diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 5cacbd6..555f71e 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -1,43 +1,22 @@ --- name: Linters -on: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +'on': push: - branches: - - main pull_request: - types: - - opened - - reopened - - synchronize - branches: - - main - - stable-* - tags: - - '*' jobs: - linters: + uses: ansible-network/github_actions/.github/workflows/tox-linters.yml@main + ansible-lint: runs-on: ubuntu-latest - strategy: - matrix: - python_version: ['3.8'] steps: - - name: Check out code - uses: actions/checkout@v2 + - uses: ansible-network/github_actions/.github/actions/checkout_dependency@main - - name: Set up Python ${{ matrix.python_version }} - uses: actions/setup-python@v2 + - name: Run ansible-lint + uses: ansible/ansible-lint-action@main with: - python-version: ${{ matrix.python_version }} - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install tox - - - name: Test with tox - run: tox -e linters -vv - - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main + action_ref: v6.17.2 diff --git a/.github/workflows/sanity.yml b/.github/workflows/sanity.yml index 02af4d6..ee2720d 100644 --- a/.github/workflows/sanity.yml +++ b/.github/workflows/sanity.yml @@ -1,17 +1,10 @@ -name: sanity +name: Sanity concurrency: - group: ${{ github.head_ref }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: pull_request: - types: - - opened - - reopened - - labeled - - unlabeled - - synchronize - - closed branches: - main - stable-* @@ -75,6 +68,10 @@ jobs: { "ansible-version": "devel", "python-version": "3.8" + }, + { + "ansible-version": "devel", + "python-version": "3.9" } ] all_green: diff --git a/.gitignore b/.gitignore index 4ca2da0..49671c6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # Created by https://www.gitignore.io/api/git,linux,pydev,python,windows,pycharm+all,jupyternotebook,vim,webstorm,emacs,dotenv # Edit at https://www.gitignore.io/?templates=git,linux,pydev,python,windows,pycharm+all,jupyternotebook,vim,webstorm,emacs,dotenv - +tests/output +tests/integration/inventory ### dotenv ### .env diff --git a/changelogs/fragments/20230803-ansible-lint.yml b/changelogs/fragments/20230803-ansible-lint.yml new file mode 100644 index 0000000..1ffffef --- /dev/null +++ b/changelogs/fragments/20230803-ansible-lint.yml @@ -0,0 +1,3 @@ +--- +breaking_changes: + - Rename roles variables using ``role_name_`` as prefix (https://github.com/redhat-cop/cloud.azure_ops/pull/48). diff --git a/playbooks/roles/scale_virtual_machine/defaults/main.yml b/playbooks/roles/scale_virtual_machine/defaults/main.yml index a75f8e8..a9d6141 100644 --- a/playbooks/roles/scale_virtual_machine/defaults/main.yml +++ b/playbooks/roles/scale_virtual_machine/defaults/main.yml @@ -1,20 +1,20 @@ --- -operation: create +scale_virtual_machine_operation: create -azure_tags: +scale_virtual_machine_tags: application: python-demo-webapp-for-ansible-cloud-team -azure_region: eastus +scale_virtual_machine_vm_name: "{{ scale_virtual_machine_resource_group }}-vm" # Networking variables -azure_virtual_network: "{{ azure_resource_group }}-vnet" -azure_subnet: "{{ azure_resource_group }}-subnet" -azure_vnet_address_prefixes_cidr: +scale_virtual_machine_virtual_network: "{{ scale_virtual_machine_resource_group }}-vnet" +scale_virtual_machine_subnet: "{{ scale_virtual_machine_resource_group }}-subnet" +scale_virtual_machine_vnet_address_prefixes_cidr: - 10.1.0.0/16 -azure_subnet_address_prefixes_cidr: 10.1.0.0/24 -azure_security_group: "{{ azure_resource_group }}-nsg" +scale_virtual_machine_subnet_address_prefixes_cidr: 10.1.0.0/24 +scale_virtual_machine_security_group: "{{ scale_virtual_machine_resource_group }}-nsg" -azure_load_balancer: - name: "{{ azure_resource_group }}-lb" - public_ip_name: "{{ azure_resource_group }}-lb-public-ip" - backend_address_pool: "{{ azure_resource_group }}-vm-pool" +scale_virtual_machine_load_balancer: + name: "{{ scale_virtual_machine_resource_group }}-lb" + public_ip_name: "{{ scale_virtual_machine_resource_group }}-lb-public-ip" + backend_address_pool: "{{ scale_virtual_machine_resource_group }}-vm-pool" diff --git a/playbooks/roles/scale_virtual_machine/tasks/create.yml b/playbooks/roles/scale_virtual_machine/tasks/create.yml index 15de272..abf0a5f 100644 --- a/playbooks/roles/scale_virtual_machine/tasks/create.yml +++ b/playbooks/roles/scale_virtual_machine/tasks/create.yml @@ -3,12 +3,17 @@ - name: Create resource group ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_resource_group + vars: + azure_manage_resource_group_tags: "{{ scale_virtual_machine_tags }}" + azure_manage_resource_group_operation: create + azure_manage_resource_group_name: "{{ scale_virtual_machine_resource_group }}" + azure_manage_resource_group_region: "{{ scale_virtual_machine_region }}" # Create a security group to restrict access to my VMs except within the VPC - name: Create Network security Group azure.azcollection.azure_rm_securitygroup: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_security_group }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" + name: "{{ scale_virtual_machine_security_group }}" rules: - name: SSH destination_port_range: 22 @@ -25,15 +30,22 @@ - name: Create the networking stack ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_networking_stack + vars: + azure_manage_networking_stack_operation: create + azure_manage_networking_stack_virtual_network: "{{ scale_virtual_machine_virtual_network }}" + azure_manage_networking_stack_subnet: "{{ scale_virtual_machine_subnet }}" + azure_manage_networking_stack_vnet_address_prefixes_cidr: "{{ scale_virtual_machine_vnet_address_prefixes_cidr }}" + azure_manage_networking_stack_subnet_address_prefixes_cidr: "{{ scale_virtual_machine_subnet_address_prefixes_cidr }}" + azure_manage_networking_stack_resource_group: "{{ scale_virtual_machine_resource_group }}" # Create a public IP address for the load balancer - name: Create a public ip address for the load balancer azure.azcollection.azure_rm_publicipaddress: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" allocation_method: static - name: "{{ azure_load_balancer.public_ip_name }}" + name: "{{ scale_virtual_machine_load_balancer.public_ip_name }}" sku: Basic - domain_name: "{{ azure_load_balancer.domain_name | default(omit) }}" + domain_name: "{{ scale_virtual_machine_load_balancer.domain_name | default(omit) }}" register: public_ip - name: Define load balancer ip address @@ -43,14 +55,14 @@ # Deploy Load Balancer that provides public internet access to application routing back to app servers - name: Create load Balancer azure.azcollection.azure_rm_loadbalancer: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_load_balancer.name }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" + name: "{{ scale_virtual_machine_load_balancer.name }}" sku: Basic frontend_ip_configurations: - name: frontend - public_ip_address: "{{ azure_load_balancer.public_ip_name }}" + public_ip_address: "{{ scale_virtual_machine_load_balancer.public_ip_name }}" backend_address_pools: - - name: "{{ azure_load_balancer.backend_address_pool }}" + - name: "{{ scale_virtual_machine_load_balancer.backend_address_pool }}" probes: - name: ping_server port: 5000 @@ -59,7 +71,7 @@ load_balancing_rules: - name: flask frontend_ip_configuration: frontend - backend_address_pool: "{{ azure_load_balancer.backend_address_pool }}" + backend_address_pool: "{{ scale_virtual_machine_load_balancer.backend_address_pool }}" protocol: Tcp frontend_port: 5000 backend_port: 5000 @@ -73,30 +85,30 @@ # Create VM Scale Set - name: Create Virtual machine scale set azure.azcollection.azure_rm_virtualmachinescaleset: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_vm_name }}ss" - vm_size: "{{ azure_vm_size }}" - capacity: "{{ azure_number_vm }}" - tier: "{{ azure_vm_size | regex_search('(Standard|Basic)_*', '\\1') | first }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" + name: "{{ scale_virtual_machine_vm_name }}ss" + vm_size: "{{ scale_virtual_machine_vm_size }}" + capacity: "{{ scale_virtual_machine_number_vm }}" + tier: "{{ scale_virtual_machine_vm_size | regex_search('(Standard|Basic)_*', '\\1') | first }}" upgrade_policy: Manual - admin_username: "{{ azure_vm_user }}" - admin_password: "{{ azure_vm_user_password }}" + admin_username: "{{ scale_virtual_machine_vm_user }}" + admin_password: "{{ scale_virtual_machine_vm_user_password }}" ssh_password_enabled: true - image: "{{ azure_vm_image }}" - os_type: "{{ azure_vm_os | default('Linux') }}" - managed_disk_type: "{{ azure_vm_image_disk_type | default('Standard_LRS') }}" - virtual_network_resource_group: "{{ azure_resource_group }}" - virtual_network_name: "{{ azure_virtual_network }}" - subnet_name: "{{ azure_subnet }}" + image: "{{ scale_virtual_machine_vm_image }}" + os_type: "{{ scale_virtual_machine_vm_os | default('Linux') }}" + managed_disk_type: "{{ scale_virtual_machine_vm_image_disk_type | default('Standard_LRS') }}" + virtual_network_resource_group: "{{ scale_virtual_machine_resource_group }}" + virtual_network_name: "{{ scale_virtual_machine_virtual_network }}" + subnet_name: "{{ scale_virtual_machine_subnet }}" public_ip_per_vm: false - load_balancer: "{{ azure_load_balancer.name }}" - security_group: "{{ azure_security_group }}" + load_balancer: "{{ scale_virtual_machine_load_balancer.name }}" + security_group: "{{ scale_virtual_machine_security_group }}" scale_in_policy: Default - name: Get virtual machine scale set instance info azure.azcollection.azure_rm_virtualmachinescalesetinstance_info: - resource_group: "{{ azure_resource_group }}" - vmss_name: "{{ azure_vm_name }}ss" + resource_group: "{{ scale_virtual_machine_resource_group }}" + vmss_name: "{{ scale_virtual_machine_vm_name }}ss" register: result - name: Init vm instance list @@ -117,11 +129,11 @@ - name: Add bastion host to inventory ansible.builtin.add_host: hostname: bastion - ansible_ssh_user: "{{ azure_vm_user }}" - ansible_ssh_pass: "{{ azure_vm_user_password }}" - ansible_sudo_pass: "{{ azure_vm_user_password }}" + ansible_ssh_user: "{{ scale_virtual_machine_vm_user }}" + ansible_ssh_pass: "{{ scale_virtual_machine_vm_user_password }}" + ansible_sudo_pass: "{{ scale_virtual_machine_vm_user_password }}" ansible_host: "{{ bastion_public_ip }}" ansible_ssh_common_args: -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no workers: "{{ vm_instances }}" workers_join: "{{ join_instances | join(',') }}" - azure_resource_group: "{{ azure_resource_group }}" + azure_resource_group: "{{ scale_virtual_machine_resource_group }}" diff --git a/playbooks/roles/scale_virtual_machine/tasks/create_bastion.yml b/playbooks/roles/scale_virtual_machine/tasks/create_bastion.yml index fc53951..a73d854 100644 --- a/playbooks/roles/scale_virtual_machine/tasks/create_bastion.yml +++ b/playbooks/roles/scale_virtual_machine/tasks/create_bastion.yml @@ -1,12 +1,12 @@ --- - name: Define Bastion facts ansible.builtin.set_fact: - bastion_public_ip_name: "{{ azure_vm_name }}bastion-ip" - bastion_nic_name: "{{ azure_vm_name }}bastion-nic" + bastion_public_ip_name: "{{ scale_virtual_machine_vm_name }}bastion-ip" + bastion_nic_name: "{{ scale_virtual_machine_vm_name }}bastion-nic" - name: Create public ip for Bastion VM azure.azcollection.azure_rm_publicipaddress: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" allocation_method: static name: "{{ bastion_public_ip_name }}" sku: Basic @@ -18,28 +18,28 @@ - name: Create network interface for Bastion host azure.azcollection.azure_rm_networkinterface: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" name: "{{ bastion_nic_name }}" - virtual_network: "{{ azure_virtual_network }}" - subnet_name: "{{ azure_subnet }}" - security_group: "{{ azure_security_group }}" + virtual_network: "{{ scale_virtual_machine_virtual_network }}" + subnet_name: "{{ scale_virtual_machine_subnet }}" + security_group: "{{ scale_virtual_machine_security_group }}" ip_configurations: - name: public_ip public_ip_address_name: "{{ bastion_public_ip_name }}" - name: Create virtual machine azure.azcollection.azure_rm_virtualmachine: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_vm_name }}bastion" - admin_username: "{{ azure_vm_user }}" - admin_password: "{{ azure_vm_user_password }}" - image: "{{ azure_vm_image }}" - vm_size: "{{ azure_bastion_vm_size | default('Standard_DS4_v2') }}" + resource_group: "{{ scale_virtual_machine_resource_group }}" + name: "{{ scale_virtual_machine_vm_name }}bastion" + admin_username: "{{ scale_virtual_machine_vm_user }}" + admin_password: "{{ scale_virtual_machine_vm_user_password }}" + image: "{{ scale_virtual_machine_vm_image }}" + vm_size: "{{ scale_virtual_machine_bastion_vm_size | default('Standard_DS4_v2') }}" ssh_password_enabled: true - managed_disk_type: "{{ azure_vm_image_disk_type | default('Standard_LRS') }}" - os_type: "{{ azure_vm_os | default('Linux') }}" - virtual_network_name: "{{ azure_virtual_network }}" - subnet_name: "{{ azure_subnet }}" + managed_disk_type: "{{ scale_virtual_machine_vm_image_disk_type | default('Standard_LRS') }}" + os_type: "{{ scale_virtual_machine_vm_os | default('Linux') }}" + virtual_network_name: "{{ scale_virtual_machine_virtual_network }}" + subnet_name: "{{ scale_virtual_machine_subnet }}" network_interface_names: - - resource_group: "{{ azure_resource_group }}" + - resource_group: "{{ scale_virtual_machine_resource_group }}" name: "{{ bastion_nic_name }}" diff --git a/playbooks/roles/scale_virtual_machine/tasks/delete.yml b/playbooks/roles/scale_virtual_machine/tasks/delete.yml index 09661cb..e2648ee 100644 --- a/playbooks/roles/scale_virtual_machine/tasks/delete.yml +++ b/playbooks/roles/scale_virtual_machine/tasks/delete.yml @@ -3,4 +3,7 @@ ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_resource_group vars: - azure_force_delete_nonempty: true + azure_manage_resource_group_operation: delete + azure_manage_resource_group_name: "{{ scale_virtual_machine_resource_group }}" + azure_manage_resource_group_region: "{{ scale_virtual_machine_region }}" + azure_manage_resource_group_force_delete_nonempty: true diff --git a/playbooks/roles/scale_virtual_machine/tasks/main.yml b/playbooks/roles/scale_virtual_machine/tasks/main.yml index 0cd0d09..5b87397 100644 --- a/playbooks/roles/scale_virtual_machine/tasks/main.yml +++ b/playbooks/roles/scale_virtual_machine/tasks/main.yml @@ -1,3 +1,13 @@ --- +- name: Check Resource group name + ansible.builtin.fail: + msg: Azure Resource group name must be defined as scale_virtual_machine_resource_group + when: scale_virtual_machine_resource_group is not defined + +- name: Check azure region + ansible.builtin.fail: + msg: Azure region must be defined as scale_virtual_machine_region + when: scale_virtual_machine_region is not defined + - name: Include operation tasks