Merge "Add Active Directory app"
This commit is contained in:
commit
124c8cb518
68
Windows/ActiveDirectory/package/Classes/ActiveDirectory.yaml
Normal file
68
Windows/ActiveDirectory/package/Classes/ActiveDirectory.yaml
Normal file
@ -0,0 +1,68 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Namespaces:
|
||||
=: io.murano.apps.activeDirectory
|
||||
std: io.murano
|
||||
sys: io.murano.system
|
||||
|
||||
Name: ActiveDirectory
|
||||
|
||||
Extends: std:Application
|
||||
|
||||
Properties:
|
||||
name:
|
||||
Contract: $.string().notNull()
|
||||
|
||||
primaryController:
|
||||
Contract: $.class(PrimaryController).notNull()
|
||||
|
||||
secondaryControllers:
|
||||
Contract: [$.class(SecondaryController).notNull()]
|
||||
|
||||
adminAccountName:
|
||||
Contract: $.string().notNull()
|
||||
Default: Administrator
|
||||
|
||||
adminPassword:
|
||||
Contract: $.string().notNull()
|
||||
Default: P@ssw0rd
|
||||
|
||||
Methods:
|
||||
initialize:
|
||||
Body:
|
||||
- $._environment: $.find(std:Environment).require()
|
||||
|
||||
deploy:
|
||||
Body:
|
||||
- $.resources: new(sys:Resources)
|
||||
- If: $.getAttr(domainDeployed, false)
|
||||
Then:
|
||||
- Return:
|
||||
- $._environment.reporter.report($this, 'Starting Active Directory deployment')
|
||||
- $securityGroupIngress: $.resources.json('DomainSecurity.json')
|
||||
- $._environment.securityGroupManager.addGroupIngress($securityGroupIngress)
|
||||
|
||||
|
||||
- $.primaryController.deploy()
|
||||
- $.secondaryControllers.pselect($.deploy())
|
||||
|
||||
- $.setAttr(domainDeployed, true)
|
||||
- $._environment.reporter.report($this, 'MS Active Directory is deployed')
|
||||
- $.reportDeployed(title => 'MS Active Directory',
|
||||
unitCount => len(secondaryControllers) + 1)
|
||||
- $.setAttr(domainDeployed, false)
|
||||
|
||||
destroy:
|
||||
Body:
|
||||
- $.reportDestroyed()
|
||||
- $.setAttr(domainDeployed, false)
|
28
Windows/ActiveDirectory/package/Classes/Controller.yaml
Normal file
28
Windows/ActiveDirectory/package/Classes/Controller.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Namespaces:
|
||||
=: io.murano.apps.activeDirectory
|
||||
|
||||
Name: Controller
|
||||
|
||||
Properties:
|
||||
host:
|
||||
Contract: $.class(Host).notNull()
|
||||
|
||||
recoveryPassword:
|
||||
Contract: $.string().notNull()
|
||||
Default: P@ssw0rd
|
||||
|
||||
Methods:
|
||||
deploy:
|
||||
Body: $.host.deploy()
|
46
Windows/ActiveDirectory/package/Classes/DomainHost.yaml
Normal file
46
Windows/ActiveDirectory/package/Classes/DomainHost.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Namespaces:
|
||||
=: io.murano.apps.activeDirectory
|
||||
std: io.murano
|
||||
|
||||
Name: DomainHost
|
||||
|
||||
Extends: Host
|
||||
|
||||
Properties:
|
||||
domain:
|
||||
Contract: $.class(ActiveDirectory)
|
||||
|
||||
Methods:
|
||||
initialize:
|
||||
Body:
|
||||
- $._environment: $.find(std:Environment).require()
|
||||
|
||||
deploy:
|
||||
Arguments:
|
||||
Body:
|
||||
# If domain object exists, deploy ActiveDirectory first
|
||||
- If: $.domain != null
|
||||
Then:
|
||||
- $._environment.reporter.report($this, format('Deploying domain host'))
|
||||
- $.domain.deploy()
|
||||
|
||||
# Deploy this host
|
||||
- $.super($.deploy())
|
||||
|
||||
# If domain object exists, join domain
|
||||
- If: $.domain != null
|
||||
Then:
|
||||
# Workaround against broken ResourceManager:
|
||||
- $.super($.joinDomain($this.domain))
|
75
Windows/ActiveDirectory/package/Classes/Host.yaml
Normal file
75
Windows/ActiveDirectory/package/Classes/Host.yaml
Normal file
@ -0,0 +1,75 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Namespaces:
|
||||
