-
Notifications
You must be signed in to change notification settings - Fork 4
/
azure_create_vm.yml
117 lines (98 loc) · 4.31 KB
/
azure_create_vm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
---
# ============================================================= PLAY =====================================================
# This playbook will create a VM in Azure
# Inputs:
# - vm_name: the name part of the fqdn
# - os_type: linux or windows
# - role: The role for this server. This is needed to open firewall ports in Azure (not in the VM itself)
# webserver / dbserver / lbserver / dcserver
# the name of this playbook. You see this back in the default logging
- name: Azure Create VM
# There is no concepts of hosts in a public cloud. We use localhost to specify that this playbook runs from the
# Ansible execution host (engine or tower).
hosts: localhost
# likewise, since we use the Azure API, there is no concept of a connection. Thus we specify local
connection: local
# specify which collections are being used in this playbook
collections:
- azure.azcollection
# Also, there is no need to gather facts from the localhost (which speeds things up)
gather_facts: no
# this is a way to specify files that contain vars
vars_files:
# here we include a var file from a sub directory "files"
files/azure_vars
# this is to specify vars as part of this playbook
vars:
# script to run inside the VM when windows VM has been provisioned (aka cloud-init)
winrm_enable_script: "Invoke-Expression -Command ((New-Object System.Net.WebClient).DownloadString('https://github.com/raw/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1')); Enable-WSManCredSSP -Role Server -Force"
# Example of creating an array
ports:
webserver: "80"
lbserver: "80,8080"
dbserver: "3306"
monserver: "80"
#example to getting an element from an array
role_ports: "{{ ports[role] }}"
# construct a unique name
azure_vm_name: "{{ project }}-{{ vm_name }}"
# We now start the tasks that must be executed in order
tasks:
# the name of a task. You see this back in de default logging
- name: Define OS type specific vars
# An example of including a file whos name is dynamic
include_vars: "files/azure_vm_{{ os_type | lower }}_vars"
# construct a var from multiple other vars
- name: Define Role specific ports
set_fact:
arm_ports: "{{ arm_ports }},{{ ports[role] }}"
# Example of logging output. Here is only runs when the verbosity level is 1
- name: Report on ports that will be opened
debug:
msg: "Ports to open: {{ arm_ports }}"
verbosity: 1
- name: Provision new Azure virtual host
# Here we call the azure module to create a virtual machine
azure_rm_virtualmachine:
admin_username: "ansible"
ssh_public_keys:
- path: /home/ansible/.ssh/authorized_keys
key_data: "{{ ansible_ssh_public_key }}"
ssh_password_enabled: false
os_type: '{{ os_type }}'
image:
offer: '{{ arm_offer }}'
publisher: '{{ arm_publisher }}'
sku: '{{ arm_sku }}'
version: 'latest'
managed_disk_type: 'Standard_LRS'
name: '{{ azure_vm_name }}'
resource_group: '{{ project }}'
state: present
vm_size: '{{ arm_size }}'
open_ports: '{{ arm_ports }}'
virtual_network_name: '{{ project }}'
subnet_name: '{{ project }}'
tags:
project: '{{ project }}'
role: '{{ role }}'
register: azure_vm
# Because Ansible needs winrm we must add it using an azure vm extension
- name: Create Azure vm extension to enable HTTPS WinRM listener
azure_rm_virtualmachineextension:
name: winrm-extension
resource_group: '{{ project }}'
virtual_machine_name: '{{ project }}-{{ vm_name }}'
publisher: Microsoft.Compute
virtual_machine_extension_type: CustomScriptExtension
type_handler_version: "1.9"
settings: '{"commandToExecute": "powershell.exe -ExecutionPolicy ByPass {{winrm_enable_script}}"}'
auto_upgrade_minor_version: true
when: os_type == "Windows"
# Example of a way to wait before a resource comes online. Can also work with files on a machine.
- name: Wait for the WinRM port to come online
wait_for:
port: 5986
host: '{{azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress}}'
timeout: 600
when: os_type == "Windows"