matt/ansible-windows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add refresh_api to jenkinsfile

Browse Source
This commit is contained in:
phermeys
2026-04-18 16:14:22 -07:00
parent 280066436a
commit 67f3f8440b
12 changed files with 161 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventory/WinRM/CosmosRM.bat Normal file
View File

@ -0,0 +1 @@
powershell -executionpolicy bypass -Command \\home.cosmos\netlogon\cosmosrm.ps1

17
inventory/WinRM/cosmosrm.ps1 Normal file
View File

@ -0,0 +1,17 @@
# script for setting ansible service account to registry key
$username = "cosmos-ansible"
$ansible_registry = "HKLM:\SOFTWARE\Cosmos\Ansible"
$password_key = "Password"
$password = (Get-ItemProperty $ansible_registry).$password_key
# This is what the thing needs to set the password
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
# Set password
$UserAccount = Get-LocalUser -Name $username
$UserAccount | Set-LocalUser -Password $securePassword
# Make it a local admin
Add-LocalGroupMember -Group "Administrators" -Member $username
# Various Ansible Settings
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true
Enable-WSManCredSSP -Role Server -Force

3
jenkins/Jenkinsfile.disk_service
View File

@ -5,6 +5,7 @@ pipeline {
parameters { parameters {
string(name: 'host_ip', description: 'Target System Address') string(name: 'host_ip', description: 'Target System Address')
string(name: 'api_service_port', defaultValue: "5000", description: 'API Service Port, probably don\'t change this') string(name: 'api_service_port', defaultValue: "5000", description: 'API Service Port, probably don\'t change this')
booleanParam(name: 'refresh_api', defaultValue: false, description: 'When checked this will just update the API')
// reference for later // reference for later
// choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to')
// booleanParam(name: 'rename_host', defaultValue: true, description: 'When checked hostname will be renamed') // booleanParam(name: 'rename_host', defaultValue: true, description: 'When checked hostname will be renamed')
@ -54,7 +55,7 @@ pipeline {
ansible-playbook -i \$inventory_file \$playbook_file \ ansible-playbook -i \$inventory_file \$playbook_file \
--ssh-common-args='-o StrictHostKeyChecking=no' \ --ssh-common-args='-o StrictHostKeyChecking=no' \
--extra-vars "api_service_port=${params.api_service_port}" --extra-vars "api_service_port=${params.api_service_port} refresh_api=${params.refresh_api}"
""" """
} }
} }

2
roles/cosmos_init/defaults/main.yaml
View File

@ -7,6 +7,8 @@ windows_base_packages:
- windirstat - windirstat
- putty - putty
windows_desktop_packages:
windows_features: windows_features:
- NET-Framework-Features - NET-Framework-Features
- Telnet-Client - Telnet-Client

16
roles/cosmos_init/tasks/desktop.yaml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Install base packages
when: false
win_chocolatey:
name:
- "{{ windows_desktop_packages_item }}"
state: present
loop: "{{ windows_desktop_packages }}"
loop_control:
loop_var: windows_desktop_packages_item
...