=: io.murano.apps.activeDirectory
|
||||
res: io.murano.resources
|
||||
std: io.murano
|
||||
sys: io.murano.system
|
||||
|
||||
Name: Host
|
||||
|
||||
Extends: res:WindowsInstance
|
||||
|
||||
Properties:
|
||||
adminAccountName:
|
||||
Contract: $.string().notNull()
|
||||
Default: Administrator
|
||||
|
||||
adminPassword:
|
||||
Contract: $.string().notNull()
|
||||
|
||||
Methods:
|
||||
initialize:
|
||||
Body:
|
||||
- $._environment: $.find(std:Environment).require()
|
||||
|
||||
deploy:
|
||||
Body:
|
||||
- $.super($.deploy())
|
||||
|
||||
# Deploy host only once
|
||||
- If: $.getAttr(hostDeployed, false)
|
||||
Then:
|
||||
- Return:
|
||||
- $._environment.reporter.report($this, 'Setting up password')
|
||||
- $resources: new(sys:Resources)
|
||||
- $template: $resources.json('SetPassword.template').bind(dict(
|
||||
adminPassword => $.adminPassword
|
||||
))
|
||||
- $.agent.send($template, $resources)
|
||||
|
||||
- $.setAttr(hostDeployed, true)
|
||||
|
||||
joinDomain:
|
||||
Arguments:
|
||||
- domain:
|
||||
Contract: $.class(ActiveDirectory).notNull()
|
||||
Body:
|
||||
|
||||
# Join domain only once
|
||||
- If: $.getAttr(hostIsDomainMember, false)
|
||||
Then:
|
||||
- Return:
|
||||
|
||||
- $resources: new(sys:Resources)
|
||||
- $._environment.reporter.report($this, format('Joining host to {0} domain', $domain.name))
|
||||
- $template: $resources.json('JoinDomain.template').bind(dict(
|
||||
domain => $domain.name,
|
||||
domainUser => $domain.adminAccountName,
|
||||
domainPassword => $domain.adminPassword,
|
||||
ouPath => '',
|
||||
dnsIp => $domain.primaryController.dnsIp
|
||||
))
|
||||
- $.agent.call($template, $resources, 1800)
|
||||
|
||||
- $.setAttr(hostIsDomainMember, true)
|
@ -0,0 +1,49 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Namespaces:
|
||||
=: io.murano.apps.activeDirectory
|
||||
std: io.murano
|
||||
sys: io.murano.system
|
||||
|
||||
Name: PrimaryController
|
||||
|
||||
Extends: Controller
|
||||
|
||||
Properties:
|
||||
|
||||
dnsIp:
|
||||
Contract: $.string()
|
||||
Usage: Out
|
||||
|
||||
Methods:
|
||||
initialize:
|
||||
Body:
|
||||
- $._domain: $.find(ActiveDirectory).require()
|
||||
- $._environment: $.find(std:Environment).require()
|
||||
|
||||
deploy:
|
||||
Arguments:
|
||||
Body:
|
||||
- $._environment.reporter.report($this, format('Creating VM for Primary Controller for {0} domain', $._domain.name))
|
||||
- $.super($.deploy())
|
||||
- $resources: new(sys:Resources)
|
||||
- $._environment.reporter.report($this, 'Configuring Primary Controller')
|
||||
- $template: $resources.json('CreatePrimaryDC.template').bind(dict(
|
||||
domain => $._domain.name,
|
||||
recoveryPassword => $.recoveryPassword
|
||||
))
|
||||
- $.host.agent.call($template, $resources, 1800)
|
||||
- $._environment.reporter.report($this, 'Defining DNS listener IP')
|
||||
- $template: $resources.json('AskDnsIp.template')
|
||||
- $.dnsIp: $.host.agent.call($template, $resources)[0]
|
||||
- $._environment.reporter.report($this, format('DNS listener IP is {0}', $.dnsIp))
|
@ -0,0 +1,42 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Namespaces:
|
||||
=: io.murano.apps.activeDirectory
|
||||
std: io.murano
|
||||
sys: io.murano.system
|
||||
|
||||
Name: SecondaryController
|
||||
|
||||
Extends: Controller
|
||||
|
||||
Methods:
|
||||
initialize:
|
||||
Body:
|
||||
- $.super($.initialize())
|
||||
- $.domain: $.find(ActiveDirectory).require()
|
||||
- $._environment: $.find(std:Environment).require()
|
||||
|
||||
deploy:
|
||||
Body:
|
||||
- $._environment.reporter.report($this, 'Creating VM for Secondary Controller')
|
||||
- $.super($.deploy())
