Thursday, August 29, 2024

three

(venv-azure) oyj@oyj:~/azure$ cat three-node-crt-vm.yaml
---
- hosts: localhost
  connection: local
  #No instance info necessary- azure plugin
  gather_facts: no

  #Create azure resocure group and virtual network
  vars:
    RG: "three-group"
    LC: "koreacentral"
    ST: "present"
    VN: "tgvn"
    #Adress prefix
    AP: "10.12.0.0/16"
    SBN_CIDR: "10.12.0.0/24"
    SBN: "tgvnsbnet"
    #Host info dictionary type: 딕셔너리 형태
    NICINFO: { "control-nic":["10.12.0.5",pubip1],"target1-nic":["10.12.0.7",pubip2],"target2-nic":["10.12.0.9",pubip3]  }
    HOSTINFO: { "control":"control-nic","target1":"target1-nic","target2":"target2-nic"  }

  tasks:

  - name: Create RG - azure 리소스 그룹 생성
    azure_rm_resourcegroup:
      name: "{{ RG }}"
      location: "{{ LC }}"
      state: "{{ ST }}"
    register: rg

  - debug:
      var: rg

  #Create virtual network
  - name: Create virtual nw - 가상 네트워크 생성
    azure_rm_virtualnetwork:
      resource_group:  "{{ RG }}"
      name: "{{ VN }}"
      address_prefixes: "{{ AP }}"
      state: "{{ ST }}"
    register: vn

  - debug:
      var: vn

  #Create subnet to provide vm - 서브넷 생성
  - name: Create subnet on vn(virtual network)
    azure_rm_subnet:
      resource_group: "{{ RG }}"
      virtual_network_name: "{{ VN  }}"
      name: "{{ SBN }}"
      address_prefix_cidr: "{{ SBN_CIDR }}"
      state: "{{ ST }}"
    register: sbn_regi

  - debug:
      var: sbn_regi



  - name: Create public Ip addr
    azure_rm_publicipaddress:
      name: "{{ item }}"
      resource_group: "{{ RG }}"
      allocation_method: Static

    loop:
       - pubip1
       - pubip2
       - pubip3
    register: pubip

    tags:
      - crt-pub
  - debug:
      var: pubip
    tags:
      - crt-pub


  - name: Crt security group to allow ssh -- ssh 허용 테스트 목적. 22번 포트 인스턴스는 테스트 목적으로만 사용한다.
    azure_rm_securitygroup:
      name: three-tst-sg
      resource_group: "{{ RG }}"
      purge_rules: yes
      rules:
        - name: "AllowSSH"
          protocol: Tcp
          destination_port_range: 22
          access: Allow
          priority: 100
          direction: Inbound

    register: sg_crt
  - debug:
      var: sg_crt


  - name: Crt vn interface card
    azure_rm_networkinterface:
      resource_group: "{{ RG }}"
      #name: ansi-vn-nic
      name: "{{ item.key }}"
      virtual_network: "{{ VN }}"
      subnet: "{{ SBN }}"
      security_group: three-tst-sg
      ip_configurations:
        - name: ipconfig1
          public_ip_address_name: "{{ item.value[1] }}"
          private_ip_address: "{{ item.value }}"
    with_dict: "{{ NICINFO }}"
    tags:
      - inter


