diff --git a/inventory/WinRM/CosmosRM.bat b/inventory/WinRM/CosmosRM.bat new file mode 100644 index 0000000..62b3860 --- /dev/null +++ b/inventory/WinRM/CosmosRM.bat @@ -0,0 +1 @@ +powershell -executionpolicy bypass -Command \\home.cosmos\netlogon\cosmosrm.ps1 \ No newline at end of file diff --git a/inventory/WinRM/cosmosrm.ps1 b/inventory/WinRM/cosmosrm.ps1 new file mode 100644 index 0000000..cd9bb35 --- /dev/null +++ b/inventory/WinRM/cosmosrm.ps1 @@ -0,0 +1,17 @@ +# script for setting ansible service account to registry key +$username = "cosmos-ansible" +$ansible_registry = "HKLM:\SOFTWARE\Cosmos\Ansible" +$password_key = "Password" +$password = (Get-ItemProperty $ansible_registry).$password_key +# This is what the thing needs to set the password +$securePassword = ConvertTo-SecureString $password -AsPlainText -Force +# Set password +$UserAccount = Get-LocalUser -Name $username +$UserAccount | Set-LocalUser -Password $securePassword + +# Make it a local admin +Add-LocalGroupMember -Group "Administrators" -Member $username + +# Various Ansible Settings +Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true +Enable-WSManCredSSP -Role Server -Force diff --git a/jenkins/Jenkinsfile.disk_service b/jenkins/Jenkinsfile.disk_service index b02ddf9..e5f5303 100644 --- a/jenkins/Jenkinsfile.disk_service +++ b/jenkins/Jenkinsfile.disk_service @@ -5,6 +5,7 @@ pipeline { parameters { string(name: 'host_ip', description: 'Target System Address') string(name: 'api_service_port', defaultValue: "5000", description: 'API Service Port, probably don\'t change this') + booleanParam(name: 'refresh_api', defaultValue: false, description: 'When checked this will just update the API') // reference for later // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') // booleanParam(name: 'rename_host', defaultValue: true, description: 'When checked hostname will be renamed') @@ -54,7 +55,7 @@ pipeline { ansible-playbook -i \$inventory_file \$playbook_file \ --ssh-common-args='-o StrictHostKeyChecking=no' \ - --extra-vars "api_service_port=${params.api_service_port}" + --extra-vars "api_service_port=${params.api_service_port} refresh_api=${params.refresh_api}" """ } } diff --git a/roles/cosmos_init/defaults/main.yaml b/roles/cosmos_init/defaults/main.yaml index 486a4f7..2665d7d 100644 --- a/roles/cosmos_init/defaults/main.yaml +++ b/roles/cosmos_init/defaults/main.yaml @@ -7,6 +7,8 @@ windows_base_packages: - windirstat - putty +windows_desktop_packages: + windows_features: - NET-Framework-Features - Telnet-Client diff --git a/roles/cosmos_init/tasks/desktop.yaml b/roles/cosmos_init/tasks/desktop.yaml new file mode 100644 index 0000000..f08e17a --- /dev/null +++ b/roles/cosmos_init/tasks/desktop.yaml @@ -0,0 +1,16 @@ +--- + + + +- name: Install base packages + when: false + win_chocolatey: + name: + - "{{ windows_desktop_packages_item }}" + state: present + loop: "{{ windows_desktop_packages }}" + loop_control: + loop_var: windows_desktop_packages_item + + +... \ No newline at end of file diff --git a/roles/cosmos_init/tasks/main.yaml b/roles/cosmos_init/tasks/main.yaml index 58905f3..b653239 100644 --- a/roles/cosmos_init/tasks/main.yaml +++ b/roles/cosmos_init/tasks/main.yaml @@ -1,48 +1,62 @@ --- - - -- name: Install base packages - win_chocolatey: - name: - - "{{ windows_base_packages_item }}" - state: present - loop: "{{ windows_base_packages }}" - loop_control: - loop_var: windows_base_packages_item - -- name: Install Server Services - ansible.windows.win_feature: - name: - - "{{ windows_features_item }}" - state: present - loop: "{{ windows_features }}" - loop_control: - loop_var: windows_features_item - -- name: Disable ms_tcpip6 of all the Interface - community.windows.win_net_adapter_feature: - interface: '*' - state: disabled - component_id: - - ms_tcpip6 - -- name: disable IE Enhanced