├── README.md ├── configure-app-and-lb.yaml ├── configure-app.yaml ├── configure-f5.yaml ├── deploy-app-gateway.yaml ├── hosts ├── provision-aks.yaml ├── provision-kubernetes-application.yaml ├── provision-vm.yaml └── roles ├── azure-aks ├── README.md ├── defaults │ └── main.yaml ├── handlers │ └── main.yml └── tasks │ └── main.yaml ├── azure-app-gw ├── README.md ├── defaults │ └── main.yaml ├── files │ └── self-signed-cert.txt ├── handlers │ └── main.yml └── tasks │ └── main.yaml ├── azure-backup ├── README.md ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-boot-diagnostics ├── README.md ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-f5 ├── README.md ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-linux-configure-disk ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-monitoring ├── README.md ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-nginx ├── README.md ├── defaults │ └── main.yaml ├── handlers │ └── main.yml └── tasks │ └── main.yaml ├── azure-provision-vm-linux ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-provision-vm-windows ├── defaults │ └── main.yaml └── tasks │ └── main.yaml ├── azure-vm-disk ├── defaults │ └── main.yaml └── tasks │ └── main.yaml └── kubernetes ├── README.md ├── defaults └── main.yaml ├── handlers └── main.yml └── tasks └── main.yaml /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Azure Roles and Playbooks 2 | 3 | This repository contains Ansible Azure Roles and Playbooks. 4 | 5 | Must define the following variables: 6 | 7 | ``` 8 | 9 | vm_name: # eg: windows-vm-test 10 | vm_image: # eg: WIN_2016 11 | os_type: # eg: Windows 12 | 13 | # General 14 | resource_group: 15 | location: # eg: eastus2 16 | 17 | # VM Provisioning 18 | vm_size: # eg: Standard_A2_v2 19 | admin_username: 20 | admin_password: # Required for Windows 21 | 22 | # If Linux 23 | ssh_password_enabled: false 24 | ssh_public_keys: 25 | - path: 26 | key_data: 27 | 28 | # Network 29 | virtual_network_name: # eg: VN-NET1 30 | subnet_name: # eg: SN-NET1 31 | address_prefixes: 32 | - 10.0.0.0/24 33 | # Storage 34 | storage_account_name: 35 | managed_disk_type: # eg: Standard_LRS 36 | os_disk_size_gb: # eg: 32 . Consider the minimum size for Windows. 37 | 38 | # Diagnostics Storage Accounts 39 | diagnostic_storage_account_name: 40 | diagnostic_storage_account_id: # eg: /subscriptions/f5bd840e-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xx-xxxxxx/providers/Microsoft.Storage/storageAccounts/xx-xxxx 41 | 42 | # VM Image 43 | vm_image: RHEL_7 # Picks from the images listed in azure-provision-vm-linux/defaults/main.yaml 44 | 45 | # Default VM Tags. Override in the playbook. 46 | tags: 47 | purpose: vm-gp 48 | 49 | ``` 50 | -------------------------------------------------------------------------------- /configure-app-and-lb.yaml: -------------------------------------------------------------------------------- 1 | - hosts: test-linux-1 2 | become: yes 3 | tasks: 4 | - include_role: 5 | name: azure-linux-configure-disk 6 | - include_role: 7 | name: azure-nginx 8 | 9 | - hosts: test-linux-1 10 | tasks: 11 | - include_role: 12 | name: azure-f5 13 | -------------------------------------------------------------------------------- /configure-app.yaml: -------------------------------------------------------------------------------- 1 | - hosts: test-linux-1 2 | become: yes 3 | tasks: 4 | - include_role: 5 | name: azure-linux-configure-disk 6 | - include_role: 7 | name: azure-nginx 8 | -------------------------------------------------------------------------------- /configure-f5.yaml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | tasks: 3 | - include_role: 4 | name: azure-f5 5 | vars: 6 | state: present 7 | -------------------------------------------------------------------------------- /deploy-app-gateway.yaml: -------------------------------------------------------------------------------- 1 | - name: Provision Applicate Gateway for Ansible Tower 2 | hosts: localhost 3 | tasks: 4 | - include_role: 5 | name: azure-app-gw 6 | -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | localhost ansible_connection=local 