(venv-azure) oyj@oyj:~/azure$ cat three-node-crt-vm.yaml
---
- hosts: localhost
connection: local
#No instance info necessary- azure plugin
gather_facts: no
#Create azure resocure group and virtual network
vars:
RG: "three-group"
LC: "koreacentral"
ST: "present"
VN: "tgvn"
#Adress prefix
AP: "10.12.0.0/16"
SBN_CIDR: "10.12.0.0/24"
SBN: "tgvnsbnet"
#Host info dictionary type: 딕셔너리 형태
NICINFO: { "control-nic":["10.12.0.5",pubip1],"target1-nic":["10.12.0.7",pubip2],"target2-nic":["10.12.0.9",pubip3] }
HOSTINFO: { "control":"control-nic","target1":"target1-nic","target2":"target2-nic" }
tasks:
- name: Create RG - azure 리소스 그룹 생성
azure_rm_resourcegroup:
name: "{{ RG }}"
location: "{{ LC }}"
state: "{{ ST }}"
register: rg
- debug:
var: rg
#Create virtual network
- name: Create virtual nw - 가상 네트워크 생성
azure_rm_virtualnetwork:
resource_group: "{{ RG }}"
name: "{{ VN }}"
address_prefixes: "{{ AP }}"
state: "{{ ST }}"
register: vn
- debug:
var: vn
#Create subnet to provide vm - 서브넷 생성
- name: Create subnet on vn(virtual network)
azure_rm_subnet:
resource_group: "{{ RG }}"
virtual_network_name: "{{ VN }}"
name: "{{ SBN }}"
address_prefix_cidr: "{{ SBN_CIDR }}"
state: "{{ ST }}"
register: sbn_regi
- debug:
var: sbn_regi
- name: Create public Ip addr
azure_rm_publicipaddress:
name: "{{ item }}"
resource_group: "{{ RG }}"
allocation_method: Static
loop:
- pubip1
- pubip2
- pubip3
register: pubip
tags:
- crt-pub
- debug:
var: pubip
tags:
- crt-pub
- name: Crt security group to allow ssh -- ssh 허용 테스트 목적. 22번 포트 인스턴스는 테스트 목적으로만 사용한다.
azure_rm_securitygroup:
name: three-tst-sg
resource_group: "{{ RG }}"
purge_rules: yes
rules:
- name: "AllowSSH"
protocol: Tcp
destination_port_range: 22
access: Allow
priority: 100
direction: Inbound
register: sg_crt
- debug:
var: sg_crt
- name: Crt vn interface card
azure_rm_networkinterface:
resource_group: "{{ RG }}"
#name: ansi-vn-nic
name: "{{ item.key }}"
virtual_network: "{{ VN }}"
subnet: "{{ SBN }}"
security_group: three-tst-sg
ip_configurations:
- name: ipconfig1
public_ip_address_name: "{{ item.value[1] }}"
private_ip_address: "{{ item.value }}"
with_dict: "{{ NICINFO }}"
tags:
- inter
#https://azuremarketplace.microsoft.com/en-us/marketplace/apps/erockyenterprisesoftwarefoundationinc1653071250513.rockylinux?tab=overview
#https://docs.ansible.com/ansible/2.7/modules/azure_rm_virtualmachine_module.html#examples
- name: Crt the virtual machine
azure_rm_virtualmachine:
#name: ansi-tst-vm
name: "{{ item.key }}"
resource_group: "{{ RG }}"
admin_username: rocky
#vm_size: Standard_DS1_v2
vm_size: Standard_B1s
managed_disk_type: Standard_LRS
os_disk_size_gb: 30
ssh_password_enabled: false
ssh_public_keys:
- path: /home/rocky/.ssh/authorized_keys
key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLV7IT+CrssLQ/gVB/yG5KmH69SJot6tnoob2AnvDs6jX2SghxoKgBDY+r5b3Sg+IEgvS2Z9+9pYW7wCXsDZzcG3iyXFUJRzoKIP7CzaWv/rApe6komMuU6f+jmX4mKEE3ZIOkzR62b6pJz1MlVXr5WY/24V+2ONa5jYbKFcAp1MO4k+gGUiRGs3XwTGHJgXh7YUv9x9cYlnQGzwJ9sKInE/KuUmr4y40x1q7ZDLqMssloi1z2AUlPSp4mzqTJ1VDylc+ch11Z/n5mEMo7Ft+8vrAh7pgWfUsIrj9FP5i9lgXSAK+s/Pv4sGtYCQdw6z3hUEzhqf/5KhS33pDrrt45 oyj@oyjaero
#network_interfaces: ansi-vn-nic
network_interfaces: "{{ item.value }}"
image:
publisher: erockyenterprisesoftwarefoundationinc1653071250513
offer: rockylinux
sku: free
version: latest
plan:
name: free
product: rockylinux
publisher: erockyenterprisesoftwarefoundationinc1653071250513
with_dict: "{{ HOSTINFO }}"
tags:
- vm-crt
(venv-azure) oyj@oyj:~/azure$ ansible-playbook three-node-crt-vm.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'
PLAY [localhost] *******************************************************************************************************
TASK [Create RG - azure 리소스 그룹 생성] ******************************************************************************
changed: [localhost]
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"rg": {
"changed": true,
"contains_resources": false,
"failed": false,
"state": {
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group",
"location": "koreacentral",
"name": "three-group",
"provisioning_state": "Succeeded",
"tags": null
}
}
}
TASK [Create virtual nw - 가상 네트워크 생성] **************************************************************************
changed: [localhost]
