--- - name: get resource group info become: true become_user: root # become_method: runas hosts: localhost roles: - role: azure_createwindowsvm environment: - AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b - AZURE_SECRET: "{{secret}}" - AZURE_SUBSCRIPTION_ID: "{{((sub_id | split(':'))[1]) | trim }}" # - AZURE_SUBSCRIPTION_ID: a7f4215b-c8f8-45ac-8fdd-062c940b02f6 - AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4 tasks: - name: output subscriptionID debug: var: "AZURE_SUBSCRIPTION_ID" - name: make host group from survey hosts list add_host: hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}" #hostname: "{{ hostname }}.adagility.net" groups: new_group ansible_connection: winrm ansible_port: 5985 ansible_winrm_server_cert_validation: ignore ansible_user: ApeAdmin ansible_password: "{{password}}" ansible_winrm_transport: ntlm #ansible_user: "{{ansible_user}}" #ansible_password: "{{ansible_password}}" - name: create hostgroup for ad group creation add_host: hostname: awe-mps-006.adagility.net groups: ad_group ansible_connection: winrm ansible_port: 5985 ansible_winrm_server_cert_validation: ignore ansible_user: "{{ansible_user}}" ansible_password: "{{ansible_password}}" ansible_winrm_transport: kerberos - name: Onboard vm gather_facts: no hosts: new_group roles: - role: win_ping - role: windows_install-check-mk - role: windows_install-sentinelone - role: windows_install-windirstat - role: windows_domain-join - role: windows_finalize ansible_user: "{{ansible_user}}" ansible_password: "{{ansible_password}}" # - role: windows_install-laps - name: Create admin group gather_facts: hosts: ad_group tasks: - name: Create ad security group for Devices community.windows.win_domain_group: name: G-MGMT-LA-DEVADM-{{ hostname|upper }} path: OU=Local_Admin,OU=Device_Privileges,OU=Management_Groups,OU=Aperam,DC=ADAGILITY,DC=NET domain_username: "{{domain_admin}}" domain_password: "{{domain_password}}" domain_server: awe-dcw-004.adagility.net state: present scope: global ignore_errors: true # - name: add host to security group to use azure updates # community.windows.win_domain_group_membership: # identity: GG-GPO-APERAM-SERVERS-AZUREUPDATES # members: "{{hostname}}$" # domain_username: "{{domain_admin}}" # domain_password: "{{domain_password}}" # domain_server: awe-dcw-004.adagility.net # state: present # scope: global # ignore_errors: true - name: add host to azure updates group microsoft.ad.group: name: GG-GPO-APERAM-SERVERS-AZUREUPDATES identity: GG-GPO-APERAM-SERVERS-AZUREUPDATES members: add: - "{{hostname}}$" domain_username: "{{domain_admin}}" domain_password: "{{domain_password}}" domain_server: awe-dcw-004.adagility.net scope: global ignore_errors: true - name: add host to checkmk hosts: localhost become: true become_user: root tasks: - name: Add host tribe29.checkmk.host: server_url: "https://monitoringeu.aperam.internal/" site: "monaperam" automation_user: "ansible" automation_secret: "TJXTVH@GFYPRNCJCWUMY" name: "{{hostname}}.adagility.net" validate_certs: false folder: / state: present with_inventory_hostnames: - new_group - name: "Add newly discovered services on host." tribe29.checkmk.discovery: server_url: "https://monitoringeu.aperam.internal/" site: "monaperam" automation_user: "ansible" automation_secret: "TJXTVH@GFYPRNCJCWUMY" host_name: "{{ hostname }}.adagility.net" state: "new" validate_certs: false with_inventory_hostnames: - new_group - name: "Activate changes on all sites." tribe29.checkmk.activation: server_url: "https://monitoringeu.aperam.internal/" site: "monaperam" automation_user: "ansible" automation_secret: "TJXTVH@GFYPRNCJCWUMY" force_foreign_changes: 'true' validate_certs: false run_once: 'true'