Add cloud and patching demos (#9)

Add demos for cloud provisioning and patching
2022-03-29 14:01:28 -05:00
parent d162dcdb50
commit 8e56c5bbf6
88 changed files with 3273 additions and 18 deletions
--- a/collections/ansible_collections/demo/cloud/roles/azure/defaults/main.yml
+++ b/collections/ansible_collections/demo/cloud/roles/azure/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+##############
+# Azure Vars
+##############
+az_region:
+az_rg_name: ansible
+az_rg_prefix: demo
+az_vnet_cidr_block: 10.0.0.0/16
+az_subnet_cidr: 10.0.1.0/24
--- a/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_infra.yml
+++ b/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_infra.yml
@@ -0,0 +1,76 @@
+---
+- name: AZURE | CREATE INFRA | resource group
+  azure.azcollection.azure_rm_resourcegroup:
+      name: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
+      location: "{{ az_region }}"
+
+- name: AZURE | CREATE INFRA | virtual network
+  azure.azcollection.azure_rm_virtualnetwork:
+    resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
+    name: "{{ az_rg_name }}-{{ az_rg_prefix }}-vnet"
+    address_prefixes: "{{ az_vnet_cidr }}"
+
+- name: AZURE | CREATE INFRA | subnet
+  azure.azcollection.azure_rm_subnet:
+    resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
+    name: "{{ az_rg_name }}-{{ az_rg_prefix }}-subnet }}"
+    address_prefix: "{{ az_subnet_cidr }}"
+    virtual_network: "{{ az_rg_name }}-{{ az_rg_prefix }}-vnet"
+
+- name: AZURE | CREATE INFRA | security group
+  azure.azcollection.azure_rm_securitygroup:
+    resource_group: "{{ az_rg_name }}-{{ az_rg_prefix }}-rg"
+    name: "{{ az_rg_name }}-{{ az_rg_prefix }}-sec-group"
+    rules:
+      - name: External
+        protocol: Tcp
+        destination_port_range:
+          - 80 # HTTP
+          - 443 # HTTPS
+          - 5986 # WinRM
+          - 3389 # RDP
+        access: Allow
+        priority: 1001
+        direction: Inbound
+      - name: Ping
+        protocol: Icmp
+        access: Allow
+        priority: 1002
+        direction: Inbound
+      - name: Internal TCP
+        protocol: Tcp
+        destination_port_range:
+          - 80 # HTTP
+          - 5986 # WinRM
+          - 3389 # RDP
+          - 53 # DNS
+          - 88 # Kerberos Authentication
+          - 135 # RPC
+          - 139 # Netlogon
+          - 389 # LDAP
+          - 445 # SMB
+          - 464 # Kerberos Authentication
+          - 5432 # PostgreSQL
+          - 636 # LDAPS (LDAP over TLS)
+          - 873 # Rsync 
+          - 3268-3269 # Global Catalog 
+          - 1024-65535 # Ephemeral RPC ports
+        access: Allow
+        priority: 1003
+        direction: Inbound
+        source_address_prefix: "{{ az_vnet_cidr_block }}"
+      - name: Internal UDP
+        protocol: Udp
+        destination_port_range:
+          - 53 # DNS
+          - 88 # Kerberos Authentication
+          - 123 # NTP
+          - 137-138 # Netlogon 
+          - 389 # LDAP 
+          - 445 # SMB
+          - 464 # Kerberos Authentication
+          - 1024-65535 # Ephemeral RPC ports
+        access: Allow
+        priority: 1004
+        direction: Inbound
+        source_address_prefix: "{{ az_vnet_cidr_block }}"
--- a/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_vm.yml
+++ b/collections/ansible_collections/demo/cloud/roles/azure/tasks/create_vm.yml