ansible.builtin.include_tasks: "{{ operation }}.yml" diff --git a/playbooks/vmss_migrate.yml b/playbooks/vmss_migrate.yml index 198898a..0303851 100644 --- a/playbooks/vmss_migrate.yml +++ b/playbooks/vmss_migrate.yml @@ -39,17 +39,17 @@ ansible.builtin.import_role: name: scale_virtual_machine vars: - azure_resource_group: "{{ destination_resource_group }}" - azure_region: "{{ destination_region }}" - azure_number_vm: "{{ src_vm_info.vmss.0.sku.capacity }}" - azure_vm_image: "{{ src_vm_info.vmss.0.properties.virtualMachineProfile.storageProfile.imageReference }}" - azure_vm_size: "{{ src_vm_info.vmss.0.sku.name }}" - azure_load_balancer: + scale_virtual_machine_resource_group: "{{ destination_resource_group }}" + scale_virtual_machine_region: "{{ destination_region }}" + scale_virtual_machine_number_vm: "{{ src_vm_info.vmss.0.sku.capacity }}" + scale_virtual_machine_vm_image: "{{ src_vm_info.vmss.0.properties.virtualMachineProfile.storageProfile.imageReference }}" + scale_virtual_machine_vm_size: "{{ src_vm_info.vmss.0.sku.name }}" + scale_virtual_machine_load_balancer: domain_name: "{{ destination_resource_group | replace('_', '-') }}-{{ destination_region | replace('_', '-') }}-webapp1" name: "{{ source_resource_group }}-lb" public_ip_name: "{{ source_resource_group }}-lb-public-ipp" backend_address_pool: "{{ source_resource_group }}-vm-pool" - operation: create + scale_virtual_machine_operation: create rescue: - name: Print failed message ansible.builtin.debug: @@ -59,8 +59,8 @@ ansible.builtin.import_role: name: scale_virtual_machine vars: - azure_resource_group: "{{ destination_resource_group }}" - operation: delete + scale_virtual_machine_azure_resource_group: "{{ destination_resource_group }}" + scale_virtual_machine_operation: delete - name: Failed to create application infrastructure ansible.builtin.fail: @@ -180,8 +180,8 @@ ansible.builtin.import_role: name: scale_virtual_machine vars: - azure_resource_group: "{{ destination_resource_group }}" - operation: delete + scale_virtual_machine_resource_group: "{{ destination_resource_group }}" + scale_virtual_machine_operation: delete - name: Failed to connect ansible.builtin.fail: diff --git a/playbooks/webapp_container.yml b/playbooks/webapp_container.yml index c7cf424..53f84b8 100644 --- a/playbooks/webapp_container.yml +++ b/playbooks/webapp_container.yml @@ -25,6 +25,14 @@ - name: Create infrastructure ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_postgresql + vars: + azure_manage_postgresql_operation: create + azure_manage_postgresql_resource_group: "{{ azure_resource_group }}" + azure_manage_postgresql_region: "{{ azure_region }}" + azure_manage_postgresql_postgresql_name: "{{ azure_postgresql_name }}" + azure_manage_postgresql_postgresql_admin_username: "{{ azure_postgresql_admin_username }}" + azure_manage_postgresql_postgresql_admin_password: "{{ azure_postgresql_admin_password }}" + azure_manage_postgresql_postgresql_database_instances: "{{ azure_postgresql_database_instances }}" when: not migrate_app - name: Get pgsql info @@ -88,8 +96,8 @@ ansible.builtin.include_role: name: cloud.azure_ops.azure_load_balancer_with_public_ip vars: - operation: delete - azure_lb_name: "{{ lb_info.ansible_info.azure_loadbalancers[0].name }}" + azure_load_balancer_with_public_ip_operation: delete + azure_load_balancer_with_public_ip_lb_name: "{{ lb_info.ansible_info.azure_loadbalancers[0].name }}" when: - lb_info.ansible_info.azure_loadbalancers[0].name is defined @@ -117,8 +125,10 @@ ansible.builtin.include_role: name: cloud.azure_ops.azure_virtual_machine_with_public_ip vars: - operation: delete - azure_vm_name: "{{ vm_info.vms[0].name }}" + azure_virtual_machine_with_public_ip_resource_group: "{{ azure_resource_group }}" + azure_virtual_machine_with_public_ip_region: "{{ azure_region }}" + azure_virtual_machine_with_public_ip_operation: delete + azure_virtual_machine_with_public_ip_vm_name: "{{ vm_info.vms[0].name }}" when: - vm_info.vms[0].name is defined @@ -131,8 +141,10 @@ ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_security_group vars: - operation: delete - azure_security_group: "{{ sg_info.securitygroups[0].name }}" + azure_manage_security_group_resource_group: "{{ azure_resource_group }}" + azure_manage_security_group_region: "{{ azure_region }}" + azure_manage_security_group_operation: delete + azure_manage_security_group_security_group: "{{ sg_info.securitygroups[0].name }}" when: - sg_info.securitygroups[0].name is defined @@ -145,10 +157,11 @@ ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_networking_stack vars: - delete_option: "{{ item }}" - operation: delete - azure_virtual_network: "{{ vnet_info.virtualnetworks[0].name }}" - azure_subnet: "{{ vnet_info.virtualnetworks[0].subnets[0].name }}" + azure_manage_networking_stack_delete_option: "{{ item }}" + azure_manage_networking_stack_operation: delete + azure_manage_networking_stack_virtual_network: "{{ vnet_info.virtualnetworks[0].name }}" + azure_manage_networking_stack_subnet: "{{ vnet_info.virtualnetworks[0].subnets[0].name }}" + azure_manage_networking_stack_resource_group: "{{ azure_resource_group }}" with_items: - subnet - virtual_network diff --git a/roles/azure_load_balancer_with_public_ip/README.md b/roles/azure_load_balancer_with_public_ip/README.md index c4a6efd..f8f207e 100644 --- a/roles/azure_load_balancer_with_public_ip/README.md +++ b/roles/azure_load_balancer_with_public_ip/README.md @@ -11,11 +11,11 @@ Requirements Role Variables -------------- -* **operation**: Operation to perform. Valid values are 'create', 'delete'. Default is **create**. -* **azure_resource_group**: Resource group on/from which the load balancer will reside. When **operation** is set to create, this resource group will be created if it does not exist. -* **azure_region**: An Azure location for the resources. -* **azure_tags**: Dictionary of string:string pairs to assign as metadata to the resource group. -* **azure_load_balancer**: Object used to provide details for a load balancer. Contains the following: +* **azure_load_balancer_with_public_ip_operation**: Operation to perform. Valid values are 'create', 'delete'. Default is **create**. +* **azure_load_balancer_with_public_ip_resource_group**: Resource group on/from which the load balancer will reside. When **azure_load_balancer_with_public_ip_operation** is set to create, this resource group will be created if it does not exist. +* **azure_load_balancer_with_public_ip_region**: An Azure location for the resources. +* **azure_load_balancer_with_public_ip_tags**: Dictionary of string:string pairs to assign as metadata to the resource group. +* **azure_load_balancer_with_public_ip_load_balancer**: Object used to provide details for a load balancer. Contains the following: - **name**: (Required) Name of the load balancer. - **public_ip_name**: Name of load balancer's public ip. Will be defaulted to '**name**-ip' if omitted. - **frontend_ip_configurations**: List of frontend IPs to be used. If omitted a default will be created with the name of 'default' using the load balancers public ip. Each frontend IP consists of: @@ -62,11 +62,11 @@ Example Playbook - hosts: localhost roles: - role: cloud.azure_ops.azure_load_balancer_with_public_ip - operation: "create" - azure_region: "canadacentral" - azure_resource_group: "rg" - azure_load_balancer: - name: "{{ azure_resource_group }}-lb" + azure_load_balancer_with_public_ip_operation: "create" + azure_load_balancer_with_public_ip_region: "canadacentral" + azure_load_balancer_with_public_ip_resource_group: "rg" + azure_load_balancer_with_public_ip_load_balancer: + name: "example-lb" probes: - name: lb-probe port: 5000 diff --git a/roles/azure_load_balancer_with_public_ip/defaults/main.yml b/roles/azure_load_balancer_with_public_ip/defaults/main.yml index 74b4d64..134e2d9 100644 --- a/roles/azure_load_balancer_with_public_ip/defaults/main.yml +++ b/roles/azure_load_balancer_with_public_ip/defaults/main.yml @@ -1,3 +1,2 @@ --- -operation: create -azure_load_balancer: {} +azure_load_balancer_with_public_ip_operation: create diff --git a/roles/azure_load_balancer_with_public_ip/tasks/create.yml b/roles/azure_load_balancer_with_public_ip/tasks/create.yml index dae7415..331f731 100644 --- a/roles/azure_load_balancer_with_public_ip/tasks/create.yml +++ b/roles/azure_load_balancer_with_public_ip/tasks/create.yml @@ -1,25 +1,30 @@ --- - name: Create resource group ansible.builtin.include_role: - name: resource_group + name: cloud.azure_ops.azure_manage_resource_group + vars: + azure_manage_resource_group_operation: create + azure_manage_resource_group_name: "{{ azure_load_balancer_with_public_ip_resource_group }}" + azure_manage_resource_group_region: "{{ azure_load_balancer_with_public_ip_region }}" + azure_manage_resource_group_tags: "{{ azure_load_balancer_with_public_ip_region }}" when: rg_info.resourcegroups | length == 0 - name: Ensure public ip exists azure.azcollection.azure_rm_publicipaddress: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_load_balancer.public_ip_name | default(azure_load_balancer.name + '-public-ip') }}" - domain_name: "{{ azure_load_balancer.domain_name | default(omit) }}" - sku: "{{ azure_load_balancer.sku | default(omit) }}" - allocation_method: "{{ (azure_load_balancer.sku is defined and azure_load_balancer.sku == 'Standard') | ternary('Static', omit) }}" + resource_group: "{{ azure_load_balancer_with_public_ip_resource_group }}" + name: "{{ azure_load_balancer_with_public_ip_load_balancer.public_ip_name | default(azure_load_balancer_with_public_ip_load_balancer.name + '-public-ip') }}" + domain_name: "{{ azure_load_balancer_with_public_ip_load_balancer.domain_name | default(omit) }}" + sku: "{{ azure_load_balancer_with_public_ip_load_balancer.sku | default(omit) }}" + allocation_method: "{{ (azure_load_balancer_with_public_ip_load_balancer.sku is defined and azure_load_balancer_with_public_ip_load_balancer.sku == 'Standard') | ternary('Static', omit) }}" - name: Create/Update load balancer azure.azcollection.azure_rm_loadbalancer: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_load_balancer.name }}" - frontend_ip_configurations: "{{ azure_load_balancer.frontend_ip_configurations | default([{'name': 'default', 'public_ip_address': azure_load_balancer.public_ip_name\ - \ | default(azure_load_balancer.name + '-public-ip')}]) }}" - backend_address_pools: "{{ azure_load_balancer.backend_address_pools | default([{'name': 'default'}]) }}" - probes: "{{ azure_load_balancer.probes | default(omit) }}" - load_balancing_rules: "{{ azure_load_balancer.rules | default(omit) }}" - sku: "{{ azure_load_balancer.sku | default(omit) }}" - tags: "{{ azure_load_balancer.tags | default(omit) }}" + resource_group: "{{ azure_load_balancer_with_public_ip_resource_group }}" + name: "{{ azure_load_balancer_with_public_ip_load_balancer.name }}" + frontend_ip_configurations: "{{ azure_load_balancer_with_public_ip_load_balancer.frontend_ip_configurations | default([{'name': 'default', 'public_ip_address': azure_load_balancer_with_public_ip_load_balancer.public_ip_name\ + \ | default(azure_load_balancer_with_public_ip_load_balancer.name + '-public-ip')}]) }}" + backend_address_pools: "{{ azure_load_balancer_with_public_ip_load_balancer.backend_address_pools | default([{'name': 'default'}]) }}" + probes: "{{ azure_load_balancer_with_public_ip_load_balancer.probes | default(omit) }}" + load_balancing_rules: "{{ azure_load_balancer_with_public_ip_load_balancer.rules | default(omit) }}" + sku: "{{ azure_load_balancer_with_public_ip_load_balancer.sku | default(omit) }}" + tags: "{{ azure_load_balancer_with_public_ip_load_balancer.tags | default(omit) }}" diff --git a/roles/azure_load_balancer_with_public_ip/tasks/delete.yml b/roles/azure_load_balancer_with_public_ip/tasks/delete.yml index 61819db..ae0735a 100644 --- a/roles/azure_load_balancer_with_public_ip/tasks/delete.yml +++ b/roles/azure_load_balancer_with_public_ip/tasks/delete.yml @@ -1,7 +1,7 @@ --- -- name: Assert resource group exists {{ azure_resource_group }} +- name: Assert resource group exists {{ azure_load_balancer_with_public_ip_resource_group }} ansible.builtin.fail: - msg: Resource group '{{ azure_resource_group }}' does not exist. + msg: Resource group '{{ azure_load_balancer_with_public_ip_resource_group }}' does not exist. when: - rg_info.resourcegroups | length == 0 @@ -12,12 +12,12 @@ - name: Delete load balancer azure.azcollection.azure_rm_loadbalancer: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_load_balancer.name }}" + resource_group: "{{ azure_load_balancer_with_public_ip_resource_group }}" + name: "{{ azure_load_balancer_with_public_ip_load_balancer.name }}" state: absent - name: Delete load balancer's public ip azure.azcollection.azure_rm_publicipaddress: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_load_balancer_with_public_ip_resource_group }}" name: "{{ pip.response[0].name }}" state: absent diff --git a/roles/azure_load_balancer_with_public_ip/tasks/main.yml b/roles/azure_load_balancer_with_public_ip/tasks/main.yml index 1214ec3..1a6af35 100644 --- a/roles/azure_load_balancer_with_public_ip/tasks/main.yml +++ b/roles/azure_load_balancer_with_public_ip/tasks/main.yml @@ -1,29 +1,29 @@ --- -- name: Check operation validation +- name: Check azure_load_balancer_with_public_ip_operation validation ansible.builtin.fail: - msg: Please provide operation as 'create' or 'delete' - when: operation not in ['create', 'delete'] + msg: Please provide azure_load_balancer_with_public_ip_operation as 'create' or 'delete' + when: azure_load_balancer_with_public_ip_operation not in ['create', 'delete'] - name: Ensure resource group is defined ansible.builtin.fail: - msg: Azure resource group must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure resource group must be defined as azure_load_balancer_with_public_ip_resource_group + when: azure_load_balancer_with_public_ip_resource_group is not defined - name: Ensure load balancer name is defined ansible.builtin.fail: - msg: Azure load balancer name must be defined as azure_load_balancer.name - when: azure_load_balancer.name is not defined + msg: Azure load balancer name must be defined as azure_load_balancer_with_public_ip_load_balancer.name + when: azure_load_balancer_with_public_ip_load_balancer.name is not defined - name: Get load balancer info azure.azcollection.azure_rm_loadbalancer_info: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_load_balancer.name }}" + resource_group: "{{ azure_load_balancer_with_public_ip_resource_group }}" + name: "{{ azure_load_balancer_with_public_ip_load_balancer.name }}" register: lb_info - name: Get resource group info azure.azcollection.azure_rm_resourcegroup_info: - name: "{{ azure_resource_group }}" + name: "{{ azure_load_balancer_with_public_ip_resource_group }}" register: rg_info - name: Create or delete load balancer - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_load_balancer_with_public_ip_operation }}.yml" diff --git a/roles/azure_manage_network_interface/README.md b/roles/azure_manage_network_interface/README.md index 0bbced4..5a53486 100644 --- a/roles/azure_manage_network_interface/README.md +++ b/roles/azure_manage_network_interface/README.md @@ -11,8 +11,9 @@ Requirements Role Variables -------------- -* **operation**: Operation to perform. Valid values are 'create', 'delete'. Default is 'create'. -* **azure_network_interface**: Object used to provide details for a network interface. Contains the following: +* **azure_manage_network_interface_operation**: Operation to perform. Valid values are 'create', 'delete'. Default is 'create'. +* **azure_manage_network_interface_resource_group**: Operation to perform. Valid values are 'create', 'delete'. Default is 'create'. +* **azure_manage_network_interface_interface**: Object used to provide details for a network interface. Contains the following: - **name**: (Required) Name of the network interface. - **vnet_name**: Name of the existing azure virtual network where the network interface will reside. Required when `operation=create`. - **subnet_name**: Name of the existing azure subnet where the network interface will reside. Required when `operation=create`. @@ -51,9 +52,9 @@ Example Playbook roles: - name: Create a Network Interface with Default Security Group role: cloud.azure_ops.azure_manage_network_interface - operation: 'create' - azure_resource_group: 'nic-example' - azure_network_interface: + azure_manage_network_interface_operation: 'create' + azure_manage_network_interface_resource_group: 'nic-example' + azure_manage_network_interface_interface: name: 'nic' vnet_name: 'vnet' subnet_name: 'subnet' @@ -67,9 +68,9 @@ Example Playbook - name: Cleanup Network Interface and Default Security Group role: cloud.azure_ops.azure_manage_network_interface - operation: 'delete' - azure_resource_group: 'nic-example' - azure_network_interface: + azure_manage_network_interface_operation: 'delete' + azure_manage_network_interface_resource_group: 'nic-example' + azure_manage_network_interface_interface: name: 'nic' License diff --git a/roles/azure_manage_network_interface/defaults/main.yml b/roles/azure_manage_network_interface/defaults/main.yml index b68408b..4b439bc 100644 --- a/roles/azure_manage_network_interface/defaults/main.yml +++ b/roles/azure_manage_network_interface/defaults/main.yml @@ -1,4 +1,4 @@ --- # defaults file for network_interface -operation: create -azure_network_interface: {} +azure_manage_network_interface_operation: create +azure_manage_network_interface_interface: {} diff --git a/roles/azure_manage_network_interface/tasks/create.yml b/roles/azure_manage_network_interface/tasks/create.yml index d49a4d2..204577c 100644 --- a/roles/azure_manage_network_interface/tasks/create.yml +++ b/roles/azure_manage_network_interface/tasks/create.yml @@ -1,55 +1,55 @@ --- - name: Ensure vnet is specified ansible.builtin.fail: - msg: "Missing parameter: key 'vnet_name' not found in azure_network_interface" - when: azure_network_interface.vnet_name is undefined + msg: "Missing parameter: key 'vnet_name' not found in azure_manage_network_interface_interface" + when: azure_manage_network_interface_interface.vnet_name is undefined - name: Ensure subnet is specified ansible.builtin.fail: - msg: "Missing parameter: key 'subnet_name' not found in azure_network_interface" - when: azure_network_interface.subnet_name is undefined + msg: "Missing parameter: key 'subnet_name' not found in azure_manage_network_interface_interface" + when: azure_manage_network_interface_interface.subnet_name is undefined - name: Get vnet info azure.azcollection.azure_rm_virtualnetwork_info: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_network_interface.vnet_name }}" + resource_group: "{{ azure_manage_network_interface_resource_group }}" + name: "{{ azure_manage_network_interface_interface.vnet_name }}" register: vnet_info - name: Ensure vnet exists ansible.builtin.fail: - msg: Virtual network '{{ azure_network_interface.vnet_name }}' does not exist + msg: Virtual network '{{ azure_manage_network_interface_interface.vnet_name }}' does not exist when: vnet_info.virtualnetworks | length == 0 - name: Ensure subnet exists block: - name: Get subnet info azure.azcollection.azure_rm_subnet_info: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_network_interface.subnet_name }}" - virtual_network_name: "{{ azure_network_interface.vnet_name }}" + resource_group: "{{ azure_manage_network_interface_resource_group }}" + name: "{{ azure_manage_network_interface_interface.subnet_name }}" + virtual_network_name: "{{ azure_manage_network_interface_interface.vnet_name }}" register: subnet_info - name: Ensure subnet exists ansible.builtin.fail: - msg: Subnet '{{ azure_network_interface.subnet_name }}' does not exist + msg: Subnet '{{ azure_manage_network_interface_interface.subnet_name }}' does not exist when: subnet_info.subnets | length == 0 rescue: - name: Throw better error message ansible.builtin.fail: - msg: Subnet '{{ azure_network_interface.subnet_name }}' does not exist + msg: Subnet '{{ azure_manage_network_interface_interface.subnet_name }}' does not exist - name: Create/Update a Network Interface azure.azcollection.azure_rm_networkinterface: - name: "{{ azure_network_interface.name }}" - resource_group: "{{ azure_resource_group }}" - virtual_network: "{{ azure_network_interface.vnet_name }}" - subnet_name: "{{ azure_network_interface.subnet_name }}" - security_group: "{{ azure_network_interface.security_group_name | default(omit) }}" - create_with_security_group: "{{ azure_network_interface.create_with_security_group | default(omit) }}" - os_type: "{{ azure_network_interface.os_type | default(omit) }}" - enable_accelerated_networking: "{{ azure_network_interface.enable_accelerated_networking | default(omit) }}" - ip_forwarding: "{{ azure_network_interface.ip_forwarding | default(omit) }}" - dns_servers: "{{ azure_network_interface.dns_servers | default(omit) }}" - ip_configurations: "{{ azure_network_interface.ip_configurations | default(omit) }}" - tags: "{{ azure_network_interface.tags | default(omit) }}" + name: "{{ azure_manage_network_interface_interface.name }}" + resource_group: "{{ azure_manage_network_interface_resource_group }}" + virtual_network: "{{ azure_manage_network_interface_interface.vnet_name }}" + subnet_name: "{{ azure_manage_network_interface_interface.subnet_name }}" + security_group: "{{ azure_manage_network_interface_interface.security_group_name | default(omit) }}" + create_with_security_group: "{{ azure_manage_network_interface_interface.create_with_security_group | default(omit) }}" + os_type: "{{ azure_manage_network_interface_interface.os_type | default(omit) }}" + enable_accelerated_networking: "{{ azure_manage_network_interface_interface.enable_accelerated_networking | default(omit) }}" + ip_forwarding: "{{ azure_manage_network_interface_interface.ip_forwarding | default(omit) }}" + dns_servers: "{{ azure_manage_network_interface_interface.dns_servers | default(omit) }}" + ip_configurations: "{{ azure_manage_network_interface_interface.ip_configurations | default(omit) }}" + tags: "{{ azure_manage_network_interface_interface.tags | default(omit) }}" diff --git a/roles/azure_manage_network_interface/tasks/delete.yml b/roles/azure_manage_network_interface/tasks/delete.yml index 045d929..06087e6 100644 --- a/roles/azure_manage_network_interface/tasks/delete.yml +++ b/roles/azure_manage_network_interface/tasks/delete.yml @@ -1,12 +1,12 @@ --- - name: Delete a Network Interface azure.azcollection.azure_rm_networkinterface: - name: "{{ azure_network_interface.name }}" - resource_group: "{{ azure_resource_group }}" + name: "{{ azure_manage_network_interface_interface.name }}" + resource_group: "{{ azure_manage_network_interface_resource_group }}" state: absent - name: Delete a Network Interface's Autogenerated Security Group azure.azcollection.azure_rm_securitygroup: - name: "{{ azure_network_interface.name }}" - resource_group: "{{ azure_resource_group }}" + name: "{{ azure_manage_network_interface_interface.name }}" + resource_group: "{{ azure_manage_network_interface_resource_group }}" state: absent diff --git a/roles/azure_manage_network_interface/tasks/main.yml b/roles/azure_manage_network_interface/tasks/main.yml index da914b8..1cb42b4 100644 --- a/roles/azure_manage_network_interface/tasks/main.yml +++ b/roles/azure_manage_network_interface/tasks/main.yml @@ -1,28 +1,28 @@ --- - name: Check operation validation ansible.builtin.fail: - msg: Please provide operation as 'create' or 'delete' - when: operation not in ['create', 'delete'] + msg: Please provide azure_manage_network_interface_operation as 'create' or 'delete' + when: azure_manage_network_interface_operation not in ['create', 'delete'] - name: Ensure resource group is defined ansible.builtin.fail: - msg: Azure resource group name must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure resource group name must be defined as azure_manage_network_interface_resource_group + when: azure_manage_network_interface_resource_group is not defined - name: Ensure network interface name is defined ansible.builtin.fail: - msg: "Missing parameter: key 'name' not found in azure_network_interface" - when: azure_network_interface.name is not defined + msg: "Missing parameter: key 'name' not found in azure_manage_network_interface_interface" + when: azure_manage_network_interface_interface.name is not defined - name: Get resource group info azure.azcollection.azure_rm_resourcegroup_info: - name: "{{ azure_resource_group }}" + name: "{{ azure_manage_network_interface_resource_group }}" register: rg_info - name: Ensure resource group exists ansible.builtin.fail: - msg: Resource group '{{ azure_resource_group }}' does not exist + msg: Resource group '{{ azure_manage_network_interface_resource_group }}' does not exist when: rg_info.resourcegroups | length == 0 - name: Create or delete network interface - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_manage_network_interface_operation }}.yml" diff --git a/roles/azure_manage_networking_stack/README.md b/roles/azure_manage_networking_stack/README.md index fa04768..f8e73ea 100644 --- a/roles/azure_manage_networking_stack/README.md +++ b/roles/azure_manage_networking_stack/README.md @@ -12,17 +12,17 @@ Requirements Role Variables -------------- -* **operation** - operation to perform on the networking stack. Valid values are 'create', 'delete' -* **delete_option** - When deleting created resources, this is used to specified wether to remove only the subnet, the virtual network or all (including resource group). Valid values are 'subnet', 'virtual_network', 'all'. Default value is 'all'. -* **azure_resource_group** - Resource group on which the networking stack should be attached. If not existing, it will be created. -* **azure_virtual_network** - Name of the virtual network to create/delete. -* **azure_subnet** - Name of the subnet to create/delete. -* **azure_security_group** - Existing security group with which to associate the subnet. -* **azure_region** - An Azure location for the virtual network to create. -* **azure_vnet_address_prefixes_cidr** - List of IPv4 address ranges for virtual network where each is formatted using CIDR notation. +* **azure_manage_networking_stack_operation** - operation to perform on the networking stack. Valid values are 'create', 'delete' +* **azure_manage_networking_stack_delete_option** - When deleting created resources, this is used to specified wether to remove only the subnet, the virtual network or all (including resource group). Valid values are 'subnet', 'virtual_network', 'all'. Default value is 'all'. +* **azure_manage_networking_stack_resource_group** - Resource group on which the networking stack should be attached. If not existing, it will be created. +* **azure_manage_networking_stack_virtual_network** - Name of the virtual network to create/delete. +* **azure_manage_networking_stack_subnet** - Name of the subnet to create/delete. +* **azure_manage_networking_stack_security_group** - Existing security group with which to associate the subnet. +* **azure_manage_networking_stack_region** - An Azure location for the virtual network to create. +* **azure_manage_networking_stack_vnet_address_prefixes_cidr** - List of IPv4 address ranges for virtual network where each is formatted using CIDR notation. Required when creating a new virtual network. -* **azure_subnet_address_prefixes_cidr** - CIDR defining the IPv4 and IPv6 address space of the subnet. Must be valid within the context of the virtual network. -* **azure_tags** - Dictionary of string:string pairs to assign as metadata to the object. +* **azure_manage_networking_stack_subnet_address_prefixes_cidr** - CIDR defining the IPv4 and IPv6 address space of the subnet. Must be valid within the context of the virtual network. +* **azure_manage_networking_stack_tags** - Dictionary of string:string pairs to assign as metadata to the object. Dependencies ------------ @@ -35,17 +35,17 @@ Example Playbook - hosts: localhost roles: - role: cloud.azure_ops.azure_manage_networking_stack - operation: "create" - azure_region: "eastus" - azure_resource_group: "testing-resource-group" - azure_virtual_network: "my-vnet" - azure_subnet: "my-subnet-00" - azure_vnet_address_prefixes_cidr: + azure_manage_networking_stack_operation: "create" + azure_manage_networking_stack_region: "eastus" + azure_manage_networking_stack_resource_group: "testing-resource-group" + azure_manage_networking_stack_virtual_network: "my-vnet" + azure_manage_networking_stack_subnet: "my-subnet-00" + azure_manage_networking_stack_vnet_address_prefixes_cidr: - "10.1.0.0/16" - "172.100.0.0/16" - azure_subnet_address_prefixes_cidr + azure_manage_networking_stack_subnet_address_prefixes_cidr - "172.100.0.0/8" - azure_tags: + azure_manage_networking_stack_tags: tag0: "tag0" tag1: "tag1" diff --git a/roles/azure_manage_networking_stack/defaults/main.yml b/roles/azure_manage_networking_stack/defaults/main.yml index b693e16..89203da 100644 --- a/roles/azure_manage_networking_stack/defaults/main.yml +++ b/roles/azure_manage_networking_stack/defaults/main.yml @@ -1,4 +1,4 @@ --- # defaults file for networking_stack -operation: create -delete_option: all +azure_manage_networking_stack_operation: create +azure_manage_networking_stack_delete_option: all diff --git a/roles/azure_manage_networking_stack/tasks/create.yml b/roles/azure_manage_networking_stack/tasks/create.yml index 2ec8b0f..7b0bcc1 100644 --- a/roles/azure_manage_networking_stack/tasks/create.yml +++ b/roles/azure_manage_networking_stack/tasks/create.yml @@ -7,6 +7,11 @@ - name: Create resource group when it does not exists ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_resource_group + vars: + azure_manage_resource_group_operation: create + azure_manage_resource_group_name: "{{ azure_manage_networking_stack_resource_group }}" + azure_manage_resource_group_region: "{{ azure_manage_networking_stack_region }}" + azure_manage_resource_group_tags: "{{ azure_manage_networking_stack_tags }}" when: result.resourcegroups | length == 0 - name: Create azure virtual network diff --git a/roles/azure_manage_networking_stack/tasks/delete.yml b/roles/azure_manage_networking_stack/tasks/delete.yml index 60b4dee..4f998e8 100644 --- a/roles/azure_manage_networking_stack/tasks/delete.yml +++ b/roles/azure_manage_networking_stack/tasks/delete.yml @@ -3,21 +3,23 @@ ansible.builtin.import_role: name: cloud.azure_ops.azure_manage_resource_group vars: - azure_force_delete_nonempty: true - azure_force_delete_locked: true - when: delete_option == 'all' + azure_manage_resource_group_operation: delete + azure_manage_resource_group_name: "{{ azure_manage_networking_stack_resource_group }}" + azure_manage_resource_group_force_delete_nonempty: true + azure_manage_resource_group_force_delete_locked: true + when: azure_manage_networking_stack_delete_option == 'all' - name: Delete virtual network azure.azcollection.azure_rm_virtualnetwork: state: absent - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_virtual_network }}" - when: delete_option == 'virtual_network' + resource_group: "{{ azure_manage_networking_stack_resource_group }}" + name: "{{ azure_manage_networking_stack_virtual_network }}" + when: azure_manage_networking_stack_delete_option == 'virtual_network' - name: Delete subnet azure.azcollection.azure_rm_subnet: state: absent - resource_group: "{{ azure_resource_group }}" - virtual_network: "{{ azure_virtual_network }}" - name: "{{ azure_subnet }}" - when: delete_option == 'subnet' + resource_group: "{{ azure_manage_networking_stack_resource_group }}" + virtual_network: "{{ azure_manage_networking_stack_virtual_network }}" + name: "{{ azure_manage_networking_stack_subnet }}" + when: azure_manage_networking_stack_delete_option == 'subnet' diff --git a/roles/azure_manage_networking_stack/tasks/main.yml b/roles/azure_manage_networking_stack/tasks/main.yml index cd11042..e03c4d8 100644 --- a/roles/azure_manage_networking_stack/tasks/main.yml +++ b/roles/azure_manage_networking_stack/tasks/main.yml @@ -1,58 +1,58 @@ --- - name: Check operation validation ansible.builtin.fail: - msg: Please provide operation as 'create' or 'delete' - when: operation not in ['create', 'delete'] + msg: Please provide azure_manage_networking_stack_operation as 'create' or 'delete' + when: azure_manage_networking_stack_operation not in ['create', 'delete'] - name: Check resource group name ansible.builtin.fail: - msg: Azure resource group must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure resource group must be defined as azure_manage_networking_stack_resource_group + when: azure_manage_networking_stack_resource_group is not defined - name: Check create options - when: operation == 'create' + when: azure_manage_networking_stack_operation == 'create' block: - name: Check virtual network ansible.builtin.fail: - msg: Azure virtual network must be defined as azure_virtual_network - when: azure_virtual_network is not defined + msg: Azure virtual network must be defined as azure_manage_networking_stack_virtual_network + when: azure_manage_networking_stack_virtual_network is not defined - name: Check subnet ansible.builtin.fail: - msg: Azure subnet must be defined as azure_subnet - when: azure_subnet is not defined + msg: Azure subnet must be defined as azure_manage_networking_stack_subnet + when: azure_manage_networking_stack_subnet is not defined - name: Check virtual network CIDR address prefixes ansible.builtin.fail: - msg: Azure virtual network CIDR address prefixes must be defined as azure_vnet_address_prefixes_cidr - when: azure_vnet_address_prefixes_cidr is not defined + msg: Azure virtual network CIDR address prefixes must be defined as azure_manage_networking_stack_vnet_address_prefixes_cidr + when: azure_manage_networking_stack_vnet_address_prefixes_cidr is not defined - name: Check subnet CIDR address prefixes ansible.builtin.fail: - msg: Azure subnet CIDR address prefixes must be defined as azure_subnet_address_prefixes_cidr - when: azure_subnet_address_prefixes_cidr is not defined + msg: Azure subnet CIDR address prefixes must be defined as azure_manage_networking_stack_subnet_address_prefixes_cidr + when: azure_manage_networking_stack_subnet_address_prefixes_cidr is not defined - name: Check delete options - when: operation == 'delete' + when: azure_manage_networking_stack_operation == 'delete' block: - name: Check delete option ansible.builtin.fail: msg: Please provide delete_option as one of 'all', 'virtual_network', 'subnet' - when: delete_option not in ['all', 'virtual_network', 'subnet'] + when: azure_manage_networking_stack_delete_option not in ['all', 'virtual_network', 'subnet'] - name: Check virtual network ansible.builtin.fail: - msg: Azure virtual network must be defined as azure_virtual_network + msg: Azure virtual network must be defined as azure_manage_networking_stack_virtual_network when: - - operation in ['virtual_network', 'subnet'] - - azure_virtual_network is not defined + - azure_manage_networking_stack_delete_option in ['virtual_network', 'subnet'] + - azure_manage_networking_stack_virtual_network is not defined - name: Check subnet ansible.builtin.fail: - msg: Azure subnet must be defined as azure_subnet + msg: Azure subnet must be defined as azure_manage_networking_stack_subnet when: - - operation == 'subnet' - - azure_subnet is not defined + - azure_manage_networking_stack_delete_option == 'subnet' + - azure_manage_networking_stack_subnet is not defined - name: Create or delete networking stack - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_manage_networking_stack_operation }}.yml" diff --git a/roles/azure_manage_networking_stack/vars/main.yml b/roles/azure_manage_networking_stack/vars/main.yml deleted file mode 100644 index b6bfc91..0000000 --- a/roles/azure_manage_networking_stack/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for networking_stack diff --git a/roles/azure_manage_postgresql/README.md b/roles/azure_manage_postgresql/README.md index 1b01dd2..38a059b 100644 --- a/roles/azure_manage_postgresql/README.md +++ b/roles/azure_manage_postgresql/README.md @@ -11,37 +11,37 @@ Requirements Role Variables -------------- -* **operation**: Operation to perform. Valid values are 'create', 'delete'. Default is **create** -* **delete_option**: used with **operation** set to **delete**. This option specifies wether to delete all resources including resource group and PostgreSQL server, or only the postgresql server. If not specified only the firewall rules and/or the configuration settings and/or the database instances defined using dedicated variables will be removed from the PostgreSQL Server. Valid values are: 'all', 'server' -* **azure_resource_group**: Resource group on/from which the Database server will be created/deleted. When **operation** is set to create, this resource group will be created if not existing. -* **azure_region**: An Azure location for the resources. -* **azure_tags**: Dictionary of string:string pairs to assign as metadata to the object. -* **azure_postgresql_name**: The name of the Server. -* **azure_postgresql_sku**: The SKU (pricing tier) of the server. +* **azure_manage_postgresql_operation**: Operation to perform. Valid values are 'create', 'delete'. Default is **create** +* **azure_manage_postgresql_delete_option**: used with **operation** set to **delete**. This option specifies wether to delete all resources including resource group and PostgreSQL server, or only the postgresql server. If not specified only the firewall rules and/or the configuration settings and/or the database instances defined using dedicated variables will be removed from the PostgreSQL Server. Valid values are: 'all', 'server' +* **azure_manage_postgresql_resource_group**: Resource group on/from which the Database server will be created/deleted. When **operation** is set to create, this resource group will be created if not existing. +* **azure_manage_postgresql_region**: An Azure location for the resources. +* **azure_manage_postgresql_tags**: Dictionary of string:string pairs to assign as metadata to the object. +* **azure_manage_postgresql_postgresql_name**: The name of the Server. +* **azure_manage_postgresql_postgresql_sku**: The SKU (pricing tier) of the server. - **name**: The name of the SKU, typically, tier + family + cores, for example **B_Gen4_1**, **GP_Gen5_8**. - **tier**: The tier of the particular SKU. Valid values are **Basic**, **Standard**. - **capacity**: The scale up/out capacity, representing the server's compute units. - **size**: The size code, to be interpreted by resource as appropriate. -* **azure_postgresql_storage_mb**: The maximum storage allowed for a server. -* **azure_postgresql_geo_redundant_backup**: Choose between locally redundant(default) or geo-redundant backup. This cannot be updated after first deployment. Default: **False** -* **azure_postgresql_backup_retention_days**: Backup retention period between 7 and 35 days. 7 days by default if not set -* **azure_postgresql_version**: Server version. Valid values are '9.5', '9.6', '10', '11'. Default: '**9.5**' -* **azure_postgresql_enforce_ssl**: Enable SSL enforcement. Default: False -* **azure_postgresql_storage_autogrow**: Enable storage autogrow. Default: False -* **azure_postgresql_admin_username**: The administrator's login name of a server. Can only be specified when the server is being created (and is required for creation). -* **azure_postgresql_admin_password**: The password of the administrator login. When this is not defined, the role will generated a password that can be read later in the variable name. -* **azure_postgresql_create_mode**: Create mode of SQL Server. Blank (default), restore from geo redundant (geo_restore), or restore from point in time (point_in_time_restore). Valid values are: **default**, **geo_restore**, **point_in_time_restore**. Default value is 'default'. -* **azure_postgresql_source_server_id**: Id of the source server if **azure_postgresql_create_mode** is set to **default**. -* **azure_postgresql_restore_point_in_time**: Restore point creation time (ISO8601 format), specifying the time to restore from. Required if **azure_postgresql_create_mode** is set to **point_in_time_restore**. -* **azure_tags** - Dictionary of string:string pairs to assign as metadata to the object. -* **azure_postgresql_settings**: list of configuration settings for PostgreSQL Server. +* **azure_manage_postgresql_postgresql_storage_mb**: The maximum storage allowed for a server. +* **azure_manage_postgresql_postgresql_geo_redundant_backup**: Choose between locally redundant(default) or geo-redundant backup. This cannot be updated after first deployment. Default: **False** +* **azure_manage_postgresql_postgresql_backup_retention_days**: Backup retention period between 7 and 35 days. 7 days by default if not set +* **azure_manage_postgresql_postgresql_version**: Server version. Valid values are '9.5', '9.6', '10', '11'. Default: '**9.5**' +* **azure_manage_postgresql_postgresql_enforce_ssl**: Enable SSL enforcement. Default: False +* **azure_manage_postgresql_postgresql_storage_autogrow**: Enable storage autogrow. Default: False +* **azure_manage_postgresql_postgresql_admin_username**: The administrator's login name of a server. Can only be specified when the server is being created (and is required for creation). +* **azure_manage_postgresql_postgresql_admin_password**: The password of the administrator login. When this is not defined, the role will generated a password that can be read later in the variable name. +* **azure_manage_postgresql_postgresql_create_mode**: Create mode of SQL Server. Blank (default), restore from geo redundant (geo_restore), or restore from point in time (point_in_time_restore). Valid values are: **default**, **geo_restore**, **point_in_time_restore**. Default value is 'default'. +* **azure_manage_postgresql_postgresql_source_server_id**: Id of the source server if **azure_manage_postgresql_postgresql_create_mode** is set to **default**. +* **azure_manage_postgresql_postgresql_restore_point_in_time**: Restore point creation time (ISO8601 format), specifying the time to restore from. Required if **azure_manage_postgresql_postgresql_create_mode** is set to **point_in_time_restore**. +* **azure_manage_postgresql_tags** - Dictionary of string:string pairs to assign as metadata to the object. +* **azure_manage_postgresql_postgresql_settings**: list of configuration settings for PostgreSQL Server. - **name**: setting name. - **value**: value of the setting. -* **azure_postgresql_firewall_rules**: list of firewall rule to add/remove to the PostgreSQL Server. Each items consists of: +* **azure_manage_postgresql_postgresql_firewall_rules**: list of firewall rule to add/remove to the PostgreSQL Server. Each items consists of: - **name**: The name of the PostgreSQL firewall rule. - **start_ip_address**: The start IP address of the PostgreSQL firewall rule. Must be IPv4 format. - **end_ip_address**: The end IP address of the PostgreSQL firewall rule. Must be IPv4 format. -* **azure_postgresql_database_instances**: list of database instances to create/delete on/from the PostgreSQL Server. Each items consists of: +* **azure_manage_postgresql_postgresql_database_instances**: list of database instances to create/delete on/from the PostgreSQL Server. Each items consists of: - **name**: The name of the PostgreSQL database instance. - **charset**: The charset of the database. Check [PostgreSQL documentation](https://www.postgresql.org/docs/9.3/multibyte.html) for possible values. This is only set on creation, use **force** to recreate a database if the values don't match. - **collation**: The collation of the database. Check [PostgreSQL documentation](https://www.postgresql.org/docs/9.1/collation.html). This is only set on creation, use **force** to recreate a database if the values don't match. @@ -59,23 +59,23 @@ Example Playbook - hosts: localhost roles: - role: cloud.azure_ops.azure_manage_postgresql - operation: "create" - azure_region: "eastus" - azure_resource_group: "postgresql-rg" - azure_postgresql_backup_retention_days: 10 - azure_postgresql_admin_username: ansible - azure_postgresql_admin_password: ansible-testing-123 - azure_postgresql_storage_mb: 506895 - azure_postgresql_sku: + azure_manage_postgresql_operation: "create" + azure_manage_postgresql_region: "eastus" + azure_manage_postgresql_resource_group: "postgresql-rg" + azure_manage_postgresql_postgresql_backup_retention_days: 10 + azure_manage_postgresql_postgresql_admin_username: ansible + azure_manage_postgresql_postgresql_admin_password: ansible-testing-123 + azure_manage_postgresql_postgresql_storage_mb: 506895 + azure_manage_postgresql_postgresql_sku: name: B_Gen5_1 tier: Basic - azure_resource_group_tags: + azure_manage_postgresql_resource_group_tags: tag0: "tag0" tag1: "tag1" - azure_postgresql_settings: + azure_manage_postgresql_postgresql_settings: - name: deadlock_timeout value: 2000 - azure_postgresql_firewall_rule: + azure_manage_postgresql_postgresql_firewall_rule: - name: rule_0 start_ip_address: 172.10.1.0 end_ip_address: 172.10.128.0 diff --git a/roles/azure_manage_postgresql/defaults/main.yml b/roles/azure_manage_postgresql/defaults/main.yml index bc03415..885cabb 100644 --- a/roles/azure_manage_postgresql/defaults/main.yml +++ b/roles/azure_manage_postgresql/defaults/main.yml @@ -1,6 +1,6 @@ --- -operation: create -azure_postgresql_version: "9.5" -azure_postgresql_settings: [] -azure_postgresql_firewall_rules: [] -azure_postgresql_database_instances: [] +azure_manage_postgresql_operation: create +azure_manage_postgresql_postgresql_version: "9.5" +azure_manage_postgresql_postgresql_settings: [] +azure_manage_postgresql_postgresql_firewall_rules: [] +azure_manage_postgresql_postgresql_database_instances: [] diff --git a/roles/azure_manage_postgresql/tasks/create.yml b/roles/azure_manage_postgresql/tasks/create.yml index 2045a5c..ec96b52 100644 --- a/roles/azure_manage_postgresql/tasks/create.yml +++ b/roles/azure_manage_postgresql/tasks/create.yml @@ -1,86 +1,90 @@ --- - name: Check Azure location ansible.builtin.fail: - msg: Azure location must be defined as azure_region + msg: Azure location must be defined as azure_manage_postgresql_region when: - server_info.servers | length == 0 - rg_info.resourcegroups | length == 0 - - azure_region is not defined + - azure_manage_postgresql_region is not defined - name: Check Azure PostgreSQL admin user ansible.builtin.fail: - msg: Azure PostgreSQL Server admin user must be defined as azure_postgresql_admin_username + msg: Azure PostgreSQL Server admin user must be defined as azure_manage_postgresql_postgresql_admin_username when: - server_info.servers | length == 0 - - azure_postgresql_admin_username is not defined + - azure_manage_postgresql_postgresql_admin_username is not defined - name: Check Azure PostgreSQL admin password ansible.builtin.fail: - msg: Azure PostgreSQL Server admin password must be defined as azure_postgresql_admin_password + msg: Azure PostgreSQL Server admin password must be defined as azure_manage_postgresql_postgresql_admin_password when: - server_info.servers | length == 0 - - azure_postgresql_admin_password is not defined + - azure_manage_postgresql_postgresql_admin_password is not defined - name: Create resource group ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_resource_group - when: rg_info.resourcegroups | length == 0 + vars: + azure_manage_resource_group_operation: create + azure_manage_resource_group_name: "{{ azure_manage_postgresql_resource_group }}" + azure_manage_resource_group_region: "{{ azure_manage_postgresql_region }}" + azure_manage_resource_group_tags: "{{ azure_manage_postgresql_tags }}" - name: Check Azure PostgreSQL server restore point ansible.builtin.fail: - msg: Azure PostgreSQL Server restore point in time must be defined (ISO8601 format) as azure_postgresql_create_mode is set to 'point_in_time_restore' + msg: Azure PostgreSQL Server restore point in time must be defined (ISO8601 format) as azure_manage_postgresql_postgresql_create_mode is set to 'point_in_time_restore' when: - - azure_postgresql_create_mode | default('') == 'point_in_time_restore' - - azure_postgresql_restore_point_in_time is not defined + - azure_manage_postgresql_postgresql_create_mode | default('') == 'point_in_time_restore' + - azure_manage_postgresql_postgresql_restore_point_in_time is not defined - name: Create/Update PostgreSQL Server azure.azcollection.azure_rm_postgresqlserver: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_postgresql_name }}" - sku: "{{ azure_postgresql_sku | default(omit) }}" - location: "{{ azure_region | default(omit) }}" - storage_mb: "{{ azure_postgresql_storage_mb | default(omit) }}" - geo_redundant_backup: "{{ azure_postgresql_geo_redundant_backup | default(omit) }}" - backup_retention_days: "{{ azure_postgresql_backup_retention_days | default(omit) }}" - version: "{{ azure_postgresql_version }}" - enforce_ssl: "{{ azure_postgresql_enforce_ssl | default(omit) }}" - storage_autogrow: "{{ azure_postgresql_storage_autogrow | default(omit) }}" - admin_username: "{{ azure_postgresql_admin_username | default(omit) }}" - admin_password: "{{ azure_postgresql_admin_password | default(omit) }}" - create_mode: "{{ azure_postgresql_create_mode | default(omit) }}" - source_server_id: "{{ azure_postgresql_source_server_id | default(omit) }}" - restore_point_in_time: "{{ azure_postgresql_restore_point_in_time | default(omit) }}" - tags: "{{ azure_tags | default(omit) }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + name: "{{ azure_manage_postgresql_postgresql_name }}" + sku: "{{ azure_manage_postgresql_postgresql_sku | default(omit) }}" + location: "{{ azure_manage_postgresql_region | default(omit) }}" + storage_mb: "{{ azure_manage_postgresql_postgresql_storage_mb | default(omit) }}" + geo_redundant_backup: "{{ azure_manage_postgresql_postgresql_geo_redundant_backup | default(omit) }}" + backup_retention_days: "{{ azure_manage_postgresql_postgresql_backup_retention_days | default(omit) }}" + version: "{{ azure_manage_postgresql_postgresql_version }}" + enforce_ssl: "{{ azure_manage_postgresql_postgresql_enforce_ssl | default(omit) }}" + storage_autogrow: "{{ azure_manage_postgresql_postgresql_storage_autogrow | default(omit) }}" + admin_username: "{{ azure_manage_postgresql_postgresql_admin_username | default(omit) }}" + admin_password: "{{ azure_manage_postgresql_postgresql_admin_password | default(omit) }}" + create_mode: "{{ azure_manage_postgresql_postgresql_create_mode | default(omit) }}" + source_server_id: "{{ azure_manage_postgresql_postgresql_source_server_id | default(omit) }}" + restore_point_in_time: "{{ azure_manage_postgresql_manage_postgresql_postgresql_restore_point_in_time | default(omit) }}" + tags: "{{ azure_manage_postgresql_tags | default(omit) }}" - name: Update PostgreSQL Server configuration settings azure.azcollection.azure_rm_postgresqlconfiguration: - resource_group: "{{ azure_resource_group }}" - server_name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + server_name: "{{ azure_manage_postgresql_postgresql_name }}" name: "{{ item.name }}" value: "{{ item.value }}" - with_items: "{{ azure_postgresql_settings }}" + with_items: "{{ azure_manage_postgresql_postgresql_settings }}" when: - azure_postgresql_settings | length > 0 - name: Update PostgreSQL Server Firewall rules azure.azcollection.azure_rm_postgresqlfirewallrule: - resource_group: "{{ azure_resource_group }}" - server_name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + server_name: "{{ azure_manage_postgresql_postgresql_name }}" name: "{{ item.name }}" start_ip_address: "{{ item.start_ip_address }}" end_ip_address: "{{ item.end_ip_address }}" - with_items: "{{ azure_postgresql_firewall_rules }}" + with_items: "{{ azure_manage_postgresql_postgresql_firewall_rules }}" when: - azure_postgresql_firewall_rules | length > 0 - name: Create/Update PostgreSQL Database instances azure.azcollection.azure_rm_postgresqldatabase: - resource_group: "{{ azure_resource_group }}" - server_name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + server_name: "{{ azure_manage_postgresql_postgresql_name }}" name: "{{ item.name }}" charset: "{{ item.charset | default(omit) }}" collation: "{{ item.collation | default(omit) }}" force_update: "{{ item.force | default(omit) }}" - with_items: "{{ azure_postgresql_database_instances }}" + with_items: "{{ azure_manage_postgresql_postgresql_database_instances }}" when: - azure_postgresql_database_instances | length > 0 diff --git a/roles/azure_manage_postgresql/tasks/delete.yml b/roles/azure_manage_postgresql/tasks/delete.yml index c3d3c4c..c4884a2 100644 --- a/roles/azure_manage_postgresql/tasks/delete.yml +++ b/roles/azure_manage_postgresql/tasks/delete.yml @@ -1,58 +1,60 @@ --- -- name: Check delete_option validation +- name: Check azure_manage_postgresql_delete_option validation ansible.builtin.fail: - msg: Please provide delete_option as 'all' or 'server' + msg: Please provide azure_manage_postgresql_delete_option as 'all' or 'server' when: - - delete_option is defined - - delete_option not in ['all', 'server'] + - azure_manage_postgresql_delete_option is defined + - azure_manage_postgresql_delete_option not in ['all', 'server'] - name: Delete PostgreSQL Server configuration settings azure.azcollection.azure_rm_postgresqlconfiguration: - resource_group: "{{ azure_resource_group }}" - server_name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + server_name: "{{ azure_manage_postgresql_postgresql_name }}" name: "{{ item.name }}" value: "{{ item.value }}" state: absent - with_items: "{{ azure_postgresql_settings }}" + with_items: "{{ azure_manage_postgresql_postgresql_settings }}" when: - - delete_option is not defined + - azure_manage_postgresql_delete_option is not defined - name: Delete PostgreSQL Server Firewall rules azure.azcollection.azure_rm_postgresqlfirewallrule: - resource_group: "{{ azure_resource_group }}" - server_name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + server_name: "{{ azure_manage_postgresql_postgresql_name }}" name: "{{ item.name }}" state: absent - with_items: "{{ azure_postgresql_firewall_rules }}" + with_items: "{{ azure_manage_postgresql_postgresql_firewall_rules }}" when: - - delete_option is not defined + - azure_manage_postgresql_delete_option is not defined - name: Delete PostgreSQL Database instances azure.azcollection.azure_rm_postgresqldatabase: - resource_group: "{{ azure_resource_group }}" - server_name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + server_name: "{{ azure_manage_postgresql_postgresql_name }}" name: "{{ item.name }}" force_update: "{{ item.force | default(omit) }}" state: absent - with_items: "{{ azure_postgresql_database_instances }}" + with_items: "{{ azure_manage_postgresql_postgresql_database_instances }}" when: - - delete_option is not defined + - azure_manage_postgresql_delete_option is not defined - name: Delete PostgreSQL Server azure.azcollection.azure_rm_postgresqlserver: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + name: "{{ azure_manage_postgresql_postgresql_name }}" state: absent when: - - delete_option is defined - - delete_option == 'server' + - azure_manage_postgresql_delete_option is defined + - azure_manage_postgresql_delete_option == 'server' - name: Delete Resource group ansible.builtin.include_role: name: cloud.azure_ops.azure_manage_resource_group vars: - azure_force_delete_nonempty: true - azure_force_delete_locked: true + azure_manage_resource_group_operation: delete + azure_manage_resource_group_name: "{{ azure_manage_postgresql_resource_group }}" + azure_manage_resource_group_force_delete_nonempty: true + azure_manage_resource_group_force_delete_locked: true when: - - delete_option is defined - - delete_option == 'all' + - azure_manage_postgresql_delete_option is defined + - azure_manage_postgresql_delete_option == 'all' diff --git a/roles/azure_manage_postgresql/tasks/main.yml b/roles/azure_manage_postgresql/tasks/main.yml index 396235d..c47ca7e 100644 --- a/roles/azure_manage_postgresql/tasks/main.yml +++ b/roles/azure_manage_postgresql/tasks/main.yml @@ -1,29 +1,29 @@ --- - name: Check operation validation ansible.builtin.fail: - msg: Please provide operation as 'create' or 'delete' - when: operation not in ['create', 'delete'] + msg: Please provide azure_manage_postgresql_operation as 'create' or 'delete' + when: azure_manage_postgresql_operation not in ['create', 'delete'] - name: Check Azure resource group ansible.builtin.fail: - msg: Azure resource group must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure resource group must be defined as azure_manage_postgresql_resource_group + when: azure_manage_postgresql_resource_group is not defined - name: Check Azure PostgreSQL server name ansible.builtin.fail: - msg: Azure Postgresql server name must be defined as azure_postgresql_name - when: azure_postgresql_name is not defined + msg: Azure Postgresql server name must be defined as azure_manage_postgresql_postgresql_name + when: azure_manage_postgresql_postgresql_name is not defined - name: Get server info azure.azcollection.azure_rm_postgresqlserver_info: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_postgresql_name }}" + resource_group: "{{ azure_manage_postgresql_resource_group }}" + name: "{{ azure_manage_postgresql_postgresql_name }}" register: server_info - name: Get Resource group info azure.azcollection.azure_rm_resourcegroup_info: - name: "{{ azure_resource_group }}" + name: "{{ azure_manage_postgresql_resource_group }}" register: rg_info - name: Create or delete Azure PostgreSQL server - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_manage_postgresql_operation }}.yml" diff --git a/roles/azure_manage_resource_group/README.md b/roles/azure_manage_resource_group/README.md index 40278e9..1955897 100644 --- a/roles/azure_manage_resource_group/README.md +++ b/roles/azure_manage_resource_group/README.md @@ -11,13 +11,13 @@ Requirements Role Variables -------------- -* **operation** - Operation to perform. Valid values are 'create', 'delete'. -* **azure_resource_group** - Resource group to create or delete. -* **azure_region** - An Azure location for the resource group to create. -* **azure_lock_resource_group** - If set to 'true', will lock the resource group created. -* **azure_tags** - Dictionary of string:string pairs to assign as metadata to the object. -* **azure_force_delete_nonempty** - Remove a resource group and all associated resources. -* **azure_force_delete_locked** - Remove a resource group even if it is locked. +* **azure_manage_resource_group_operation** - Operation to perform. Valid values are 'create', 'delete'. +* **azure_manage_resource_group_name** - Resource group to create or delete. +* **azure_manage_resource_group_region** - An Azure location for the resource group to create. +* **azure_manage_resource_group_lock_resource_group** - If set to 'true', will lock the resource group created. +* **azure_manage_resource_group_tags** - Dictionary of string:string pairs to assign as metadata to the object. +* **azure_manage_resource_group_force_delete_nonempty** - Remove a resource group and all associated