ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cloud (#8)

Browse Source 
Add Create Infra and Create VM demo
This commit is contained in:
willtome
2022-03-22 17:53:28 -05:00
committed by GitHub
parent cf90f1e145
commit 51273afedd
18 changed files with 478 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -19,11 +19,13 @@ Please push contributions via a pull request following the naming convention of
## Using this project
1. First you must create a credential to access Automation Hub to load the collections used by this project.
> This project is tested for compatibility with AAP2 Linux Automation Workshop available to Red Hat Employees and Partners.
1. First you must create a credential for [Automation Hub](https://console.redhat.com/ansible/automation-hub/) to successfully sync collections used by this project.
1. In the Credentials section of the Controller UI, add a new Credential called `Automation Hub` with the type `Ansible Galaxy/Automation Hub API Token`
2. You can obtain a token [here](https://console.redhat.com/ansible/automation-hub/token). This page will also provide the Server URL and Auth Server URL.
3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section.
3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section. Don't forget to click Save!!
2. If it has not been created for you, add a Project called `Ansible official demo project` with this repo as a source. NOTE: if you are using a fork, be sure that you have the correct URL. Update the project.
3. Finally, Create a Job Template called `Setup` with the following configuration:

7
cloud/blueprints/rhel7.yml Normal file
View File

@@ -0,0 +1,7 @@
---
vm_providers:
- aws
aws_image_owners: 309956199498
aws_instance_size: t2.medium
aws_image_architecture: x86_64
aws_image_filter: 'RHEL-7.9_HVM*'

7
cloud/blueprints/rhel8.yml Normal file
View File

@@ -0,0 +1,7 @@
---
vm_providers:
- aws
aws_image_owners: 309956199498
aws_instance_size: t3.micro
aws_image_architecture: x86_64
aws_image_filter: 'RHEL-8*HVM-*Hourly*'

6
cloud/blueprints/windows.yml Normal file
View File

@@ -0,0 +1,6 @@
---
vm_blueprint_providers:
- aws
aws_instance_filter: 'Windows_Server-2019-English-Core-Base*'
aws_instance_size: t3.medium
aws_userdata_template: aws_windows_userdata

0
cloud/collections/ansible_collections/demo/cloud/README.md Normal file
View File

24
cloud/collections/ansible_collections/demo/cloud/roles/aws/defaults/main.yml Normal file
View File

@@ -0,0 +1,24 @@
---
#######
# AWS VARS
#######
aws_vpc_name: ansible
aws_vpc_prefix: demo
aws_vpc_cidr_block: 10.0.0.0/16
aws_subnet_cidr: 10.0.1.0/24
aws_region: us-east-1
aws_vm_name: "{{ vm_name }}"
aws_vm_owner: "{{ vm_owner }}"
aws_blueprint: "{{ vm_blueprint }}"
aws_image_filter: "{{ omit }}"
aws_image_size: "{{ omit }}"
aws_image_architecture: "{{ omit }}"
aws_image_owners: "{{ omit }} "
aws_userdata_template: default
aws_keypair_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
aws_securitygroup_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
aws_env_tag: prod
aws_purpose_tag: ansible_demo
aws_ansiblegroup_tag: cloud
aws_ec2_wait: true

118
cloud/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml Normal file
View File

@@ -0,0 +1,118 @@
---
- name: AWS | CREATE INFRA | vpc
amazon.aws.ec2_vpc_net:
state: present
name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc"
cidr_block: "{{ aws_vpc_cidr_block }}"
tenancy: default
region: "{{ aws_region }}"
tags:
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_vpc
- name: AWS | CREATE INFRA | internet gateway
amazon.aws.ec2_vpc_igw:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-igw"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_gateway
- name: Create security group internal
amazon.aws.ec2_group:
state: present
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
region: "{{ aws_region }}"
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
rules:
- proto: tcp
ports:
- 80 # HTTP
- 443 # HTTPS
- 22 # SSH
- 5986 # WinRM
- 3389 # RDP
cidr_ip: 0.0.0.0/0
- proto: icmp
to_port: -1
from_port: -1
cidr_ip: 0.0.0.0/0
- proto: tcp
ports:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
- 53 # DNS
- 88 # Kerberos Authentication
- 135 # RPC
- 139 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
- proto: udp
ports:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
rules_egress:
- proto: -1
cidr_ip: 0.0.0.0/0
vpc_id: "{{ aws_vpc.vpc.id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create a subnet on the VPC
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
cidr: "{{ aws_subnet_cidr }}"
region: "{{ aws_region }}"
map_public: yes
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-subnet"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_subnet
- name: Create a subnet route table
amazon.aws.ec2_vpc_route_table:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
subnets:
- "{{ aws_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ aws_gateway.gateway_id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-rtbl"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-demo-key"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present
tags:
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"