2 | -------------------------------------------------------------------------------- /provision-aks.yaml: -------------------------------------------------------------------------------- 1 | - name: Provision Managed AKS Cluster on Azure 2 | hosts: localhost 3 | tasks: 4 | - include_role: 5 | name: azure-aks 6 | -------------------------------------------------------------------------------- /provision-kubernetes-application.yaml: -------------------------------------------------------------------------------- 1 | - name: Provision Kubernetes Application 2 | hosts: localhost 3 | tasks: 4 | - include_role: 5 | name: kubernetes 6 | -------------------------------------------------------------------------------- /provision-vm.yaml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | tasks: 3 | - include_role: 4 | name: azure-provision-vm-windows 5 | when: os_type == 'Windows' 6 | - include_role: 7 | name: azure-provision-vm-linux 8 | when: os_type == 'Linux' 9 | 10 | - include_role: 11 | name: azure-boot-diagnostics 12 | when: enable_boot_diagnostics | default(false) 13 | 14 | - include_role: 15 | name: azure-monitoring 16 | when: enable_monitoring | default(false) 17 | 18 | - include_role: 19 | name: azure-backup 20 | when: enable_backup | default(false) 21 | 22 | - include_role: 23 | name: azure-vm-disk 24 | when: add_disk | default(false) 25 | -------------------------------------------------------------------------------- /roles/azure-aks/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-aks 2 | 3 | ## Provision AKS Cluster 4 | 5 | Pre-Requisite: 6 | Create Service Principal 7 | 8 | `az ad sp create-for-rbac --skip-assignment` 9 | 10 | Retreive client_id (appId) and client_secret(password) 11 | 12 | ``` 13 | { 14 | "appId": "559513bd-0c19-4c1a-87cd-851a26afd5fc", 15 | "displayName": "azure-cli-2019-03-04-21-35-28", 16 | "name": "http://azure-cli-2019-03-04-21-35-28", 17 | "password": "e763725a-5eee-40e8-a466-dc88d980f415", 18 | "tenant": "72f988bf-86f1-41af-91ab-2d7cd011db48" 19 | } 20 | ``` 21 | 22 | ## variables 23 | 24 | ``` 25 | dns_prefix: aks-test 26 | aks_admin_username: mannambm 27 | aks_ssh_key: "ssh-rsa ....c4YzgAWzjTjt4N7 mannambm@5CG7155TJH" 28 | service_principal: 29 | client_id: "559513bd-0c19-4c1a-87cd-851a26afd5fc" 30 | client_secret: "e763725a-5eee-40e8-a466-dc88d980f415" 31 | ``` 32 | -------------------------------------------------------------------------------- /roles/azure-aks/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-aks/defaults/main.yaml -------------------------------------------------------------------------------- /roles/azure-aks/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: start nginx 2 | service: name=nginx state=started 3 | -------------------------------------------------------------------------------- /roles/azure-aks/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Create a managed Azure Container Services (AKS) instance 2 | azure_rm_aks: 3 | name: "{{ vm_name }}" 4 | location: "{{ location }}" 5 | resource_group: "{{ resource_group }}" 6 | dns_prefix: "{{ dns_prefix }}" 7 | linux_profile: 8 | admin_username: "{{ aks_admin_username }}" 9 | ssh_key: "{{ aks_ssh_key }}" 10 | service_principal: "{{ service_principal }}" 11 | agent_pool_profiles: 12 | - name: default 13 | count: 2 14 | vm_size: "{{ vm_size }}" 15 | tags: 16 | Environment: Testing 17 | register: aks_results 18 | 19 | - name: Print aks_results 20 | debug: 21 | msg: "{{ aks_results }}" 22 | -------------------------------------------------------------------------------- /roles/azure-app-gw/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-app-gw 2 | 3 | ## Provision Application Gateway 4 | 5 | **Pre-Requisites:** 6 | 7 | The Application Gateway requires an empty subnet in the same Virtual Network as the target systems. The default subnet took up all the address space in the virtual network. So I had to create a new address space for the App Gateway and create new subnet using that. 8 | 9 | The Application Gateway also requires certificates for SSL Termination. I created a self-signed certificate following the below steps: 10 | 11 | ``` 12 | openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.key -out certificate.crt 13 | 14 | openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt 15 | 16 | cat certificate.pfx | base64 17 | ``` 18 | 19 | Inputs: 20 | 21 | 1. **Backend Addresses:** The internal private addresses of the Ansible Tower instances. 