ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add windows demo

Browse Source
This commit is contained in:
willtome
2022-03-15 10:11:15 -04:00
parent e06c06e769
commit 34ab661cdd
14 changed files with 379 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cloud/blueprints/linux.yml Normal file
View File

@@ -0,0 +1,2 @@
---
vm_providers: []

6
cloud/blueprints/windows.yml Normal file
View File

@@ -0,0 +1,6 @@
---
vm_blueprint_providers:
- aws
vm_blueprint_aws_instance_filter: 'Windows_Server-2019-English-Core-Base*'
vm_blueprint_aws_instance_size: t3.medium
vm_blueprint_aws_userdata_template: aws_windows_userdata

0
cloud/collections/ansible_collections/demo/cloud/README.md Normal file
View File

22
cloud/collections/ansible_collections/demo/cloud/roles/aws/defaults/main.yml Normal file
View File

@@ -0,0 +1,22 @@
---
#######
# AWS VARS
#######
aws_vpc_name: ansible
aws_vpc_prefix: demo
aws_vpc_cidr_block: 10.0.0.0/16
aws_subnet_cidr: 10.0.1.0/24
aws_region: us-east-1
aws_vm_name: "{{ vm_name }}"
aws_vm_owner: "{{ vm_owner }}"
aws_blueprint: "{{ vm_blueprint }}"
aws_instance_filter: "{{ vm_blueprint_aws_instance_filter }}"
aws_instance_size: "{{ vm_blueprint_aws_instance_size }}"
aws_userdata_template: "{{ vm_blueprint_aws_userdata_template }}"
aws_keypair_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
aws_securitygroup_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
aws_env_tag: prod
aws_purpose_tag: ansible_demo
aws_ansiblegroup_tag: cloud
aws_ec2_wait: true

118
cloud/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml Normal file
View File

@@ -0,0 +1,118 @@
---
- name: AWS | CREATE INFRA | vpc
amazon.aws.ec2_vpc_net:
state: present
name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc"
cidr_block: "{{ aws_vpc_cidr_block }}"
tenancy: default
region: "{{ aws_region }}"
tags:
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_vpc
- name: AWS | CREATE INFRA | internet gateway
amazon.aws.ec2_vpc_igw:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-igw"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_gateway
- name: Create security group internal
amazon.aws.ec2_group:
state: present
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
region: "{{ aws_region }}"
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
rules:
- proto: tcp
ports:
- 80 # HTTP
- 443 # HTTPS
- 22 # SSH
- 5986 # WinRM
- 3389 # RDP
cidr_ip: 0.0.0.0/0
- proto: icmp
to_port: -1
from_port: -1
cidr_ip: 0.0.0.0/0
- proto: tcp
ports:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
- 53 # DNS
- 88 # Kerberos Authentication
- 135 # RPC
- 139 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
- proto: udp
ports:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
rules_egress:
- proto: -1
cidr_ip: 0.0.0.0/0
vpc_id: "{{ aws_vpc.vpc.id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create a subnet on the VPC
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
cidr: "{{ aws_subnet_cidr }}"
region: "{{ aws_region }}"
map_public: yes
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-subnet"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_subnet
- name: Create a subnet route table
amazon.aws.ec2_vpc_route_table:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
subnets:
- "{{ aws_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ aws_gateway.gateway_id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-rtbl"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-demo-key"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present
tags:
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"

45
cloud/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_vm.yml Normal file
View File

@@ -0,0 +1,45 @@
---
- name: AWS | CREATE VM | get subnet info
amazon.aws.ec2_vpc_subnet_info:
region: "{{ aws_region }}"
filters:
"tag:Name": "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-subnet"
register: aws_subnet
- name: AWS | CREATE VM | save subnet id
set_fact:
aws_subnet_id: "{{ aws_subnet.subnets|map(attribute='id')| list | last }}"
- name: AWS| CREATE VM | find ami
amazon.aws.ec2_ami_info:
region: "{{ aws_region }}"
filters:
name: "{{ aws_instance_filter }}"
register: amis
- name: AWS| CREATE VM | save ami
set_fact:
aws_instance_ami: >
{{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }}
- name: AWS| CREATE VM | create instance
amazon.aws.ec2_instance:
network:
assign_public_ip: yes
groups: "{{ aws_securitygroup_name }}"
key_name: "{{ aws_keypair_name }}"
instance_type: "{{ aws_instance_size }}"
image_id: "{{ aws_instance_ami.image_id }}"
region: "{{ aws_region }}"
tags:
blueprint: "{{ aws_blueprint }}"
purpose: "{{ aws_purpose_tag }}"
env: "{{ aws_env_tag }}"
ansible_group: "{{ aws_ansiblegroup_tag }}"
owner: "{{ aws_vm_owner }}"
info: "This instance was built by Red Hat Product Demos"
Name: "{{ aws_vm_name }}"
wait: "{{ aws_ec2_wait }}"
vpc_subnet_id: "{{ aws_subnet_id }}"
user_data: "{{ lookup('template', aws_userdata_template+'.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
register: aws_vm_output