|
||||
- $.host.joinDomain($.domain)
|
||||
- $resources: new(sys:Resources)
|
||||
- $._environment.reporter.report($this, 'Configuring Secondary Controller in')
|
||||
- $template: $resources.json('CreateSecondaryDC.template').bind(dict(
|
||||
domain => $.domain.name,
|
||||
recoveryPassword => $.recoveryPassword,
|
||||
domainAccountName => $.domain.adminAccountName,
|
||||
domainPassword => $.domain.adminPassword
|
||||
))
|
||||
- $.host.agent.call($template, $resources, 1800)
|
12
Windows/ActiveDirectory/package/Resources/AskDnsIp.template
Normal file
12
Windows/ActiveDirectory/package/Resources/AskDnsIp.template
Normal file
@ -0,0 +1,12 @@
|
||||
{
|
||||
"Scripts": [
|
||||
"Get-DnsListeningIpAddress.ps1"
|
||||
],
|
||||
"Commands": [
|
||||
{
|
||||
"Name": "Get-DnsListeningIpAddress",
|
||||
"Arguments": {}
|
||||
}
|
||||
],
|
||||
"RebootOnCompletion": 0
|
||||
}
|
@ -0,0 +1,16 @@
|
||||
{
|
||||
"Scripts": [
|
||||
"ImportCoreFunctions.ps1",
|
||||
"Install-RolePrimaryDomainController.ps1"
|
||||
],
|
||||
"Commands": [
|
||||
{
|
||||
"Name": "Install-RolePrimaryDomainController",
|
||||
"Arguments": {
|
||||
"DomainName": "$domain",
|
||||
"SafeModePassword": "$recoveryPassword"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RebootOnCompletion": 1
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
{
|
||||
"Scripts": [
|
||||
"ImportCoreFunctions.ps1",
|
||||
"Install-RoleSecondaryDomainController.ps1"
|
||||
],
|
||||
"Commands": [
|
||||
{
|
||||
"Name": "Install-RoleSecondaryDomainController",
|
||||
"Arguments": {
|
||||
"DomainName": "$domain",
|
||||
"UserName": "$domainAccountName",
|
||||
"Password": "$domainPassword",
|
||||
"SafeModePassword": "$recoveryPassword"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RebootOnCompletion": 1
|
||||
}
|
134
Windows/ActiveDirectory/package/Resources/DomainSecurity.json
Normal file
134
Windows/ActiveDirectory/package/Resources/DomainSecurity.json
Normal file
@ -0,0 +1,134 @@
|
||||
[
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "25",
|
||||
"ToPort": "25",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "53",
|
||||
"ToPort": "53",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "53",
|
||||
"ToPort": "53",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "88",
|
||||
"ToPort": "88",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "88",
|
||||
"ToPort": "88",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "123",
|
||||
"ToPort": "123",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "135",
|
||||
"ToPort": "135",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "137",
|
||||
"ToPort": "137",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "138",
|
||||
"ToPort": "138",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "445",
|
||||
"ToPort": "445",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "445",
|
||||
"ToPort": "445",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "464",
|
||||
"ToPort": "464",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "464",
|
||||
"ToPort": "464",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "389",
|
||||
"ToPort": "389",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "389",
|
||||
"ToPort": "389",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "636",
|
||||
"ToPort": "636",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "3268",
|
||||
"ToPort": "3268",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "3269",
|
||||
"ToPort": "3269",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "5722",
|
||||
"ToPort": "5722",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "9389",
|
||||
"ToPort": "9389",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "49152",