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"vn": {
"changed": true,
"check_mode": false,
"failed": false,
"state": {
"address_prefixes": [
"10.12.0.0/16"
],
"etag": "W/\"d776acb4-39ed-46cd-90a6-b5ca191dcc88\"",
"flow_timeout_in_minutes": null,
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/virtualNetworks/tgvn",
"location": "koreacentral",
"name": "tgvn",
"provisioning_state": "Succeeded",
"tags": null,
"type": "Microsoft.Network/virtualNetworks"
}
}
}
TASK [Create public Ip addr] *******************************************************************************************
changed: [localhost] => (item=pubip1)
changed: [localhost
changed: [localhost] => (item=pubip2)
changed: [localhost] => (item=pubip3)
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"pubip": {
"changed": true,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"changed": true,
"failed": false,
"invocation": {
"module_args": {
"ad_user": null,
"adfs_authority_url": null,
"allocation_method": "Static",
"api_profile": "latest",
"append_tags": true,
"auth_source": "auto",
"cert_validation_mode": null,
"client_id": null,
"cloud_environment": "AzureCloud",
"disable_instance_discovery": false,
"domain_name": null,
"idle_timeout": null,
"ip_tags": null,
"location": null,
"log_mode": null,
"log_path": null,
"name": "pubip1",
"password": null,
"profile": null,
"resource_group": "three-group",
"secret": null,
"sku": null,
"state": "present",
"subscription_id": null,
"tags": null,
"tenant": null,
"thumbprint": null,
"version": "ipv4",
"x509_certificate_path": null,
"zones": null
}
},
"item": "pubip1",
"state": {
"dns_settings": {},
"etag": "W/\"4807dca9-c61f-423d-8c7a-d94da398832a\"",
"idle_timeout_in_minutes": 4,
"ip_address": "52.141.45.54",
"location": "koreacentral",
"name": "pubip1",
"provisioning_state": "Succeeded",
"public_ip_address_version": "ipv4",
"public_ip_allocation_method": "static",
"sku": "Basic",
"tags": null,
"type": "Microsoft.Network/publicIPAddresses",
"zones": null
}
},
{
"ansible_loop_var": "item",
"changed": true,
"failed": false,
"invocation": {
"module_args": {
"ad_user": null,
"adfs_authority_url": null,
"allocation_method": "Static",
"api_profile": "latest",
"append_tags": true,
"auth_source": "auto",
"cert_validation_mode": null,
"client_id": null,
"cloud_environment": "AzureCloud",
"disable_instance_discovery": false,
"domain_name": null,
"idle_timeout": null,
"ip_tags": null,
"location": null,
"log_mode": null,
"log_path": null,
"name": "pubip2",
"password": null,
"profile": null,
"resource_group": "three-group",
"secret": null,
"sku": null,
"state": "present",
"subscription_id": null,
"tags": null,
"tenant": null,
"thumbprint": null,
"version": "ipv4",
"x509_certificate_path": null,
"zones": null
}
},
"item": "pubip2",
"state": {
"dns_settings": {},
"etag": "W/\"0588f677-1638-4bd9-9754-8ef9739b9aec\"",
"idle_timeout_in_minutes": 4,
"ip_address": "52.141.45.55",
"location": "koreacentral",
"name": "pubip2",
"provisioning_state": "Succeeded",
"public_ip_address_version": "ipv4",
"public_ip_allocation_method": "static",
"sku": "Basic",
"tags": null,
"type": "Microsoft.Network/publicIPAddresses",
"zones": null
}
},
{
"ansible_loop_var": "item",
"changed": true,
"failed": false,
"invocation": {
"module_args": {
"ad_user": null,
"adfs_authority_url": null,
"allocation_method": "Static",
"api_profile": "latest",
"append_tags": true,
"auth_source": "auto",
"cert_validation_mode": null,
"client_id": null,
"cloud_environment": "AzureCloud",
"disable_instance_discovery": false,
"domain_name": null,
"idle_timeout": null,
"ip_tags": null,
"location": null,
"log_mode": null,
"log_path": null,
"name": "pubip3",
"password": null,
"profile": null,
"resource_group": "three-group",
"secret": null,
"sku": null,
"state": "present",
"subscription_id": null,
"tags": null,
"tenant": null,
"thumbprint": null,
"version": "ipv4",
"x509_certificate_path": null,
"zones": null
}
},
"item": "pubip3",
"state": {
"dns_settings": {},
"etag": "W/\"e2522c8c-e294-4368-a25c-55329b6e80b2\"",
"idle_timeout_in_minutes": 4,
"ip_address": "52.141.45.58",
"location": "koreacentral",
"name": "pubip3",
"provisioning_state": "Succeeded",
"public_ip_address_version": "ipv4",
"public_ip_allocation_method": "static",
"sku": "Basic",
"tags": null,
