diff --git a/roles/win-initial-setup/defaults/main.yml b/roles/win-initial-setup/defaults/main.yml index 3167d75..aef92be 100644 --- a/roles/win-initial-setup/defaults/main.yml +++ b/roles/win-initial-setup/defaults/main.yml @@ -1,4 +1,5 @@ --- # defaults file for win-initial-setup iis_log_retention_days: 15 -iis_log_directory: D:\IISLogs +iis_log_directory: C:\IISLogs +log_dir: C:\Logs diff --git a/roles/win-initial-setup/tasks/main.yml b/roles/win-initial-setup/tasks/main.yml index e1159d5..ea5238c 100644 --- a/roles/win-initial-setup/tasks/main.yml +++ b/roles/win-initial-setup/tasks/main.yml @@ -1,4 +1,7 @@ --- +# - name: Install Chocolatey +# ansible.builtin.import_tasks: install-chocolatey.yml + - name: Set Cipher Suite ansible.builtin.import_tasks: set-cipher-suite.yml @@ -12,13 +15,8 @@ ASPNETCORE_ENVIRONMENT: "{{ devops_env }}" DOTNET_ENVIRONMENT: "{{ devops_env }}" -- name: Ensure Framework 4.8 is Installed - ansible.builtin.import_tasks: install-dotnet-framework.yml - -- name: Ensure Latest Microsoft Edge is Installed - chocolatey.chocolatey.win_chocolatey: - name: microsoft-edge - state: latest +- name: Install Framework 4.8 + ansible.builtin.import_tasks: install-framework-4.8.yml - name: Ensure IIS Log Retention Task Exists community.windows.win_scheduled_task: @@ -43,13 +41,15 @@ - name: Set IIS Header Logging ansible.windows.win_powershell: script: | - Add-WebConfigurationProperty ` + Import-Module WebAdministration + + Set-WebConfigurationProperty ` -pspath 'MACHINE/WEBROOT/APPHOST' ` -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" ` -name "." ` -value @{logFieldName='x-forwarded-for';sourceName='x-forwarded-for';sourceType='RequestHeader'} - Add-WebConfigurationProperty ` + Set-WebConfigurationProperty ` -pspath 'MACHINE/WEBROOT/APPHOST' ` -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" ` -name "." ` @@ -58,13 +58,13 @@ - name: Ensure WebPI Is Installed ansible.windows.win_package: path: https://download.microsoft.com/download/8/4/9/849DBCF2-DFD9-49F5-9A19-9AEE5B29341A/WebPlatformInstaller_x64_en-US.msi - product_id: 849DBCF2-DFD9-49F5-9A19-9AEE5B29341A + product_id: "{849DBCF2-DFD9-49F5-9A19-9AEE5B29341A}" state: present - name: Ensure Application Request Routing 3.0 Is Installed ansible.windows.win_package: path: https://download.microsoft.com/download/E/9/8/E9849D6A-020E-47E4-9FD0-A023E99B54EB/requestRouter_amd64.msi - product_id: E9849D6A-020E-47E4-9FD0-A023E99B54EB + product_id: "{E9849D6A-020E-47E4-9FD0-A023E99B54EB}" state: present - name: Ensure svc-rmagent Exists @@ -86,6 +86,15 @@ # TODO: Determine adding group to another group? Ask Monique, not sure what this means. +- name: Ensure Log Paths Exist + ansible.windows.win_file: + state: directory + path: "{{ item }}" + loop: + - "{{ iis_log_directory }}" + - "{{ log_dir }}" + when: devops_env is in ['QA', 'PROD', 'TRN'] + - name: Ensure ISG Team & Admin Have Proper Log Permissions ansible.windows.win_acl: path: "{{ item.path }}" @@ -95,15 +104,15 @@ state: present loop: - user: DL_ISG_WEB - path: C:\IISLogs + path: "{{ iis_log_directory }}" rights: Read - user: DL_ISG_WEB - path: C:\Logs + path: "{{ log_dir }}" rights: Read - user: Administrators - path: C:\IISLogs + path: "{{ iis_log_directory }}" rights: FullControl - user: Administrators - path: C:\Logs + path: "{{ log_dir }}" rights: FullControl when: devops_env is in ['QA', 'PROD', 'TRN'] diff --git a/tasks/install-chocolatey.yml b/tasks/install-chocolatey.yml index 6b91232..f077bb7 100644 --- a/tasks/install-chocolatey.yml +++ b/tasks/install-chocolatey.yml @@ -1,4 +1,3 @@ ---- - name: Install chocolatey win_chocolatey: name: diff --git a/tasks/install-framework-4.8.yml b/tasks/install-framework-4.8.yml new file mode 100644 index 0000000..59c11ad --- /dev/null +++ b/tasks/install-framework-4.8.yml @@ -0,0 +1,25 @@ +--- +- name: Check if Framework 4.8 is Installed + win_reg_stat: + path: HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full + name: Release + register: framework_release + +- name: Ensure Framework 4.8 is Installed + ansible.windows.win_package: + path: https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/ndp48-x86-x64-allos-enu.exe + product_id: "{2D6BB6B2-226A-4BAA-BDEC-798822606FF1}" + state: present + arguments: /install /quiet /norestart + register: framework_48 + when: framework_release.value != 528049 + +- name: Reboot if Framework Reboot Requested + ansible.windows.win_reboot: + when: framework_release.value != 528049 and framework_48.reboot_required + +- name: Ensure Microsoft Edge is Installed + ansible.windows.win_package: + path: https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/810f5f99-1567-46ad-9a44-4b26ba115366/MicrosoftEdgeEnterpriseX64.msi + product_id: "{810F5F99-1567-46AD-9A44-4b26ba115366}" + state: present diff --git a/tasks/uninstall-chocolatey.yml b/tasks/uninstall-chocolatey.yml new file mode 100644 index 0000000..7e661f0 --- /dev/null +++ b/tasks/uninstall-chocolatey.yml @@ -0,0 +1,7 @@ +--- +- name: Uninstall chocolatey + win_chocolatey: + name: + - chocolatey + - chocolatey-core.extension + state: absent