resources. +* **azure_manage_resource_group_force_delete_locked** - Remove a resource group even if it is locked. Dependencies @@ -31,13 +31,13 @@ Example Playbook - hosts: localhost roles: - role: cloud.azure_ops.azure_manage_resource_group - operation: "create" - azure_region: "eastus" - azure_resource_group: "testing-resource-group" - azure_resource_group_tags: + azure_manage_resource_group_operation: "create" + azure_manage_resource_group_region: "eastus" + azure_manage_resource_group_name: "testing-resource-group" + azure_manage_resource_group_tags: tag0: "tag0" tag1: "tag1" - azure_lock_resource_group: yes + azure_manage_resource_group_lock_resource_group: true License ------- diff --git a/roles/azure_manage_resource_group/tasks/create.yml b/roles/azure_manage_resource_group/tasks/create.yml index 088b72f..45c6c2a 100644 --- a/roles/azure_manage_resource_group/tasks/create.yml +++ b/roles/azure_manage_resource_group/tasks/create.yml @@ -1,21 +1,21 @@ --- - name: Check Region Setting ansible.builtin.fail: - msg: Azure Region must be defined as azure_region - when: azure_region is not defined + msg: Azure Region must be defined as azure_manage_resource_group_region + when: azure_manage_resource_group_region is not defined - name: Create resource group azure.azcollection.azure_rm_resourcegroup: - name: "{{ azure_resource_group }}" - location: "{{ azure_region }}" - tags: "{{ azure_tags | default(omit) }}" + name: "{{ azure_manage_resource_group_name }}" + location: "{{ azure_manage_resource_group_region }}" + tags: "{{ azure_manage_resource_group_tags | default(omit) }}" register: result - name: Lock resource group azure.azcollection.azure_rm_lock: - name: "{{ azure_resource_group }}-lock" + name: "{{ azure_manage_resource_group_name }}-lock" level: can_not_delete managed_resource_id: "{{ result.state.id }}" when: - - azure_lock_resource_group is defined - - azure_lock_resource_group | bool + - azure_manage_resource_group_lock_resource_group is defined + - azure_manage_resource_group_lock_resource_group | bool diff --git a/roles/azure_manage_resource_group/tasks/delete.yml b/roles/azure_manage_resource_group/tasks/delete.yml index c284754..7081871 100644 --- a/roles/azure_manage_resource_group/tasks/delete.yml +++ b/roles/azure_manage_resource_group/tasks/delete.yml @@ -1,23 +1,23 @@ --- - name: Remove lock on the resource group when: - - azure_force_delete_locked is defined - - azure_force_delete_locked | bool + - azure_manage_resource_group_force_delete_locked is defined + - azure_manage_resource_group_force_delete_locked | bool block: - name: Get lock info for the resource group azure.azcollection.azure_rm_lock_info: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_manage_resource_group_name }}" register: result - name: Delete locks for the resource group azure.azcollection.azure_rm_lock: state: absent name: "{{ item.name }}" - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_manage_resource_group_name }}" with_items: "{{ result.locks }}" - name: Delete resource group azure.azcollection.azure_rm_resourcegroup: - name: "{{ azure_resource_group }}" + name: "{{ azure_manage_resource_group_name }}" state: absent - force_delete_nonempty: "{{ azure_force_delete_nonempty | default(omit) }}" + force_delete_nonempty: "{{ azure_manage_resource_group_force_delete_nonempty | default(omit) }}" diff --git a/roles/azure_manage_resource_group/tasks/main.yml b/roles/azure_manage_resource_group/tasks/main.yml index da623f8..8b99fd3 100644 --- a/roles/azure_manage_resource_group/tasks/main.yml +++ b/roles/azure_manage_resource_group/tasks/main.yml @@ -2,12 +2,12 @@ - name: Check operation validation ansible.builtin.fail: msg: Please provide operation as 'create' or 'delete' - when: operation not in ['create', 'delete'] + when: azure_manage_resource_group_operation not in ['create', 'delete'] - name: Check Resource group name ansible.builtin.fail: - msg: Azure Resource group name must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure Resource group name must be defined as azure_manage_resource_group_name + when: azure_manage_resource_group_name is not defined - name: Create or delete resource group - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_manage_resource_group_operation }}.yml" diff --git a/roles/azure_manage_security_group/README.md b/roles/azure_manage_security_group/README.md index 1094f9d..1cd0649 100644 --- a/roles/azure_manage_security_group/README.md +++ b/roles/azure_manage_security_group/README.md @@ -11,9 +11,10 @@ Requirements Role Variables -------------- -* **operation**: Operation to perform. Valid values are 'create', 'delete'. Default is 'create'. -* **azure_resource_group**: Resource group on/from which the security group will reside. When `operation='create'`, this resource group will be created if it does not exist. -* **azure_security_group**: Object used to provide details for a security group. Contains the following: +* **azure_manage_security_group_operation**: Operation to perform. Valid values are 'create', 'delete'. Default is 'create'. +* **azure_manage_security_group_resource_group**: (Required) Resource group on/from which the security group will reside. When `azure_manage_security_group_operation='create'`, this resource group will be created if it does not exist. +* **azure_manage_security_group_region**: Azure region, required when the provided resource group does not exist. +* **azure_manage_security_group_security_group**: (Required) Object used to provide details for a security group. Contains the following: - **name**: (Required) Name of the security group. - **rules**: List of security rules to apply to a subnet or NIC. Each rule consists of: - **name**: (Required) Unique name of rule. @@ -28,7 +29,7 @@ Role Variables - **source_address_prefix**: The CIDR or source IP range. Asterisk '\*' can be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. Accepts string a list of strings. Asterisk '\*' and default tags can only be specified as a single string, not as a list of strings. - **source_port_range**: Port or range of ports from which traffic originates. Can be a string or list of strings. Default is '*'. - **purge_rules**: (boolean) If set to 'yes', removes any existing, non-default, rules that are not specified in `rules` above. - - **azure_security_group_rules_to_remove**: List of strings representing the names of security group rules to be removed from the security group. + - **rules_to_remove**: List of strings representing the names of security group rules to be removed from the security group. - **tags**: Dictionary of string:string pairs to assign as metadata to the security group. Dependencies @@ -40,14 +41,13 @@ Example Playbook ---------------- - hosts: localhost - vars: - azure_resource_group: 'my_resource_group' - azure_region: 'eastus' roles: - name: Create a security group with custom rules role: cloud.azure_ops.azure_manage_security_group - operation: 'create' - azure_security_group: + azure_manage_security_group_resource_group: 'my_resource_group' + azure_manage_security_group_region: eastus + azure_manage_security_group_operation: 'create' + azure_manage_security_group_security_group: name: "{{ azure_resource_group }}-sg" rules: - name: 'allow_ssh' @@ -68,7 +68,8 @@ Example Playbook - name: Remove rules from security group role: cloud.azure_ops.azure_manage_security_group - azure_security_group: + azure_manage_security_group_resource_group: 'my_resource_group' + azure_manage_security_group_security_group: name: "{{ azure_resource_group }}-sg" rules_to_remove: - 'allow_ssh' diff --git a/roles/azure_manage_security_group/defaults/main.yml b/roles/azure_manage_security_group/defaults/main.yml index cbcb821..16f1214 100644 --- a/roles/azure_manage_security_group/defaults/main.yml +++ b/roles/azure_manage_security_group/defaults/main.yml @@ -1,4 +1,3 @@ --- # defaults file for security_group -operation: create -azure_security_group: {} +azure_manage_security_group_operation: create diff --git a/roles/azure_manage_security_group/tasks/create.yml b/roles/azure_manage_security_group/tasks/create.yml index 2bc1bcc..393b8af 100644 --- a/roles/azure_manage_security_group/tasks/create.yml +++ b/roles/azure_manage_security_group/tasks/create.yml @@ -1,20 +1,20 @@ --- - name: Create Resource Group azure.azcollection.azure_rm_resourcegroup: - name: "{{ azure_resource_group }}" - location: "{{ azure_region }}" + name: "{{ azure_manage_security_group_resource_group }}" + location: "{{ azure_manage_security_group_region }}" when: - rg_info.resourcegroups | length == 0 - name: Create/Update Security Group azure.azcollection.azure_rm_securitygroup: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_security_group.name }}" - purge_rules: "{{ azure_security_group.purge_rules | default(omit) }}" - rules: "{{ azure_security_group.rules | default(omit) }}" - tags: "{{ azure_tags | default(omit) }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" + name: "{{ azure_manage_security_group_security_group.name }}" + purge_rules: "{{ azure_manage_security_group_security_group.purge_rules | default(omit) }}" + rules: "{{ azure_manage_security_group_security_group.rules | default(omit) }}" + tags: "{{ azure_manage_security_group_security_group.tags | default(omit) }}" - name: Remove Rules from Security Group ansible.builtin.include_tasks: remove_rules.yml when: - - azure_security_group.rules_to_remove | default([]) | length > 0 + - azure_manage_security_group_security_group.rules_to_remove | default([]) | length > 0 diff --git a/roles/azure_manage_security_group/tasks/delete.yml b/roles/azure_manage_security_group/tasks/delete.yml index 5594557..ab56328 100644 --- a/roles/azure_manage_security_group/tasks/delete.yml +++ b/roles/azure_manage_security_group/tasks/delete.yml @@ -1,14 +1,14 @@ --- - name: Fail if resource group doesnt exist ansible.builtin.fail: - msg: Resource group '{{ azure_resource_group }}' does not exist + msg: Resource group '{{ azure_manage_security_group_resource_group }}' does not exist when: - rg_info.resourcegroups | length == 0 - name: Get security group info azure.azcollection.azure_rm_securitygroup_info: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_security_group.name }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" + name: "{{ azure_manage_security_group_security_group.name }}" register: sg_info - name: Detach any NICs from security group prior to deletion @@ -31,6 +31,6 @@ - name: Delete security group azure.azcollection.azure_rm_securitygroup: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_security_group.name }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" + name: "{{ azure_manage_security_group_security_group.name }}" state: absent diff --git a/roles/azure_manage_security_group/tasks/detach_from_nic.yml b/roles/azure_manage_security_group/tasks/detach_from_nic.yml index fab8886..63277db 100644 --- a/roles/azure_manage_security_group/tasks/detach_from_nic.yml +++ b/roles/azure_manage_security_group/tasks/detach_from_nic.yml @@ -6,7 +6,7 @@ - name: Get nic info azure.azcollection.azure_rm_networkinterface_info: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" name: "{{ nic_obj.response[0].name }}" register: nic_result diff --git a/roles/azure_manage_security_group/tasks/detach_from_subnet.yml b/roles/azure_manage_security_group/tasks/detach_from_subnet.yml index eb27202..1be869b 100644 --- a/roles/azure_manage_security_group/tasks/detach_from_subnet.yml +++ b/roles/azure_manage_security_group/tasks/detach_from_subnet.yml @@ -6,7 +6,7 @@ - name: Get subnet info azure.azcollection.azure_rm_subnet_info: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" name: "{{ subnet_name }}" virtual_network_name: "{{ vnet_name }}" register: subnet_result diff --git a/roles/azure_manage_security_group/tasks/main.yml b/roles/azure_manage_security_group/tasks/main.yml index ed346e8..6a65f58 100644 --- a/roles/azure_manage_security_group/tasks/main.yml +++ b/roles/azure_manage_security_group/tasks/main.yml @@ -2,22 +2,29 @@ - name: Check operation validation ansible.builtin.fail: msg: Please provide operation as 'create' or 'delete' - when: operation not in ['create', 'delete'] + when: azure_manage_security_group_operation not in ['create', 'delete'] - name: Check resource group name ansible.builtin.fail: - msg: Azure resource group name must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure resource group name must be defined as azure_manage_security_group_resource_group + when: azure_manage_security_group_resource_group is not defined - name: Check security group name ansible.builtin.fail: - msg: "Missing parameter: key 'name' not found in azure_security_group" - when: azure_security_group.name is not defined + msg: "Missing parameter: key 'name' not found in azure_manage_security_group_security_group" + when: azure_manage_security_group_security_group.name is not defined - name: Get resource group info azure.azcollection.azure_rm_resourcegroup_info: - name: "{{ azure_resource_group }}" + name: "{{ azure_manage_security_group_resource_group }}" register: rg_info +- name: Check azure region + ansible.builtin.fail: + msg: Azure region must be defined as azure_manage_security_group_region + when: + - azure_manage_security_group_region is not defined + - rg_info.resourcegroups | length == 0 + - name: Create or delete security group - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_manage_security_group_operation }}.yml" diff --git a/roles/azure_manage_security_group/tasks/remove_rules.yml b/roles/azure_manage_security_group/tasks/remove_rules.yml index fb618d1..1b03192 100644 --- a/roles/azure_manage_security_group/tasks/remove_rules.yml +++ b/roles/azure_manage_security_group/tasks/remove_rules.yml @@ -1,13 +1,14 @@ --- - name: Get security group resource azure.azcollection.azure_rm_securitygroup_info: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_security_group.name }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" + name: "{{ azure_manage_security_group_security_group.name }}" register: sg_info - name: Init empty list of rules ansible.builtin.set_fact: new_sg_rules: [] + - name: Persist rules that will not be removed # noqa jinja[spacing] see: https://github.com/ansible/ansible-lint/issues/2684 ansible.builtin.set_fact: new_sg_rules: "{{ new_sg_rules + [{ 'name': rule.name, 'protocol': rule.properties.protocol, 'access': rule.properties.access, 'destination_address_prefix': rule.properties.destinationAddressPrefix,\ @@ -16,12 +17,12 @@ with_items: "{{ sg_info.securitygroups[0].properties.securityRules }}" loop_control: loop_var: rule - when: rule.name not in azure_security_group.rules_to_remove + when: rule.name not in azure_manage_security_group_security_group.rules_to_remove - name: Update security group with specified rules removed azure.azcollection.azure_rm_securitygroup: - resource_group: "{{ azure_resource_group }}" - name: "{{ azure_security_group.name }}" + resource_group: "{{ azure_manage_security_group_resource_group }}" + name: "{{ azure_manage_security_group_security_group.name }}" purge_rules: true rules: "{{ new_sg_rules }}" - tags: "{{ azure_tags | default(omit) }}" + tags: "{{ azure_manage_security_group_security_group.tags | default(omit) }}" diff --git a/roles/azure_virtual_machine_with_public_ip/README.md b/roles/azure_virtual_machine_with_public_ip/README.md index 8756b93..dda6ac9 100644 --- a/roles/azure_virtual_machine_with_public_ip/README.md +++ b/roles/azure_virtual_machine_with_public_ip/README.md @@ -11,22 +11,22 @@ Requirements Role Variables -------------- -* **operation**: Operation to perform. Valid values are 'create', 'delete', 'power_on', 'power_off', 'deallocate', 'restart'. Default is 'create'. -* **remove_on_absent**: Specify which resources to remove when `operation='delete'`. 