improve idempotency with changed_when/failed_when, args creates

gregclermont · Nov 7, 2020 · bdeda04 · bdeda04
1 parent 3fb36ef
commit bdeda04
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 1 deletion.
diff --git a/Azure/Ansible/roles/common/tasks/main.yml b/Azure/Ansible/roles/common/tasks/main.yml
@@ -6,6 +6,7 @@
     chdir: 'c:\vagrant\scripts'
   register: palantir_wef
   failed_when: "'Exception' in palantir_wef.stdout"
+  changed_when: "' already exists. Moving On.' not in palantir_wef.stdout"
 
 - debug: msg="{{ palantir_wef.stdout_lines }}"
 
@@ -15,6 +16,7 @@
     chdir: 'c:\vagrant\scripts'
   register: install_osquery
   failed_when: "'Exception' in install_osquery.stdout"
+  changed_when: "' already installed. Moving On.' not in install_osquery.stdout"
 
 - debug: msg="{{ install_osquery.stdout_lines }}"
 
@@ -24,6 +26,7 @@
     chdir: 'c:\vagrant\scripts'
   register: sysinternals
   failed_when: "'Exception' in sysinternals.stdout"
+  changed_when: "'Tools directory exists, no need to re-install.' not in sysinternals.stdout"
 
 - debug: msg="{{ sysinternals.stdout_lines }}"
 
@@ -33,6 +36,7 @@
     chdir: 'c:\vagrant\scripts'
   register: velociraptor
   failed_when: "'Exception' in velociraptor.stdout"
+  changed_when: "' already installed. Moving On.' not in velociraptor.stdout"
 
 - debug: msg="{{ velociraptor.stdout_lines }}"
 
@@ -42,6 +46,7 @@
     chdir: 'c:\vagrant\scripts'
   register: autorunstowineventlog
   failed_when: "'Exception' in autorunstowineventlog.stdout"
+  changed_when: "' already installed. Moving On.' not in autorunstowineventlog.stdout"
 
 - debug: msg="{{ autorunstowineventlog.stdout_lines }}"
 
@@ -51,6 +56,7 @@
     chdir: 'c:\vagrant\scripts'
   register: redteam
   failed_when: "'Exception' in redteam.stdout"
+  changed_when: "' already installed. Moving On.' not in redteam.stdout"
 
 - debug: msg="{{ redteam.stdout_lines }}"
 

diff --git a/Azure/Ansible/roles/dc/tasks/main.yml b/Azure/Ansible/roles/dc/tasks/main.yml
@@ -21,14 +21,17 @@
 
 - name: Copy scripts to c:\vagrant
   win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+  args:
+    creates: c:\vagrant\Vagrantfile
 
 - name: Create an Administrator user
   win_user:
     name: Administrator
     password: Vagrant123
     state: present
     groups:
-      - Users,Administrators
+      - Users
+      - Administrators
     password_never_expires: yes
 
 - name: Create the Domain

diff --git a/Azure/Ansible/roles/wef/tasks/main.yml b/Azure/Ansible/roles/wef/tasks/main.yml
@@ -21,13 +21,16 @@
 
 - name: Copy scripts to c:\vagrant
   win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+  args:
+    creates: c:\vagrant\Vagrantfile
 
 - name: Join the Domain
   win_shell: .\\provision.ps1
   args:
     chdir: 'c:\vagrant\scripts'
   register: wef_join_domain
   changed_when: "'HasSucceeded : True' in wef_join_domain.stdout"
+  failed_when: '"failed to join domain" in wef_join_domain.stderr'
 
 - debug: msg="{{ wef_join_domain.stdout_lines }}"
 
@@ -37,6 +40,7 @@
     pre_reboot_delay: 15
     reboot_timeout: 600
     post_reboot_delay: 60
+  when: wef_join_domain.changed
 
 - name: Download Microsoft ATA
   win_get_url:
@@ -53,6 +57,7 @@
     chdir: 'c:\vagrant\scripts'
   register: palantir_wef
   failed_when: "'Exception' in palantir_wef.stdout"
+  changed_when: "' already exists. Moving On.' not in palantir_wef.stdout"
 
 - debug: msg="{{ palantir_wef.stdout_lines }}"
 
@@ -62,6 +67,7 @@
     chdir: 'c:\vagrant\scripts'
   register: wef_subscriptions
   failed_when: "'Exception' in wef_subscriptions.stdout"
+  changed_when: "'already installed, moving on...' not in wef_subscriptions.stdout"
 
 - debug: msg="{{ wef_subscriptions.stdout_lines }}"
 
@@ -71,6 +77,7 @@
     chdir: 'c:\vagrant\scripts'
   register: splunkuf
   failed_when: "'Exception' in splunkuf.stdout"
+  changed_when: "' already installed. Moving on.' not in splunkuf.stdout"
 
 - debug: msg="{{ splunkuf.stdout_lines }}"
 
@@ -80,6 +87,7 @@
     chdir: 'c:\vagrant\scripts'
   register: windowsta
   failed_when: "'Exception' in windowsta.stdout"
+  changed_when: "' already installed. Moving on.' not in windowsta.stdout"
 
 - debug: msg="{{ windowsta.stdout_lines }}"
 
@@ -98,6 +106,7 @@
     chdir: 'c:\vagrant\scripts'
   register: evtxeventsamples
   failed_when: "'Exception' in evtxeventsamples.stdout"
+  changed_when: "' were already installed. Moving On.' not in evtxeventsamples.stdout"
 
 - debug: msg="{{ evtxeventsamples.stdout_lines }}"
 
@@ -107,6 +116,7 @@
     chdir: 'c:\vagrant\scripts'
   register: windowsata
   failed_when: "'Exception' in windowsata.stdout"
+  changed_when: "' was already installed. Moving On.' not in windowsata.stdout"
 
 - debug: msg="{{ windowsata.stdout_lines }}"
 

diff --git a/Azure/Ansible/roles/win10/tasks/main.yml b/Azure/Ansible/roles/win10/tasks/main.yml
@@ -20,26 +20,35 @@
 
 - name: Copy scripts to c:\vagrant
   win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+  args:
+    creates: c:\vagrant\Vagrantfile
 
 - name: Making Windows10 Great Again
   win_shell:  .\\MakeWindows10GreatAgain.ps1
   args:
     chdir: 'c:\vagrant\scripts'
+  register: win10_great
+  changed_when: "' was already installed. Moving On.' not in win10_great.stdout"
 
 - name: Join the Domain
   win_shell: .\\provision.ps1
   args:
     chdir: 'c:\vagrant\scripts'
+  register: win10_join_domain
+  changed_when: "'HasSucceeded : True' in win10_join_domain.stdout"
+  failed_when: '"failed to join domain" in win10_join_domain.stderr'
 
 - name: Update group policy
   win_shell: "gpupdate /force"
+  when: win10_join_domain.changed
 
 - name: Reboot Server
   win_reboot:
     msg: "Joined the domain. Rebooting..."
     pre_reboot_delay: 15
     reboot_timeout: 600
     post_reboot_delay: 60
+  when: win10_join_domain.changed
 
 - name: Clear Event Logs
   win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"