Ansible-POC/roles/win-initial-setup/tasks/main.yml
2022-09-18 22:41:46 -05:00

107 lines
3.3 KiB
YAML

---
- name: Set Cipher Suite
ansible.builtin.import_tasks: set-cipher-suite.yml
- name: Set Features
ansible.builtin.import_tasks: set-windows-features.yml
- name: Set DevOps Environment Variables
ansible.windows.win_environment:
level: machine
variables:
ASPNETCORE_ENVIRONMENT: "{{ devops_env }}"
DOTNET_ENVIRONMENT: "{{ devops_env }}"
- name: Ensure Framework 4.8 is Installed
ansible.builtin.import_tasks: install-dotnet-framework.yml
- name: Ensure Latest Microsoft Edge is Installed
chocolatey.chocolatey.win_chocolatey:
name: microsoft-edge
state: latest
- name: Ensure IIS Log Retention Task Exists
community.windows.win_scheduled_task:
state: present
enabled: true
name: IIS Log Retention
description: "{{ iis_log_retention_days }}-day retention"
allow_demand_start: true
allow_hard_terminate: true
execution_time_limit: PT1H
# group: NT AUTHORITY
username: SYSTEM
compatibility: 4
actions:
- path: C:\Windows\System32\forfiles.exe
arguments: /P "{{ iis_log_directory }}" /S /M *.log /D -{{ iis_log_retention_days }} /C "cmd /c del @PATH"
triggers:
- type: daily
enabled: true
start_boundary: "2000-10-10T03:00:00"
- name: Set IIS Header Logging
ansible.windows.win_powershell:
script: |
Add-WebConfigurationProperty `
-pspath 'MACHINE/WEBROOT/APPHOST' `
-filter "system.applicationHost/sites/siteDefaults/logFile/customFields" `
-name "." `
-value @{logFieldName='x-forwarded-for';sourceName='x-forwarded-for';sourceType='RequestHeader'}
Add-WebConfigurationProperty `
-pspath 'MACHINE/WEBROOT/APPHOST' `
-filter "system.applicationHost/sites/siteDefaults/logFile/customFields" `
-name "." `
-value @{logFieldName='x-correlation-id';sourceName='x-correlation-id';sourceType='RequestHeader'}
- name: Ensure WebPI Is Installed
ansible.windows.win_package:
path: https://download.microsoft.com/download/8/4/9/849DBCF2-DFD9-49F5-9A19-9AEE5B29341A/WebPlatformInstaller_x64_en-US.msi
product_id: 849DBCF2-DFD9-49F5-9A19-9AEE5B29341A
state: present
- name: Ensure Application Request Routing 3.0 Is Installed
ansible.windows.win_package:
path: https://download.microsoft.com/download/E/9/8/E9849D6A-020E-47E4-9FD0-A023E99B54EB/requestRouter_amd64.msi
product_id: E9849D6A-020E-47E4-9FD0-A023E99B54EB
state: present
- name: Ensure svc-rmagent Exists
ansible.windows.win_user:
name: svc-rmagent
state: present
- name: Ensure svc-rmagent is in the local Admin Group
ansible.windows.win_group_membership:
name: Administrators
members:
- svc-rmagent
state: present
- name: Ensure DL_ISG_WEB Group Exists
ansible.windows.win_group:
name: DL_ISG_WEB
state: present
- name: Ensure ISG Team & Admin Have Proper Log Permissions
ansible.windows.win_acl:
path: "{{ item.path }}"
user: "{{ item.user }}"
type: allow
rights: "{{ item.rights }}"
state: present
loop:
- user: DL_ISG_WEB
path: C:\IISLogs
rights: Read
- user: DL_ISG_WEB
path: C:\Logs
rights: Read
- user: Administrators
path: C:\IISLogs
rights: FullControl
- user: Administrators
path: C:\Logs
rights: FullControl