From 2ab19983cfa680078c51d9f915c258eddd184962 Mon Sep 17 00:00:00 2001 From: Larry Smith Jr Date: Fri, 4 May 2018 23:50:55 -0400 Subject: [PATCH] Fixed scripts symlinks When copying the new distro folders I forgot to prep scripts to be a symlink to the scripts folder in the parent. This was implemented to keep scripts in a single location in order to make changes consistently in a single location. --- Fedora/28/server/scripts | 1 + .../scripts/ConfigureRemotingForAnsible.ps1 | 323 ------------------ Fedora/28/server/scripts/bootstrap.sh | 28 -- Fedora/28/server/scripts/cleanup.sh | 8 - Ubuntu/bionic64/server/scripts | 1 + .../scripts/ConfigureRemotingForAnsible.ps1 | 323 ------------------ Ubuntu/bionic64/server/scripts/bootstrap.sh | 28 -- Ubuntu/bionic64/server/scripts/cleanup.sh | 8 - 8 files changed, 2 insertions(+), 718 deletions(-) create mode 120000 Fedora/28/server/scripts delete mode 100644 Fedora/28/server/scripts/ConfigureRemotingForAnsible.ps1 delete mode 100755 Fedora/28/server/scripts/bootstrap.sh delete mode 100755 Fedora/28/server/scripts/cleanup.sh create mode 120000 Ubuntu/bionic64/server/scripts delete mode 100644 Ubuntu/bionic64/server/scripts/ConfigureRemotingForAnsible.ps1 delete mode 100755 Ubuntu/bionic64/server/scripts/bootstrap.sh delete mode 100755 Ubuntu/bionic64/server/scripts/cleanup.sh diff --git a/Fedora/28/server/scripts b/Fedora/28/server/scripts new file mode 120000 index 0000000..bbaa944 --- /dev/null +++ b/Fedora/28/server/scripts @@ -0,0 +1 @@ +../../../scripts \ No newline at end of file diff --git a/Fedora/28/server/scripts/ConfigureRemotingForAnsible.ps1 b/Fedora/28/server/scripts/ConfigureRemotingForAnsible.ps1 deleted file mode 100644 index 3b2ddcd..0000000 --- a/Fedora/28/server/scripts/ConfigureRemotingForAnsible.ps1 +++ /dev/null @@ -1,323 +0,0 @@ -#Requires -Version 3.0 - -# Configure a Windows host for remote management with Ansible -# ----------------------------------------------------------- -# -# This script checks the current WinRM (PS Remoting) configuration and makes -# the necessary changes to allow Ansible to connect, authenticate and -# execute PowerShell commands. -# -# All events are logged to the Windows EventLog, useful for unattended runs. -# -# Use option -Verbose in order to see the verbose output messages. -# -# Use option -CertValidityDays to specify how long this certificate is valid -# starting from today. So you would specify -CertValidityDays 3650 to get -# a 10-year valid certificate. -# -# Use option -ForceNewSSLCert if the system has been SysPreped and a new -# SSL Certificate must be forced on the WinRM Listener when re-running this -# script. This is necessary when a new SID and CN name is created. -# -# Use option -SkipNetworkProfileCheck to skip the network profile check. -# Without specifying this the script will only run if the device's interfaces -# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable -# WinRM on a device with an interface in PUBLIC zone. -# -# Use option -SubjectName to specify the CN name of the certificate. This -# defaults to the system's hostname and generally should not be specified. - -# Written by Trond Hindenes -# Updated by Chris Church -# Updated by Michael Crilly -# Updated by Anton Ouzounov -# Updated by Nicolas Simond -# Updated by Dag Wieërs -# Updated by Jordan Borean -# -# Version 1.0 - 2014-07-06 -# Version 1.1 - 2014-11-11 -# Version 1.2 - 2015-05-15 -# Version 1.3 - 2016-04-04 -# Version 1.4 - 2017-01-05 -# Version 1.5 - 2017-02-09 -# Version 1.6 - 2017-04-18 - -# Support -Verbose option -[CmdletBinding()] - -Param ( - [string]$SubjectName = $env:COMPUTERNAME, - [int]$CertValidityDays = 1095, - [switch]$SkipNetworkProfileCheck, - $CreateSelfSignedCert = $true, - [switch]$ForceNewSSLCert, - [switch]$EnableCredSSP -) - -Function Write-Log -{ - $Message = $args[0] - Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message -} - -Function Write-VerboseLog -{ - $Message = $args[0] - Write-Verbose $Message - Write-Log $Message -} - -Function Write-HostLog -{ - $Message = $args[0] - Write-Host $Message - Write-Log $Message -} - -Function New-LegacySelfSignedCert -{ - Param ( - [string]$SubjectName, - [int]$ValidDays = 1095 - ) - - $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" - $name.Encode("CN=$SubjectName", 0) - - $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" - $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider" - $key.KeySpec = 1 - $key.Length = 4096 - $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" - $key.MachineContext = 1 - $key.Create() - - $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" - $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") - $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" - $ekuoids.Add($serverauthoid) - $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" - $ekuext.InitializeEncode($ekuoids) - - $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" - $cert.InitializeFromPrivateKey(2, $key, "") - $cert.Subject = $name - $cert.Issuer = $cert.Subject - $cert.NotBefore = (Get-Date).AddDays(-1) - $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) - $cert.X509Extensions.Add($ekuext) - $cert.Encode() - - $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" - $enrollment.InitializeFromRequest($cert) - $certdata = $enrollment.CreateRequest(0) - $enrollment.InstallResponse(2, $certdata, 0, "") - - # extract/return the thumbprint from the generated cert - $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 - $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) - - return $parsed_cert.Thumbprint -} - -# Setup error handling. -Trap -{ - $_ - Exit 1 -} -$ErrorActionPreference = "Stop" - -# Get the ID and security principal of the current user account -$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() -$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) - -# Get the security principal for the Administrator role -$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator - -# Check to see if we are currently running "as Administrator" -if (-Not $myWindowsPrincipal.IsInRole($adminRole)) -{ - Write-Host "ERROR: You need elevated Administrator privileges in order to run this script." - Write-Host " Start Windows PowerShell by using the Run as Administrator option." - Exit 2 -} - -$EventSource = $MyInvocation.MyCommand.Name -If (-Not $EventSource) -{ - $EventSource = "Powershell CLI" -} - -If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) -{ - New-EventLog -LogName Application -Source $EventSource -} - -# Detect PowerShell version. -If ($PSVersionTable.PSVersion.Major -lt 3) -{ - Write-Log "PowerShell version 3 or higher is required." - Throw "PowerShell version 3 or higher is required." -} - -# Find and start the WinRM service. -Write-Verbose "Verifying WinRM service." -If (!(Get-Service "WinRM")) -{ - Write-Log "Unable to find the WinRM service." - Throw "Unable to find the WinRM service." -} -ElseIf ((Get-Service "WinRM").Status -ne "Running") -{ - Write-Verbose "Setting WinRM service to start automatically on boot." - Set-Service -Name "WinRM" -StartupType Automatic - Write-Log "Set WinRM service to start automatically on boot." - Write-Verbose "Starting WinRM service." - Start-Service -Name "WinRM" -ErrorAction Stop - Write-Log "Started WinRM service." - -} - -# WinRM should be running; check that we have a PS session config. -If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) -{ - If ($SkipNetworkProfileCheck) { - Write-Verbose "Enabling PS Remoting without checking Network profile." - Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop - Write-Log "Enabled PS Remoting without checking Network profile." - } - Else { - Write-Verbose "Enabling PS Remoting." - Enable-PSRemoting -Force -ErrorAction Stop - Write-Log "Enabled PS Remoting." - } -} -Else -{ - Write-Verbose "PS Remoting is already enabled." -} - -# Make sure there is a SSL listener. -$listeners = Get-ChildItem WSMan:\localhost\Listener -If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) -{ - # We cannot use New-SelfSignedCertificate on 2012R2 and earlier - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - - # Create the hashtables of settings to be used. - $valueset = @{ - Hostname = $SubjectName - CertificateThumbprint = $thumbprint - } - - $selectorset = @{ - Transport = "HTTPS" - Address = "*" - } - - Write-Verbose "Enabling SSL listener." - New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset - Write-Log "Enabled SSL listener." -} -Else -{ - Write-Verbose "SSL listener is already active." - - # Force a new SSL cert on Listener if the $ForceNewSSLCert - If ($ForceNewSSLCert) - { - - # We cannot use New-SelfSignedCertificate on 2012R2 and earlier - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - - $valueset = @{ - CertificateThumbprint = $thumbprint - Hostname = $SubjectName - } - - # Delete the listener for SSL - $selectorset = @{ - Address = "*" - Transport = "HTTPS" - } - Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset - - # Add new Listener with new SSL cert - New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset - } -} - -# Check for basic authentication. -$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"} -If (($basicAuthSetting.Value) -eq $false) -{ - Write-Verbose "Enabling basic auth support." - Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true - Write-Log "Enabled basic auth support." -} -Else -{ - Write-Verbose "Basic auth is already enabled." -} - -# If EnableCredSSP if set to true -If ($EnableCredSSP) -{ - # Check for CredSSP authentication - $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "CredSSP"} - If (($credsspAuthSetting.Value) -eq $false) - { - Write-Verbose "Enabling CredSSP auth support." - Enable-WSManCredSSP -role server -Force - Write-Log "Enabled CredSSP auth support." - } -} - -# Configure firewall to allow WinRM HTTPS connections. -$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" -$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any -If ($fwtest1.count -lt 5) -{ - Write-Verbose "Adding firewall rule to allow WinRM HTTPS." - netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow - Write-Log "Added firewall rule to allow WinRM HTTPS." -} -ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) -{ - Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." - netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any - Write-Log "Updated firewall rule to allow WinRM HTTPS for any profile." -} -Else -{ - Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." -} - -# Test a remoting connection to localhost, which should work. -$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue -$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck - -$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue - -If ($httpResult -and $httpsResult) -{ - Write-Verbose "HTTP: Enabled | HTTPS: Enabled" -} -ElseIf ($httpsResult -and !$httpResult) -{ - Write-Verbose "HTTP: Disabled | HTTPS: Enabled" -} -ElseIf ($httpResult -and !$httpsResult) -{ - Write-Verbose "HTTP: Enabled | HTTPS: Disabled" -} -Else -{ - Write-Log "Unable to establish an HTTP or HTTPS remoting session." - Throw "Unable to establish an HTTP or HTTPS remoting session." -} -Write-VerboseLog "PS Remoting has been successfully configured for Ansible." diff --git a/Fedora/28/server/scripts/bootstrap.sh b/Fedora/28/server/scripts/bootstrap.sh deleted file mode 100755 index 167a6ee..0000000 --- a/Fedora/28/server/scripts/bootstrap.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Alpine -if [ -f /etc/alpine-release ]; then - sudo apk update && \ - sudo apk add python -fi - -# Arch -if [ -f /etc/arch-release ]; then - sudo pacman -Sy --noconfirm ca-certificates glibc libffi python \ - python-boto python-pyopenssl python-pip python-setuptools -fi - -# Debian/Ubuntu -if [ -f /etc/debian_version ]; then - test -e /usr/bin/python || (sudo apt-get update && sudo apt-get -y install python-minimal) -fi - -# RHEL -if [ -f /etc/redhat-release ]; then - if [ -f /etc/os-release ]; then - codename="$(gawk -F= '/^NAME/{print $2}' /etc/os-release)" - if [[ $codename == "Fedora" ]]; then - sudo dnf -y install python-devel python-dnf && \ - sudo dnf -y group install "C Development Tools and Libraries" - fi - fi -fi diff --git a/Fedora/28/server/scripts/cleanup.sh b/Fedora/28/server/scripts/cleanup.sh deleted file mode 100755 index a049429..0000000 --- a/Fedora/28/server/scripts/cleanup.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -vagrant destroy -f -if [ -d host_vars ]; then - rm -rf host_vars -fi -if [ -d .vagrant ]; then - rm -rf .vagrant -fi diff --git a/Ubuntu/bionic64/server/scripts b/Ubuntu/bionic64/server/scripts new file mode 120000 index 0000000..bbaa944 --- /dev/null +++ b/Ubuntu/bionic64/server/scripts @@ -0,0 +1 @@ +../../../scripts \ No newline at end of file diff --git a/Ubuntu/bionic64/server/scripts/ConfigureRemotingForAnsible.ps1 b/Ubuntu/bionic64/server/scripts/ConfigureRemotingForAnsible.ps1 deleted file mode 100644 index 3b2ddcd..0000000 --- a/Ubuntu/bionic64/server/scripts/ConfigureRemotingForAnsible.ps1 +++ /dev/null @@ -1,323 +0,0 @@ -#Requires -Version 3.0 - -# Configure a Windows host for remote management with Ansible -# ----------------------------------------------------------- -# -# This script checks the current WinRM (PS Remoting) configuration and makes -# the necessary changes to allow Ansible to connect, authenticate and -# execute PowerShell commands. -# -# All events are logged to the Windows EventLog, useful for unattended runs. -# -# Use option -Verbose in order to see the verbose output messages. -# -# Use option -CertValidityDays to specify how long this certificate is valid -# starting from today. So you would specify -CertValidityDays 3650 to get -# a 10-year valid certificate. -# -# Use option -ForceNewSSLCert if the system has been SysPreped and a new -# SSL Certificate must be forced on the WinRM Listener when re-running this -# script. This is necessary when a new SID and CN name is created. -# -# Use option -SkipNetworkProfileCheck to skip the network profile check. -# Without specifying this the script will only run if the device's interfaces -# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable -# WinRM on a device with an interface in PUBLIC zone. -# -# Use option -SubjectName to specify the CN name of the certificate. This -# defaults to the system's hostname and generally should not be specified. - -# Written by Trond Hindenes -# Updated by Chris Church -# Updated by Michael Crilly -# Updated by Anton Ouzounov -# Updated by Nicolas Simond -# Updated by Dag Wieërs -# Updated by Jordan Borean -# -# Version 1.0 - 2014-07-06 -# Version 1.1 - 2014-11-11 -# Version 1.2 - 2015-05-15 -# Version 1.3 - 2016-04-04 -# Version 1.4 - 2017-01-05 -# Version 1.5 - 2017-02-09 -# Version 1.6 - 2017-04-18 - -# Support -Verbose option -[CmdletBinding()] - -Param ( - [string]$SubjectName = $env:COMPUTERNAME, - [int]$CertValidityDays = 1095, - [switch]$SkipNetworkProfileCheck, - $CreateSelfSignedCert = $true, - [switch]$ForceNewSSLCert, - [switch]$EnableCredSSP -) - -Function Write-Log -{ - $Message = $args[0] - Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message -} - -Function Write-VerboseLog -{ - $Message = $args[0] - Write-Verbose $Message - Write-Log $Message -} - -Function Write-HostLog -{ - $Message = $args[0] - Write-Host $Message - Write-Log $Message -} - -Function New-LegacySelfSignedCert -{ - Param ( - [string]$SubjectName, - [int]$ValidDays = 1095 - ) - - $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" - $name.Encode("CN=$SubjectName", 0) - - $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" - $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider" - $key.KeySpec = 1 - $key.Length = 4096 - $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" - $key.MachineContext = 1 - $key.Create() - - $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" - $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") - $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" - $ekuoids.Add($serverauthoid) - $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" - $ekuext.InitializeEncode($ekuoids) - - $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" - $cert.InitializeFromPrivateKey(2, $key, "") - $cert.Subject = $name - $cert.Issuer = $cert.Subject - $cert.NotBefore = (Get-Date).AddDays(-1) - $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) - $cert.X509Extensions.Add($ekuext) - $cert.Encode() - - $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" - $enrollment.InitializeFromRequest($cert) - $certdata = $enrollment.CreateRequest(0) - $enrollment.InstallResponse(2, $certdata, 0, "") - - # extract/return the thumbprint from the generated cert - $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 - $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) - - return $parsed_cert.Thumbprint -} - -# Setup error handling. -Trap -{ - $_ - Exit 1 -} -$ErrorActionPreference = "Stop" - -# Get the ID and security principal of the current user account -$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() -$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) - -# Get the security principal for the Administrator role -$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator - -# Check to see if we are currently running "as Administrator" -if (-Not $myWindowsPrincipal.IsInRole($adminRole)) -{ - Write-Host "ERROR: You need elevated Administrator privileges in order to run this script." - Write-Host " Start Windows PowerShell by using the Run as Administrator option." - Exit 2 -} - -$EventSource = $MyInvocation.MyCommand.Name -If (-Not $EventSource) -{ - $EventSource = "Powershell CLI" -} - -If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) -{ - New-EventLog -LogName Application -Source $EventSource -} - -# Detect PowerShell version. -If ($PSVersionTable.PSVersion.Major -lt 3) -{ - Write-Log "PowerShell version 3 or higher is required." - Throw "PowerShell version 3 or higher is required." -} - -# Find and start the WinRM service. -Write-Verbose "Verifying WinRM service." -If (!(Get-Service "WinRM")) -{ - Write-Log "Unable to find the WinRM service." - Throw "Unable to find the WinRM service." -} -ElseIf ((Get-Service "WinRM").Status -ne "Running") -{ - Write-Verbose "Setting WinRM service to start automatically on boot." - Set-Service -Name "WinRM" -StartupType Automatic - Write-Log "Set WinRM service to start automatically on boot." - Write-Verbose "Starting WinRM service." - Start-Service -Name "WinRM" -ErrorAction Stop - Write-Log "Started WinRM service." - -} - -# WinRM should be running; check that we have a PS session config. -If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) -{ - If ($SkipNetworkProfileCheck) { - Write-Verbose "Enabling PS Remoting without checking Network profile." - Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop - Write-Log "Enabled PS Remoting without checking Network profile." - } - Else { - Write-Verbose "Enabling PS Remoting." - Enable-PSRemoting -Force -ErrorAction Stop - Write-Log "Enabled PS Remoting." - } -} -Else -{ - Write-Verbose "PS Remoting