forked from wzzrd/automates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_azure_instances.yml
144 lines (127 loc) · 4.48 KB
/
create_azure_instances.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
---
- name: create instance(s) on azure
hosts: localhost
gather_facts: no
tasks:
- name: create resource group
azure_rm_resourcegroup:
name: automates2019
tags:
event: automates2019
location: westeurope
state: present
- name: create network
azure_rm_virtualnetwork:
resource_group: automates2019
name: automates2019
address_prefixes: "10.0.0.0/16"
tags:
event: automates2019
state: present
- name: create subnet
azure_rm_subnet:
resource_group: automates2019
virtual_network_name: automates2019
name: automates2019
address_prefix_cidr: "10.0.1.0/24"
- name: create public ip address
azure_rm_publicipaddress:
resource_group: automates2019
name: automates2019
tags:
event: automates2019
state: present
- name: create nsg that allows ssh and http
azure_rm_securitygroup:
resource_group: automates2019
name: automates2019
tags:
event: automates2019
rules:
- name: SSH
protocol: Tcp
destination_port_range: 22
access: Allow
priority: 1001
direction: Inbound
- name: HTTP
protocol: Tcp
destination_port_range: 80
access: Allow
priority: 1002
direction: Inbound
- name: create virtual network interface card
azure_rm_networkinterface:
resource_group: automates2019
name: automates2019
virtual_network: automates2019
subnet: automates2019
public_ip_name: automates2019
security_group: automates2019
tags:
event: automates2019
- name: Create VM
azure_rm_virtualmachine:
resource_group: automates2019
name: automates2019azure
vm_size: Standard_DS1_v2
admin_username: maxim
ssh_password_enabled: no
ssh_public_keys:
- path: /home/maxim/.ssh/authorized_keys
key_data: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy1QtNy21ILU3OjY0vgGCFYB5EWZLOwCMe4GqTjFfeVDvBgbQzHmf9OHMcoTreUWnPxgZa2frwzFgzamJl978ixWxPKpeNI9qQ1BO9ZBbg5YGVIYrNFFiw0j2B1mOx4u3tn1ntIW3cAJuOmFSI6U6NZy8JRGmkIvxjBzSqPTTUNfDNGtk00XiwrDHD69e0Zn5sX9W7ERf0QsWGK0tlj2YnaOty2MsRia96OgqGO+oqd6FggmIwPIb+2S0RghQLSRLyWFMKY68zZwugSLkl9r/TSrHPgJjGMWaIX1LyO8SbGrLToL7Cg0ptQrhosz1T2+zcdc+Z6fppTB2lF3cvF92b [email protected]"
network_interfaces: automates2019
tags:
event: automates2019
image:
offer: RHEL
publisher: RedHat
sku: '8'
version: latest
register: azure
- name: show me the azure variable
debug:
var: azure
verbosity: 2
- name: set public_ip fact
set_fact:
public_ip: "{{ azure.ansible_facts.azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress }}"
- name: show me the natIP variable
debug:
var: public_ip
verbosity: 2
- name: add new hosts to tmpgroup
add_host:
name: "{{ public_ip }}"
groups: tmpgroup
- name: check connectivity
hosts: tmpgroup
remote_user: maxim
become: yes
gather_facts: no
tasks:
- name: wait for instances to come up
wait_for_connection:
delay: 10
- name: create ansible user
user:
name: ansible
groups: wheel
append: yes
uid: 1010
state: present
- name: inject ssh key
authorized_key:
user: ansible
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy1QtNy21ILU3OjY0vgGCFYB5EWZLOwCMe4GqTjFfeVDvBgbQzHmf9OHMcoTreUWnPxgZa2frwzFgzamJl978ixWxPKpeNI9qQ1BO9ZBbg5YGVIYrNFFiw0j2B1mOx4u3tn1ntIW3cAJuOmFSI6U6NZy8JRGmkIvxjBzSqPTTUNfDNGtk00XiwrDHD69e0Zn5sX9W7ERf0QsWGK0tlj2YnaOty2MsRia96OgqGO+oqd6FggmIwPIb+2S0RghQLSRLyWFMKY68zZwugSLkl9r/TSrHPgJjGMWaIX1LyO8SbGrLToL7Cg0ptQrhosz1T2+zcdc+Z6fppTB2lF3cvF92b [email protected]"
state: present
- name: change sudoers file, uncomment nopasswd line for wheel
lineinfile:
dest: /etc/sudoers
regexp: '^#\s*\%wheel\s*ALL=\(ALL\)\s*NOPASSWD:\s*ALL.*$'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
- name: change sudoers file, comment out plain wheel line
lineinfile:
dest: /etc/sudoers
regexp: '^\%wheel\s*ALL=\(ALL\)\s*ALL.*$'
line: '#%wheel ALL=(ALL) ALL'