From c5526027249777b57a0565b90c1f9398c8fc1759 Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Sat, 10 Dec 2016 21:09:34 +0300 Subject: [PATCH] Azure support #26 --- algo | 81 ++++++++++++++++++++++++++- azure.yml | 96 -------------------------------- deploy.yml | 3 +- requirements.txt | 2 +- roles/cloud-azure/tasks/main.yml | 70 +++++++++++++++++++++++ 5 files changed, 152 insertions(+), 100 deletions(-) delete mode 100644 azure.yml diff --git a/algo b/algo index 8f1db94..667642d 100755 --- a/algo +++ b/algo @@ -69,6 +69,81 @@ deploy () { } +azure () { + read -p " +Enter your azure secret (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure) +You can skip this step if you want to use your defaults credentials from ~/.azure/credentials +[...]: " -rs azure_secret + + read -p " + +Enter your azure tenant (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure) +You can skip this step if you want to use your defaults credentials from ~/.azure/credentials +[...]: " -rs azure_tenant + + read -p " + +Enter your azure client_id (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure) +You can skip this step if you want to use your defaults credentials from ~/.azure/credentials +[...]: " -rs azure_client_id + + read -p " + +Enter your azure subscription_id (https://docs.ansible.com/ansible/guide_azure.html#authenticating-with-azure) +You can skip this step if you want to use your defaults credentials from ~/.azure/credentials +[...]: " -rs azure_subscription_id + + read -e -p " + +Enter the local path to your SSH public key: +: " -i "~/.ssh/id_rsa.pub" -r ssh_public_key + + read -p " +Name the vpn server: +[algo]: " -r azure_server_name + azure_server_name=${azure_server_name:-algo} + + read -p " + What region should the server be located in? + 1. South Central US + 2. Central US + 3. North Europe + 4. West Europe + 5. Southeast Asia + 6. Japan West + 7. Japan East + 8. Australia Southeast + 9. Australia East + 10. Canada Central + 11. West US 2 + 12. West Central US + 13. UK South + 14. UK West +Enter the number of your desired region: +[1]: " -r azure_region + azure_region=${azure_region:-1} + + case "$azure_region" in + 1) region="southcentralus" ;; + 2) region="centralus" ;; + 3) region="northeurope" ;; + 4) region="westeurope" ;; + 5) region="southeastasia" ;; + 6) region="japanwest" ;; + 7) region="japaneast" ;; + 8) region="australiasoutheast" ;; + 9) region="australiaeast" ;; + 10) region="canadacentral" ;; + 11) region="westus2" ;; + 12) region="westcentralus" ;; + 13) region="uksouth" ;; + 14) region="ukwest" ;; + esac + + ROLES="azure vpn cloud" + EXTRA_VARS="azure_secret=$azure_secret azure_tenant=$azure_tenant azure_client_id=$azure_client_id azure_subscription_id=$azure_subscription_id azure_server_name=$azure_server_name ssh_public_key=$ssh_public_key region=$region" +} + digitalocean () { read -p " Enter your API token (https://cloud.digitalocean.com/settings/api/tokens): @@ -256,7 +331,8 @@ algo_provisioning () { 1. DigitalOcean 2. Amazon EC2 3. Google Compute Engine - 4. Install to existing Ubuntu server + 4. Microsoft Azure + 5. Install to existing Ubuntu server Enter the number of your desired provider : " @@ -267,7 +343,8 @@ Enter the number of your desired provider 1) digitalocean; ;; 2) ec2; ;; 3) gce; ;; - 4) non_cloud; ;; + 4) azure; ;; + 5) non_cloud; ;; *) exit 1 ;; esac diff --git a/azure.yml b/azure.yml deleted file mode 100644 index ec15d2c..0000000 --- a/azure.yml +++ /dev/null @@ -1,96 +0,0 @@ -- name: Configure the server and install required software - hosts: localhost - gather_facts: false - - vars: - regions: - "1": "East US" - "2": "West US" - "3": "South Central US" - "4": "North Europe" - "5": "East Asia" - "6": "Japan East" - "7": "West Europe" - "8": "Southeast Asia" - "9": "Japan West" - "10": "North Central US" - "11": "Central US" - "12": "Brazil South" - "13": "East US 2" - "14": "Australia Southeast" - "15": "Australia East" - - #vars_prompt: - #- name: "azure_subscription_id" - #prompt: "Enter your subscription ID (https://blogs.msdn.microsoft.com/mschray/2015/05/13/getting-your-azure-guid-subscription-id/):\n" - #private: yes - - #- name: "management_cert_path" - #prompt: "Enter the local path to your management cert [ex: ~/.ssh/id_rsa.pub] (https://azure.microsoft.com/en-us/documentation/articles/azure-api-management-certs/):\n" - #private: no - - #- name: "ssh_public_key" - #prompt: "Enter the local path to your SSH public key [ex: ~/.ssh/id_rsa.pub] :\n" - #private: no - - #- name: "region" - #prompt: > - #What