From 4955549e270f70e6403bb44fb16016dade5e18c7 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Tue, 21 May 2024 13:53:08 -0400 Subject: [PATCH] ansible: Enable RDP and allow pings on windows CI hosts Change-Id: I4cae9771c6c37eec22b1a79ddc35730d17a6854e Signed-off-by: Kienan Stewart --- automation/ansible/hosts.yml | 6 ++- .../roles/common/tasks/setup-Windows.yml | 38 ++++++++++++++++++- automation/ansible/roles/requirements.yml | 3 ++ 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/automation/ansible/hosts.yml b/automation/ansible/hosts.yml index 33b9062..1cb9dd0 100644 --- a/automation/ansible/hosts.yml +++ b/automation/ansible/hosts.yml @@ -1,10 +1,14 @@ --- -- hosts: hosts +- hosts: hosts:!windows roles: # Setup filesystem and network configuration before other roles - zfs - netplan +- hosts: hosts + roles: - common +- hosts: hosts:!windows + roles: - libvirt - lxd - rasdaemon diff --git a/automation/ansible/roles/common/tasks/setup-Windows.yml b/automation/ansible/roles/common/tasks/setup-Windows.yml index 2ef6c88..5c81a81 100644 --- a/automation/ansible/roles/common/tasks/setup-Windows.yml +++ b/automation/ansible/roles/common/tasks/setup-Windows.yml @@ -11,6 +11,17 @@ name: sshd start_mode: auto state: started +- name: Allow Terminal Server connections + ansible.windows.win_regedit: + path: 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' + name: 'fDenyTSConnections' + data: '0' + type: 'dword' +- name: Run RDP automatically + ansible.windows.win_service: + name: 'TermService' + start_mode: 'auto' + state: 'started' - name: Turn off standy ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change standby-timeout-ac 0' - name: Turn off hibernation @@ -50,7 +61,32 @@ ansible.windows.win_template: src: 'authorized_keys.j2' dest: 'c:\ProgramData\ssh\administrators_authorized_keys' - +# c.f. https://galaxy.ansible.com/ui/repo/published/community/windows/content/module/win_firewall_rule/ +- name: Firewall rule to alloc ICMP v4 on all type codes + community.windows.win_firewall_rule: + name: ICMP Allow incoming V4 echo request + enabled: true + state: present + profiles: + - domain + - private + - public + action: allow + direction: in + protocol: icmpv4 + icmp_type_code: '*' +- name: Firewall rule to allow RDP on TCP port 3389 + community.windows.win_firewall_rule: + name: Remote Desktop + localport: 3389 + action: allow + direction: in + protocol: tcp + profiles: + - domain + - private + state: present + enabled: true - name: Reboot if domain changed when: domain_state.reboot_required ansible.windows.win_reboot: diff --git a/automation/ansible/roles/requirements.yml b/automation/ansible/roles/requirements.yml index 649feec..583571d 100644 --- a/automation/ansible/roles/requirements.yml +++ b/automation/ansible/roles/requirements.yml @@ -3,3 +3,6 @@ collections: - name: community.general version: '>=5.4.0' type: galaxy + - name: community.windows + version: '>=2.2.0' + type: galaxy -- 2.34.1