'all' removes all resources attached to the VM being removed; 'all_autocreated' removes the resources that were automatically created while provisioning the VM (public ip, network interface, security group). To remove only specific resources, use the values 'network_interfaces', 'virtual_storage', or 'public_ips'. The default value is 'all'. -* **azure_resource_group**: Resource group on/from which the virtual machine will reside. When `operation='create'`, this resource group will be created if it does not exist. -* **azure_region**: An Azure location for the resources. -* **azure_tags**: Dictionary of string:string pairs to assign as metadata to the resource group. -* **azure_vm**: Object used to provide details for a virtual machine. Contains the following: +* **azure_virtual_machine_with_public_ip_operation**: Operation to perform. Valid values are 'create', 'delete', 'power_on', 'power_off', 'deallocate', 'restart'. Default is 'create'. +* **azure_virtual_machine_with_public_ip_remove_on_absent**: Specify which resources to remove when `operation='delete'`. 'all' removes all resources attached to the VM being removed; 'all_autocreated' removes the resources that were automatically created while provisioning the VM (public ip, network interface, security group). To remove only specific resources, use the values 'network_interfaces', 'virtual_storage', or 'public_ips'. The default value is 'all'. +* **azure_virtual_machine_with_public_ip_resource_group**: Resource group on/from which the virtual machine will reside. When `operation='create'`, this resource group will be created if it does not exist. +* **azure_virtual_machine_with_public_ip_region**: An Azure location for the resources. +* **azure_virtual_machine_with_public_ip_tags**: Dictionary of string:string pairs to assign as metadata to the resource group. +* **azure_virtual_machine_with_public_ip_vm**: Object used to provide details for a virtual machine. Contains the following: - **name**: (Required) Name of the virtual machine. - **admin_username**: Administrator's login name of a server. Required for creation. - - **admin_password**: Password of the administrator login. Not required when `azure_vm_os_type='Linux'` and `azure_vm_ssh_pw_enabled='false'`. + - **admin_password**: Password of the administrator login. Not required when `os='Linux'` and `ssh_pw_enabled='false'`. - **size**: Valid Azure VM size. Choices vary depending on the subscription and location. - **network_interfaces**: List of network interfaces to add to the VM. Can be a string of name or resource ID of the network interface, can also be a dict containing 'resource_group' and 'name' of the network interface. A default network interface will be created if not provided. - **os**: Type of Operating System. Default is 'Linux' - **availability_set**: Name or ID of existing availability set to add the VM to. - **image**: The image used to build the VM. For custom images, the name of the image. To narrow the search to a specific resource group, a dict with the keys name and resource_group. For Marketplace images, a dict with the keys publisher, offer, sku, and version. Set version=latest to get the most recent version of a given image. - **ssh_pw_enabled**: Enable/disable SSH passwords. Valid values are 'yes', 'no'. Default value is 'yes'. - - **ssh_public_keys**: List of SSH keys when `azure_vm_os='Linux'`. Accepts a list of dicts where each dictionary contains two keys, 'path' and 'key_data'. Set path to the default location of the authorized_keys files. For example, path=/home//.ssh/authorized_keys. Set key_data to the actual value of the public key. + - **ssh_public_keys**: List of SSH keys when `os='Linux'`. Accepts a list of dicts where each dictionary contains two keys, 'path' and 'key_data'. Set path to the default location of the authorized_keys files. For example, path=/home//.ssh/authorized_keys. Set key_data to the actual value of the public key. - **data_disks**: List of data disks. - **lun**: Logical unit number for data disk. Must be unique for each data disk attached to a VM. - **caching**: Type of data disk caching. Options are 'ReadOnly' (default) or 'ReadWrite'. @@ -35,7 +35,7 @@ Role Variables - **storage_account_name**: Name of an existing storage account that supports creation of VHD blobs. - **storage_blob_name**: Name of storage blob used to hold the OS disk image of the VM. - **storage_container_name**: Name of the container to use within the storage account to store VHD blobs. Default is 'vhds' -* **azure_availability_set**: Object used to provide details for an availability set to be used by a VM. Contains the following: +* **azure_virtual_machine_with_public_ip_availability_set**: Object used to provide details for an availability set to be used by a VM. Contains the following: - **name**: (Required) Name of the availability set. - **platform_fault_domain_count**: Fault domains define the group of virtual machines that share a common power source and network switch. Should be between 1 and 3. - **platform_update_domain_count**: Update domains indicate groups of virtual machines and underlying physical hardware that can be rebooted at the same time. @@ -54,14 +54,14 @@ Example Playbook ---------------- - hosts: localhost - vars: - azure_resource_group: 'my_resource_group' roles: - name: Create a load balanced virtual machine with a default network interface role: cloud.azure_ops.azure_virtual_machine_with_public_ip - operation: 'create' - azure_vm: - name: "{{ azure_resource_group }}-example-vm" + azure_virtual_machine_with_public_ip_operation: 'create' + azure_virtual_machine_with_public_ip_region: eastus + azure_virtual_machine_with_public_ip_resource_group: 'my_resource_group' + azure_virtual_machine_with_public_ip_vm: + name: "example-vm" admin_username: 'azureuser' admin_password: 'adminpass' image: @@ -76,10 +76,10 @@ Example Playbook - name: Delete virtual machine and all autocreated resources role: cloud.azure_ops.azure_virtual_machine_with_public_ip - operation: 'delete' - remove_on_absent: 'all_autocreated' - azure_vm: - name: "{{ azure_resource_group }}-example-vm" + azure_virtual_machine_with_public_ip_operation: 'delete' + azure_virtual_machine_with_public_ip_remove_on_absent: 'all_autocreated' + azure_virtual_machine_with_public_ip_vm: + name: "example-vm" License ------- diff --git a/roles/azure_virtual_machine_with_public_ip/tasks/create.yml b/roles/azure_virtual_machine_with_public_ip/tasks/create.yml index bfffd1c..3a83aa9 100644 --- a/roles/azure_virtual_machine_with_public_ip/tasks/create.yml +++ b/roles/azure_virtual_machine_with_public_ip/tasks/create.yml @@ -2,18 +2,18 @@ # Pre-flight checks - name: Ensure admin username is defined ansible.builtin.fail: - msg: "Missing parameter: key 'admin_username' not found in azure_vm" - when: azure_vm.admin_username is not defined + msg: "Missing parameter: key 'admin_username' not found in azure_virtual_machine_with_public_ip_vm" + when: azure_virtual_machine_with_public_ip_vm.admin_username is not defined - name: Ensure vm size is defined ansible.builtin.fail: - msg: "Missing parameter: key 'size' not found in azure_vm" - when: azure_vm.size is not defined + msg: "Missing parameter: key 'size' not found in azure_virtual_machine_with_public_ip_vm" + when: azure_virtual_machine_with_public_ip_vm.size is not defined - name: Ensure vm image is defined ansible.builtin.fail: - msg: "Missing parameter: key 'image' not found in azure_vm" - when: azure_vm.image is not defined + msg: "Missing parameter: key 'image' not found in azure_virtual_machine_with_public_ip_vm" + when: azure_virtual_machine_with_public_ip_vm.image is not defined # Create resource group if not existing - name: Resource Group Does Not Exist -> Create Resource Group @@ -23,11 +23,11 @@ # If nic is not specified, assert virtual network exists and create default public ip & nic - name: Ensure default nic and default public ip - when: azure_vm.network_interfaces is undefined + when: azure_virtual_machine_with_public_ip_vm.network_interfaces is undefined block: - name: No network interface specified -> get virtual network info azure.azcollection.azure_rm_virtualnetwork_info: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" register: vnet_info - name: Ensure vnet exists @@ -37,15 +37,17 @@ - name: Create default public ip for default nic azure.azcollection.azure_rm_publicipaddress: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" name: "{{ vm_name }}" allocation_method: static - name: Create default nic with default security group and public ip ansible.builtin.include_role: - name: network_interface + name: cloud.azure_ops.azure_manage_network_interface vars: - azure_network_interface: + azure_manage_network_interface_operation: create + azure_manage_network_interface_resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" + azure_manage_network_interface_interface: name: "{{ vm_name }}" vnet_name: "{{ vnet_info.virtualnetworks[0].name }}" # This is how the azure_rm_virtualmachine module creates its default network interface - using the first vnet subnet_name: "{{ vnet_info.virtualnetworks[0].subnets[0].name }}" @@ -57,7 +59,7 @@ - name: Tag all autocreated resources for cleanup ansible.builtin.set_fact: - vm_tags: "{{ azure_vm.tags | default({}) | combine({'_own_pip_': vm_name}, {'_own_nic_': vm_name}, {'_own_nsg_': vm_name}) }}" + vm_tags: "{{ azure_virtual_machine_with_public_ip_tags | default({}) | combine({'_own_pip_': vm_name}, {'_own_nic_': vm_name}, {'_own_nsg_': vm_name}) }}" # Create/update availability set - name: Create availability set @@ -71,16 +73,16 @@ # Create/update VM - name: Create/Update VM azure.azcollection.azure_rm_virtualmachine: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" name: "{{ vm_name }}" - vm_size: "{{ azure_vm.size | default(omit) }}" - network_interfaces: "{{ azure_vm.network_interfaces | default(vm_name) }}" - os_type: "{{ azure_vm.os | default(omit) }}" - availability_set: "{{ azure_vm.availability_set | default(omit) }}" - image: "{{ azure_vm.image | default(omit) }}" - admin_username: "{{ azure_vm.admin_username | default(omit) }}" - admin_password: "{{ azure_vm.admin_password | default(omit) }}" - ssh_password_enabled: "{{ azure_vm.ssh_pw_enabled | default(omit) }}" - ssh_public_keys: "{{ azure_vm.ssh_public_keys | default(omit) }}" - data_disks: "{{ azure_vm.data_disks | default(omit) }}" - tags: "{{ vm_tags | default(azure_vm.tags | default(omit)) }}" + vm_size: "{{ azure_virtual_machine_with_public_ip_vm.size | default(omit) }}" + network_interfaces: "{{ azure_virtual_machine_with_public_ip_vm.network_interfaces | default(vm_name) }}" + os_type: "{{ azure_virtual_machine_with_public_ip_vm.os | default(omit) }}" + availability_set: "{{ azure_virtual_machine_with_public_ip_vm.availability_set | default(omit) }}" + image: "{{ azure_virtual_machine_with_public_ip_vm.image | default(omit) }}" + admin_username: "{{ azure_virtual_machine_with_public_ip_vm.admin_username | default(omit) }}" + admin_password: "{{ azure_virtual_machine_with_public_ip_vm.admin_password | default(omit) }}" + ssh_password_enabled: "{{ azure_virtual_machine_with_public_ip_vm.ssh_pw_enabled | default(omit) }}" + ssh_public_keys: "{{ azure_virtual_machine_with_public_ip_vm.ssh_public_keys | default(omit) }}" + data_disks: "{{ azure_virtual_machine_with_public_ip_vm.data_disks | default(omit) }}" + tags: "{{ vm_tags }}" diff --git a/roles/azure_virtual_machine_with_public_ip/tasks/main.yml b/roles/azure_virtual_machine_with_public_ip/tasks/main.yml index b827e17..04ba25c 100644 --- a/roles/azure_virtual_machine_with_public_ip/tasks/main.yml +++ b/roles/azure_virtual_machine_with_public_ip/tasks/main.yml @@ -1,55 +1,55 @@ --- - name: Check operation validation ansible.builtin.fail: - msg: Please provide operation as 'create', 'delete', 'power_on', 'power_off', 'deallocate', or 'restart' - when: operation not in ['create', 'delete', 'power_on', 'power_off', 'deallocate', 'restart'] + msg: Please provide azure_virtual_machine_with_public_ip_operation as 'create', 'delete', 'power_on', 'power_off', 'deallocate', or 'restart' + when: azure_virtual_machine_with_public_ip_operation not in ['create', 'delete', 'power_on', 'power_off', 'deallocate', 'restart'] - name: Ensure resource group is defined ansible.builtin.fail: - msg: Azure resource group name must be defined as azure_resource_group - when: azure_resource_group is not defined + msg: Azure resource group name must be defined as azure_virtual_machine_with_public_ip_resource_group + when: azure_virtual_machine_with_public_ip_resource_group is not defined - name: Ensure vm name is defined ansible.builtin.fail: - msg: "Missing parameter: key 'name' not found in azure_vm" - when: azure_vm.name is not defined + msg: "Missing parameter: key 'name' not found in azure_virtual_machine_with_public_ip_operation_vm" + when: azure_virtual_machine_with_public_ip_operation_vm.name is not defined - name: Replace invalid chars in name ansible.builtin.set_fact: - vm_name: "{{ azure_vm.name | regex_replace('[^a-zA-Z0-9]', '-') }}" + vm_name: "{{ azure_virtual_machine_with_public_ip_operation_vm.name | regex_replace('[^a-zA-Z0-9]', '-') }}" - name: Get resource group info azure.azcollection.azure_rm_resourcegroup_info: - name: "{{ azure_resource_group }}" + name: "{{ azure_virtual_machine_with_public_ip_resource_group }}" register: rg_info - name: Power Off VM azure.azcollection.azure_rm_virtualmachine: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" name: "{{ vm_name }}" started: false when: operation == 'power_off' - name: Deallocate VM azure.azcollection.azure_rm_virtualmachine: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" name: "{{ vm_name }}" allocated: false when: operation == 'deallocate' - name: Power On VM azure.azcollection.azure_rm_virtualmachine: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" name: "{{ vm_name }}" when: operation == 'power_on' - name: Restart VM azure.azcollection.azure_rm_virtualmachine: - resource_group: "{{ azure_resource_group }}" + resource_group: "{{ azure_virtual_machine_with_public_ip_resource_group }}" name: "{{ vm_name }}" restarted: true when: operation == 'restart' - name: Create or delete VM - ansible.builtin.include_tasks: "{{ operation }}.yml" + ansible.builtin.include_tasks: "{{ azure_virtual_machine_with_public_ip_operation }}.yml" when: operation in ['create', 'delete'] diff --git a/tests/integration/targets/test_azure_load_balancer_with_public_ip/aliases b/tests/integration/targets/test_azure_load_balancer_with_public_ip/aliases new file mode 100644 index 0000000..f1451c8 --- /dev/null +++ b/tests/integration/targets/test_azure_load_balancer_with_public_ip/aliases @@ -0,0 +1,3 @@ +cloud/azure +role/azure_load_balancer_with_public_ip +time=2m \ No newline at end of file diff --git a/tests/integration/targets/test_azure_load_balancer_with_public_ip/defaults/main.yml b/tests/integration/targets/test_azure_load_balancer_with_public_ip/defaults/main.yml new file mode 100644 index 0000000..9a91bdb --- /dev/null +++ b/tests/integration/targets/test_azure_load_balancer_with_public_ip/defaults/main.yml @@ -0,0 +1,7 @@ +--- +azure_load_balancer_with_public_ip_resource_group: "{{ resource_group }}" +azure_load_balancer_with_public_ip_tags: + resource_prefix: "{{ resource_prefix }}" +load_balancer_name: "{{ resource_prefix }}-load-balancer" +load_balancer_public_ip_name: "{{ resource_prefix }}-publicIP" +load_balancer_sku: 'Basic' \ No newline at end of file diff --git a/tests/integration/targets/test_azure_load_balancer_with_public_ip/tasks/main.yml b/tests/integration/targets/test_azure_load_balancer_with_public_ip/tasks/main.yml new file mode 100644 index 0000000..a015b4c --- /dev/null +++ b/tests/integration/targets/test_azure_load_balancer_with_public_ip/tasks/main.yml @@ -0,0 +1,83 @@ +--- +# Determine Azure Region +- name: Gather Resource Group info + azure.azcollection.azure_rm_resourcegroup_info: + name: "{{ resource_group }}" + register: __rg_info + +- name: Set Azure Region for azure_load_balancer_with_public_ip Role + ansible.builtin.set_fact: + azure_load_balancer_with_public_ip_region: "{{ __rg_info.resourcegroups.0.location }}" + +- name: Test Create and Delete Load Balancer + block: + # Test: Create Load Balancer + - name: Create Load Balancer with Public IP + ansible.builtin.include_role: + name: cloud.azure_ops.azure_load_balancer_with_public_ip + vars: + azure_load_balancer_with_public_ip_operation: create + azure_load_balancer_with_public_ip_load_balancer: + name: "{{ load_balancer_name }}" + public_ip_name: "{{ load_balancer_public_ip_name }}" + sku: "{{ load_balancer_sku }}" + + - name: Gather Load Balancer info + azure.azcollection.azure_rm_loadbalancer_info: + name: "{{ load_balancer_name }}" + resource_group: "{{ resource_group }}" + register: _loadbalancer + + - name: Ensure Load Balancer was created as expected + ansible.builtin.assert: + that: + - _loadbalancer.ansible_info.azure_loadbalancers | length == 1 + + - name: Gather Public IP info + azure.azcollection.azure_rm_publicipaddress_info: + name: "{{ load_balancer_public_ip_name }}" + resource_group: "{{ resource_group }}" + register: _publicip + + - name: Ensure Public IP was created + ansible.builtin.assert: + that: + - _publicip.publicipaddresses | length == 1 + + # Test: Delete Load Balancer + - name: Create Load Balancer with Public IP + ansible.builtin.include_role: + name: cloud.azure_ops.azure_load_balancer_with_public_ip + vars: + azure_load_balancer_with_public_ip_operation: delete + azure_load_balancer_with_public_ip_load_balancer: + name: "{{ load_balancer_name }}" + public_ip_name: "{{ load_balancer_public_ip_name }}" + sku: "{{ load_balancer_sku }}" + + - name: Ensure Load Balancer was deleted + azure.azcollection.azure_rm_loadbalancer_info: + name: "{{ load_balancer_name }}" + resource_group: "{{ resource_group }}" + register: _loadbalancer + failed_when: _loadbalancer.ansible_info.azure_loadbalancers | length > 0 + + - name: Ensure Public IP was deleted + azure.azcollection.azure_rm_publicipaddress_info: + name: "{{ load_balancer_public_ip_name }}" + resource_group: "{{ resource_group }}" + register: _publicip + failed_when: _publicip.publicipaddresses | length > 0 + + always: + - name: Delete Public IP + azure.azcollection.azure_rm_publicipaddress: + resource_group: "{{ resource_group }}" + name: "{{ load_balancer_public_ip_name }}" + state: absent + + - name: Delete Load Balancer + azure.azcollection.azure_rm_loadbalancer: + resource_group: "{{ resource_group }}" + name: "{{ load_balancer_name }}" + state: absent diff --git a/tests/integration/targets/test_azure_manage_network_interface/aliases b/tests/integration/targets/test_azure_manage_network_interface/aliases new file mode 100644 index 0000000..17a11c7 --- /dev/null +++ b/tests/integration/targets/test_azure_manage_network_interface/aliases @@ -0,0 +1,3 @@ +cloud/azure +role/azure_manage_network_interface +time=2m \ No newline at end of file diff --git a/tests/integration/targets/test_azure_manage_network_interface/defaults/main.yml b/tests/integration/targets/test_azure_manage_network_interface/defaults/main.yml new file mode 100644 index 0000000..cbbe828 --- /dev/null +++ b/tests/integration/targets/test_azure_manage_network_interface/defaults/main.yml @@ -0,0 +1,8 @@ +--- +network_interface_name: "{{ resource_prefix }}-nic" +network_interface_ip_config: + - name: "{{ resource_prefix }}-nic" + primary: true + public_ip_allocation_method: 'Dynamic' +network_interface_virtual_network: "{{ resource_prefix }}-nic-vnet" +network_interface_subnet: "{{ resource_prefix }}-nic-subnet" diff --git a/tests/integration/targets/test_azure_manage_network_interface/tasks/main.yml b/tests/integration/targets/test_azure_manage_network_interface/tasks/main.yml new file mode 100644 index 0000000..e10d2dd --- /dev/null +++ b/tests/integration/targets/test_azure_manage_network_interface/tasks/main.yml @@ -0,0 +1,87 @@ +--- +- name: Ensure Network interface does not already exists + azure.azcollection.azure_rm_networkinterface_info: + name: "{{ network_interface_name }}" + resource_group: "{{ resource_group }}" + register: __interfaces + failed_when: __interfaces.networkinterfaces | length > 0 + +- name: Test role cloud.azure_ops.azure_manage_network_interface + block: + - name: Create Virtual network + azure.azcollection.azure_rm_virtualnetwork: + name: "{{ network_interface_virtual_network }}" + address_prefixes_cidr: + - 10.1.0.0/24 + resource_group: "{{ resource_group }}" + + - name: Create azure subnet + azure.azcollection.azure_rm_subnet: + name: "{{ network_interface_subnet }}" + virtual_network: "{{ network_interface_virtual_network }}" + address_prefix_cidr: 10.1.0.0/26 + resource_group: "{{ resource_group }}" + + # Test: create Network interface + - name: Create security group with required rules + ansible.builtin.include_role: + name: cloud.azure_ops.azure_manage_network_interface + vars: + azure_manage_network_interface_operation: create + azure_manage_network_interface_resource_group: "{{ resource_group }}" + azure_manage_network_interface_interface: + name: "{{ network_interface_name }}" + vnet_name: "{{ network_interface_virtual_network }}" + subnet_name: "{{ network_interface_subnet }}" + ip_configurations: "{{ network_interface_ip_config }}" + + - name: Gather Network interface info + azure.azcollection.azure_rm_networkinterface_info: + name: "{{ network_interface_name }}" + resource_group: "{{ resource_group }}" + register: __interfaces + + - name: Ensure Network interface has been created + ansible.builtin.assert: + that: + - __interfaces.networkinterfaces | length == 1 + - __interfaces.networkinterfaces.0.subnet == network_interface_subnet + - __interfaces.networkinterfaces.0.virtual_network.name == network_interface_virtual_network + - __interfaces.networkinterfaces.0.ip_configurations | length == network_interface_ip_config | length + + # Delete Network interface + - name: Create security group with required rules + ansible.builtin.include_role: + name: cloud.azure_ops.azure_manage_network_interface + vars: + azure_manage_network_interface_operation: delete + azure_manage_network_interface_resource_group: "{{ resource_group }}" + azure_manage_network_interface_interface: + name: "{{ network_interface_name }}" + vnet_name: "{{ network_interface_virtual_network }}" + subnet_name: "{{ network_interface_subnet }}" + + - name: Gather Network interface info + azure.azcollection.azure_rm_networkinterface_info: + name: "{{ network_interface_name }}" + resource_group: "{{ resource_group }}" + register: __interfaces + + - name: Ensure Network interface was created + ansible.builtin.assert: + that: + - __interfaces.networkinterfaces | length == 0 + + always: + - name: Delete Subnet + azure.azcollection.azure_rm_subnet: + name: "{{ network_interface_subnet }}" + virtual_network: "{{ network_interface_virtual_network }}" + resource_group: "{{ resource_group }}" + state: absent + + - name: Delete Virtual network + azure.azcollection.azure_rm_virtualnetwork: + name: "{{ network_interface_virtual_network }}" + resource_group: "{{ resource_group }}" + state: absent diff --git a/tests/integration/targets/test_azure_manage_security_group/aliases b/tests/integration/targets/test_azure_manage_security_group/aliases new file mode 100644 index 0000000..add0214 --- /dev/null +++ b/tests/integration/targets/test_azure_manage_security_group/aliases @@ -0,0 +1,3 @@ +cloud/azure +role/azure_manage_security_group +time=1m \ No newline at end of file diff --git a/tests/integration/targets/test_azure_manage_security_group/defaults/main.yml b/tests/integration/targets/test_azure_manage_security_group/defaults/main.yml new file mode 100644 index 0000000..d0f9795 --- /dev/null +++ b/tests/integration/targets/test_azure_manage_security_group/defaults/main.yml @@ -0,0 +1,24 @@ +--- +security_group_name: "{{ resource_prefix }}-sg" +security_group_rules: + - name: 'allow_ssh' + protocol: Tcp + destination_port_range: + - 22 + access: Allow + priority: 100 + direction: Inbound + - name: 'allow_http_traffic' + protocol: Tcp + destination_port_range: + - 80 + access: Allow + priority: 101 + direction: Inbound + - name: 'allow_https_traffic' + protocol: Tcp + destination_port_range: + - 80 + access: Allow + priority: 102 + direction: Inbound diff --git a/tests/integration/targets/test_azure_manage_security_group/tasks/main.yml b/tests/integration/targets/test_azure_manage_security_group/tasks/main.yml new file mode 100644 index 0000000..975db29 --- /dev/null +++ b/tests/integration/targets/test_azure_manage_security_group/tasks/main.yml @@ -0,0 +1,97 @@ +--- +- name: Validate that Security Group does not exist + azure.azcollection.azure_rm_securitygroup_info: + resource_group: "{{ resource_group }}" + name: "{{ security_group_name }}" + register: sg_info + failed_when: sg_info.securitygroups | length > 0 + +# Test: Create Security Group +- name: Create security group with required rules + ansible.builtin.include_role: + name: cloud.azure_ops.azure_manage_security_group + vars: + azure_manage_security_group_operation: create + azure_manage_security_group_resource_group: "{{ resource_group }}" + azure_manage_security_group_security_group: + name: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + +- name: Get Security Group + azure.azcollection.azure_rm_securitygroup_info: + resource_group: "{{ resource_group }}" + name: "{{ security_group_name }}" + register: sg_info + +- name: Assert that resource group was created with required rules + ansible.builtin.assert: + that: + - sg_info.securitygroups | length == 1 + - sg_info.securitygroups.0.properties.securityRules | map(attribute='name') | list | sort == security_group_rules | map(attribute='name') | list | sort + +# Test: Remove Security Group rule +- name: Remove some Rules from Security Group + ansible.builtin.include_role: + name: cloud.azure_ops.azure_manage_security_group + vars: + azure_manage_security_group_operation: create + azure_manage_security_group_resource_group: "{{ resource_group }}" + azure_manage_security_group_security_group: + name: "{{ security_group_name }}" + rules_to_remove: + - "{{ security_group_rules.0.name }}" + +- name: Get Security Group + azure.azcollection.azure_rm_securitygroup_info: + resource_group: "{{ resource_group }}" + name: "{{ security_group_name }}" + register: sg_info + +- name: Assert that resource group was created with required rules + ansible.builtin.assert: + that: + - sg_info.securitygroups | length == 1 + - sg_info.securitygroups.0.properties.securityRules | map(attribute='name') | list | sort == security_group_rules | map(attribute='name') | difference([security_group_rules.0.name]) | list | sort + +# Test: Purge Rules +- name: Purge Security Group rules + ansible.builtin.include_role: + name: cloud.azure_ops.azure_manage_security_group + vars: + azure_manage_security_group_operation: create + azure_manage_security_group_resource_group: "{{ resource_group }}" + azure_manage_security_group_security_group: + name: "{{ security_group_name }}" + purge_rules: true + +- name: Get Security Group + azure.azcollection.azure_rm_securitygroup_info: + resource_group: "{{ resource_group }}" + name: "{{ security_group_name }}" + register: sg_info + +- name: Assert that resource group was created with required rules + ansible.builtin.assert: + that: + - sg_info.securitygroups | length > 0 + +# Test: Delete Security Group Rules +- name: Delete Security Group + ansible.builtin.include_role: + name: cloud.azure_ops.azure_manage_security_group + vars: + azure_manage_security_group_operation: delete + azure_manage_security_group_resource_group: "{{ resource_group }}" + azure_manage_security_group_security_group: + name: "{{ security_group_name }}" + +- name: Get Security Group + azure.azcollection.azure_rm_securitygroup_info: + resource_group: "{{ resource_group }}" + name: "{{ security_group_name }}" + register: sg_info + +- name: Assert that resource group was created with required rules + ansible.builtin.assert: + that: + - sg_info.securitygroups | length == 0 \ No newline at end of file diff --git a/tox.ini b/tox.ini index d78a112..89e81b1 100644 --- a/tox.ini +++ b/tox.ini @@ -5,8 +5,8 @@ skipsdist = True [testenv:ansible-lint] ; There is currently a bug in ansible-lint 6.8.6: https://github.com/ansible/ansible-lint/issues/2673 deps = - ansible-lint==6.8.4 -commands = ansible-lint --profile production --format pep8 --nocolor --strict --write {toxinidir}/playbooks {toxinidir}/roles {toxinidir}/molecule + ansible-lint==v6.17.2 +commands = ansible-lint --show-relpath [testenv:linters] deps = yamllint