mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
2.2 KiB
YAML
65 lines
2.2 KiB
YAML
- set_fact:
|
|
credentials_file_path: "{{ credentials_file | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'), true) }}"
|
|
ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
|
|
|
- set_fact:
|
|
credentials_file_lookup: "{{ lookup('file', '{{ credentials_file_path }}') }}"
|
|
|
|
- set_fact:
|
|
service_account_email: "{{ credentials_file_lookup.client_email | default(lookup('env','GCE_EMAIL')) }}"
|
|
project_id: "{{ credentials_file_lookup.project_id | default(lookup('env','GCE_PROJECT')) }}"
|
|
|
|
- name: "Creating a new instance..."
|
|
gce:
|
|
instance_names: "{{ server_name }}"
|
|
zone: "{{ zone }}"
|
|
machine_type: "{{ cloud_providers.gce.size }}"
|
|
image: "{{ cloud_providers.gce.image }}"
|
|
service_account_email: "{{ service_account_email }}"
|
|
credentials_file: "{{ credentials_file_path }}"
|
|
project_id: "{{ project_id }}"
|
|
metadata: '{"ssh-keys":"ubuntu:{{ ssh_public_key_lookup }}"}'
|
|
# ip_forward: true
|
|
tags:
|
|
- "environment-algo"
|
|
register: google_vm
|
|
|
|
- name: Add the instance to an inventory group
|
|
add_host:
|
|
name: "{{ google_vm.instance_data[0].public_ip }}"
|
|
groups: vpn-host
|
|
ansible_ssh_user: ubuntu
|
|
ansible_python_interpreter: "/usr/bin/python2.7"
|
|
ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
|
|
cloud_provider: gce
|
|
ipv6_support: no
|
|
|
|
- name: Firewall configured
|
|
local_action:
|
|
module: gce_net
|
|
name: "{{ google_vm.instance_data[0].network }}"
|
|
fwname: "algo-ikev2"
|
|
allowed: "udp:500,4500;tcp:22"
|
|
state: "present"
|
|
src_range: 0.0.0.0/0
|
|
service_account_email: "{{ credentials_file_lookup.client_email }}"
|
|
credentials_file: "{{ credentials_file }}"
|
|
project_id: "{{ credentials_file_lookup.project_id }}"
|
|
|
|
- set_fact:
|
|
cloud_instance_ip: "{{ google_vm.instance_data[0].public_ip }}"
|
|
|
|
- name: Ensure the group gce exists in the dynamic inventory file
|
|
lineinfile:
|
|
state: present
|
|
dest: configs/inventory.dynamic
|
|
line: '[gce]'
|
|
|
|
- name: Populate the dynamic inventory
|
|
lineinfile:
|
|
state: present
|
|
dest: configs/inventory.dynamic
|
|
insertafter: '\[gce\]'
|
|
regexp: "^{{ google_vm.instance_data[0].public_ip }}.*"
|
|
line: "{{ google_vm.instance_data[0].public_ip }}"
|