Add windows role

Set up network interfaces and SSH for Windows hosts. We can’t gather facts before we know which remote shell to use, so first run a win_ping to determine if a given host is running Windows.
2025-05-09 17:03:53 +02:00 · 2025-05-09 17:03:53 +02:00 · 91de26af57
commit 91de26af57
parent aa78b407c8
7 changed files with 123 additions and 21 deletions
--- a/roles/facts/tasks/main.yml
+++ b/roles/facts/tasks/main.yml
@ -1,3 +1,30 @@
+# Read secrets and keys.
+- name: Get SSH keys
+  delegate_to: localhost
+  check_mode: false
+  run_once: true
+  block:
+    - name: Get GPG key IDs
+      shell: cat ${PASSWORD_STORE_DIR:-~/.password-store}/.gpg-id
+      changed_when: false
+      register: gpg_ids
+
+    - name: Export public SSH keys
+      shell: echo "$(gpg --export-ssh-key {{ item }} | cut -d ' ' -f 1,2) $(gpg --list-keys --with-colons {{ item }} | sed -n 's@uid:.*<\(.*\)>.*@\1@p')"
+      loop: '{{ gpg_ids.stdout_lines }}'
+      changed_when: false
+      register: ssh_export
+
+    - name: Set SSH keys to deploy on servers
+      set_fact:
+        ssh_keys: '{{ ssh_export.results | map(attribute="stdout") }}'
+      failed_when: not ssh_keys # something must be terribly wrong so let’s not lock everyone out
+
+- name: Get passwords
+  delegate_to: localhost
+  set_fact:
+    password: '{{ lookup("passwordstore", ("vm/" if is_virtual else "host/")~inventory_hostname, returnall=true, missing="empty") | from_yaml }}'
+
 # Make expensive lookups to NetBox once for later reference by any host.
 - when: lookup("env", "NETBOX_API") != ""
  delegate_to: localhost
@ -22,28 +49,25 @@
            cluster_services: '{{ (cluster_services|default([])) + query("netbox.netbox.nb_lookup", "services", raw_data=true, api_filter="id="+item) }}'
          loop: '{{ cluster.custom_fields.services | map(attribute="id") | map("string") }}'

- name: Fetch passwords
+# Set host-specific connection parameters.
+- name: Set SSH connection username
  delegate_to: localhost
  set_fact:
-    password: '{{ lookup("passwordstore", ("vm/" if is_virtual else "host/")~inventory_hostname, returnall=true, missing="empty") | from_yaml }}'
+    ansible_ssh_user: "{{ password.user }}"
+  when: password.user is defined

- name: Get SSH keys
-  delegate_to: localhost
-  check_mode: false
-  run_once: true
-  block:
-    - name: Get GPG key IDs
-      shell: cat ${PASSWORD_STORE_DIR:-~/.password-store}/.gpg-id
-      changed_when: false
-      register: gpg_ids
+- name: Check if the host is running Windows
+  win_ping:
+  vars:
+    ansible_shell_type: powershell
+  failed_when: false
+  ignore_errors: true
+  ignore_unreachable: true
+  register: result

-    - name: Export public SSH keys
-      shell: echo "$(gpg --export-ssh-key {{ item }} | cut -d ' ' -f 1,2) $(gpg --list-keys --with-colons {{ item }} | sed -n 's@uid:.*<\(.*\)>.*@\1@p')"
-      loop: '{{ gpg_ids.stdout_lines }}'
-      changed_when: false
-      register: ssh_export
-
-    - name: Set SSH keys to deploy on servers
-      set_fact:
-        ssh_keys: '{{ ssh_export.results | map(attribute="stdout") }}'
-      failed_when: not ssh_keys # something must be terribly wrong so let’s not lock everyone out
+- name: Set connection parameters for Windows
+  set_fact:
+    ansible_shell_type: powershell
+    ansible_become_method: runas
+    ansible_become_flags: ""
+  when: result.ping|default("") == "pong"