Puppet Class: classroom_legacy::windows::adserver

Inherits:
classroom_legacy::params
Defined in:
manifests/windows/adserver.pp

Overview

Parameters:

  • ad_domainname (Any) (defaults to: $classroom_legacy::params::ad_domainname)
  • ad_dsrmpassword (Any) (defaults to: $classroom_legacy::params::ad_dsrmpassword) 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'manifests/windows/adserver.pp', line 1

class classroom_legacy::windows::adserver (
  $ad_domainname = $classroom_legacy::params::ad_domainname,
  $ad_dsrmpassword = $classroom_legacy::params::ad_dsrmpassword,
) inherits classroom_legacy::params {

	# This class will configure an Active Directory server, and also set up a fileshare to host an installer
  # for a lab. This will require two (automatic) reboots, once after installing WMF5 (Powershell 5), and
  # another immediately after setting up an AD domain, for the server to join the domain.

  assert_private('This class should not be called directly')

	# This will get us WMF5, which is required for DSC to work.
  # Pinning to a version, can change this to a more recent version in the future after testing.
	package { 'powershell':
  	ensure => '5.1.14409.20170510',
  	provider => 'chocolatey',
  	require => Package['chocolatey'],
  }

	# We need a reboot before DSC can use WMF5.
	reboot { 'after_powershell':
  	subscribe => Package['powershell'],
	}

	exec { 'RequirePassword':
		command  => 'net user Administrator /passwordreq:yes',
		unless   => 'if (net user Administrator |select-string -pattern "Password required.*no"){exit 1} else {exit 0}',
		provider => powershell,
	}

	dsc_windowsfeature { 'ADDSInstall':
		dsc_ensure => 'Present',
		dsc_name   => 'AD-Domain-Services',
		require    => [Exec['RequirePassword'],Package['powershell']],
	}

	dsc_xaddomain { 'FirstDS':
		dsc_domainname                    => $ad_domainname,
		dsc_domainadministratorcredential => {'user' => 'Administrator', 'password' => $ad_dsrmpassword },
		dsc_safemodeadministratorpassword => {'user' => 'Administrator', 'password' => $ad_dsrmpassword },
		require                           => Dsc_windowsfeature['ADDSInstall'],
		notify                            => Reboot['after_ad_domain'],
	}

	# This reboot needs to be immediate. Using DSC's recommended 'pending' reboot doesn't do it.
	reboot {'after_ad_domain':
		message => 'We set up a Domain, and so we have to reboot',
		apply   => 'immediately',
	}

	exec { 'SetMachineQuota':
		command      => 'get-addomain |set-addomain -Replace @{\'ms-DS-MachineAccountQuota\'=\'99\'}',
		unless       => 'if ((get-addomain | get-adobject -prop \'ms-DS-MachineAccountQuota\' | select -exp \'ms-DS-MachineAccountQuota\') -lt 99) {exit 1} else {exit 0}',
		provider     => powershell,
		require => Dsc_xaddomain['FirstDS'],
	}

	exec { 'STUDENTS OU':
		command  => "import-module activedirectory;New-ADOrganizationalUnit -Name 'STUDENTS' -Path 'DC=CLASSROOM,DC=LOCAL' -ProtectedFromAccidentalDeletion \$true",
		onlyif   => "if([adsi]::Exists(\"LDAP://OU=STUDENTS,DC=CLASSROOM,DC=LOCAL\")){exit 1} else {exit 0}",
		provider => powershell,
		require  => Exec['SetMachineQuota']
	}

	dsc_xadgroup { 'WebsiteAdmins':
		dsc_groupname => 'WebsiteAdmins',
		dsc_groupscope => 'Global',
		dsc_description => 'Web Admins',
		dsc_ensure      => 'Present',
		require => Dsc_xaddomain['FirstDS'],
	}

	dsc_xaduser { 'admin':
		dsc_domainname => $ad_domainname,
		dsc_domainadministratorcredential =>
		{
			'user' => 'Administrator',
			'password' => $ad_dsrmpassword,
		},
		dsc_username => 'admin',
		dsc_password =>
		{
			'user' => 'admin',
			'password' => 'M1Gr3atP@ssw0rd',
		},
		dsc_ensure => 'present',
		require => Dsc_xaddomain['FirstDS'],
	}

  # Download install for brackets lab
  file { ['C:/shares', 'C:/shares/classroom']:
    ensure => directory,
  }

  class { 'staging':
    path    => 'C:/shares',
  }
  staging::file { 'Brackets.msi':
    source  => 'https://github.com/adobe/brackets/releases/download/release-1.3/Brackets.Release.1.3.msi',
    require => Class['staging'],
  }

  # Windows file share for UNC lab

  fileshare { 'installer':
    ensure  => present,
    path    => 'C:/shares/classroom',
    require => Class['staging'],
  }

  acl { 'c:/shares/classroom/Brackets.msi':
    permissions => [
      { identity => 'Administrator', rights => ['full'] },
      { identity => 'Everyone',      rights => ['read','execute'] },
    ],
    require     => Staging::File['Brackets.msi'],
  }

}