From bdeda04692ec3aa97fb60c36fdcf8f4b8febbce7 Mon Sep 17 00:00:00 2001 From: juju4 Date: Sat, 7 Nov 2020 08:43:09 -0500 Subject: [PATCH] improve idempotency with changed_when/failed_when, args creates --- Azure/Ansible/roles/common/tasks/main.yml | 6 ++++++ Azure/Ansible/roles/dc/tasks/main.yml | 5 ++++- Azure/Ansible/roles/wef/tasks/main.yml | 10 ++++++++++ Azure/Ansible/roles/win10/tasks/main.yml | 9 +++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/Azure/Ansible/roles/common/tasks/main.yml b/Azure/Ansible/roles/common/tasks/main.yml index d1574215e..6a4ba2c1a 100644 --- a/Azure/Ansible/roles/common/tasks/main.yml +++ b/Azure/Ansible/roles/common/tasks/main.yml @@ -6,6 +6,7 @@ chdir: 'c:\vagrant\scripts' register: palantir_wef failed_when: "'Exception' in palantir_wef.stdout" + changed_when: "' already exists. Moving On.' not in palantir_wef.stdout" - debug: msg="{{ palantir_wef.stdout_lines }}" @@ -15,6 +16,7 @@ chdir: 'c:\vagrant\scripts' register: install_osquery failed_when: "'Exception' in install_osquery.stdout" + changed_when: "' already installed. Moving On.' not in install_osquery.stdout" - debug: msg="{{ install_osquery.stdout_lines }}" @@ -24,6 +26,7 @@ chdir: 'c:\vagrant\scripts' register: sysinternals failed_when: "'Exception' in sysinternals.stdout" + changed_when: "'Tools directory exists, no need to re-install.' not in sysinternals.stdout" - debug: msg="{{ sysinternals.stdout_lines }}" @@ -33,6 +36,7 @@ chdir: 'c:\vagrant\scripts' register: velociraptor failed_when: "'Exception' in velociraptor.stdout" + changed_when: "' already installed. Moving On.' not in velociraptor.stdout" - debug: msg="{{ velociraptor.stdout_lines }}" @@ -42,6 +46,7 @@ chdir: 'c:\vagrant\scripts' register: autorunstowineventlog failed_when: "'Exception' in autorunstowineventlog.stdout" + changed_when: "' already installed. Moving On.' not in autorunstowineventlog.stdout" - debug: msg="{{ autorunstowineventlog.stdout_lines }}" @@ -51,6 +56,7 @@ chdir: 'c:\vagrant\scripts' register: redteam failed_when: "'Exception' in redteam.stdout" + changed_when: "' already installed. Moving On.' not in redteam.stdout" - debug: msg="{{ redteam.stdout_lines }}" diff --git a/Azure/Ansible/roles/dc/tasks/main.yml b/Azure/Ansible/roles/dc/tasks/main.yml index d75262931..6378468a1 100644 --- a/Azure/Ansible/roles/dc/tasks/main.yml +++ b/Azure/Ansible/roles/dc/tasks/main.yml @@ -21,6 +21,8 @@ - name: Copy scripts to c:\vagrant win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant + args: + creates: c:\vagrant\Vagrantfile - name: Create an Administrator user win_user: @@ -28,7 +30,8 @@ password: Vagrant123 state: present groups: - - Users,Administrators + - Users + - Administrators password_never_expires: yes - name: Create the Domain diff --git a/Azure/Ansible/roles/wef/tasks/main.yml b/Azure/Ansible/roles/wef/tasks/main.yml index d1bed68c2..ffd6f19f4 100644 --- a/Azure/Ansible/roles/wef/tasks/main.yml +++ b/Azure/Ansible/roles/wef/tasks/main.yml @@ -21,6 +21,8 @@ - name: Copy scripts to c:\vagrant win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant + args: + creates: c:\vagrant\Vagrantfile - name: Join the Domain win_shell: .\\provision.ps1 @@ -28,6 +30,7 @@ chdir: 'c:\vagrant\scripts' register: wef_join_domain changed_when: "'HasSucceeded : True' in wef_join_domain.stdout" + failed_when: '"failed to join domain" in wef_join_domain.stderr' - debug: msg="{{ wef_join_domain.stdout_lines }}" @@ -37,6 +40,7 @@ pre_reboot_delay: 15 reboot_timeout: 600 post_reboot_delay: 60 + when: wef_join_domain.changed - name: Download Microsoft ATA win_get_url: @@ -53,6 +57,7 @@ chdir: 'c:\vagrant\scripts' register: palantir_wef failed_when: "'Exception' in palantir_wef.stdout" + changed_when: "' already exists. Moving On.' not in palantir_wef.stdout" - debug: msg="{{ palantir_wef.stdout_lines }}" @@ -62,6 +67,7 @@ chdir: 'c:\vagrant\scripts' register: wef_subscriptions failed_when: "'Exception' in wef_subscriptions.stdout" + changed_when: "'already installed, moving on...' not in wef_subscriptions.stdout" - debug: msg="{{ wef_subscriptions.stdout_lines }}" @@ -71,6 +77,7 @@ chdir: 'c:\vagrant\scripts' register: splunkuf failed_when: "'Exception' in splunkuf.stdout" + changed_when: "' already installed. Moving on.' not in splunkuf.stdout" - debug: msg="{{ splunkuf.stdout_lines }}" @@ -80,6 +87,7 @@ chdir: 'c:\vagrant\scripts' register: windowsta failed_when: "'Exception' in windowsta.stdout" + changed_when: "' already installed. Moving on.' not in windowsta.stdout" - debug: msg="{{ windowsta.stdout_lines }}" @@ -98,6 +106,7 @@ chdir: 'c:\vagrant\scripts' register: evtxeventsamples failed_when: "'Exception' in evtxeventsamples.stdout" + changed_when: "' were already installed. Moving On.' not in evtxeventsamples.stdout" - debug: msg="{{ evtxeventsamples.stdout_lines }}" @@ -107,6 +116,7 @@ chdir: 'c:\vagrant\scripts' register: windowsata failed_when: "'Exception' in windowsata.stdout" + changed_when: "' was already installed. Moving On.' not in windowsata.stdout" - debug: msg="{{ windowsata.stdout_lines }}" diff --git a/Azure/Ansible/roles/win10/tasks/main.yml b/Azure/Ansible/roles/win10/tasks/main.yml index 3cc8c024f..0b972b1ef 100644 --- a/Azure/Ansible/roles/win10/tasks/main.yml +++ b/Azure/Ansible/roles/win10/tasks/main.yml @@ -20,19 +20,27 @@ - name: Copy scripts to c:\vagrant win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant + args: + creates: c:\vagrant\Vagrantfile - name: Making Windows10 Great Again win_shell: .\\MakeWindows10GreatAgain.ps1 args: chdir: 'c:\vagrant\scripts' + register: win10_great + changed_when: "' was already installed. Moving On.' not in win10_great.stdout" - name: Join the Domain win_shell: .\\provision.ps1 args: chdir: 'c:\vagrant\scripts' + register: win10_join_domain + changed_when: "'HasSucceeded : True' in win10_join_domain.stdout" + failed_when: '"failed to join domain" in win10_join_domain.stderr' - name: Update group policy win_shell: "gpupdate /force" + when: win10_join_domain.changed - name: Reboot Server win_reboot: @@ -40,6 +48,7 @@ pre_reboot_delay: 15 reboot_timeout: 600 post_reboot_delay: 60 + when: win10_join_domain.changed - name: Clear Event Logs win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"