"type": "Microsoft.Network/publicIPAddresses",
"zones": null
}
}
],
"skipped": false
}
}
TASK [Crt security group to allow ssh -- ssh 허용 테스트 목적. 22번 포트 인스턴스는 테스트 목적으로만 사용한다.] *******
changed: [localhost]
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"sg_crt": {
"changed": true,
"failed": false,
"state": {
"default_rules": [
{
"access": "Allow",
"description": "Allow inbound traffic from all VMs in VNET",
"destination_address_prefix": "VirtualNetwork",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowVnetInBound",
"name": "AllowVnetInBound",
"priority": 65000,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "VirtualNetwork",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Allow",
"description": "Allow inbound traffic from azure load balancer",
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"name": "AllowAzureLoadBalancerInBound",
"priority": 65001,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "AzureLoadBalancer",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Deny",
"description": "Deny all inbound traffic",
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/DenyAllInBound",
"name": "DenyAllInBound",
"priority": 65500,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Allow",
"description": "Allow outbound traffic from all VMs to all VMs in VNET",
"destination_address_prefix": "VirtualNetwork",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Outbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowVnetOutBound",
"name": "AllowVnetOutBound",
"priority": 65000,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "VirtualNetwork",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Allow",
"description": "Allow outbound traffic from all VMs to Internet",
"destination_address_prefix": "Internet",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Outbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/AllowInternetOutBound",
"name": "AllowInternetOutBound",
"priority": 65001,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
},
{
"access": "Deny",
"description": "Deny all outbound traffic",
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "*",
"destination_port_ranges": [],
"direction": "Outbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/defaultSecurityRules/DenyAllOutBound",
"name": "DenyAllOutBound",
"priority": 65500,
"protocol": "*",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
}
],
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg",
"location": "koreacentral",
"name": "three-tst-sg",
"network_interfaces": [],
"rules": [
{
"access": "Allow",
"description": null,
"destination_address_prefix": "*",
"destination_address_prefixes": [],
"destination_application_security_groups": null,
"destination_port_range": "22",
"destination_port_ranges": [],
"direction": "Inbound",
"etag": "W/\"56fdb152-5cda-4adb-9fcb-931d7ca6a7b7\"",
"id": "/subscriptions/aa17af3a-aeb2-4c68-801d-595100662a20/resourceGroups/three-group/providers/Microsoft.Network/networkSecurityGroups/three-tst-sg/securityRules/AllowSSH",
"name": "AllowSSH",
"priority": 100,
"protocol": "Tcp",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_address_prefixes": [],
"source_application_security_groups": null,
"source_port_range": "*",
"source_port_ranges": []
}
],
"subnets": [],
"tags": {},
"type": "Microsoft.Network/networkSecurityGroups"
}
}
}
TASK [Crt vn interface card] *******************************************************************************************
changed: [localhost] => (item={'key': 'control-nic', 'value': ['10.12.0.5', 'pubip1']})
changed: [localhost] => (item={'key': 'target1-nic', 'value': ['10.12.0.7', 'pubip2']})
changed: [localhost] => (item={'key': 'target2-nic', 'value': ['10.12.0.9', 'pubip3']})
TASK [Crt the virtual machine] *****************************************************************************************
changed: [localhost] => (item={'key': 'control', 'value': 'control-nic'})
changed: [localhost] => (item={'key': 'target1', 'value': 'target1-nic'})
changed: [localhost] => (item={'key': 'target2', 'value': 'target2-nic'})
PLAY RECAP *************************************************************************************************************
localhost : ok=12 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
No comments:
Post a Comment