22 | 2. **Subnet ID:** The subnet ID of the subnet created for Application Gateway. eg: `/subscriptions/e2fXXXX-XXXX-XXXX-XXXX-XXXXX092f4/resourceGroups/rg-ansible/providers/Microsoft.Network/virtualNetworks/vn-bastion-ansible/subnets/app-gw-subnet`. 23 | 3. **Certificate Data:** Base-64 encoded pfx certificate 24 | 25 | > Note: Sometimes it may take up to 20 minutes for the Application Gateway to be provisioned. 26 | 27 | ``` 28 | app_gateway_name: test-app-gw-18 29 | public_ip_address: app_gw_public_ip_18 30 | subnet_id: /subscriptions/e2fXXXX-XXXX-XXXX-XXXX-XXXXX092f4/resourceGroups/rg-ansible/providers/Microsoft.Network/virtualNetworks/vn-bastion-ansible/subnets/app-gw-subnet 31 | backend_addresses: 32 | - ip_address: 10.191.0.5 33 | - ip_address: 10.191.0.6 34 | - ip_address: 10.191.0.7 35 | ``` 36 | -------------------------------------------------------------------------------- /roles/azure-app-gw/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-app-gw/defaults/main.yaml -------------------------------------------------------------------------------- /roles/azure-app-gw/files/self-signed-cert.txt: -------------------------------------------------------------------------------- 1 | MIIJoQIBAzCCCWcGCSqGSIb3DQEHAaCCCVgEgglUMIIJUDCCBAcGCSqGSIb3DQEHBqCCA/gwggP0 2 | AgEAMIID7QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIaFpXbxNkHgACAggAgIIDwE3886I3 3 | fiVwoJxr+CJmgw4B1/SShQJ+9qfYM5KsZwz2k892ZSPEJ1rjjXL9BQYPoJwvCi9ImEgZO+HuqbXv 4 | MwgkxuXvdTMz9VryOI1quJrHLKU4wW4UQlbo3mAE0E68fXNVyJ1rURG7yxLClTHJykt1ksZZ+RGG 5 | r6DSATeeba3bDDDP6wmj+z8Vk3oHH131veeNVlZTIiCLlsLfxzmd80BejUnxb/6SDDaJ5Ha6Pd2u 6 | nFJt22IoK/nG+/ObD8ghaWqDRt1QO9s6bxUDoyhceaIkZI8+lGeLYNecKB5yA0+fO+DhCx7YKNa2 7 | RYUJOIDLO4DqqtfSIkmhRlPko0XRxTVM3jYk9rkn9IprzLEfc6RLlA1uyB96Ml/W0OWYQJB71JpB 8 | 8+jhFGL63JDq/R9JQF+pDYTJvN5MJV4fmVpeEhaCwGSkWYeDI+t8nnm+MUerirZu7H1OoYcSCw2F 9 | xAPINjzO2Gnh8fOqxoQJjmSLaUBRjY3+347ZOZy/KgmEB3Puo0zR60DRB0INxl64dojgqf0OqWda 10 | tcVAGQxxrpRRPkEs1nOOr8g5wMjYHizpJQfEqqM7wDjsKnmm+uPqfRx+Sm0takIlyKW6ZEQ4Y3kx 11 | bLlXzzFUJCTFw912EYhCwxc4bn1AFpnGRLZ5THlkq+1es/WHhmeHan7cuT+N3xXPxLdmbcKttrEs 12 | I9BtbBG50CE8Uvu3+ilxwXFiz0FcE+yK7s3ZdhlDmvbx5JS1RZckPPSDTUJG1OuA+46NqB3wdrhM 13 | ILrljxypGR/9ISxiykVdkc5+3xaUJCxElufJAgFoQsNIeduwip80u0Z7xSG2NkMK6s93To0trZlk 14 | AzoHC1nwTeng8kvBT67JlHLA4QI6o4GfB221rv5pFZ234+AqwWSM+k6D30bXU4iLwAibXDGj+viR 15 | oXCv0SvzZwlxIBocWnVDhpxrW/nOEtScAEvQnlWbVg67J5KR5/bIkkHQG1FgkEMdiGhexqKXMFaf 16 | CPVP6H/859ho9X8xpHX5JuTkdU/VE1QyQm7CqNb/58DqCD4uiPXJmDzpW5uUd6aPuRJntBtWFCGi 17 | Cn/gyMWzKxAox+T1zSYyR7Y38/m3xgRcm6yOkZSzvpUDjoy3CZqQNoAPkt0IgEEdfBMCy2YllDll 18 | kx/3A3EtWFZfufNzxKFE85+sFDZk8oz50AIQ8mHmRG0xQ83Qb7tgoudQF6Dc2lUnSNg0f7jqMIiF 19 | N89f4VqFtLO2AUgu32weGUwtIBehOK5Z5Otq8khMBQgaRz40KQObqvxO5jCCBUEGCSqGSIb3DQEH 20 | AaCCBTIEggUuMIIFKjCCBSYGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAiP 21 | jkBeu/i+rwICCAAEggTIr1gzpCX5pFYt6g0W+bdnw4uEN5AQdO51wAaWt3PknfzNzhK8zl+vrhGn 22 | Uu+JrHyzstzskMLxVgTn6isX1wBbUTc8NtwEjDhAQn2qCHyQDYRN/xtz6MbCO6N5mve7Jho1+V8w 23 | ZNZnVm5OH/bC0bMLn+cgcjYkgk31M5OXvw4hqw2FkdygKKXMdpglHOSr5CYON06CZ9ZFIPzViM/f 24 | eQJqZvAlUppHbrk98PwQtNpGfL7xzhKL2qjlYyl9B5nKbMJdlGIlvkv/Vy958xRBTlZxnKP/PU9J 25 | GHKCBzkBAHurycuOOvatxuTZeS+KlQ8z/5WvRRXEXDJRvsgqu8x8nlotZoY9FWS4bxpqTTegUuEh 26 | F6ZPPcRbEWzN+8kVC0j2TAvLdqU2faaeOphb4hVcsAOqcEXd9USdN14dES2Z4cy9zN2LBu67uLah 27 | maSR9iK7WoR20JCrGBXb13c3UJ9zklXpn0JJoPXBjGvzf129VVL02V7JdWVsGUnq35gpULAyHDCT 28 | qnqNbjkareRUAGyRz6iDqIOH0DjXJr0Z1YOAqxbuPRuZO0bc9KoPNNQ2oCNuS0Q5lkmigmM+rC9a 29 | WwEHbRCNz83S6Z80/AkgVd4w5nWi7lu2Y61KPgiRhgtF0LTwoYv8h+ruYAk1x5iapc7vYrFqQDED 30 | /dicYRUnOedapbR65SV+OnO7wzQt2LKB/RthWmSeJKd1liaGLffRnxZEkRyzcQnZF+IDkVPox0wx 31 | 6W4+5K6AjFom27CuQf3vh1JcrgSPEVNKRxU8yG9Jg5gl06hpmeHpUsAdRrCmFmt0R3W5S8dJKt2z 