29
cloud/collections/ansible_collections/demo/cloud/roles/aws/templates/aws_windows_userdata.j2 Normal file
View File

@@ -0,0 +1,29 @@
<powershell>
# Disable .Net Optimization Service
Get-ScheduledTask *ngen* | Disable-ScheduledTask
# Disable Windows Auto Updates
# https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshooting-windows-instances.html#high-cpu-issue
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
net stop wuauserv
net start wuauserv
# Remove policies stopping us from enabling WinRM
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v AllowBasic /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v AllowUnencryptedTraffic /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v DisableRunAs /f
# Disable Windows Defender Monitoring
Set-MpPreference -DisableRealtimeMonitoring $true
# Enable WinRM
Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile C:\ConfigureRemotingForAnsible.ps1
C:\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP
# add ec2-user
$Password = ConvertTo-SecureString {{ ansible_password }} -AsPlainText -Force
New-LocalUser -Name "ec2-user" -Description "Ansible Service Account" -Password $Password
Add-LocalGroupMember -Group "Administrators" -Member "ec2-user"
Rename-Computer -NewName {{ aws_vm_name }} -Force -Restart
</powershell>

9
cloud/collections/ansible_collections/demo/cloud/roles/azure/defaults/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
##############
# Azure Vars
##############
az_region:
az_rg_name: ansible
az_rg_prefix: demo
az_vnet_cidr_block: 10.0.0.0/16
az_subnet_cidr: 10.0.1.0/24

76
cloud/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_infra.yml Normal file
View File

@@ -0,0 +1,76 @@
---
- name: AZURE | CREATE INFRA | resource group
azure.azcollection.azure_rm_resourcegroup:
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
location: "{{ az_region }}"
- name: AZURE | CREATE INFRA | virtual network
azure.azcollection.azure_rm_virtualnetwork:
resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-vnet"
address_prefixes: "{{ az_vnet_cidr }}"
- name: AZURE | CREATE INFRA | subnet
azure.azcollection.azure_rm_subnet:
resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-subnet }}"
address_prefix: "{{ az_subnet_cidr }}"
virtual_network: "{{ az_rg_name }}-{{ az_rg_prefix }}-vnet"
- name: AZURE | CREATE INFRA | security group
azure.azcollection.azure_rm_securitygroup:
resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-sec-group"
rules:
- name: External
protocol: Tcp
destination_port_range:
- 80 # HTTP
- 443 # HTTPS
- 5986 # WinRM
- 3389 # RDP
access: Allow
priority: 1001
direction: Inbound
- name: Ping
protocol: Icmp
access: Allow
priority: 1002
direction: Inbound
- name: Internal TCP
protocol: Tcp
destination_port_range:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
- 53 # DNS
- 88 # Kerberos Authentication
- 135 # RPC
- 139 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
access: Allow
priority: 1003
direction: Inbound
source_address_prefix: "{{ az_vnet_cidr_block }}"
- name: Internal UDP
protocol: Udp
destination_port_range:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
access: Allow
priority: 1004
direction: Inbound
source_address_prefix: "{{ az_vnet_cidr_block }}"

0
cloud/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_vm.yml Normal file
View File