47
cloud/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_vm.yml Normal file
View File

@@ -0,0 +1,47 @@
---
- name: AWS | CREATE VM | get subnet info
amazon.aws.ec2_vpc_subnet_info:
region: "{{ aws_region }}"
filters:
"tag:Name": "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-subnet"
register: aws_subnet
- name: AWS | CREATE VM | save subnet id
set_fact:
aws_subnet_id: "{{ aws_subnet.subnets|map(attribute='id')| list | last }}"
- name: AWS| CREATE VM | find ami
amazon.aws.ec2_ami_info:
region: "{{ aws_region }}"
owners: "{{ aws_image_owners }}"
filters:
name: "{{ aws_image_filter }}"
architecture: "{{ aws_image_architecture }}"
register: amis
- name: AWS| CREATE VM | save ami
set_fact:
aws_instance_ami: >
{{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }}
- name: AWS| CREATE VM | create instance
amazon.aws.ec2_instance:
network:
assign_public_ip: yes
key_name: "{{ aws_keypair_name }}"
instance_type: "{{ aws_instance_size }}"
image_id: "{{ aws_instance_ami.image_id }}"
region: "{{ aws_region }}"
security_group: "{{ aws_securitygroup_name }}"
tags:
blueprint: "{{ aws_blueprint }}"
purpose: "{{ aws_purpose_tag }}"
env: "{{ aws_env_tag }}"
ansible_group: "{{ aws_ansiblegroup_tag }}"
owner: "{{ aws_vm_owner }}"
info: "This instance was built by Red Hat Product Demos"
Name: "{{ aws_vm_name }}"
wait: "{{ aws_ec2_wait }}"
vpc_subnet_id: "{{ aws_subnet_id }}"
user_data: "{{ lookup('template', aws_userdata_template+'.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
register: aws_vm_output

29
cloud/collections/ansible_collections/demo/cloud/roles/aws/templates/aws_windows_userdata.j2 Normal file
View File

@@ -0,0 +1,29 @@
<powershell>
# Disable .Net Optimization Service
Get-ScheduledTask *ngen* | Disable-ScheduledTask
# Disable Windows Auto Updates
# https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshooting-windows-instances.html#high-cpu-issue
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
net stop wuauserv
net start wuauserv
# Remove policies stopping us from enabling WinRM
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v AllowBasic /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v AllowUnencryptedTraffic /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v DisableRunAs /f
# Disable Windows Defender Monitoring
Set-MpPreference -DisableRealtimeMonitoring $true
# Enable WinRM
Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile C:\ConfigureRemotingForAnsible.ps1
C:\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP
# add ec2-user
$Password = ConvertTo-SecureString {{ ansible_password }} -AsPlainText -Force
New-LocalUser -Name "ec2-user" -Description "Ansible Service Account" -Password $Password
Add-LocalGroupMember -Group "Administrators" -Member "ec2-user"
Rename-Computer -NewName {{ aws_vm_name }} -Force -Restart
</powershell>

0
cloud/collections/ansible_collections/demo/cloud/roles/aws/templates/default.j2 Normal file
View File

9
cloud/collections/ansible_collections/demo/cloud/roles/azure/defaults/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
##############
# Azure Vars
##############
az_region:
az_rg_name: ansible
az_rg_prefix: demo
az_vnet_cidr_block: 10.0.0.0/16
az_subnet_cidr: 10.0.1.0/24

76
cloud/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_infra.yml Normal file
View File

@@ -0,0 +1,76 @@
---
- name: AZURE | CREATE INFRA | resource group
azure.azcollection.azure_rm_resourcegroup:
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
location: "{{ az_region }}"
- name: AZURE | CREATE INFRA | virtual network
azure.azcollection.azure_rm_virtualnetwork:
resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-vnet"
address_prefixes: "{{ az_vnet_cidr }}"
- name: AZURE | CREATE INFRA | subnet
azure.azcollection.azure_rm_subnet:
resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-subnet }}"
address_prefix: "{{ az_subnet_cidr }}"
virtual_network: "{{ az_rg_name }}-{{ az_rg_prefix }}-vnet"
- name: AZURE | CREATE INFRA | security group
azure.azcollection.azure_rm_securitygroup:
resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
name: "{{ az_rg_name }}-{{ az_rg_prefix }}-sec-group"
rules:
- name: External
protocol: Tcp
destination_port_range:
- 80 # HTTP
- 443 # HTTPS
- 5986 # WinRM
- 3389 # RDP
access: Allow
priority: 1001
direction: Inbound
- name: Ping
protocol: Icmp
access: Allow
priority: 1002
direction: Inbound
- name: Internal TCP
protocol: Tcp
destination_port_range:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
- 53 # DNS
- 88 # Kerberos Authentication
- 135 # RPC
- 139 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
access: Allow
priority: 1003
direction: Inbound
source_address_prefix: "{{ az_vnet_cidr_block }}"
- name: Internal UDP
protocol: Udp
destination_port_range:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
access: Allow
priority: 1004
direction: Inbound
source_address_prefix: "{{ az_vnet_cidr_block }}"