|
||||
"ToPort": "65535",
|
||||
"External": false
|
||||
},
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "49152",
|
||||
"ToPort": "65535",
|
||||
"External": false
|
||||
}
|
||||
]
|
@ -0,0 +1,25 @@
|
||||
{
|
||||
"Scripts": [
|
||||
"ImportCoreFunctions.ps1",
|
||||
"Join-Domain.ps1"
|
||||
],
|
||||
"Commands": [
|
||||
{
|
||||
"Name": "Set-NetworkAdapterConfiguration",
|
||||
"Arguments": {
|
||||
"FirstAvailable": true,
|
||||
"DNSServer": "$dnsIp"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "Join-Domain",
|
||||
"Arguments": {
|
||||
"Username": "$domainUser",
|
||||
"Password": "$domainPassword",
|
||||
"DomainName": "$domain",
|
||||
"OUPath": "$ouPath"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RebootOnCompletion": 1
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
{
|
||||
"Scripts": [
|
||||
"ImportCoreFunctions.ps1",
|
||||
"Set-LocalUserPassword.ps1"
|
||||
],
|
||||
"Commands": [
|
||||
{
|
||||
"Name": "Set-LocalUserPassword",
|
||||
"Arguments": {
|
||||
"UserName": "Administrator",
|
||||
"Password": "$adminPassword",
|
||||
"Force": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"RebootOnCompletion": 0
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
|
||||
function Get-DnsListeningIpAddress {
|
||||
Import-Module DnsServer
|
||||
|
||||
(Get-DNSServer -ComputerName localhost).ServerSetting.ListeningIpAddress |
|
||||
Where-Object { $_ -match "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" }
|
||||
}
|
@ -0,0 +1,68 @@
|
||||
|
||||
Import-Module CoreFunctions -Force
|
||||
Initialize-Logger 'MuranoAgent' 'C:\Murano\PowerShell.log'
|
||||
|
||||
|
||||
function Show-InvocationInfo {
|
||||
param (
|
||||
$Invocation,
|
||||
[Switch] $End
|
||||
)
|
||||
|
||||
if ($End) {
|
||||
Write-LogDebug "</function name='$($Invocation.MyCommand.Name)'>"
|
||||
}
|
||||
else {
|
||||
Write-LogDebug "<function name='$($Invocation.MyCommand.Name)'>"
|
||||
Write-LogDebug "<param>"
|
||||
foreach ($Parameter in $Invocation.MyCommand.Parameters) {
|
||||
foreach ($Key in $Parameter.Keys) {
|
||||
$Type = $Parameter[$Key].ParameterType.FullName
|
||||
foreach ($Value in $Invocation.BoundParameters[$Key]) {
|
||||
Write-LogDebug "[$Type] $Key = '$Value'"
|
||||
}
|
||||
}
|
||||
}
|
||||
Write-LogDebug "</param>"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$TrapHandler = {
|
||||
Write-LogError "<exception>"
|
||||
Write-LogError $_ -EntireObject
|
||||
Write-LogError "</exception>"
|
||||
break
|
||||
}
|
||||
|
||||
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
|
||||
|
||||
<#
|
||||
# Usage example for Show-InvocationInfo
|
||||
|
||||
function MyFunction {
|
||||
param (
|
||||
[String] $Value1,
|
||||
[String] $Value2,
|
||||
[Int] $Int1
|
||||
)
|
||||
begin {
|
||||
Show-InvocationInfo $MyInvocation
|
||||
}
|
||||
end {
|
||||
Show-InvocationInfo $MyInvocation -End
|
||||
}
|
||||
process {
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
# Main code here
|
||||
}
|
||||
}
|
||||
#>
|
@ -0,0 +1,43 @@
|
||||
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
|
||||
Function Install-RolePrimaryDomainController {
|
||||
param (
|
||||
[String] $DomainName,
|
||||
[String] $SafeModePassword
|
||||
)
|
||||
begin {
|
||||
Show-InvocationInfo $MyInvocation
|
||||
}
|
||||
end {
|
||||
Show-InvocationInfo $MyInvocation -End
|
||||
}
|
||||
process {
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
Add-WindowsFeatureWrapper `
|
||||
-Name "DNS","AD-Domain-Services","RSAT-DFS-Mgmt-Con" `
|
||||
-IncludeManagementTools `
|
||||
-NotifyRestart
|
||||
|
||||
Write-Log "Creating first domain controller ..."