Security +- name: skip if refresh + when: not refresh_api | bool block: + - name: Get Windows version + win_shell: "systeminfo /fo csv | ConvertFrom-Csv | select OS*, System*, Hotfix* | Format-List" + register: windows_version - - name: disable for user - win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0' + - name: Print Windows host information + debug: + msg: "{{ windows_version }}" - - name: disable for admin - win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0' + - name: Install base packages + win_chocolatey: + name: + - "{{ windows_base_packages_item }}" + state: present + ignore_checksums: true + loop: "{{ windows_base_packages }}" + loop_control: + loop_var: windows_base_packages_item -- name: disable automatic updates - ansible.windows.win_regedit: - path: HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU - name: NoAutoUpdate - data: 1 + - name: Install Server Services + when: "'server' in windows_version" + ansible.windows.win_feature: + name: + - "{{ windows_features_item }}" + state: present + loop: "{{ windows_features }}" + loop_control: + loop_var: windows_features_item -- name: disable Firewall - win_shell: "netsh advfirewall set allprofiles state off" - + - name: Disable ms_tcpip6 of all the Interfaces + community.windows.win_net_adapter_feature: + interface: '*' + state: disabled + component_id: + - ms_tcpip6 + - name: windows server items + when: "'server' in windows_version" + block: + + - name: disable IE-ESC for user + win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0' + + - name: disable IE-ESC for admin + win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0' + + - name: disable automatic updates + ansible.windows.win_regedit: + path: HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU + name: NoAutoUpdate + data: 1 + + - name: disable Firewall + win_shell: "netsh advfirewall set allprofiles state off" + + #- name: desktop items + # when: "'server' not in windows_version" + # include_tasks: desktop.yaml ... \ No newline at end of file diff --git a/roles/display_hostname/tasks/main.yaml b/roles/display_hostname/tasks/main.yaml index 38127f4..7d3b0d3 100644 --- a/roles/display_hostname/tasks/main.yaml +++ b/roles/display_hostname/tasks/main.yaml @@ -10,13 +10,13 @@ msg: "Hostname: {{ hostname_output.stdout_lines[0] }}" -- name: Test API - win_shell: "C:\\Windows\\system32\\curl --silent http://{{ ansible_ssh_host }}:5000/disk" - register: api_test_output - -- name: Show Test Results - debug: - msg: "{{ api_test_output.stdout_lines }}" +#- name: Test API +# win_shell: "C:\\Windows\\system32\\curl --silent http://{{ ansible_ssh_host }}:5000/disk" +# register: api_test_output +# +#- name: Show Test Results +# debug: +# msg: "{{ api_test_output.stdout_lines }}" ... \ No newline at end of file diff --git a/roles/storage_api/files/requirements.txt b/roles/storage_api/files/requirements.txt index ed6ebb0..fe14a93 100644 --- a/roles/storage_api/files/requirements.txt +++ b/roles/storage_api/files/requirements.txt @@ -1,2 +1,3 @@ Flask -psutil \ No newline at end of file +flask_apscheduler +psutil diff --git a/roles/storage_api/tasks/main.yaml b/roles/storage_api/tasks/main.yaml index 9597b1c..44f50ef 100644 --- a/roles/storage_api/tasks/main.yaml +++ b/roles/storage_api/tasks/main.yaml @@ -5,6 +5,7 @@ ############################################### - name: set up python venv + when: not refresh_api | bool include_tasks: python_venv.yaml - name: build python exe @@ -14,6 +15,7 @@ include_tasks: nssm.yaml - name: set up scheduled task + when: false include_tasks: update_task.yaml ... \ No newline at end of file diff --git a/roles/storage_api/tasks/nssm.yaml b/roles/storage_api/tasks/nssm.yaml index e5f291f..3f68537 100644 --- a/roles/storage_api/tasks/nssm.yaml +++ b/roles/storage_api/tasks/nssm.yaml @@ -1,19 +1,21 @@ --- +- name: skip when refresh + when: not refresh_api | bool + block: + - name: Copy CrystalDiskInfo archive + ansible.windows.win_copy: + src: /var/jenkins_home/ansible-files/programs/CrystalDiskInfo.zip + dest: "{{ storage_api_root }}\\CrystalDiskInfo.zip" -- name: Copy CrystalDiskInfo archive - ansible.windows.win_copy: - src: /var/jenkins_home/ansible-files/programs/CrystalDiskInfo.zip - dest: "{{ storage_api_root }}\\CrystalDiskInfo.zip" + - name: Extract CrystalDiskInfo archive + community.windows.win_unzip: + src: "{{ storage_api_root }}\\CrystalDiskInfo.zip" + dest: "{{ storage_api_root }}\\dist\\" -- name: Extract CrystalDiskInfo archive - community.windows.win_unzip: - src: "{{ storage_api_root }}\\CrystalDiskInfo.zip" - dest: "{{ storage_api_root }}\\dist\\" - -- name: Install nssm - win_chocolatey: - name: nssm - state: present + - name: Install nssm + win_chocolatey: + name: nssm + state: present - name: Install disk_api service community.windows.win_nssm: diff --git a/roles/storage_api/tasks/python_service.yaml b/roles/storage_api/tasks/python_service.yaml index 16188c3..7351bba 100644 --- a/roles/storage_api/tasks/python_service.yaml +++ b/roles/storage_api/tasks/python_service.yaml @@ -1,6 +1,7 @@ --- - name: Create service working folder + when: not refresh_api | bool ansible.windows.win_file: path: "{{ storage_api_root }}" state: directory @@ -25,6 +26,7 @@ dest: "{{ storage_api_root }}\\disk_service.py" - name: install pyinstaller + when: not refresh_api | bool win_shell: "{{ python_venv_bin }} -m pip install pyinstaller" - name: compile binary @@ -34,6 +36,7 @@ chdir: "{{ storage_api_root }}" - name: Open up port 5000 + when: not refresh_api | bool community.windows.win_firewall_rule: name: _ansible_python_disk_service description: "Firewall rule to allow traffic for Disk info API" diff --git a/roles/storage_api/templates/disk_service.py b/roles/storage_api/templates/disk_service.py index ba7d31c..9d351c5 100644 --- a/roles/storage_api/templates/disk_service.py +++ b/roles/storage_api/templates/disk_service.py @@ -1,8 +1,12 @@ from flask import Flask, jsonify +from flask_apscheduler import APScheduler import psutil import os +import requests, json +from subprocess import check_output app = Flask(__name__) +scheduler = APScheduler() app.config['JSONIFY_PRETTYPRINT_REGULAR'] = True # Bits to Bytes etc @@ -38,7 +42,8 @@ def get_crystal_disk_info(): "Power On Count": None, "Host Writes": None, "Wear Level Count": None, - "Drive Letter": None + "Drive Letter": None, + "Interface": None } for line in lines: if "Model" in line: @@ -74,6 +79,9 @@ def get_crystal_disk_info(): elif "Disk Size" in line: if ":" in line: data["Disk Size"] = line.split(":", 1)[1].strip() + elif "Interface" in line: + if ":" in line: + data["Disk Size"] = line.split(":", 1)[1].strip() if any(value is not None for value in data.values()): drives.append(data) @@ -113,5 +121,36 @@ def disk(): def drive_health(): return jsonify(get_crystal_disk_info()) +def server_reporter(): + base_url="http://172.25.1.18:5001/client_update" + url = f"{base_url}/process" + data_dict = get_crystal_disk_info() + response = requests.post(url, json=data_dict) + + # Raise an exception for non‑2xx status codes + response.raise_for_status() + + # Return the JSON payload + return response.json() + if __name__ == '__main__': + + # Background Loop Function + # That makes this the service loop + def background_loop(): + diskinfo_command = f"{{ storage_api_root }}\\dist\\DiskInfo64.exe /CopyExit" + result = check_output(diskinfo_command, shell=True) + print(result) + server_reporter() + return result + + scheduler.add_job(id='background_loop', + func=background_loop, + trigger='interval', + seconds=60) + scheduler.init_app(app) + scheduler.start() + + background_loop() + app.run(host='0.0.0.0', port={{ api_service_port }})