112 lines
5.1 KiB
YAML
Executable File
112 lines
5.1 KiB
YAML
Executable File
# Run on command line with -e for override variables or from Cloudforms with parameters, use comma delimiter when specifing multiple users:
|
|
#
|
|
# command line run with no email (not via cloudforms)
|
|
#
|
|
# ansible-playbook adgroup.yml -e 'groupmembers="tseed,swright" \
|
|
# group=Project \
|
|
# perform=delete \
|
|
# ad_host=WIN-1JE0R5GCBSG.NETAPPSIM.LOCAL \
|
|
# ad_user="administrator@NETAPPSIM.LOCAL" \
|
|
# ad_pass="Password0" \
|
|
# from_email=tseed@ocf.co.uk \
|
|
# enable_requester_email=false \
|
|
# enable_customer_email=false \
|
|
# api_user=dummy \
|
|
# api_pass=dummy'
|
|
#
|
|
# command line run with email and non default customer email templates (not via cloudforms)
|
|
#
|
|
# ansible-playbook adgroup.yml -e 'groupmembers="tseed,swright" \
|
|
# group=Project \
|
|
# perform=delete \
|
|
# ad_host=WIN-1JE0R5GCBSG.NETAPPSIM.LOCAL \
|
|
# ad_user=administrator \
|
|
# ad_pass="Password0" \
|
|
# from_email="noreply@cloudforms" \
|
|
# enable_requester_email=true \
|
|
# enable_customer_email=true \
|
|
# smtp_relay=192.168.101.240 \
|
|
# smtp_port=25 \
|
|
# template_prefix=transcription \
|
|
# requester_email=tseed@ocf.co.uk \
|
|
# api_user=dummy \
|
|
# api_pass=dummy'
|
|
#
|
|
# command line run with email, non default customer email templates, a single groupmember and spoof self service mode enabled (replicate cloudforms provisioning for the requester)
|
|
# this will disable the enable_requester_email
|
|
#
|
|
# ansible-playbook adgroup.yml -e 'groupmembers="tseed" \
|
|
# group=Project \
|
|
# perform=delete \
|
|
# ad_host=WIN-1JE0R5GCBSG.NETAPPSIM.LOCAL \
|
|
# ad_user=administrator \
|
|
# ad_pass="Password0" \
|
|
# from_email="noreply@cloudforms" \
|
|
# enable_requester_email=true \
|
|
# enable_customer_email=true \
|
|
# smtp_relay=192.168.101.240 \
|
|
# smtp_port=25 \
|
|
# template_prefix=transcription \
|
|
# requester_email=tseed@ocf.co.uk \
|
|
# api_user=dummy \
|
|
# api_pass=dummy \
|
|
# spoof_self_service=true'
|
|
#
|
|
# requester email templates are prefixed mail-, customer email templates customer-, customer emails are in html format
|
|
# customers will only recieve an add/remove email when this action has been performed upon their account
|
|
# when template_prefix is omitted the value is set to default and default email templates used, in this scenario customer emails are not sent disregarding the parameter enable_customer_email
|
|
#
|
|
# variables are evaluated for the term 'placeholder', when found the playbook will exit
|
|
# variables when evaluated for the term 'placeholder' have their output supressed to ensure the cloudforms log doesnt include sensitive parameters such as passwords
|
|
# to assist with debug pass an optional paramter of 'suppress_vars_output=false'
|
|
#
|
|
---
|
|
# variables to create in-memory inventory of the AD server, notice these variables are in the winrm format that would be under the entry [<hostgroup>:vars] for an inventory file
|
|
# these variables can also be passed with as parameters by cloudforms and will override any instances in this file ( cloudforms uses ansible --extra-vars)
|
|
# any variables set as 'placeholder' must be passed as parameters at runtime else exit
|
|
#
|
|
ad_host: placeholder # active directory server, when using kerberos (with requisite resolv.conf entry) this must be a fqdn
|
|
ad_user: placeholder # AD service account capable of manipulating group membership
|
|
ad_pass: "placeholder" # AD service account password
|
|
ad_connection: winrm
|
|
ad_winrm_transport: kerberos
|
|
ad_winrm_kinit_mode: managed # allow ansible to manage own kerberos token, SSSD manages when set to manual
|
|
ad_winrm_message_encryption: auto # can be set to always, depends on ad server profile
|
|
ad_port: 5986 # 5985/http for non https transport, UON on-prem use 5986/https
|
|
ad_winrm_scheme: https # UON on-prem use 5986/https
|
|
ad_winrm_server_cert_validation: ignore
|
|
|
|
# set to false for task "Fail Where Requisite Vars Not Set" to output all variables to assist debug
|
|
suppress_vars_output: true
|
|
|
|
# control email recipients
|
|
enable_requester_email: false
|
|
enable_customer_email: false
|
|
|
|
# control self service mode, this is to replicate cloudforms bahaviour where the requester populates the groupmembers parameter only with itself
|
|
# this mode effectively disables status emails even if enable_requester_email: true is passed as a parameter
|
|
spoof_self_service: false
|
|
|
|
# smtp server
|
|
smtp_relay: smtp.nottingham.ac.uk
|
|
smtp_port: 25
|
|
|
|
# email template path, this value changes the template path to ./templates/<value>/ , the value is set to default when not specified as a parameter in cloudforms
|
|
# default templates list all usable variables that maybe used in a template
|
|
# when changing the prefix, ensure a matching folder name exists in the templates folder containing file; mail-add.j2, mail-invalid.j2, mail-nochange.j2, mail-remove.j2
|
|
template_prefix: "default"
|
|
|
|
# mandatory parameters for actions and targets
|
|
perform: placeholder # should be "create" or "delete"
|
|
groupmembers: placeholder # users or groups to be added into group, this is a comma separated list, single entries are converted to a list with a single item
|
|
group: placeholder # group, single group accepted
|
|
from_email: placeholder # should be a service account address such as donotreply@nottingham.ac.uk
|
|
|
|
# Cloudforms API
|
|
api_user: placeholder
|
|
api_pass: placeholder
|
|
|
|
# groups for use in UON tiles
|
|
# UI-Transcription-Live
|
|
# UI-High-Performance-Windows
|