|
||||
|
||||
$SMAP = ConvertTo-SecureString -String $SafeModePassword -AsPlainText -Force
|
||||
|
||||
$null = Install-ADDSForest `
|
||||
-DomainName $DomainName `
|
||||
-SafeModeAdministratorPassword $SMAP `
|
||||
-DomainMode Default `
|
||||
-ForestMode Default `
|
||||
-NoRebootOnCompletion `
|
||||
-Force
|
||||
|
||||
Write-Log "Waiting 60 seconds for reboot ..."
|
||||
Start-Sleep -Seconds 60
|
||||
}
|
||||
}
|
@ -0,0 +1,69 @@
|
||||
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
|
||||
Function Install-RoleSecondaryDomainController
|
||||
{
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Install additional (secondary) domain controller.
|
||||
|
||||
#>
|
||||
param
|
||||
(
|
||||
[String]
|
||||
# Domain name to join to.
|
||||
$DomainName,
|
||||
|
||||
[String]
|
||||
# Domain user who is allowed to join computer to domain.
|
||||
$UserName,
|
||||
|
||||
[String]
|
||||
# User's password.
|
||||
$Password,
|
||||
|
||||
[String]
|
||||
# Domain controller recovery mode password.
|
||||
$SafeModePassword
|
||||
)
|
||||
begin {
|
||||
Show-InvocationInfo $MyInvocation
|
||||
}
|
||||
end {
|
||||
Show-InvocationInfo $MyInvocation -End
|
||||
}
|
||||
process {
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
$Credential = New-Credential -UserName "$DomainName\$UserName" -Password $Password
|
||||
|
||||
# Add required windows features
|
||||
Add-WindowsFeatureWrapper `
|
||||
-Name "DNS","AD-Domain-Services","RSAT-DFS-Mgmt-Con" `
|
||||
-IncludeManagementTools `
|
||||
-NotifyRestart
|
||||
|
||||
|
||||
Write-Log "Adding secondary domain controller ..."
|
||||
|
||||
$SMAP = ConvertTo-SecureString -String $SafeModePassword -AsPlainText -Force
|
||||
|
||||
Install-ADDSDomainController `
|
||||
-DomainName $DomainName `
|
||||
-SafeModeAdministratorPassword $SMAP `
|
||||
-Credential $Credential `
|
||||
-NoRebootOnCompletion `
|
||||
-Force `
|
||||
-ErrorAction Stop | Out-Null
|
||||
|
||||
Write-Log "Waiting for restart ..."
|
||||
# Stop-Execution -ExitCode 3010 -ExitString "Computer must be restarted to finish domain controller promotion."
|
||||
# Write-Log "Restarting computer ..."
|
||||
# Restart-Computer -Force
|
||||
}
|
||||
}
|
@ -0,0 +1,67 @@
|
||||
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
|
||||
Function Join-Domain {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Executes "Join domain" action.
