Azure support #26

8 years ago · c552602724
parent 3d53dde6ca
commit c552602724
5 changed files with 152 additions and 100 deletions
--- a/81
+++ b/81
@ -69,6 +69,81 @@ deploy () {

 }

+azure () {
+  read -p "
+Enter your azure secret (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure)
+You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
+[...]: " -rs azure_secret
+
+  read -p "
+
+Enter your azure tenant (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure)
+You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
+[...]: " -rs azure_tenant
+
+  read -p "
+
+Enter your azure client_id (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure)
+You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
+[...]: " -rs azure_client_id
+
+  read -p "
+
+Enter your azure subscription_id (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure)
+You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
+[...]: " -rs azure_subscription_id
+
+  read -e -p "
+
+Enter the local path to your SSH public key:
+: " -i "~/.ssh/id_rsa.pub" -r ssh_public_key
+
+  read -p "
+Name the vpn server:
+[algo]: " -r azure_server_name
+  azure_server_name=${azure_server_name:-algo}
+
+  read -p "
+  What region should the server be located in?
+    1.  South Central US
+    2.  Central US
+    3.  North Europe
+    4.  West Europe
+    5.  Southeast Asia
+    6.  Japan West
+    7.  Japan East
+    8.  Australia Southeast
+    9.  Australia East
+    10. Canada Central
+    11. West US 2
+    12. West Central US
+    13. UK South
+    14. UK West
+Enter the number of your desired region:
+[1]: " -r azure_region
+  azure_region=${azure_region:-1}
+
+  case "$azure_region" in
+    1) region="southcentralus" ;;
+    2) region="centralus" ;;
+    3) region="northeurope" ;;
+    4) region="westeurope" ;;
+    5) region="southeastasia" ;;
+    6) region="japanwest" ;;
+    7) region="japaneast" ;;
+    8) region="australiasoutheast" ;;
+    9) region="australiaeast" ;;
+    10) region="canadacentral" ;;
+    11) region="westus2" ;;
+    12) region="westcentralus" ;;
+    13) region="uksouth" ;;
+    14) region="ukwest" ;;
+  esac
+
+  ROLES="azure vpn cloud"
+  EXTRA_VARS="azure_secret=$azure_secret azure_tenant=$azure_tenant azure_client_id=$azure_client_id azure_subscription_id=$azure_subscription_id azure_server_name=$azure_server_name ssh_public_key=$ssh_public_key region=$region"
+}
+
 digitalocean () {
  read -p "
 Enter your API token (https://cloud.digitalocean.com/settings/api/tokens):
@ -256,7 +331,8 @@ algo_provisioning () {
    1. DigitalOcean
    2. Amazon EC2
    3. Google Compute Engine
-    4. Install to existing Ubuntu server
+    4. Microsoft Azure
+    5. Install to existing Ubuntu server

 Enter the number of your desired provider
 : "
@ -267,7 +343,8 @@ Enter the number of your desired provider
    1) digitalocean; ;;
    2) ec2; ;;
    3) gce; ;;
-    4) non_cloud; ;;
+    4) azure; ;;
+    5) non_cloud; ;;
    *) exit 1 ;;
  esac

--- a/azure.yml
+++ b/azure.yml
@ -1,96 +0,0 @@
- name: Configure the server and install required software
-  hosts: localhost
-  gather_facts: false
-
-  vars:
-    regions:
-      "1":  "East US"
-      "2":  "West US"
-      "3":  "South Central US"
-      "4":  "North Europe"
-      "5":  "East Asia"
-      "6":  "Japan East"
-      "7":  "West Europe"
-      "8":  "Southeast Asia"
-      "9":  "Japan West"
-      "10": "North Central US"
-      "11": "Central US"
-      "12": "Brazil South"
-      "13": "East US 2"
-      "14": "Australia Southeast"
-      "15": "Australia East"
-
-  #vars_prompt:
-  #- name: "azure_subscription_id"
-    #prompt: "Enter your subscription ID (https://blogs.msdn.microsoft.com/mschray/2015/05/13/getting-your-azure-guid-subscription-id/):\n"
-    #private: yes
-
-  #- name: "management_cert_path"
-    #prompt: "Enter the local path to your management cert [ex: ~/.ssh/id_rsa.pub] (https://azure.microsoft.com/en-us/documentation/articles/azure-api-management-certs/):\n"
-    #private: no
-    
-  #- name: "ssh_public_key"
-    #prompt: "Enter the local path to your SSH public key [ex: ~/.ssh/id_rsa.pub] :\n"
-    #private: no
-
-  #- name: "region"
-    #prompt: >
-      #What region should the server be located in?
-        #1.  East US
-        #2.  West US
-        #3.  South Central US
-        #4.  North Europe
-        #5.  East Asia
-        #6.  Japan East
-        #7.  West Europe
-        #8.  Southeast Asia
-        #9.  Japan West
-        #10. North Central US
-        #11. Central US
-        #12. Brazil South
-        #13. East US 2
-        #14. Australia Southeast
-        #15. Australia East
-      #Enter the number of your desired region:
-    #default: "7"
-    #private: no
-
-  #- name: "azure_server_name"
-    #prompt: "Name the vpn server:\n"
-    #default: "algo.local"
-    #private: no
-
-  #- name: "dns_enabled"
-    #prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n"
-    #default: "Y"
-    #private: no
-
-  #- name: "auditd_enabled"
-    #prompt: "Do you want to use auditd ? (Y or N):\n"
-    #default: "Y"
-    #private: no
-
-  roles:
-    - cloud-azure
-
- name: Post-provisioning tasks
-  hosts: vpn-host
-  gather_facts: false
-  become: true
-  vars_files:
-    - config.cfg
-
-  pre_tasks:
-    - name: Install prerequisites
-      raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
-    - name: Configure defaults
-      raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-
-  roles:
-    - common
-    - security
-    - proxy
-    - vpn
-    - { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" }
-    - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' }
-
--- a/deploy.yml
+++ b/deploy.yml
@ -8,6 +8,7 @@
    - { role: cloud-digitalocean, tags: ['digitalocean'] }
    - { role: cloud-ec2, tags: ['ec2'] }
    - { role: cloud-gce, tags: ['gce'] }
+    - { role: cloud-azure, tags: ['azure'] }
    - { role: local, tags: ['local'] }