is already enabled." -} - -# Make sure there is a SSL listener. -$listeners = Get-ChildItem WSMan:\localhost\Listener -If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) -{ - # We cannot use New-SelfSignedCertificate on 2012R2 and earlier - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - - # Create the hashtables of settings to be used. - $valueset = @{ - Hostname = $SubjectName - CertificateThumbprint = $thumbprint - } - - $selectorset = @{ - Transport = "HTTPS" - Address = "*" - } - - Write-Verbose "Enabling SSL listener." - New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset - Write-Log "Enabled SSL listener." -} -Else -{ - Write-Verbose "SSL listener is already active." - - # Force a new SSL cert on Listener if the $ForceNewSSLCert - If ($ForceNewSSLCert) - { - - # We cannot use New-SelfSignedCertificate on 2012R2 and earlier - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - - $valueset = @{ - CertificateThumbprint = $thumbprint - Hostname = $SubjectName - } - - # Delete the listener for SSL - $selectorset = @{ - Address = "*" - Transport = "HTTPS" - } - Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset - - # Add new Listener with new SSL cert - New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset - } -} - -# Check for basic authentication. -$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"} -If (($basicAuthSetting.Value) -eq $false) -{ - Write-Verbose "Enabling basic auth support." - Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true - Write-Log "Enabled basic auth support." -} -Else -{ - Write-Verbose "Basic auth is already enabled." -} - -# If EnableCredSSP if set to true -If ($EnableCredSSP) -{ - # Check for CredSSP authentication - $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "CredSSP"} - If (($credsspAuthSetting.Value) -eq $false) - { - Write-Verbose "Enabling CredSSP auth support." - Enable-WSManCredSSP -role server -Force - Write-Log "Enabled CredSSP auth support." - } -} - -# Configure firewall to allow WinRM HTTPS connections. -$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" -$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any -If ($fwtest1.count -lt 5) -{ - Write-Verbose "Adding firewall rule to allow WinRM HTTPS." - netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow - Write-Log "Added firewall rule to allow WinRM HTTPS." -} -ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) -{ - Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." - netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any - Write-Log "Updated firewall rule to allow WinRM HTTPS for any profile." -} -Else -{ - Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." -} - -# Test a remoting connection to localhost, which should work. -$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue -$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck - -$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue - -If ($httpResult -and $httpsResult) -{ - Write-Verbose "HTTP: Enabled | HTTPS: Enabled" -} -ElseIf ($httpsResult -and !$httpResult) -{ - Write-Verbose "HTTP: Disabled | HTTPS: Enabled" -} -ElseIf ($httpResult -and !$httpsResult) -{ - Write-Verbose "HTTP: Enabled | HTTPS: Disabled" -} -Else -{ - Write-Log "Unable to establish an HTTP or HTTPS remoting session." - Throw "Unable to establish an HTTP or HTTPS remoting session." -} -Write-VerboseLog "PS Remoting has been successfully configured for Ansible." diff --git a/Ubuntu/bionic64/server/scripts/bootstrap.sh b/Ubuntu/bionic64/server/scripts/bootstrap.sh deleted file mode 100755 index 167a6ee..0000000 --- a/Ubuntu/bionic64/server/scripts/bootstrap.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Alpine -if [ -f /etc/alpine-release ]; then - sudo apk update && \ - sudo apk add python -fi - -# Arch -if [ -f /etc/arch-release ]; then - sudo pacman -Sy --noconfirm ca-certificates glibc libffi python \ - python-boto python-pyopenssl python-pip python-setuptools -fi - -# Debian/Ubuntu -if [ -f /etc/debian_version ]; then - test -e /usr/bin/python || (sudo apt-get update && sudo apt-get -y install python-minimal) -fi - -# RHEL -if [ -f /etc/redhat-release ]; then - if [ -f /etc/os-release ]; then - codename="$(gawk -F= '/^NAME/{print $2}' /etc/os-release)" - if [[ $codename == "Fedora" ]]; then - sudo dnf -y install python-devel python-dnf && \ - sudo dnf -y group install "C Development Tools and Libraries" - fi - fi -fi diff --git a/Ubuntu/bionic64/server/scripts/cleanup.sh b/Ubuntu/bionic64/server/scripts/cleanup.sh deleted file mode 100755 index a049429..0000000 --- a/Ubuntu/bionic64/server/scripts/cleanup.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -vagrant destroy -f -if [ -d host_vars ]; then - rm -rf host_vars -fi -if [ -d .vagrant ]; then - rm -rf .vagrant -fi