0
cloud/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_vm.yml Normal file
View File

11
cloud/create_infra.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: Create Cloud Infra
hosts: localhost
gather_facts: no
vars:
infra_provider: undef
aws_public_key: undef
tasks:
- include_role:
name: "demo.cloud.{{ infra_provider }}"
tasks_from: create_infra

25
cloud/create_vm.yml Normal file
View File

@@ -0,0 +1,25 @@
---
- name: Create Cloud Infra
hosts: localhost
gather_facts: no
vars:
vm_name: undef
vm_owner: undef
vm_provider: undef
vm_blueprint: undef
tasks:
- name: "Importing {{ vm_blueprint | upper }} Blueprint"
include_vars:
file: "blueprints/{{ vm_blueprint }}.yml"
- name: "Check Provider Compatibility"
assert:
that: "'{{ vm_provider }}' in {{ vm_blueprint_providers }}"
fail_msg: "{{ vm_blueprint | upper }} is not available for {{ vm_provider | upper }}"
when: "vm_blueprint_providers is defined"
- name: "Building {{ vm_blueprint | upper }} in {{ vm_provider | upper }}"
include_role:
name: "demo.cloud.{{ vm_provider }}"
tasks_from: create_vm

103
cloud/setup.yml Normal file
View File

@@ -0,0 +1,103 @@
---
user_message:
- Update AWS credential with Access and Secret key
- Update Workshop Credential with password used to login to Controller
controller_components:
- credentials
- inventory_sources
- job_templates
controller_credentials:
- name: AWS
credential_type: Amazon Web Services
organization: Default
update_secrets: false
inputs:
username: REPLACEME
password: REPLACEME
controller_inventory_sources:
- name: AWS Inventory
organization: Default
source: ec2
inventory: Workshop Inventory
credential: AWS
overwrite: true
source_vars:
hostnames:
- tag:Name
compose:
ansible_host: public_ip_address
groups:
cloud_aws: true
keyed_groups:
- key: platform
prefix: os
controller_templates:
- name: Cloud / Create Infra
job_type: run
organization: Default
credentials:
- AWS
project: Ansible official demo project
playbook: cloud/create_infra.yml
inventory: Workshop Inventory
execution_environment: Default execution environment
survey_enabled: true
extra_vars:
aws_region: us-east-2
survey:
name: ''
description: ''
spec:
- question_name: Infra Provider
type: multiplechoice
variable: infra_provider
required: true
choices:
- aws
- question_name: AWS Public Key (only required for aws provider)
type: textarea
required: false
variable: aws_public_key
- name: Cloud / Create VM
job_type: run
organization: Default
credentials:
- AWS
- Workshop Credential
project: Ansible official demo project
playbook: cloud/create_vm.yml
inventory: Workshop Inventory
execution_environment: Default execution environment
survey_enabled: true
extra_vars:
aws_region: us-east-2
survey:
name: ''
description: ''
spec:
- question_name: Name
type: text
variable: vm_name
required: true
- question_name: Owner
type: text
variable: vm_owner
required: true
- question_name: Provider
type: multiplechoice
variable: vm_provider
required: true
choices:
- aws
- question_name: Blueprint
type: multiplechoice
variable: vm_blueprint
required: true
choices: #"{{ lookup('fileglob', 'blueprints/*.yml') | regex_replace(',','\n') | regex_findall('.*/(.*)(?=.yml)') | list }}"
- windows
- rhel8
- rhel7

10
collections/requirements.yml
View File

@@ -2,7 +2,8 @@
collections:
- name: ansible.controller
version: 4.1.1
- redhat_cop.controller_configuration
- name: redhat_cop.controller_configuration
version: 2.1.1
#linux
- redhat.insights
- redhat.rhel_system_roles
@@ -11,5 +12,8 @@ collections:
#windows
- chocolatey.chocolatey
- community.windows
#
- azure.azcollection
#cloud
- name: azure.azcollection
version: 1.11.0
- name: amazon.aws
version: 3.1.1

5
windows/group_vars/os_windows.yml Normal file
View File

@@ -0,0 +1,5 @@
---
ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
ansible_port: 5986