mirror of https://github.com/trailofbits/algo
Azure support #26
parent
3d53dde6ca
commit
c552602724
@ -1,96 +0,0 @@
|
||||
- name: Configure the server and install required software
|
||||
hosts: localhost
|
||||
gather_facts: false
|
||||
|
||||
vars:
|
||||
regions:
|
||||
"1": "East US"
|
||||
"2": "West US"
|
||||
"3": "South Central US"
|
||||
"4": "North Europe"
|
||||
"5": "East Asia"
|
||||
"6": "Japan East"
|
||||
"7": "West Europe"
|
||||
"8": "Southeast Asia"
|
||||
"9": "Japan West"
|
||||
"10": "North Central US"
|
||||
"11": "Central US"
|
||||
"12": "Brazil South"
|
||||
"13": "East US 2"
|
||||
"14": "Australia Southeast"
|
||||
"15": "Australia East"
|
||||
|
||||
#vars_prompt:
|
||||
#- name: "azure_subscription_id"
|
||||
#prompt: "Enter your subscription ID (https://blogs.msdn.microsoft.com/mschray/2015/05/13/getting-your-azure-guid-subscription-id/):\n"
|
||||
#private: yes
|
||||
|
||||
#- name: "management_cert_path"
|
||||
#prompt: "Enter the local path to your management cert [ex: ~/.ssh/id_rsa.pub] (https://azure.microsoft.com/en-us/documentation/articles/azure-api-management-certs/):\n"
|
||||
#private: no
|
||||
|
||||
#- name: "ssh_public_key"
|
||||
#prompt: "Enter the local path to your SSH public key [ex: ~/.ssh/id_rsa.pub] :\n"
|
||||
#private: no
|
||||
|
||||
#- name: "region"
|
||||
#prompt: >
|
||||
#What region should the server be located in?
|
||||
#1. East US
|
||||
#2. West US
|
||||
#3. South Central US
|
||||
#4. North Europe
|
||||
#5. East Asia
|
||||
#6. Japan East
|
||||
#7. West Europe
|
||||
#8. Southeast Asia
|
||||
#9. Japan West
|
||||
#10. North Central US
|
||||
#11. Central US
|
||||
#12. Brazil South
|
||||
#13. East US 2
|
||||
#14. Australia Southeast
|
||||
#15. Australia East
|
||||
#Enter the number of your desired region:
|
||||
#default: "7"
|
||||
#private: no
|
||||
|
||||
#- name: "azure_server_name"
|
||||
#prompt: "Name the vpn server:\n"
|
||||
#default: "algo.local"
|
||||
#private: no
|
||||
|
||||
#- name: "dns_enabled"
|
||||
#prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
|
||||
#default: "Y"
|
||||
#private: no
|
||||
|
||||
#- name: "auditd_enabled"
|
||||
#prompt: "Do you want to use auditd ? (Y or N):\n"
|
||||
#default: "Y"
|
||||
#private: no
|
||||
|
||||
roles:
|
||||
- cloud-azure
|
||||
|
||||
- name: Post-provisioning tasks
|
||||
hosts: vpn-host
|
||||
gather_facts: false
|
||||
become: true
|
||||
vars_files:
|
||||
- config.cfg
|
||||
|
||||
pre_tasks:
|
||||
- name: Install prerequisites
|
||||
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
|
||||
- name: Configure defaults
|
||||
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
|
||||
roles:
|
||||
- common
|
||||
- security
|
||||
- proxy
|
||||
- vpn
|
||||
- { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }
|
||||
- { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }
|
||||
|
@ -1,6 +1,6 @@
|
||||
ansible>=2.1
|
||||
dopy==0.3.5
|
||||
boto
|
||||
azure>=0.7.1
|
||||
azure==2.0.0rc5
|
||||
apache-libcloud
|
||||
six
|
||||
|
@ -1 +1,71 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
resource_group: "Algo_{{ region }}"
|
||||
|
||||
- name: Create a resource group
|
||||
azure_rm_resourcegroup:
|
||||
secret: "{{ azure_secret | default(lookup('env','AZURE_CLIENT_ID')) }}"
|
||||
tenant: "{{ azure_tenant | default(lookup('env','AZURE_SECRET')) }}"
|
||||
client_id: "{{ azure_client_id | default(lookup('env','AZURE_SUBSCRIPTION_ID')) }}"
|
||||
subscription_id: "{{ azure_subscription_id | default(lookup('env','AZURE_TENANT')) }}"
|
||||
name: "{{ resource_group }}"
|
||||
location: "{{ region }}"
|
||||
tags:
|
||||
service: algo
|
||||
|
||||
- name: Create a virtual network
|
||||
azure_rm_virtualnetwork:
|
||||
resource_group: "{{ resource_group }}"
|
||||
name: algo_net
|
||||
address_prefixes: "10.10.0.0/16"
|
||||
tags:
|
||||
service: algo
|
||||
|
||||
- name: Create a subnet
|
||||
azure_rm_subnet:
|
||||
resource_group: "{{ resource_group }}"
|
||||
name: algo_subnet
|
||||
address_prefix: "10.10.0.0/24"
|
||||
virtual_network: algo_net
|
||||
tags:
|
||||
service: algo
|
||||
|
||||
- name: Create an instance
|
||||
azure_rm_virtualmachine:
|
||||
secret: "{{ azure_secret | default(lookup('env','AZURE_CLIENT_ID')) }}"
|
||||
tenant: "{{ azure_tenant | default(lookup('env','AZURE_SECRET')) }}"
|
||||
client_id: "{{ azure_client_id | default(lookup('env','AZURE_SUBSCRIPTION_ID')) }}"
|
||||
subscription_id: "{{ azure_subscription_id | default(lookup('env','AZURE_TENANT')) }}"
|
||||
resource_group: "{{ resource_group }}"
|
||||
admin_username: ubuntu
|
||||
virtual_network: algo_net
|
||||
name: "{{ azure_server_name }}"
|
||||
ssh_password_enabled: false
|
||||
vm_size: Standard_D1
|
||||
tags:
|
||||
service: algo
|
||||
ssh_public_keys:
|
||||
- { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ ssh_public_key }}') }}" }
|
||||
image:
|
||||
offer: UbuntuServer
|
||||
publisher: Canonical
|
||||
sku: '16.04-LTS'
|
||||
version: latest
|
||||
register: azure_rm_virtualmachine
|
||||
|
||||
- set_fact:
|
||||
ip_address: "{{ azure_rm_virtualmachine.ansible_facts.azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress }}"
|
||||
|
||||
- name: Add the instance to an inventory group
|
||||
add_host:
|
||||
name: "{{ ip_address }}"
|
||||
groups: vpn-host
|
||||
ansible_ssh_user: ubuntu
|
||||
ansible_python_interpreter: "/usr/bin/python2.7"
|
||||
easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}"
|
||||
cloud_provider: azure
|
||||
ipv6_support: no
|
||||
|
||||
- name: Wait for SSH to become available
|
||||
local_action: "wait_for port=22 host={{ ip_address }} timeout=320"
|
||||
|
Loading…
Reference in New Issue