|
||||
|
||||
Requires 'CoreFunctions' module
|
||||
#>
|
||||
param (
|
||||
[String] $DomainName = '',
|
||||
[String] $UserName = '',
|
||||
[String] $Password = '',
|
||||
[String] $OUPath = '',
|
||||
[Switch] $AllowRestart
|
||||
)
|
||||
begin {
|
||||
Show-InvocationInfo $MyInvocation
|
||||
}
|
||||
end {
|
||||
Show-InvocationInfo $MyInvocation -End
|
||||
}
|
||||
process {
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
if ($UserName -eq '') {
|
||||
$UserName = 'Administrator'
|
||||
}
|
||||
|
||||
$Credential = New-Credential -UserName "$DomainName\$UserName" -Password $Password
|
||||
|
||||
|
||||
if (Test-ComputerName -DomainName $DomainName -ErrorAction 'SilentlyContinue') {
|
||||
Write-LogWarning "Computer already joined to domain '$DomainName'"
|
||||
}
|
||||
else {
|
||||
Write-Log "Joining computer to domain '$DomainName' ..."
|
||||
|
||||
if ($OUPath -eq '') {
|
||||
Add-Computer -DomainName $DomainName -Credential $Credential -Force
|
||||
}
|
||||
else {
|
||||
Add-Computer -DomainName $DomainName -Credential $Credential -OUPath $OUPath -Force
|
||||
}
|
||||
|
||||
$null = Exec 'ipconfig' @('/registerdns') -RedirectStreams
|
||||
|
||||
Write-Log "Waiting 30 seconds to restart ..."
|
||||
Start-Sleep -Seconds 30
|
||||
<#
|
||||
if ($AllowRestart) {
|
||||
Write-Log "Restarting computer ..."
|
||||
Restart-Computer -Force
|
||||
}
|
||||
else {
|
||||
Write-Log "Please restart the computer now."
|
||||
}
|
||||
#>
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,37 @@
|
||||
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
|
||||
Function Set-LocalUserPassword {
|
||||
param (
|
||||
[String] $UserName,
|
||||
[String] $Password,
|
||||
[Switch] $Force
|
||||
)
|
||||
begin {
|
||||
Show-InvocationInfo $MyInvocation
|
||||
}
|
||||
end {
|
||||
Show-InvocationInfo $MyInvocation -End
|
||||
}
|
||||
process {
|
||||
trap {
|
||||
&$TrapHandler
|
||||
}
|
||||
|
||||
if ((Get-WmiObject Win32_UserAccount -Filter "LocalAccount = 'True' AND Name='$UserName'") -eq $null) {
|
||||
throw "Unable to find local user account '$UserName'"
|
||||
}
|
||||
|
||||
if ($Force) {
|
||||
Write-Log "Changing password for user '$UserName' to '*****'" # :)
|
||||
$null = ([ADSI] "WinNT://./$UserName").SetPassword($Password)
|
||||
}
|
||||
else {
|
||||
Write-LogWarning "You are trying to change password for user '$UserName'. To do this please run the command again with -Force parameter."
|
||||
}
|
||||
}
|
||||
}
|
||||
|
181
Windows/ActiveDirectory/package/UI/ui.yaml
Normal file
181
Windows/ActiveDirectory/package/UI/ui.yaml
Normal file
@ -0,0 +1,181 @@
|
||||
Version: 2
|
||||
|
||||
Templates:
|
||||
primaryController:
|
||||
?:
|
||||
type: io.murano.apps.activeDirectory.PrimaryController
|
||||
host:
|
||||
?:
|
||||
type: io.murano.apps.activeDirectory.Host
|
||||
adminPassword: $.appConfiguration.adminPassword
|
||||
name: generateHostname($.appConfiguration.unitNamingPattern, 1)
|
||||
flavor: $.instanceConfiguration.flavor
|
||||
image: $.instanceConfiguration.osImage
|
||||
availabilityZone: $.instanceConfiguration.availabilityZone
|
||||
keyname: $.instanceConfiguration.keyPair
|
||||
assignFloatingIp: $.appConfiguration.assignFloatingIP
|
||||
|
||||
secondaryController:
|
||||
?:
|
||||
type: io.murano.apps.activeDirectory.SecondaryController
|
||||
host:
|
||||
?:
|
||||
type: io.murano.apps.activeDirectory.Host
|
||||
adminPassword: $.appConfiguration.adminPassword
|
||||
name: generateHostname($.appConfiguration.unitNamingPattern, $index + 1)
|
||||
flavor: $.instanceConfiguration.flavor
|
||||
image: $.instanceConfiguration.osImage
|
||||
|
||||
|
||||
Application:
|
||||
?:
|
||||
type: io.murano.apps.activeDirectory.ActiveDirectory
|
||||
name: $.appConfiguration.name
|
||||
primaryController: $primaryController
|
||||
secondaryControllers: repeat($secondaryController, $.appConfiguration.dcInstances - 1)
|
||||
|
||||
|
||||
Forms:
|
||||
- appConfiguration:
|
||||
fields:
|
||||
- name: configuration
|
||||
type: string
|
||||
hidden: true
|
||||
initial: standalone
|
||||
|
||||
- name: name
|
||||
type: string
|
||||
label: Domain Name
|
||||
description: >-
|
||||
Enter a desired name for a new domain. This name should fit to
|
||||
DNS Domain Name requirements: it should contain
|
||||
only A-Z, a-z, 0-9, (.) and (-) and should not end with a dash.