region should the server be located in? - #1. East US - #2. West US - #3. South Central US - #4. North Europe - #5. East Asia - #6. Japan East - #7. West Europe - #8. Southeast Asia - #9. Japan West - #10. North Central US - #11. Central US - #12. Brazil South - #13. East US 2 - #14. Australia Southeast - #15. Australia East - #Enter the number of your desired region: - #default: "7" - #private: no - - #- name: "azure_server_name" - #prompt: "Name the vpn server:\n" - #default: "algo.local" - #private: no - - #- name: "dns_enabled" - #prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N):\n" - #default: "Y" - #private: no - - #- name: "auditd_enabled" - #prompt: "Do you want to use auditd ? (Y or N):\n" - #default: "Y" - #private: no - - roles: - - cloud-azure - -- name: Post-provisioning tasks - hosts: vpn-host - gather_facts: false - become: true - vars_files: - - config.cfg - - pre_tasks: - - name: Install prerequisites - raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 - - name: Configure defaults - raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 - - roles: - - common - - security - - proxy - - vpn - - { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "Y" } - - { role: logging, when: auditd_enabled is defined and auditd_enabled == 'Y' } - diff --git a/deploy.yml b/deploy.yml index 7fecd16..b6c8380 100644 --- a/deploy.yml +++ b/deploy.yml @@ -8,6 +8,7 @@ - { role: cloud-digitalocean, tags: ['digitalocean'] } - { role: cloud-ec2, tags: ['ec2'] } - { role: cloud-gce, tags: ['gce'] } + - { role: cloud-azure, tags: ['azure'] } - { role: local, tags: ['local'] } - name: Post-provisioning tasks @@ -21,7 +22,7 @@ pre_tasks: - name: Common pre-tasks include: playbooks/common.yml - tags: [ 'digitalocean', 'ec2', 'gce', 'pre' ] + tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'pre' ] - name: DigitalOcean pre-tasks include: playbooks/digitalocean.yml diff --git a/requirements.txt b/requirements.txt index 36b226c..3039915 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ ansible>=2.1 dopy==0.3.5 boto -azure>=0.7.1 +azure==2.0.0rc5 apache-libcloud six diff --git a/roles/cloud-azure/tasks/main.yml b/roles/cloud-azure/tasks/main.yml index 8b13789..d894b2e 100644 --- a/roles/cloud-azure/tasks/main.yml +++ b/roles/cloud-azure/tasks/main.yml @@ -1 +1,71 @@ +--- +- set_fact: + resource_group: "Algo_{{ region }}" + +- name: Create a resource group + azure_rm_resourcegroup: + secret: "{{ azure_secret | default(lookup('env','AZURE_CLIENT_ID')) }}" + tenant: "{{ azure_tenant | default(lookup('env','AZURE_SECRET')) }}" + client_id: "{{ azure_client_id | default(lookup('env','AZURE_SUBSCRIPTION_ID')) }}" + subscription_id: "{{ azure_subscription_id | default(lookup('env','AZURE_TENANT')) }}" + name: "{{ resource_group }}" + location: "{{ region }}" + tags: + service: algo + +- name: Create a virtual network + azure_rm_virtualnetwork: + resource_group: "{{ resource_group }}" + name: algo_net + address_prefixes: "10.10.0.0/16" + tags: + service: algo + +- name: Create a subnet + azure_rm_subnet: + resource_group: "{{ resource_group }}" + name: algo_subnet + address_prefix: "10.10.0.0/24" + virtual_network: algo_net + tags: + service: algo + +- name: Create an instance + azure_rm_virtualmachine: + secret: "{{ azure_secret | default(lookup('env','AZURE_CLIENT_ID')) }}" + tenant: "{{ azure_tenant | default(lookup('env','AZURE_SECRET')) }}" + client_id: "{{ azure_client_id | default(lookup('env','AZURE_SUBSCRIPTION_ID')) }}" + subscription_id: "{{ azure_subscription_id | default(lookup('env','AZURE_TENANT')) }}" + resource_group: "{{ resource_group }}" + admin_username: ubuntu + virtual_network: algo_net + name: "{{ azure_server_name }}" + ssh_password_enabled: false + vm_size: Standard_D1 + tags: + service: algo + ssh_public_keys: + - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ ssh_public_key }}') }}" } + image: + offer: UbuntuServer + publisher: Canonical + sku: '16.04-LTS' + version: latest + register: azure_rm_virtualmachine + +- set_fact: + ip_address: "{{ azure_rm_virtualmachine.ansible_facts.azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress }}" + +- name: Add the instance to an inventory group + add_host: + name: "{{ ip_address }}" + groups: vpn-host + ansible_ssh_user: ubuntu + ansible_python_interpreter: "/usr/bin/python2.7" + easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}" + cloud_provider: azure + ipv6_support: no + +- name: Wait for SSH to become available + local_action: "wait_for port=22 host={{ ip_address }} timeout=320"