120
cloud/create_infra.yml
View File

@@ -3,120 +3,10 @@
hosts: localhost hosts: localhost
gather_facts: no gather_facts: no
vars: vars:
vpc_user: workshop infra_provider: undef
vpc_name: demo aws_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCK93BIfZx+MeEyP6qBha48FxtoZYsmx4grYOM3ZQMbkDp0v/cHFKHlUrZR67bVHuOriqrCScBaBfZ0RQk7mYpTAR5CgLed8Vun3LcQz7bZHq26CS83J8KE5Kbfhm07VzZfOND/yeuq3dU9P6Kb2HBufj+mUGgktUjuLVlRAk1KTYfTAevYcCfm75LtCKAkTsR5hG+yGHRo0n1lWeEhz8m0Gl1g0e3/eGo/bmViHvrKi5cGPu7K8p8JGhtXhpr0jMIqh5Ej7Iu2fPe/sV05Qp+am4upGPW7PmS2V82sMuZxLPeWZRJxvqstW7aSziUxbWu6b8gMfRJdzGa6b24ejp1R 2cfb-key
vpc_cidr_block: 10.0.0.0/16
tasks: tasks:
- name: Create VPC - include_role:
amazon.aws.ec2_vpc_net: name: "demo.cloud.{{ infra_provider }}"
state: present tasks_from: create_infra
name: "{{ vpc_name }}-ansible-vpc"
cidr_block: "{{ vpc_cidr_block }}"
tenancy: default
region: "{{ aws_region }}"
tags:
user: "{{ vpc_user }}"
purpose: Ansible Demo
register: aws_vpc
- name: Create Internet Gateway for VPC
amazon.aws.ec2_vpc_igw:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ vpc_user }}-{{vpc_name }}-vpc-igw"
user: "{{ vpc_user }}"
purpose: Ansible Demo
register: aws_gateway
- name: Create security group internal
amazon.aws.ec2_group:
state: present
name: "{{ vpc_user }}-{{ vpc_name }}-sec-group"
region: "{{ aws_region }}"
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
rules:
- proto: tcp
ports:
- 80 # HTTP
- 443 # HTTPS
- 22 # SSH
cidr_ip: 0.0.0.0/0
- proto: icmp
to_port: -1
from_port: -1
cidr_ip: 0.0.0.0/0
- proto: tcp
ports:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
- 53 # DNS
- 88 # Kerberos Authentication
- 135 # RPC
- 139 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
- proto: udp
ports:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
rules_egress:
- proto: -1
cidr_ip: 0.0.0.0/0
vpc_id: "{{ aws_vpc.vpc.id }}"
tags:
Name: "{{ vpc_user }}-{{ vpc_name }}-sec-group"
user: "{{ vpc_user}}"
purpose: Ansible Demo
- name: Create a subnet on the VPC
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
cidr: 10.0.0.0/16
region: "{{ aws_region }}"
map_public: yes
tags:
Name: "{{ vpc_user }}-{{ vpc_name }}-subnet"
user: "{{ vpc_user }}"
purpose: Ansible Demo
register: aws_subnet
- name: Create a subnet route table
amazon.aws.ec2_vpc_route_table:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
subnets:
- "{{ aws_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ aws_gateway.gateway_id }}"
tags:
Name: "{{ vpc_user }}-{{ vpc_name }}-vpc-rtbl"
user: "{{ vpc_user }}"
purpose: Ansible Demo
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ vpc_user }}-{{ vpc_name }}-demo-key"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present

25
cloud/create_vm.yml Normal file
View File

@@ -0,0 +1,25 @@
---
- name: Create Cloud Infra
hosts: localhost
gather_facts: no
vars:
vm_name: undef
vm_owner: undef
vm_provider: undef
vm_blueprint: undef
tasks:
- name: "Importing {{ vm_blueprint | upper }} Blueprint"
include_vars:
file: "blueprints/{{ vm_blueprint }}.yml"
- name: "Check Provider Compatibility"
assert:
that: "{{ vm_provider }} in {{ vm_blueprint_providers }}"
fail_msg: "{{ vm_blueprint | upper }} is not available for {{ vm_provider | upper }}"
when: "vm_blueprint_providers is defined"
- name: "Building {{ vm_blueprint | upper }} in {{ vm_provider | upper }}"
include_role:
name: "demo.cloud.{{ infra_provider }}"
tasks_from: create_vm

38
cloud/setup.yml
View File

@@ -43,4 +43,40 @@ controller_templates:
- question_name: Public Key - question_name: Public Key
type: textarea type: textarea
variable: aws_public_key variable: aws_public_key
required: true required: true
- name: Cloud / Create VM
job_type: run
organization: Default
credentials:
- AWS
- Workshop Credential
project: Ansible official demo project
playbook: cloud/create_vm.yml
inventory: Workshop Inventory
execution_environment: Default execution environment
survey_enabled: true
extra_vars:
aws_region: us-east-2
survey:
name: ''
description: ''
spec:
- question_name: Name
type: text
variable: vm_name
required: true
- question_name: Owner
type: text
variable: vm_owner
required: true
- question_name: Provider
type: multiplechoice
variable: vm_provider
required: true
choices:
- aws
- question_name: Blueprint
type: multiplechoice
variable: vm_blueprint
required: true
choices: "{{ lookup('fileglob', 'blueprints/*.yml') | regex_replace(',','\n') | regex_findall('.*/(.*)(?=.yml)') }}"

7
collections/requirements.yml
View File

@@ -11,5 +11,8 @@ collections:
#windows #windows
- chocolatey.chocolatey - chocolatey.chocolatey
- community.windows - community.windows
# #cloud
- azure.azcollection - name: azure.azcollection
version: 1.11.0
- name: amazon.aws
version: 3.1.1