|
||||
DNS server will be automatically set up on each of the Domain
|
||||
Controller instances. Note: Only first 15 characters or characters
|
||||
before first period is used as NetBIOS name.
|
||||
minLength: 2
|
||||
maxLength: 255
|
||||
validators:
|
||||
- expr:
|
||||
regexpValidator: '^([0-9A-Za-z]|[0-9A-Za-z][0-9A-Za-z-]*[0-9A-Za-z])\.[0-9A-Za-z][0-9A-Za-z-]*[0-9A-Za-z]$'
|
||||
message: >-
|
||||
Only letters, numbers and dashes in the middle are
|
||||
allowed. Period characters are allowed only when they
|
||||
are used to delimit the components of domain style
|
||||
names. Single-level domain is not
|
||||
appropriate. Subdomains are not allowed.
|
||||
|
||||
- expr:
|
||||
regexpValidator: '(^[^.]+$|^[^.]{1,15}\..*$)'
|
||||
message: >-
|
||||
NetBIOS name cannot be shorter than 1 symbol and
|
||||
longer than 15 symbols.
|
||||
|
||||
- expr:
|
||||
regexpValidator: '(^[^.]+$|^[^.]*\.[^.]{2,63}.*$)'
|
||||
message: >-
|
||||
DNS host name cannot be shorter than 2 symbols and
|
||||
longer than 63 symbols.
|
||||
helpText: >-
|
||||
Just letters, numbers and dashes are allowed.
|
||||
A dot can be used to create subdomains
|
||||
|
||||
- name: dcInstances
|
||||
type: integer
|
||||
label: Instance Count
|
||||
description: >-
|
||||
You can create several Active Directory instances by setting
|
||||
instance number larger than one. One primary Domain Controller
|
||||
and a few secondary DCs will be created.
|
||||
minValue: 1
|
||||
maxValue: 100
|
||||
initial: 1
|
||||
helpText: Enter an integer value between 1 and 100
|
||||
|
||||
- name: adminAccountName
|
||||
type: string
|
||||
label: Account Name
|
||||
description: >-
|
||||
Name for the administrator account. Note, that '@' adds automatically.
|
||||
initial: Administrator
|
||||
regexpValidator: '^[-\w]+$'
|
||||
errorMessages:
|
||||
invalid: 'Just letters, numbers, underscores and hyphens are allowed.'
|
||||
|
||||
- name: adminPassword
|
||||
type: password
|
||||
label: Administrator password
|
||||
descriptionTitle: Passwords
|
||||
description: >-
|
||||
Windows requires strong password for service administration.
|
||||
Your password should have at least one letter in each
|
||||
register, a number and a special character. Password length should be
|
||||
a minimum of 7 characters.
|
||||
|
||||
Once you forget your password you won't be able to
|
||||
operate the service until recovery password would be entered. So it's
|
||||
better for Recovery and Administrator password to be different.
