=====Ansible=====

====Setup on Windows Machine with basic Autentication====

run this powershell on windows machine with administrator privileges:
<code>
$H=hostname
set-service -name WinRM -StartupType Automatic
Start-Service -Name WinRM
$T=New-SelfSignedCertificate -DnsName $H -CertStoreLocation Cert:\LocalMachine\My |select Thumbprint
$T=$T.Thumbprint
$V="winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=""$H""; CertificateThumbprint=""$T""}'"
$V
invoke-expression $V

winrm e winrm/config/listener


$port=5986
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=$port


winrm configSDDL default
</code>

on the server:\\
/etc/ansible/hosts
 







add a host in hostfile to get it managed\\
filename: /etc/ansible/host
  [group]
  192.168.1.214 ansible_user=pi

test if it works:
  ansible group -m ping 192.168.1.214
  
  192.168.1.214 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
  }


hostfile in yaml config - my preferred:
<code>

win:
  hosts:
    192.168.1.3:
      ansible_connection: winrm
      #ansible_winrm_cert_pem: /root/cert.pem
      #ansible_winrm_cert_key_pem: /root/cert_key.pem
      ansible_winrm_transport: ntlm
      ansible_user: user
      ansible_password: password
      ansible_winrm_server_cert_validation: ignore
</code>

test for windows host


  root@u-studio:~# ansible 192.168.1.3 -m win_ping
  192.168.1.3 | SUCCESS => {
    "changed": false,
    "ping": "pong"
  }
=====playbooks=====

example: myfirstWinPlaybook.yaml

<code>
- name: Network Getting Started First Playbook
  connection: ansible.netcommon.network_cli
  gather_facts: false
  hosts: all
  tasks:
      - name: Copy File or Dir
        win_copy:
          src: C:\temp\
          dest: C:\ansible_temp\
          remote_src: yes

</code>

=====Secret Vault=====
create a secret:
  ansible-vault create secret (filename secret)
  
after inserting the passphrase used to protect the file, we can include the password command
  ansible_sudo_pass: password123
 
 
using a secret inside a playbook:
<code>
 hosts: linux
  vars_files:
    - secret
  tasks:
  - name: Upgrade all packages, excluding kernel & foo related packages
    yum:
      name: '*'
      state: latest
      exclude: kernel*,foo*
    become: yes
</code>
ansible-playbook --ask-vault-pass upgrade_centos.yml\\

to get access to vault file without pompting for the pasword:
create a file containig the password and the set the following variable with the file's path:
  ANSIBLE_VAULT_PASSWORD_FILE=/root/.vault_pass.txt

then issuing the command
  ansible-vault view /home/davide/secret
it will show the unencrypted file content on screen.

and call the playbook with this command:


add user:
<code>
  - name: Create a login user
     user:
      name: fideloper
      password: '$6$F4NWXRFtSdCi8$DsB5vvMJYusQhSbvGXrYDXL6Xj37MUuqFCd4dGXdKd6NyxT3lpdELN07/Kpo7EjjWnm9zusFg/LLFv6oc.ynu/'
      groups: docker, sudo   # Empty by default.
      state: present
      shell: /bin/bash       # Defaults to /bin/bash
      system: no             # Defaults to no
      createhome: yes        # Defaults to yes
      home: /home/fideloper  # Defaults to /home/<username>
</code>

dove passwd è stata creata attraverso la funzione mkpasswd 

   mkpasswd --method=sha-512



install firefox:

<code>
- hosts: win
  tasks:
  - name: win_package install firefox
    win_package:
      path: \\192.168.1.36\1T\Downloads\Firefox86.0.1.msi
      product_id: 'Mozilla Firefox'
      state: present


</code>