-- name: Remove jenkins sudoers file
- file:
- path: "/etc/sudoers.d/jenkins"
- state: absent
+- include: users.yml
+ when: ansible_os_family != "Windows"
--- /dev/null
+---
+
+- name: Install OpenSSH
+ ansible.windows.win_feature:
+ name: OpenSSH
+ state: present
+ # This depends on Get-WindowsFeature, provided by RSAT. Not currently available on arm
+ when: ansible_architecture != 'ARM 64-bit Processor'
+- name: Run OpenSSH automatically
+ ansible.windows.win_service:
+ name: sshd
+ start_mode: auto
+ state: started
+- name: Turn off standy
+ ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change standby-timeout-ac 0'
+- name: Turn off hibernation
+ ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /hibernate off'
+- name: Turn off disk timeouts
+ ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change disk-timeout-ac 0'
+- name: Install powershell
+ ansible.windows.win_package:
+ path: 'https://github.com/PowerShell/PowerShell/releases/download/v7.3.4/PowerShell-7.3.4-win-x64.msi'
+ state: 'present'
+ # get-wmiobject Win32_Product
+ product_id: '{11479679-5C7F-477F-869F-3ED956CE684D}'
+- name: Set powershell 7 as the default shell for OpenSSH
+ ansible.windows.win_regedit:
+ path: 'HKLM:\SOFTWARE\OpenSSH'
+ name: 'DefaultShell'
+ data: 'c:/progra~1/powershell/7/pwsh.exe'
+- name: Join domain
+ ansible.windows.win_domain_membership:
+ dns_domain_name: 'internal.efficios.com'
+ hostname: "{{ansible_hostname}}"
+ domain_ou_path: 'DC=internal,DC=efficios,DC=com'
+ state: 'domain'
+ domain_admin_user: "{{ lookup('community.general.bitwarden', '2443aefa-0b85-497d-aa0e-aef6011295c4', search='id', field='username')[0] }}"
+ domain_admin_password: "{{ lookup('community.general.bitwarden', '2443aefa-0b85-497d-aa0e-aef6011295c4', search='id', field='password')[0] }}"
+ register: domain_state
+- name: Install python
+ ansible.windows.win_package:
+ path: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-arm64.exe'
+ state: 'present'
+ arguments:
+ - '/InstallAllUsers=1'
+ - '/SimpleInstall'
+ - '/quiet'
+ creates_path: 'C:\Windows\py.exe'
+- name: Set administrator authorized keys
+ ansible.windows.win_template:
+ src: 'authorized_keys.j2'
+ dest: 'c:\ProgramData\ssh\administrators_authorized_keys'
+
+- name: Reboot if domain changed
+ when: domain_state.reboot_required
+ ansible.windows.win_reboot:
--- /dev/null
+---
+- name: Create jenkins user
+ ansible.windows.win_user:
+ name: jenkins
+ state: "{{ (jenkins_user|bool) | ternary('present', 'absent') }}"
+
+- name: Create jenkins user dotssh folder
+ when: jenkins_user|bool
+ ansible.windows.win_file:
+ state: directory
+ path: "c:/users/jenkins/.ssh"
+
+- name: Deploy jenkins authorized_keys
+ when: jenkins_user|bool
+ ansible.windows.win_copy:
+ # yamllint disable-line rule:line-length
+ content: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA3fwpioVLDoCQsQkYK5bOwPb8N0EXeYm2MleBQTfqxtKaqWWbmUtFXAiyclKHRspjcAiIKwwqLyhPopHBqJzmXnB0GsfGmxXJ6wSBgKJ4kdBVRM+nKlK0wCl1oQkFeV/Xl3jzt1Ey96XiNWlesfkvgcMCpsJzQ7/xRb9IcghskzlQbLOwDNir/156JgAYUYvOLqNCcE+xcgPxJGanfZDXTLkfBYxaeaB8isBPeEU6fhPvu/W055M1uB7E0qhcbFtuKCBu1Fg4jzsW4yDU8+ZB1b5mAXwEAuMbVGMrOf4rjtTpGpQd6XFsXpFT28NU1u5j2cUbtANJalkNDX/UY6XJ jenkins@ci-master-02'
+ dest: 'c:/users/jenkins/.ssh/authorized_keys'
--- /dev/null
+---
+- name: Remove ubuntu user
+ user:
+ name: ubuntu
+ state: absent
+ remove: yes
+
+- name: Remove debian user
+ user:
+ name: debian
+ state: absent
+ remove: yes
+
+- name: Create jenkins user
+ when: jenkins_user | bool
+ user:
+ name: 'jenkins'
+
+- name: Set up authorized_keys for the jenkins user
+ when: jenkins_user | bool
+ authorized_key:
+ user: 'jenkins'
+ # yamllint disable-line rule:line-length
+ key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA3fwpioVLDoCQsQkYK5bOwPb8N0EXeYm2MleBQTfqxtKaqWWbmUtFXAiyclKHRspjcAiIKwwqLyhPopHBqJzmXnB0GsfGmxXJ6wSBgKJ4kdBVRM+nKlK0wCl1oQkFeV/Xl3jzt1Ey96XiNWlesfkvgcMCpsJzQ7/xRb9IcghskzlQbLOwDNir/156JgAYUYvOLqNCcE+xcgPxJGanfZDXTLkfBYxaeaB8isBPeEU6fhPvu/W055M1uB7E0qhcbFtuKCBu1Fg4jzsW4yDU8+ZB1b5mAXwEAuMbVGMrOf4rjtTpGpQd6XFsXpFT28NU1u5j2cUbtANJalkNDX/UY6XJ jenkins@ci-master-02'
+- name: Remove jenkins sudoers file
+ file:
+ path: "/etc/sudoers.d/jenkins"
+ state: absent
--- /dev/null
+{% for filename in lookup('fileglob', 'public_keys/*.pub', wantlist=true) -%}
+{{ lookup('file', filename) }}
+{% endfor %}
projects / lttng-ci.git / commitdiff