94
roles/cosmos_init/tasks/main.yaml
View File

@ -1,48 +1,62 @@
--- ---
- name: skip if refresh
when: not refresh_api | bool
- name: Install base packages
win_chocolatey:
name:
- "{{ windows_base_packages_item }}"
state: present
loop: "{{ windows_base_packages }}"
loop_control:
loop_var: windows_base_packages_item
- name: Install Server Services
ansible.windows.win_feature:
name:
- "{{ windows_features_item }}"
state: present
loop: "{{ windows_features }}"
loop_control:
loop_var: windows_features_item
- name: Disable ms_tcpip6 of all the Interface
community.windows.win_net_adapter_feature:
interface: '*'
state: disabled
component_id:
- ms_tcpip6
- name: disable IE Enhanced Security
block: block:
- name: Get Windows version
win_shell: "systeminfo /fo csv | ConvertFrom-Csv | select OS*, System*, Hotfix* | Format-List"
register: windows_version
- name: disable for user - name: Print Windows host information
win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0' debug:
msg: "{{ windows_version }}"
- name: disable for admin - name: Install base packages
win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0' win_chocolatey:
name:
- "{{ windows_base_packages_item }}"
state: present
ignore_checksums: true
loop: "{{ windows_base_packages }}"
loop_control:
loop_var: windows_base_packages_item
- name: disable automatic updates - name: Install Server Services
ansible.windows.win_regedit: when: "'server' in windows_version"
path: HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU ansible.windows.win_feature:
name: NoAutoUpdate name:
data: 1 - "{{ windows_features_item }}"
state: present
loop: "{{ windows_features }}"
loop_control:
loop_var: windows_features_item
- name: disable Firewall - name: Disable ms_tcpip6 of all the Interfaces
win_shell: "netsh advfirewall set allprofiles state off" community.windows.win_net_adapter_feature:
interface: '*'
state: disabled
component_id:
- ms_tcpip6
- name: windows server items
when: "'server' in windows_version"
block:
- name: disable IE-ESC for user
win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0'
- name: disable IE-ESC for admin
win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0'
- name: disable automatic updates
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
name: NoAutoUpdate
data: 1
- name: disable Firewall
win_shell: "netsh advfirewall set allprofiles state off"
#- name: desktop items
# when: "'server' not in windows_version"
# include_tasks: desktop.yaml
... ...

14
roles/display_hostname/tasks/main.yaml
View File

@ -10,13 +10,13 @@
msg: "Hostname: {{ hostname_output.stdout_lines[0] }}" msg: "Hostname: {{ hostname_output.stdout_lines[0] }}"
- name: Test API #- name: Test API
win_shell: "C:\\Windows\\system32\\curl --silent http://{{ ansible_ssh_host }}:5000/disk" # win_shell: "C:\\Windows\\system32\\curl --silent http://{{ ansible_ssh_host }}:5000/disk"
register: api_test_output # register: api_test_output
#
- name: Show Test Results #- name: Show Test Results
debug: # debug:
msg: "{{ api_test_output.stdout_lines }}" # msg: "{{ api_test_output.stdout_lines }}"
... ...

3
roles/storage_api/files/requirements.txt
View File

@ -1,2 +1,3 @@
Flask Flask
psutil flask_apscheduler
psutil

2
roles/storage_api/tasks/main.yaml
View File

@ -5,6 +5,7 @@
############################################### ###############################################
- name: set up python venv - name: set up python venv
when: not refresh_api | bool
include_tasks: python_venv.yaml include_tasks: python_venv.yaml
- name: build python exe - name: build python exe
@ -14,6 +15,7 @@
include_tasks: nssm.yaml include_tasks: nssm.yaml
- name: set up scheduled task - name: set up scheduled task
when: false
include_tasks: update_task.yaml include_tasks: update_task.yaml
... ...

28
roles/storage_api/tasks/nssm.yaml
View File

@ -1,19 +1,21 @@
--- ---
- name: skip when refresh
when: not refresh_api | bool
block:
- name: Copy CrystalDiskInfo archive
ansible.windows.win_copy:
src: /var/jenkins_home/ansible-files/programs/CrystalDiskInfo.zip
dest: "{{ storage_api_root }}\\CrystalDiskInfo.zip"
- name: Copy CrystalDiskInfo archive - name: Extract CrystalDiskInfo archive
ansible.windows.win_copy: community.windows.win_unzip:
src: /var/jenkins_home/ansible-files/programs/CrystalDiskInfo.zip src: "{{ storage_api_root }}\\CrystalDiskInfo.zip"
dest: "{{ storage_api_root }}\\CrystalDiskInfo.zip" dest: "{{ storage_api_root }}\\dist\\"
- name: Extract CrystalDiskInfo archive - name: Install nssm
community.windows.win_unzip: win_chocolatey:
src: "{{ storage_api_root }}\\CrystalDiskInfo.zip" name: nssm
dest: "{{ storage_api_root }}\\dist\\" state: present
- name: Install nssm
win_chocolatey:
name: nssm
state: present
- name: Install disk_api service - name: Install disk_api service
community.windows.win_nssm: community.windows.win_nssm:

