119 lines
3.6 KiB
YAML
119 lines
3.6 KiB
YAML
---
|
|
# - name: Install Chocolatey
|
|
# ansible.builtin.import_tasks: install-chocolatey.yml
|
|
|
|
- name: Set Cipher Suite
|
|
ansible.builtin.import_tasks: set-cipher-suite.yml
|
|
|
|
- name: Set Features
|
|
ansible.builtin.import_tasks: set-windows-features.yml
|
|
|
|
- name: Set DevOps Environment Variables
|
|
ansible.windows.win_environment:
|
|
level: machine
|
|
variables:
|
|
ASPNETCORE_ENVIRONMENT: "{{ devops_env }}"
|
|
DOTNET_ENVIRONMENT: "{{ devops_env }}"
|
|
|
|
- name: Install Framework 4.8
|
|
ansible.builtin.import_tasks: install-framework-4.8.yml
|
|
|
|
- name: Ensure IIS Log Retention Task Exists
|
|
community.windows.win_scheduled_task:
|
|
state: present
|
|
enabled: true
|
|
name: IIS Log Retention
|
|
description: "{{ iis_log_retention_days }}-day retention"
|
|
allow_demand_start: true
|
|
allow_hard_terminate: true
|
|
execution_time_limit: PT1H
|
|
# group: NT AUTHORITY
|
|
username: SYSTEM
|
|
compatibility: 4
|
|
actions:
|
|
- path: C:\Windows\System32\forfiles.exe
|
|
arguments: /P "{{ iis_log_directory }}" /S /M *.log /D -{{ iis_log_retention_days }} /C "cmd /c del @PATH"
|
|
triggers:
|
|
- type: daily
|
|
enabled: true
|
|
start_boundary: "2000-10-10T03:00:00"
|
|
|
|
- name: Set IIS Header Logging
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
Import-Module WebAdministration
|
|
|
|
Set-WebConfigurationProperty `
|
|
-pspath 'MACHINE/WEBROOT/APPHOST' `
|
|
-filter "system.applicationHost/sites/siteDefaults/logFile/customFields" `
|
|
-name "." `
|
|
-value @{logFieldName='x-forwarded-for';sourceName='x-forwarded-for';sourceType='RequestHeader'}
|
|
|
|
Set-WebConfigurationProperty `
|
|
-pspath 'MACHINE/WEBROOT/APPHOST' `
|
|
-filter "system.applicationHost/sites/siteDefaults/logFile/customFields" `
|
|
-name "." `
|
|
-value @{logFieldName='x-correlation-id';sourceName='x-correlation-id';sourceType='RequestHeader'}
|
|
|
|
- name: Ensure WebPI Is Installed
|
|
ansible.windows.win_package:
|
|
path: https://download.microsoft.com/download/8/4/9/849DBCF2-DFD9-49F5-9A19-9AEE5B29341A/WebPlatformInstaller_x64_en-US.msi
|
|
product_id: "{849DBCF2-DFD9-49F5-9A19-9AEE5B29341A}"
|
|
state: present
|
|
|
|
- name: Ensure Application Request Routing 3.0 Is Installed
|
|
ansible.windows.win_package:
|
|
path: https://download.microsoft.com/download/E/9/8/E9849D6A-020E-47E4-9FD0-A023E99B54EB/requestRouter_amd64.msi
|
|
product_id: "{E9849D6A-020E-47E4-9FD0-A023E99B54EB}"
|
|
state: present
|
|
|
|
- name: Ensure svc-rmagent Exists
|
|
ansible.windows.win_user:
|
|
name: svc-rmagent
|
|
state: present
|
|
|
|
- name: Ensure svc-rmagent is in the local Admin Group
|
|
ansible.windows.win_group_membership:
|
|
name: Administrators
|
|
members:
|
|
- svc-rmagent
|
|
state: present
|
|
|
|
- name: Ensure DL_ISG_WEB Group Exists
|
|
ansible.windows.win_group:
|
|
name: DL_ISG_WEB
|
|
state: present
|
|
|
|
# TODO: Determine adding group to another group? Ask Monique, not sure what this means.
|
|
|
|
- name: Ensure Log Paths Exist
|
|
ansible.windows.win_file:
|
|
state: directory
|
|
path: "{{ item }}"
|
|
loop:
|
|
- "{{ iis_log_directory }}"
|
|
- "{{ log_dir }}"
|
|
when: devops_env is in ['QA', 'PROD', 'TRN']
|
|
|
|
- name: Ensure ISG Team & Admin Have Proper Log Permissions
|
|
ansible.windows.win_acl:
|
|
path: "{{ item.path }}"
|
|
user: "{{ item.user }}"
|
|
type: allow
|
|
rights: "{{ item.rights }}"
|
|
state: present
|
|
loop:
|
|
- user: DL_ISG_WEB
|
|
path: "{{ iis_log_directory }}"
|
|
rights: Read
|
|
- user: DL_ISG_WEB
|
|
path: "{{ log_dir }}"
|
|
rights: Read
|
|
- user: Administrators
|
|
path: "{{ iis_log_directory }}"
|
|
rights: FullControl
|
|
- user: Administrators
|
|
path: "{{ log_dir }}"
|
|
rights: FullControl
|
|
when: devops_env is in ['QA', 'PROD', 'TRN']
|