32 | G1UpGZia9Xv3LDJnGJqIom/Dt4+ta7+jDkPsfXWMX1apMpK80bke3q75458RhwZLdonf7MWW2ta3 33 | l8kMrAvzc3DE5y1TvNZA3j9KX9K6JivAYTDhKIhTmYBL4mwA38YGbau3HHXL1KJe57oiHN1vVSL3 34 | qqXgwgG4kRqHTNB/TGZeKVOttxKwsoYHFBLwsUMFyOOBeKVYN0LlI9eWlXt7HwsX1yeJm9bSkBLc 35 | 2VmE27Lb+fK1x5CQpghhxiq50u1Lr+wBSh8697fena7TGPATC66Z6iwhvTCKpyY3jyrUUrv3IN2w 36 | gRvMGgz1C26PNCQFPFZL+GMMD6Is7Pr+91TPdVMbzEPUq8wtGEpCModeD62pO+1B9uRNkFxjHJKN 37 | bCTxjK0sVMnUAEBouk4yrDMCWpqJeccjLFXahpUd47GA3XZ8aJOwrctRLe/R4KIi7ksfSL2QbWHv 38 | H5kLOKpe1cg0XVDYsMqh2yTi5kHFqf360KxjuFOB9AZ445F/+Erz4s/f+2MlumUravTOXe2zplNS 39 | Qm2qG7cZ6NbL/KkKh61/mUhkdhea8fcgQ8z3iuukbXvbvaQxvLEkZa8bipPCKp2Cu8hP0FjTeF9O 40 | sih9HGln8uUwtFIgnNaTJOdiqEpRhSUe6sXC16wRjCR+ZBnLbRLWBrJq3t5l+4pBwEag+VY3SEj7 41 | 2TLTxFjzXR4Igcw8V4T5v7l7LRGV2ph/zlTNq453k0rN6OFspXUagRNhBjvkTFCPj2/FdQCw64ol 42 | G6KYhDg1yrCFYUL8+iXnMFFpwA49EFn5+d03cCoudJWlitDdVxxOdssRMSUwIwYJKoZIhvcNAQkV 43 | MRYEFDqqBTDbHC3o+HiRJ6ehFZbDiZQAMDEwITAJBgUrDgMCGgUABBRBOW+lEP6a5eCJioxw2lhd 44 | jxWI0wQIf5tYF/vPDCkCAggA 45 | -------------------------------------------------------------------------------- /roles/azure-app-gw/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-app-gw/handlers/main.yml -------------------------------------------------------------------------------- /roles/azure-app-gw/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Create a public ip address 2 | azure_rm_publicipaddress: 3 | resource_group: "{{ resource_group }}" 4 | name: "{{ public_ip_address }}" 5 | allocation_method: Dynamic # Application Gateway with SKU tier Standard can only reference a PublicIPAddress with IpAllocationMethod as Dynamic 6 | register: public_ip_details 7 | 8 | - name: Create instance of Application Gateway 9 | register: app_gateway_results 10 | azure_rm_appgateway: 11 | resource_group: "{{ resource_group }}" 12 | name: "{{ app_gateway_name }}" 13 | sku: 14 | name: standard_small 15 | tier: standard 16 | capacity: 2 17 | gateway_ip_configurations: 18 | - subnet: 19 | id: ""{{ subnet_id }}"" 20 | name: "{{ app_gateway_name }}_ip_config" 21 | frontend_ip_configurations: 22 | - name: "{{ app_gateway_name }}_frontend_ip_config" 23 | public_ip_address: "{{ public_ip_address }}" 24 | frontend_ports: 25 | - port: 443 26 | name: "{{ app_gateway_name }}_frontend_port" 27 | backend_address_pools: 28 | - backend_addresses: "{{ backend_addresses }}" 29 | name: "{{ app_gateway_name }}_backend_address_pool" 30 | backend_http_settings_collection: 31 | - port: 80 32 | protocol: http 33 | cookie_based_affinity: disabled 34 | name: "{{ app_gateway_name }}_http_settings" 35 | http_listeners: 36 | - frontend_ip_configuration: "{{ app_gateway_name }}_frontend_ip_config" 37 | frontend_port: "{{ app_gateway_name }}_frontend_port" 38 | protocol: https 39 | ssl_certificate: "{{ app_gateway_name }}_ssl_cert" 40 | name: "{{ app_gateway_name }}_http_listener" 41 | ssl_certificates: 42 | - name: "{{ app_gateway_name }}_ssl_cert" 43 | data: "{{ lookup('file', 'files/self-signed-cert.txt') }}" 44 | request_routing_rules: 45 | - rule_type: Basic 46 | backend_address_pool: "{{ app_gateway_name }}_backend_address_pool" 47 | backend_http_settings: "{{ app_gateway_name }}_http_settings" 48 | http_listener: "{{ app_gateway_name }}_http_listener" 49 | name: "{{ app_gateway_name }}_rule" 50 | 51 | - name: Get Application Gateway Details 52 | azure_rm_resource_facts: 53 | # url: "/subscriptions/e2f9cf00-5995-4d25-8080-38707dd092f4/resourceGroups/rg-ansible/providers/Microsoft.Network/applicationGateways/"{{ app_gateway_name }}"" 54 | resource_group: "{{ resource_group }}" 55 | provider: Network 56 | resource_type: applicationGateways 57 | resource_name: "{{ app_gateway_name }}" 58 | api_version: "2018-11-01" 59 | register: app_gateway_details 60 | 61 | - name: Print app_gateway_details 62 | debug: 63 | msg: "{{ app_gateway_details }}" 64 | 65 | - name: Get facts for one Public IP 66 | azure_rm_publicipaddress_facts: 67 | resource_group: "{{ resource_group }}" 68 | name: "{{ public_ip_address }}" 69 | register: public_ip_details 70 | 71 | - name: Print public_ip_details 72 | debug: 73 | msg: "{{ public_ip_details.ansible_facts.azure_publicipaddresses[0].properties.ipAddress }}" 74 | -------------------------------------------------------------------------------- /roles/azure-backup/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-backup 2 | 3 | **Research:** No option available with the default `azure_rm_virtualmachine` ansible module to enbale backup. No ansible modules found that can support this natively. 