 - name: Post-provisioning tasks
@ -21,7 +22,7 @@
  pre_tasks:
    - name: Common pre-tasks
      include: playbooks/common.yml
-      tags: [ 'digitalocean', 'ec2', 'gce', 'pre' ]
+      tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'pre' ]

    - name: DigitalOcean pre-tasks
      include: playbooks/digitalocean.yml
--- a/requirements.txt
+++ b/requirements.txt
@ -1,6 +1,6 @@
 ansible>=2.1
 dopy==0.3.5
 boto
-azure>=0.7.1
+azure==2.0.0rc5
 apache-libcloud
 six
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@ -1 +1,71 @@
+---

+- set_fact:
+    resource_group: "Algo_{{ region }}"
+
+- name: Create a resource group
+  azure_rm_resourcegroup:
+    secret: "{{ azure_secret | default(lookup('env','AZURE_CLIENT_ID')) }}"
+    tenant: "{{ azure_tenant | default(lookup('env','AZURE_SECRET')) }}"
+    client_id: "{{ azure_client_id | default(lookup('env','AZURE_SUBSCRIPTION_ID')) }}"
+    subscription_id: "{{ azure_subscription_id | default(lookup('env','AZURE_TENANT')) }}"
+    name: "{{ resource_group }}"
+    location: "{{ region }}"
+    tags:
+        service: algo
+
+- name: Create a virtual network
+  azure_rm_virtualnetwork:
+    resource_group: "{{ resource_group }}"
+    name: algo_net
+    address_prefixes: "10.10.0.0/16"
+    tags:
+        service: algo
+
+- name: Create a subnet
+  azure_rm_subnet:
+    resource_group: "{{ resource_group }}"
+    name: algo_subnet
+    address_prefix: "10.10.0.0/24"
+    virtual_network: algo_net
+    tags:
+        service: algo
+
+- name: Create an instance
+  azure_rm_virtualmachine:
+    secret: "{{ azure_secret | default(lookup('env','AZURE_CLIENT_ID')) }}"
+    tenant: "{{ azure_tenant | default(lookup('env','AZURE_SECRET')) }}"
+    client_id: "{{ azure_client_id | default(lookup('env','AZURE_SUBSCRIPTION_ID')) }}"
+    subscription_id: "{{ azure_subscription_id | default(lookup('env','AZURE_TENANT')) }}"
+    resource_group: "{{ resource_group }}"
+    admin_username: ubuntu
+    virtual_network: algo_net
+    name: "{{ azure_server_name }}"
+    ssh_password_enabled: false
+    vm_size: Standard_D1
+    tags:
+      service: algo
+    ssh_public_keys:
+      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ ssh_public_key }}') }}" }
+    image:
+      offer: UbuntuServer
+      publisher: Canonical
+      sku: '16.04-LTS'
+      version: latest
+  register: azure_rm_virtualmachine
+
+- set_fact:
+    ip_address: "{{ azure_rm_virtualmachine.ansible_facts.azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress }}"
+
+- name: Add the instance to an inventory group
+  add_host:
+    name: "{{ ip_address }}"
+    groups: vpn-host
+    ansible_ssh_user: ubuntu
+    ansible_python_interpreter: "/usr/bin/python2.7"
+    easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}"
+    cloud_provider: azure
+    ipv6_support: no
+
+- name: Wait for SSH to become available
+  local_action: "wait_for port=22 host={{ ip_address }} timeout=320"