From c1ad7245d2b39a69d3d2978b04948efd17c84718 Mon Sep 17 00:00:00 2001 From: willtome Date: Mon, 14 Mar 2022 16:48:02 -0400 Subject: [PATCH] add cloud demos --- README.md | 6 +- cloud/create_infra.yml | 122 +++++++++++++++++++++++++++++++++++++++++ cloud/setup.yml | 46 ++++++++++++++++ 3 files changed, 172 insertions(+), 2 deletions(-) create mode 100644 cloud/create_infra.yml create mode 100644 cloud/setup.yml diff --git a/README.md b/README.md index 73db4e0..d490a3b 100644 --- a/README.md +++ b/README.md @@ -19,11 +19,13 @@ Please push contributions via a pull request following the naming convention of ## Using this project -1. First you must create a credential to access Automation Hub to load the collections used by this project. + > This project is tested for compatibility with AAP2 Linux Automation Workshop available to Red Hat Employees and Partners. + +1. First you must create a credential for [Automation Hub](https://console.redhat.com/ansible/automation-hub/) to successfully sync collections used by this project. 1. In the Credentials section of the Controller UI, add a new Credential called `Automation Hub` with the type `Ansible Galaxy/Automation Hub API Token` 2. You can obtain a token [here](https://console.redhat.com/ansible/automation-hub/token). This page will also provide the Server URL and Auth Server URL. - 3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section. + 3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section. Don't forget to click Save!! 2. If it has not been created for you, add a Project called `Ansible official demo project` with this repo as a source. NOTE: if you are using a fork, be sure that you have the correct URL. Update the project. 3. Finally, Create a Job Template called `Setup` with the following configuration: diff --git a/cloud/create_infra.yml b/cloud/create_infra.yml new file mode 100644 index 0000000..df83911 --- /dev/null +++ b/cloud/create_infra.yml @@ -0,0 +1,122 @@ +--- +- name: Create Cloud Infra + hosts: localhost + gather_facts: no + vars: + vpc_user: workshop + vpc_name: demo + vpc_cidr_block: 10.0.0.0/16 + + tasks: + - name: Create VPC + amazon.aws.ec2_vpc_net: + state: present + name: "{{ vpc_name }}-ansible-vpc" + cidr_block: "{{ vpc_cidr_block }}" + tenancy: default + region: "{{ aws_region }}" + tags: + user: "{{ vpc_user }}" + purpose: Ansible Demo + register: aws_vpc + + - name: Create Internet Gateway for VPC + amazon.aws.ec2_vpc_igw: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + region: "{{ aws_region }}" + tags: + Name: "{{ vpc_user }}-{{vpc_name }}-vpc-igw" + user: "{{ vpc_user }}" + purpose: Ansible Demo + register: aws_gateway + + - name: Create security group internal + amazon.aws.ec2_group: + state: present + name: "{{ vpc_user }}-{{ vpc_name }}-sec-group" + region: "{{ aws_region }}" + description: Inbound WinRM and RDP, http for demo servers and internal AD ports + rules: + - proto: tcp + ports: + - 80 # HTTP + - 443 # HTTPS + - 22 # SSH + cidr_ip: 0.0.0.0/0 + - proto: icmp + to_port: -1 + from_port: -1 + cidr_ip: 0.0.0.0/0 + - proto: tcp + ports: + - 80 # HTTP + - 5986 # WinRM + - 3389 # RDP + - 53 # DNS + - 88 # Kerberos Authentication + - 135 # RPC + - 139 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 5432 # PostgreSQL + - 636 # LDAPS (LDAP over TLS) + - 873 # Rsync + - 3268-3269 # Global Catalog + - 1024-65535 # Ephemeral RPC ports + cidr_ip: 10.0.0.0/16 + - proto: udp + ports: + - 53 # DNS + - 88 # Kerberos Authentication + - 123 # NTP + - 137-138 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 1024-65535 # Ephemeral RPC ports + cidr_ip: 10.0.0.0/16 + rules_egress: + - proto: -1 + cidr_ip: 0.0.0.0/0 + vpc_id: "{{ aws_vpc.vpc.id }}" + tags: + Name: "{{ vpc_user }}-{{ vpc_name }}-sec-group" + user: "{{ vpc_user}}" + purpose: Ansible Demo + + - name: Create a subnet on the VPC + amazon.aws.ec2_vpc_subnet: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + cidr: 10.0.0.0/16 + region: "{{ aws_region }}" + map_public: yes + tags: + Name: "{{ vpc_user }}-{{ vpc_name }}-subnet" + user: "{{ vpc_user }}" + purpose: Ansible Demo + register: aws_subnet + + - name: Create a subnet route table + amazon.aws.ec2_vpc_route_table: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + region: "{{ aws_region }}" + subnets: + - "{{ aws_subnet.subnet.id }}" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ aws_gateway.gateway_id }}" + tags: + Name: "{{ vpc_user }}-{{ vpc_name }}-vpc-rtbl" + user: "{{ vpc_user }}" + purpose: Ansible Demo + + - name: Create AWS keypair + amazon.aws.ec2_key: + name: "{{ vpc_user }}-{{ vpc_name }}-demo-key" + region: "{{ aws_region }}" + key_material: "{{ aws_public_key }}" + state: present \ No newline at end of file diff --git a/cloud/setup.yml b/cloud/setup.yml new file mode 100644 index 0000000..5f4ef50 --- /dev/null +++ b/cloud/setup.yml @@ -0,0 +1,46 @@ +--- +user_message: + - Update AWS credential with Access and Secret key + +controller_components: + - credentials + - inventory_sources + - job_templates + +controller_credentials: + - name: AWS + credential_type: Amazon Web Services + organization: Default + update_secrets: false + inputs: + username: REPLACEME + password: REPLACEME + +controller_inventory_sources: + - name: AWS Inventory + organization: Default + source: ec2 + inventory: Workshop Inventory + credential: AWS + +controller_templates: + - name: Cloud / Create Infra + job_type: run + organization: Default + credentials: + - AWS + project: Ansible official demo project + playbook: cloud/create_infra.yml + inventory: Demo Inventory + execution_environment: Default execution environment + survey_enabled: true + extra_vars: + aws_region: us-east-2 + survey: + name: '' + description: '' + spec: + - question_name: Public Key + type: textarea + variable: aws_public_key + required: true \ No newline at end of file