|
||||
|
||||
- name: recoveryPassword
|
||||
type: password
|
||||
label: Recovery password
|
||||
|
||||
- name: assignFloatingIP
|
||||
required: false
|
||||
type: boolean
|
||||
label: Assign Floating IP
|
||||
description: >-
|
||||
Select to true to assign floating IP automatically to Primary DC
|
||||
initial: false
|
||||
required: false
|
||||
|
||||
- name: unitNamingPattern
|
||||
type: string
|
||||
label: Instance Naming Pattern
|
||||
description: >-
|
||||
For your convenience all instance hostnames can be named
|
||||
in the same way. Enter a name and use '#' character for incrementation.
|
||||
For example, host# turns into host1, host2, etc. Please follow Windows
|
||||
hostname restrictions.
|
||||
required: false
|
||||
regexpValidator: '^(([a-zA-Z0-9#][a-zA-Z0-9-#]*[a-zA-Z0-9#])\.)*([A-Za-z0-9#]|[A-Za-z0-9#][A-Za-z0-9-#]*[A-Za-z0-9#])$'
|
||||
# FIXME: does not work for # turning into 2-digit numbers
|
||||
maxLength: 15
|
||||
initial: murano-#
|
||||
helpText: Optional field for a machine hostname template
|
||||
|
||||
validators:
|
||||
# if unitNamingPattern is given and dcInstances > 1, then '#' should occur in unitNamingPattern
|
||||
- expr: $.appConfiguration.dcInstances < 2 or not $.appConfiguration.unitNamingPattern.bool() or '#' in $.appConfiguration.unitNamingPattern
|
||||
message: Incrementation symbol "#" is required in the Hostname template
|
||||
|
||||
- instanceConfiguration:
|
||||
fields:
|
||||
- name: title
|
||||
type: string
|
||||
required: false
|
||||
hidden: true
|
||||
descriptionTitle: Instance Configuration
|
||||
description: Specify some instance parameters on which service would be created.
|
||||
|
||||
- name: flavor
|
||||
type: flavor
|
||||
label: Instance flavor
|
||||
description: >-
|
||||
Select registered in Openstack flavor. Consider that service performance
|
||||
depends on this parameter.
|
||||
required: false
|
||||
|
||||
- name: osImage
|
||||
type: image
|
||||
imageType: windows
|
||||
label: Instance image
|
||||
description: >-
|
||||
Select valid image for a service. Image should already be prepared and
|
||||
registered in glance.
|
||||
|
||||
- name: availabilityZone
|
||||
type: azone
|
||||
label: Availability zone
|
||||
description: Select availability zone where service would be installed.
|
||||
required: false
|
BIN
Windows/ActiveDirectory/package/logo.png
Normal file
BIN
Windows/ActiveDirectory/package/logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 11 KiB |
35
Windows/ActiveDirectory/package/manifest.yaml
Normal file
35
Windows/ActiveDirectory/package/manifest.yaml
Normal file
@ -0,0 +1,35 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Format: 1.0
|
||||
|
||||
Type: Application
|
||||
|
||||
FullName: io.murano.apps.activeDirectory.ActiveDirectory
|
||||
|
||||
Name: Active Directory
|
||||
|
||||
Description: >
|
||||
A domain service hosted in Windows environment by using Active Directory Role.
|
||||
May be clustered by combining a number of secondary domain controllers with one primary
|
||||
|
||||
Author: 'Mirantis, Inc.'
|
||||
|
||||
Tags: [Windows, Domain, Microsoft]
|
||||
|
||||
Classes:
|
||||
io.murano.apps.activeDirectory.Host: Host.yaml
|
||||
io.murano.apps.activeDirectory.DomainHost: DomainHost.yaml
|
||||
io.murano.apps.activeDirectory.ActiveDirectory: ActiveDirectory.yaml
|
||||
io.murano.apps.activeDirectory.Controller: Controller.yaml
|
||||
io.murano.apps.activeDirectory.PrimaryController: PrimaryController.yaml
|
||||
io.murano.apps.activeDirectory.SecondaryController: SecondaryController.yaml
|
Loading…
Reference in New Issue
Block a user