  #https://azuremarketplace.microsoft.com/en-us/marketplace/apps/erockyenterprisesoftwarefoundationinc1653071250513.rockylinux?tab=overview
  #https://docs.ansible.com/ansible/2.7/modules/azure_rm_virtualmachine_module.html#examples
  - name: Crt the virtual machine
    azure_rm_virtualmachine:
      #name: ansi-tst-vm
      name: "{{ item.key }}"
      resource_group: "{{ RG }}"
      admin_username: rocky
      #vm_size: Standard_DS1_v2
      vm_size: Standard_B1s
      managed_disk_type: Standard_LRS
      os_disk_size_gb: 30
      ssh_password_enabled: false
      ssh_public_keys:
         - path: /home/rocky/.ssh/authorized_keys
           key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLV7IT+CrssLQ/gVB/yG5KmH69SJot6tnoob2AnvDs6jX2SghxoKgBDY+r5b3Sg+IEgvS2Z9+9pYW7wCXsDZzcG3iyXFUJRzoKIP7CzaWv/rApe6komMuU6f+jmX4mKEE3ZIOkzR62b6pJz1MlVXr5WY/24V+2ONa5jYbKFcAp1MO4k+gGUiRGs3XwTGHJgXh7YUv9x9cYlnQGzwJ9sKInE/KuUmr4y40x1q7ZDLqMssloi1z2AUlPSp4mzqTJ1VDylc+ch11Z/n5mEMo7Ft+8vrAh7pgWfUsIrj9FP5i9lgXSAK+s/Pv4sGtYCQdw6z3hUEzhqf/5KhS33pDrrt45 oyj@oyjaero
      #network_interfaces: ansi-vn-nic
      network_interfaces: "{{ item.value }}"
      image:
         publisher: erockyenterprisesoftwarefoundationinc1653071250513
         offer: rockylinux
         sku: free
         version: latest
      plan:
         name: free
         product: rockylinux
         publisher: erockyenterprisesoftwarefoundationinc1653071250513
    with_dict: "{{ HOSTINFO }}"
    tags:
      - vm-crt

 

 

 

 

 

 

 (venv-azure) oyj@oyj:~/azure$ ansible-playbook three-node-crt-vm.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'

PLAY [localhost] *******************************************************************************************************

TASK [Create RG - azure 리소스 그룹 생성] ******************************************************************************
changed: [localhost]

TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
    "rg": {
        "changed": true,
        "contains_resources": false,
        "failed": false,
        "state": {
            "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group",
            "location": "koreacentral",
            "name": "three-group",
            "provisioning_state": "Succeeded",
            "tags": null
        }
    }
}

TASK [Create virtual nw - 가상 네트워크 생성] **************************************************************************

changed: [localhost]

TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
    "vn": {
        "changed": true,
        "check_mode": false,
        "failed": false,
        "state": {
            "address_prefixes": [
                "10.12.0.0/16"
            ],
            "etag": "W/\"d776acb4-39ed-46cd-90a6-b5ca191dcc88\"",
            "flow_timeout_in_minutes": null,
            "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/virtualNetworks/tgvn",
            "location": "koreacentral",
            "name": "tgvn",
            "provisioning_state": "Succeeded",
            "tags": null,
            "type": "Microsoft.Network/virtualNetworks"
        }
    }
}
 

 

TASK [Create public Ip addr] *******************************************************************************************
changed: [localhost] => (item=pubip1)
changed: [localhost

changed: [localhost] => (item=pubip2)
changed: [localhost] => (item=pubip3)

TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
    "pubip": {
        "changed": true,
        "msg": "All items completed",
        "results": [
            {
                "ansible_loop_var": "item",
                "changed": true,
                "failed": false,
                "invocation": {
                    "module_args": {
                        "ad_user": null,
                        "adfs_authority_url": null,
                        "allocation_method": "Static",
                        "api_profile": "latest",
                        "append_tags": true,
                        "auth_source": "auto",
                        "cert_validation_mode": null,
                        "client_id": null,
                        "cloud_environment": "AzureCloud",
                        "disable_instance_discovery": false,
                        "domain_name": null,
                        "idle_timeout": null,
                        "ip_tags": null,
                        "location": null,
                        "log_mode": null,
                        "log_path": null,
                        "name": "pubip1",
                        "password": null,
                        "profile": null,
                        "resource_group": "three-group",
                        "secret": null,
                        "sku": null,
                        "state": "present",
                        "subscription_id": null,
                        "tags": null,
                        "tenant": null,
                        "thumbprint": null,
                        "version": "ipv4",
                        "x509_certificate_path": null,
                        "zones": null
                    }
                },
                "item": "pubip1",
                "state": {
                    "dns_settings": {},
                    "etag": "W/\"4807dca9-c61f-423d-8c7a-d94da398832a\"",
                    "idle_timeout_in_minutes": 4,
                    "ip_address": "52.141.45.54",
                    "location": "koreacentral",
                    "name": "pubip1",
                    "provisioning_state": "Succeeded",
                    "public_ip_address_version": "ipv4",
                    "public_ip_allocation_method": "static",
                    "sku": "Basic",
                    "tags": null,
                    "type": "Microsoft.Network/publicIPAddresses",
                    "zones": null
                }
            },
            {
                "ansible_loop_var": "item",
                "changed": true,
                "failed": false,
                "invocation": {
                    "module_args": {
                        "ad_user": null,
                        "adfs_authority_url": null,
                        "allocation_method": "Static",
                        "api_profile": "latest",
                        "append_tags": true,
                        "auth_source": "auto",
                        "cert_validation_mode": null,
                        "client_id": null,
                        "cloud_environment": "AzureCloud",
                        "disable_instance_discovery": false,
                        "domain_name": null,
                        "idle_timeout": null,
                        "ip_tags": null,
                        "location": null,
                        "log_mode": null,
                        "log_path": null,
                        "name": "pubip2",
                        "password": null,
                        "profile": null,
                        "resource_group": "three-group",
                        "secret": null,
                        "sku": null,
                        "state": "present",
                        "subscription_id": null,
                        "tags": null,
                        "tenant": null,
                        "thumbprint": null,
                        "version": "ipv4",
                        "x509_certificate_path": null,
                        "zones": null
                    }
                },
                "item": "pubip2",
                "state": {
                    "dns_settings": {},
                    "etag": "W/\"0588f677-1638-4bd9-9754-8ef9739b9aec\"",
                    "idle_timeout_in_minutes": 4,
                    "ip_address": "52.141.45.55",
                    "location": "koreacentral",
                    "name": "pubip2",
                    "provisioning_state": "Succeeded",
                    "public_ip_address_version": "ipv4",
                    "public_ip_allocation_method": "static",
                    "sku": "Basic",
                    "tags": null,
                    "type": "Microsoft.Network/publicIPAddresses",
                    "zones": null
                }
            },
            {
                "ansible_loop_var": "item",
                "changed": true,
                "failed": false,
                "invocation": {
                    "module_args": {
                        "ad_user": null,
                        "adfs_authority_url": null,
                        "allocation_method": "Static",
                        "api_profile": "latest",
                        "append_tags": true,
                        "auth_source": "auto",
                        "cert_validation_mode": null,
                        "client_id": null,
                        "cloud_environment": "AzureCloud",
                        "disable_instance_discovery": false,
                        "domain_name": null,
                        "idle_timeout": null,
                        "ip_tags": null,
                        "location": null,
                        "log_mode": null,
                        "log_path": null,
                        "name": "pubip3",
                        "password": null,
                        "profile": null,
                        "resource_group": "three-group",
                        "secret": null,
                        "sku": null,
                        "state": "present",
                        "subscription_id": null,
                        "tags": null,
                        "tenant": null,
                        "thumbprint": null,
                        "version": "ipv4",
                        "x509_certificate_path": null,
                        "zones": null
                    }
                },
                "item": "pubip3",
                "state": {
                    "dns_settings": {},
                    "etag": "W/\"e2522c8c-e294-4368-a25c-55329b6e80b2\"",
                    "idle_timeout_in_minutes": 4,
                    "ip_address": "52.141.45.58",
                    "location": "koreacentral",
                    "name": "pubip3",
                    "provisioning_state": "Succeeded",
                    "public_ip_address_version": "ipv4",
                    "public_ip_allocation_method": "static",
                    "sku": "Basic",
                    "tags": null,
                    "type": "Microsoft.Network/publicIPAddresses",
                    "zones": null
                }
            }
        ],
        "skipped": false
    }
}

TASK [Crt security group to allow ssh -- ssh 허용 테스트 목적. 22번 포트 인스턴스는 테스트 목적으로만 사용한다.] *******
changed: [localhost]

TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
    "sg_crt": {
        "changed": true,
        "failed": false,
        "state": {
            "default_rules": [
                {
                    "access": "Allow",
                    "description": "Allow inbound traffic from all VMs in VNET",
                    "destination_address_prefix": "VirtualNetwork",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "*",
                    "destination_port_ranges": [],
                    "direction": "Inbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowVnetInBound",
                    "name": "AllowVnetInBound",
                    "priority": 65000,
                    "protocol": "*",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "VirtualNetwork",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                },
                {
                    "access": "Allow",
                    "description": "Allow inbound traffic from azure load balancer",
                    "destination_address_prefix": "*",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "*",
                    "destination_port_ranges": [],
                    "direction": "Inbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowAzureLoadBalancerInBound",
                    "name": "AllowAzureLoadBalancerInBound",
                    "priority": 65001,
                    "protocol": "*",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "AzureLoadBalancer",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                },
                {
                    "access": "Deny",
                    "description": "Deny all inbound traffic",
                    "destination_address_prefix": "*",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "*",
                    "destination_port_ranges": [],
                    "direction": "Inbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/DenyAllInBound",
                    "name": "DenyAllInBound",
                    "priority": 65500,
                    "protocol": "*",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "*",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                },
                {
                    "access": "Allow",
                    "description": "Allow outbound traffic from all VMs to all VMs in VNET",
                    "destination_address_prefix": "VirtualNetwork",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "*",
                    "destination_port_ranges": [],
                    "direction": "Outbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowVnetOutBound",
                    "name": "AllowVnetOutBound",
                    "priority": 65000,
                    "protocol": "*",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "VirtualNetwork",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                },
                {
                    "access": "Allow",
                    "description": "Allow outbound traffic from all VMs to Internet",
                    "destination_address_prefix": "Internet",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "*",
                    "destination_port_ranges": [],
                    "direction": "Outbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowInternetOutBound",
                    "name": "AllowInternetOutBound",
                    "priority": 65001,
                    "protocol": "*",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "*",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                },
                {
                    "access": "Deny",
                    "description": "Deny all outbound traffic",
                    "destination_address_prefix": "*",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "*",
                    "destination_port_ranges": [],
                    "direction": "Outbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/DenyAllOutBound",
                    "name": "DenyAllOutBound",
                    "priority": 65500,
                    "protocol": "*",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "*",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                }
            ],
            "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg",
            "location": "koreacentral",
            "name": "three-tst-sg",
            "network_interfaces": [],
            "rules": [
                {
                    "access": "Allow",
                    "description": null,
                    "destination_address_prefix": "*",
                    "destination_address_prefixes": [],
                    "destination_application_security_groups": null,
                    "destination_port_range": "22",
                    "destination_port_ranges": [],
                    "direction": "Inbound",
                    "etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
                    "id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/securityRules/AllowSSH",
                    "name": "AllowSSH",
                    "priority": 100,
                    "protocol": "Tcp",
                    "provisioning_state": "Succeeded",
                    "source_address_prefix": "*",
                    "source_address_prefixes": [],
                    "source_application_security_groups": null,
                    "source_port_range": "*",
                    "source_port_ranges": []
                }
            ],
            "subnets": [],
            "tags": {},
            "type": "Microsoft.Network/networkSecurityGroups"
        }
    }
}

TASK [Crt vn interface card] *******************************************************************************************
changed: [localhost] => (item={'key': 'control-nic', 'value': ['10.12.0.5', 'pubip1']})
changed: [localhost] => (item={'key': 'target1-nic', 'value': ['10.12.0.7', 'pubip2']})
changed: [localhost] => (item={'key': 'target2-nic', 'value': ['10.12.0.9', 'pubip3']})


 TASK [Crt the virtual machine] *****************************************************************************************
changed: [localhost] => (item={'key': 'control', 'value': 'control-nic'})
changed: [localhost] => (item={'key': 'target1', 'value': 'target1-nic'})
changed: [localhost] => (item={'key': 'target2', 'value': 'target2-nic'})

PLAY RECAP *************************************************************************************************************
localhost                  : ok=12   changed=7    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0




No comments:

Post a Comment