# Run on command line with -e for override variables or from Cloudforms with parameters, use comma delimiter when specifing multiple users: # # command line run with no email (not via cloudforms) # # ansible-playbook adgroup.yml -e 'groupmembers="tseed,swright" \ # group=Project \ # perform=delete \ # ad_host=WIN-1JE0R5GCBSG.NETAPPSIM.LOCAL \ # ad_user="administrator@NETAPPSIM.LOCAL" \ # ad_pass="Password0" \ # from_email=tseed@ocf.co.uk \ # enable_requester_email=false \ # enable_customer_email=false \ # api_user=dummy \ # api_pass=dummy' # # command line run with email and non default customer email templates (not via cloudforms) # # ansible-playbook adgroup.yml -e 'groupmembers="tseed,swright" \ # group=Project \ # perform=delete \ # ad_host=WIN-1JE0R5GCBSG.NETAPPSIM.LOCAL \ # ad_user=administrator \ # ad_pass="Password0" \ # from_email="noreply@cloudforms" \ # enable_requester_email=true \ # enable_customer_email=true \ # smtp_relay=192.168.101.240 \ # smtp_port=25 \ # template_prefix=transcription \ # requester_email=tseed@ocf.co.uk \ # api_user=dummy \ # api_pass=dummy' # # command line run with email, non default customer email templates, a single groupmember and spoof self service mode enabled (replicate cloudforms provisioning for the requester) # this will disable the enable_requester_email # # ansible-playbook adgroup.yml -e 'groupmembers="tseed" \ # group=Project \ # perform=delete \ # ad_host=WIN-1JE0R5GCBSG.NETAPPSIM.LOCAL \ # ad_user=administrator \ # ad_pass="Password0" \ # from_email="noreply@cloudforms" \ # enable_requester_email=true \ # enable_customer_email=true \ # smtp_relay=192.168.101.240 \ # smtp_port=25 \ # template_prefix=transcription \ # requester_email=tseed@ocf.co.uk \ # api_user=dummy \ # api_pass=dummy \ # spoof_self_service=true' # # requester email templates are prefixed mail-, customer email templates customer-, customer emails are in html format # customers will only recieve an add/remove email when this action has been performed upon their account # when template_prefix is omitted the value is set to default and default email templates used, in this scenario customer emails are not sent disregarding the parameter enable_customer_email # # variables are evaluated for the term 'placeholder', when found the playbook will exit # variables when evaluated for the term 'placeholder' have their output supressed to ensure the cloudforms log doesnt include sensitive parameters such as passwords # to assist with debug pass an optional paramter of 'suppress_vars_output=false' # --- # variables to create in-memory inventory of the AD server, notice these variables are in the winrm format that would be under the entry [:vars] for an inventory file # these variables can also be passed with as parameters by cloudforms and will override any instances in this file ( cloudforms uses ansible --extra-vars) # any variables set as 'placeholder' must be passed as parameters at runtime else exit # ad_host: placeholder # active directory server, when using kerberos (with requisite resolv.conf entry) this must be a fqdn ad_user: placeholder # AD service account capable of manipulating group membership ad_pass: "placeholder" # AD service account password ad_connection: winrm ad_winrm_transport: kerberos ad_winrm_kinit_mode: managed # allow ansible to manage own kerberos token, SSSD manages when set to manual ad_winrm_message_encryption: auto # can be set to always, depends on ad server profile ad_port: 5986 # 5985/http for non https transport, UON on-prem use 5986/https ad_winrm_scheme: https # UON on-prem use 5986/https ad_winrm_server_cert_validation: ignore # set to false for task "Fail Where Requisite Vars Not Set" to output all variables to assist debug suppress_vars_output: true # control email recipients enable_requester_email: false enable_customer_email: false # control self service mode, this is to replicate cloudforms bahaviour where the requester populates the groupmembers parameter only with itself # this mode effectively disables status emails even if enable_requester_email: true is passed as a parameter spoof_self_service: false # smtp server smtp_relay: smtp.nottingham.ac.uk smtp_port: 25 # email template path, this value changes the template path to ./templates// , the value is set to default when not specified as a parameter in cloudforms # default templates list all usable variables that maybe used in a template # when changing the prefix, ensure a matching folder name exists in the templates folder containing file; mail-add.j2, mail-invalid.j2, mail-nochange.j2, mail-remove.j2 template_prefix: "default" # mandatory parameters for actions and targets perform: placeholder # should be "create" or "delete" groupmembers: placeholder # users or groups to be added into group, this is a comma separated list, single entries are converted to a list with a single item group: placeholder # group, single group accepted from_email: placeholder # should be a service account address such as donotreply@nottingham.ac.uk # Cloudforms API api_user: placeholder api_pass: placeholder # groups for use in UON tiles # UI-Transcription-Live # UI-High-Performance-Windows