4 | 5 | **Pending**: Look into backup agent installation on the VM 6 | 7 | Also look at ARM Template Creations with Backup enabled. 8 | 9 | Azure CLI: 10 | 11 | ``` 12 | az backup protection enable-for-vm \ 13 | --resource-group myResourceGroup \ 14 | --vault-name myRecoveryServicesVault \ 15 | --vm $(az vm show -g VMResourceGroup -n MyVm --query id | tr -d '"') \ 16 | --policy-name DefaultPolicy 17 | ``` 18 | 19 | Azure Rest API: https://docs.microsoft.com/en-us/rest/api/backup/protecteditems/createorupdate#enable_protection_on_azure_iaasvm 20 | 21 | **Required Inputs**: 22 | - *backup_recovery_vault:* Recovery Services Vault name 23 | - *backup_policy_name:* Backup Policy name 24 | -------------------------------------------------------------------------------- /roles/azure-backup/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | backup_recovery_vault: SS-EastUS2-Backup 2 | backup_policy_name: DefaultPolicy 3 | -------------------------------------------------------------------------------- /roles/azure-backup/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Get Backup Vault Details 2 | tags: 3 | - "get-backup-vault-details" 4 | - "get-backup-protectable-items" 5 | - "enable-backup" 6 | azure_rm_resource_facts: 7 | resource_group: "{{ resource_group }}" 8 | provider: recoveryservices 9 | resource_type: vaults 10 | resource_name: "{{ backup_recovery_vault }}" 11 | api_version: "2016-12-01" 12 | register: backup_vault_info 13 | 14 | - name: Get Backup Policy Details 15 | tags: 16 | - "get-backup-policy-details" 17 | - "enable-backup" 18 | azure_rm_resource_facts: 19 | resource_group: "{{ resource_group }}" 20 | provider: recoveryservices 21 | resource_type: vaults 22 | resource_name: "{{ backup_recovery_vault }}" 23 | api_version: "2016-12-01" 24 | subresource: 25 | - type: backupPolicies 26 | name: "{{ backup_policy_name }}" 27 | register: backup_policy_info 28 | 29 | - name: Get Backup Protectable Items 30 | tags: 31 | - "get-backup-protectable-items" 32 | - "enable-backup" 33 | azure_rm_resource_facts: 34 | url: "{{ backup_vault_info.url }}/backupProtectableItems?api-version=2016-12-01&$filter=backupManagementType%20eq%20%27AzureIaasVM%27 and friendlyName%20eq%20%27{{ vm_name }}%27" 35 | api_version: "2016-12-01" 36 | register: backup_protectable_items_info 37 | 38 | - name: Get VM Info 39 | tags: 40 | - "get-vm-info" 41 | - "enable-backup" 42 | azure_rm_resource_facts: 43 | resource_group: "{{ resource_group }}" 44 | provider: compute 45 | resource_type: virtualmachines 46 | resource_name: "{{ vm_name }}" 47 | api_version: "2018-06-01" 48 | register: vm_info 49 | 50 | - name: Enable Backup 51 | tags: 52 | - "enable-backup" 53 | azure_rm_resource: 54 | url: "{{ backup_protectable_items_info.response[0].value[0].id | regex_replace('protectableItems', 'protectedItems') }}" 55 | api_version: "2016-12-01" 56 | body: 57 | method: PUT 58 | location: "{{ location }}" 59 | properties: 60 | protectedItemType: "Microsoft.Compute/virtualMachines" 61 | sourceResourceId: "{{ vm_info.url }}" 62 | policyId: "{{ backup_policy_info.url }}" 63 | -------------------------------------------------------------------------------- /roles/azure-boot-diagnostics/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-boot-diagnostics 2 | 3 | **Research:** Feature not currently supported by azure_rm_virtualmachine module: 4 | https://github.com/ansible/ansible/issues/37259 5 | 6 | Via Azure CLI - 7 | 8 | `az vm boot-diagnostics enable` 9 | 10 | Reference: https://docs.microsoft.com/en-us/cli/azure/vm/boot-diagnostics?view=azure-cli-latest 11 | 12 | Via Rest API - 13 | -------------------------------------------------------------------------------- /roles/azure-boot-diagnostics/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-boot-diagnostics/defaults/main.yaml -------------------------------------------------------------------------------- /roles/azure-boot-diagnostics/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Enable Boot diagnostics 2 | tags: 3 | - "enable-boot-diagnostics" 4 | azure_rm_resource: 5 | resource_group: "{{ resource_group }}" 6 | provider: compute 7 | resource_type: virtualmachines 8 | resource_name: "{{ vm_name }}" 9 | api_version: "2018-06-01" 10 | body: 11 | location: "{{ location }}" 12 | properties: 13 | diagnosticsProfile: 14 | bootDiagnostics: 15 | enabled: True 16 | storageUri: "https://{{ storage_account_name }}.blob.core.windows.net/" 17 | -------------------------------------------------------------------------------- /roles/azure-f5/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-f5 2 | 3 | F5 Configuration 4 | 5 | **Pre-Requisite** 6 | pip install f5-sdk 7 | -------------------------------------------------------------------------------- /roles/azure-f5/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-f5/defaults/main.yaml -------------------------------------------------------------------------------- /roles/azure-f5/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # - name: Add a registration key license to a pool 2 | # bigip_device_license: 3 | # license_key: "{{ f5_license }}" 4 | # user: "{{ f5_username }}" 5 | # password: "{{ f5_password }}" 6 | # server: "{{ f5_server }}" 7 | # server_port: "{{ f5_port }}" 8 | # # provider: 9 | # # user: "{{ f5_username }}" 10 | # # password: "{{ f5_password }}" 11 | # # server: "{{ f5_server }}" 12 | # # port: "{{ f5_port }}" 13 | # accept_eula: yes 14 | # state: present 15 | # validate_certs: no 16 | # delegate_to: localhost 17 | 18 | - name: Add node 19 | bigip_node: 20 | 21 | user: "{{ f5_username }}" 22 | password: "{{ f5_password }}" 23 | server: "{{ f5_server }}" 24 | server_port: "{{ f5_port }}" 25 | validate_certs: no 26 | 27 | state: present 28 | partition: Common 29 | host: "{{ item.host }}" 30 | name: "{{ item.name }}" 31 | delegate_to: localhost 32 | loop: "{{ f5_nodes }}" 33 | 34 | 35 | - name: Create pool 36 | bigip_pool: 37 | user: "{{ f5_username }}" 38 | password: "{{ f5_password }}" 39 | server: "{{ f5_server }}" 40 | server_port: "{{ f5_port }}" 41 | validate_certs: no 42 | 43 | monitors: 44 | - http 45 | state: present 46 | name: "{{ lb_pool_name }}" 47 | partition: Common 48 | lb_method: least-connections-member 49 | slow_ramp_time: 120 50 | delegate_to: localhost 51 | 52 | - name: Add pool member 53 | bigip_pool_member: 54 | user: "{{ f5_username }}" 55 | password: "{{ f5_password }}" 56 | server: "{{ f5_server }}" 57 | server_port: "{{ f5_port }}" 58 | validate_certs: no 59 | 60 | state: present 61 | pool: "{{ lb_pool_name }}" 62 | partition: Common 63 | name: "{{ item.name }}" 64 | port: 80 65 | delegate_to: localhost 66 | loop: "{{ f5_nodes }}" 67 | 68 | 69 | - name: Add virtual server 70 | bigip_virtual_server: 71 | user: "{{ f5_username }}" 72 | password: "{{ f5_password }}" 73 | server: "{{ f5_server }}" 74 | server_port: "{{ f5_port }}" 75 | validate_certs: no 76 | 77 | state: present 78 | partition: Common 79 | name: "{{ lb_virtual_server_name }}" 80 | destination: "{{ lb_virtual_server }}" # Check this 81 | port: "{{ lb_virtual_server_port }}" 82 | pool: "{{ lb_pool_name }}" 83 | snat: Automap 84 | description: Test Virtual Server 85 | delegate_to: localhost 86 | -------------------------------------------------------------------------------- /roles/azure-linux-configure-disk/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-linux-configure-disk/defaults/main.yaml -------------------------------------------------------------------------------- /roles/azure-linux-configure-disk/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Format newly attached disk 2 | parted: 3 | device: /dev/sdc 4 | number: 1 5 | flags: [ lvm ] 6 | state: present 7 | 8 | - name: Create a ext2 filesystem on /dev/sdc1 9 | filesystem: 10 | fstype: ext4 11 | dev: /dev/sdc1 12 | 13 | - mount: 14 | fstype: ext4 15 | src: /dev/sdc1 16 | path: /nginx-data 17 | state: mounted 18 | -------------------------------------------------------------------------------- /roles/azure-monitoring/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-boot-diagnostics 2 | 3 | Note: This was not enabled by default 4 | 5 | **Research:** The Azure Log Analytics (OMS) agent, previously referred to as the Microsoft Monitoring Agent (MMA) or OMS Linux agent, was developed for comprehensive management across on-premises machines, computers monitored by System Center Operations Manager, and virtual machines in any cloud. 6 | 7 | Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent 8 | 9 | Log Analytics virtual machine extension for Linux 10 | https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux 11 | 12 | Using Log Analytics VM Extension to enable monitoring of VM 13 | 14 | **Required Inputs**: 15 | - *log_analytics_workspace_id:* Log Analytics Workspace ID 16 | - *log_analytics_workspace_Key:* Log Analytics Workspace Key 17 | -------------------------------------------------------------------------------- /roles/azure-monitoring/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | monitoring_agent_options: 2 | Windows: 3 | virtual_machine_extension_type: MicrosoftMonitoringAgent 4 | type_handler_version: 1.0 5 | Linux: 6 | virtual_machine_extension_type: OmsAgentForLinux 7 | type_handler_version: 1.7 8 | -------------------------------------------------------------------------------- /roles/azure-monitoring/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Enable Monitoring agent 2 | tags: 3 | - "monitoring-agent" 4 | azure_rm_virtualmachine_extension: 5 | name: OMSExtension 6 | resource_group: "{{ resource_group }}" 7 | virtual_machine_name: "{{ vm_name }}" 8 | publisher: Microsoft.EnterpriseCloud.Monitoring 9 | virtual_machine_extension_type: "{{ monitoring_agent_options[os_type].virtual_machine_extension_type }}" 10 | type_handler_version: "{{ monitoring_agent_options[os_type].type_handler_version }}" 11 | settings: '{"workspaceId": "{{ log_analytics_workspace_id }}"}' 12 | protected_settings: '{"workspaceKey": "{{ log_analytics_workspace_key }}"}' 13 | -------------------------------------------------------------------------------- /roles/azure-nginx/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-nginx 2 | 3 | Configure NGINX 4 | -------------------------------------------------------------------------------- /roles/azure-nginx/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/azure-nginx/defaults/main.yaml -------------------------------------------------------------------------------- /roles/azure-nginx/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: start nginx 2 | service: name=nginx state=started 3 | -------------------------------------------------------------------------------- /roles/azure-nginx/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: install nginx 2 | apt: pkg=nginx state=installed update_cache=true 3 | notify: 4 | - start nginx 5 | -------------------------------------------------------------------------------- /roles/azure-provision-vm-linux/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | RHEL_7: 3 | offer: RHEL 4 | publisher: RedHat 5 | sku: 7-RAW 6 | version: latest 7 | UBUNTU_18_04: 8 | offer: UbuntuServer 9 | publisher: Canonical 10 | sku: 18.04-LTS 11 | version: latest 12 | -------------------------------------------------------------------------------- /roles/azure-provision-vm-linux/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Provision Linux VM 2 | azure_rm_virtualmachine: 3 | resource_group: "{{ resource_group }}" 4 | name: "{{ vm_name }}" 5 | public_ip_allocation_method: Dynamic 6 | vm_size: "{{ vm_size }}" 7 | admin_username: "{{ admin_username }}" 8 | ssh_password_enabled: "{{ ssh_password_enabled }}" 9 | ssh_public_keys: "{{ ssh_public_keys }}" 10 | virtual_network_name: "{{ virtual_network_name }}" 11 | subnet_name: "{{ subnet_name }}" 12 | storage_account_name: "{{ storage_account_name }}" 13 | managed_disk_type: "{{ managed_disk_type }}" 14 | os_disk_size_gb: "{{ os_disk_size_gb }}" 15 | image: "{{ images[vm_image] }}" 16 | tags: "{{ tags }}" 17 | # network_interface_names: "{{ network_interface_names | default('None') }}" 18 | -------------------------------------------------------------------------------- /roles/azure-provision-vm-windows/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | WIN_2016: 3 | offer: WindowsServer 4 | publisher: MicrosoftWindowsServer 5 | sku: 2016-Datacenter 6 | version: latest 7 | -------------------------------------------------------------------------------- /roles/azure-provision-vm-windows/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Provision Windows VM 2 | azure_rm_virtualmachine: 3 | resource_group: "{{ resource_group }}" 4 | name: "{{ vm_name }}" 5 | public_ip_allocation_method: Dynamic 6 | vm_size: "{{ vm_size }}" 7 | admin_username: "{{ admin_username }}" 8 | admin_password: "{{ admin_password }}" 9 | virtual_network_name: "{{ virtual_network_name }}" 10 | subnet_name: "{{ subnet_name }}" 11 | storage_account_name: "{{ storage_account_name }}" 12 | managed_disk_type: "{{ managed_disk_type }}" 13 | # os_disk_size_gb: "{{ os_disk_size_gb }}" # Consider minimum disk size for windows. 14 | os_type: Windows 15 | image: "{{ images[vm_image] }}" 16 | tags: "{{ tags }}" 17 | # network_interface_names: "{{ network_interface_names | default('None') }}" 18 | -------------------------------------------------------------------------------- /roles/azure-vm-disk/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | RHEL_7: 3 | offer: RHEL 4 | publisher: RedHat 5 | sku: 7-RAW 6 | version: latest 7 | UBUNTU_18_04: 8 | offer: UbuntuServer 9 | publisher: Canonical 10 | sku: 18.04-LTS 11 | version: latest 12 | -------------------------------------------------------------------------------- /roles/azure-vm-disk/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Create and mount managed disk 2 | azure_rm_managed_disk: 3 | name: "{{ disk_name }}" 4 | location: "{{ location }}" 5 | resource_group: "{{ resource_group }}" 6 | disk_size_gb: "{{ disk_size_gb }}" 7 | managed_by: "{{ vm_name }}" 8 | -------------------------------------------------------------------------------- /roles/kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: azure-aks 2 | 3 | ## Create namespace on kubernetes cluster and deploy test application 4 | 5 | Pre-Requisite: 6 | 7 | Requires Kubernetes cluster to be created and kubeconfig file to be present. 8 | 9 | Require 10 | 11 | `pip install openshift` 12 | 13 | 14 | ## variables 15 | 16 | ``` 17 | kubeconfig_file_path: tests/aks-kubeconfig.yaml 18 | kubeconfig_context: test-aks-kubeconfig 19 | kube_app_state: absent 20 | kube_namespace: testing 21 | ``` 22 | -------------------------------------------------------------------------------- /roles/kubernetes/defaults/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible-tower-project/4383f124968f75e49ac5f4a4026c8ddb505e7948/roles/kubernetes/defaults/main.yaml -------------------------------------------------------------------------------- /roles/kubernetes/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: start nginx 2 | service: name=nginx state=started 3 | -------------------------------------------------------------------------------- /roles/kubernetes/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Create a k8s namespace 2 | k8s: 3 | kubeconfig: tests/aks-kubeconfig.yaml 4 | context: test-linux-1 5 | api_version: v1 6 | kind: Namespace 7 | name: "{{ kube_namespace }}" 8 | state: "{{ kube_app_state }}" 9 | 10 | - git: 11 | repo: 'https://github.com/mmumshad/kubernetes-example-voting-app-singlefile.git' 12 | dest: /tmp/voting-app 13 | when: kube_app_state == "present" 14 | 15 | - name: Create a k8s namespace 16 | k8s: 17 | kubeconfig: tests/aks-kubeconfig.yaml 18 | context: test-linux-1 19 | api_version: v1 20 | namespace: "{{ kube_namespace }}" 21 | src: /tmp/voting-app/voting-app.yaml 22 | state: "{{ kube_app_state }}" 23 | when: kube_app_state == "present" 24 | --------------------------------------------------------------------------------