3
roles/storage_api/tasks/python_service.yaml
View File

@ -1,6 +1,7 @@
--- ---
- name: Create service working folder - name: Create service working folder
when: not refresh_api | bool
ansible.windows.win_file: ansible.windows.win_file:
path: "{{ storage_api_root }}" path: "{{ storage_api_root }}"
state: directory state: directory
@ -25,6 +26,7 @@
dest: "{{ storage_api_root }}\\disk_service.py" dest: "{{ storage_api_root }}\\disk_service.py"
- name: install pyinstaller - name: install pyinstaller
when: not refresh_api | bool
win_shell: "{{ python_venv_bin }} -m pip install pyinstaller" win_shell: "{{ python_venv_bin }} -m pip install pyinstaller"
- name: compile binary - name: compile binary
@ -34,6 +36,7 @@
chdir: "{{ storage_api_root }}" chdir: "{{ storage_api_root }}"
- name: Open up port 5000 - name: Open up port 5000
when: not refresh_api | bool
community.windows.win_firewall_rule: community.windows.win_firewall_rule:
name: _ansible_python_disk_service name: _ansible_python_disk_service
description: "Firewall rule to allow traffic for Disk info API" description: "Firewall rule to allow traffic for Disk info API"

41
roles/storage_api/templates/disk_service.py
View File

@ -1,8 +1,12 @@
from flask import Flask, jsonify from flask import Flask, jsonify
from flask_apscheduler import APScheduler
import psutil import psutil
import os import os
import requests, json
from subprocess import check_output
app = Flask(__name__) app = Flask(__name__)
scheduler = APScheduler()
app.config['JSONIFY_PRETTYPRINT_REGULAR'] = True app.config['JSONIFY_PRETTYPRINT_REGULAR'] = True
# Bits to Bytes etc # Bits to Bytes etc
@ -38,7 +42,8 @@ def get_crystal_disk_info():
"Power On Count": None, "Power On Count": None,
"Host Writes": None, "Host Writes": None,
"Wear Level Count": None, "Wear Level Count": None,
"Drive Letter": None "Drive Letter": None,
"Interface": None
} }
for line in lines: for line in lines:
if "Model" in line: if "Model" in line:
@ -74,6 +79,9 @@ def get_crystal_disk_info():
elif "Disk Size" in line: elif "Disk Size" in line:
if ":" in line: if ":" in line:
data["Disk Size"] = line.split(":", 1)[1].strip() data["Disk Size"] = line.split(":", 1)[1].strip()
elif "Interface" in line:
if ":" in line:
data["Disk Size"] = line.split(":", 1)[1].strip()
if any(value is not None for value in data.values()): if any(value is not None for value in data.values()):
drives.append(data) drives.append(data)
@ -113,5 +121,36 @@ def disk():
def drive_health(): def drive_health():
return jsonify(get_crystal_disk_info()) return jsonify(get_crystal_disk_info())
def server_reporter():
base_url="http://172.25.1.18:5001/client_update"
url = f"{base_url}/process"
data_dict = get_crystal_disk_info()
response = requests.post(url, json=data_dict)
# Raise an exception for non2xx status codes
response.raise_for_status()
# Return the JSON payload
return response.json()
if __name__ == '__main__': if __name__ == '__main__':
# Background Loop Function
# That makes this the service loop
def background_loop():
diskinfo_command = f"{{ storage_api_root }}\\dist\\DiskInfo64.exe /CopyExit"
result = check_output(diskinfo_command, shell=True)
print(result)
server_reporter()
return result
scheduler.add_job(id='background_loop',
func=background_loop,
trigger='interval',
seconds=60)
scheduler.init_app(app)
scheduler.start()
background_loop()
app.run(host='0.0.0.0', port={{ api_service_port }}) app.run(host='0.0.0.0', port={{ api_service_port }})