first commit

2024-07-12 12:58:40 +02:00
commit 30fdad3be5
557 changed files with 11142 additions and 0 deletions
--- a/roles/azure_createwindowsvm/tasks/main.yml
+++ b/roles/azure_createwindowsvm/tasks/main.yml
@@ -0,0 +1,153 @@
+---
+# This Ansible playbook is designed to create a Windows virtual machine (VM) in Azure and perform several setup tasks on it.
+# The tasks are executed on the localhost and are divided into several parts:
+#
+# 1. Get facts for one resource group: The playbook starts by gathering information about the Azure resource group where the VM will be created.
+# 2. Create a network interface: The playbook then creates a network interface for the VM. The network interface is associated with a specific virtual network and subnet.
+# 3. Get private IP of NIC: The playbook retrieves the private IP address of the newly created network interface.
+# 4. Create VM: The playbook creates the VM. The VM is associated with the previously created network interface. The VM is configured with a specific size, admin username and password, OS type, managed disk type, and image. The VM is also tagged with several key-value pairs.
+# 5. Enable WinRM and Open Port 5985: The playbook enables Windows Remote Management (WinRM) on the VM and opens port 5985. This is done using a VM extension that runs a PowerShell command.
+# 6. Wait for WinRM HTTP Port to Come Online: The playbook waits for the WinRM HTTP port (5985) to come online. This is done using the wait_for module.
+# 7. Get VM Facts: The playbook retrieves information about the newly created VM.
+# 8. Set the Correct Recovery Service Vault: The playbook sets the recovery service vault for the VM. The recovery service vault is set to 'backupvault-awe-01' if the accdevtest variable is set to 'PRD', and 'backupvault-awe-03' otherwise.
+#
+# In all tasks, the resource_group parameter is set to the RG_name variable, and the name parameter is set to the hostname variable. The playbook uses the azure_rm modules to interact with Azure.
+
+# tasks file for azure-createwindowsvm
+  - name: Get facts for one resource group
+    azure_rm_resourcegroup_info:
+      name: "{{RG_name}}"
+    register: rginfo
+  - name: Create a network interface
+    azure_rm_networkinterface:
+      name: "{{hostname}}-nic"
+      resource_group: "{{RG_name}}"
+      location: "{{location}}" 
+ #     virtual_network: "/subscriptions/a7f4215b-c8f8-45ac-8fdd-062c940b02f6/resourceGroups/rg-network-glb-02/providers/Microsoft.Network/virtualNetworks/vnet-awe-glb-02"
+      virtual_network: "{{ vnetid }}"
+      subnet_name: "{{subnetname}}"
+      enable_accelerated_networking: True
+      create_with_security_group: false
+      #security_group: "/subscriptions/a7f4215b-c8f8-45ac-8fdd-062c940b02f6/resourceGroups/rg-network-glb-02/providers/Microsoft.Network/networkSecurityGroups/nsg-glb-02-green"
+      ip_configurations:
+        - name: default
+         # public_ip_address_name: "{{hostname}}-pip"
+          primary: True
+    register: new_nic
+  
+  - name: Get private IP of NIC
+    azure_rm_networkinterface_info:
+      resource_group: "{{RG_name}}"
+      name: "{{hostname}}-nic"
+    register: nic_info
+
+  - name: Display private IP of NIC
+    debug:
+      var: "nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address"
+
+  - name: Create VM
+    azure_rm_virtualmachine:
+      resource_group: "{{RG_name}}" 
+      name: "{{hostname}}"
+      vm_size: "{{vmsize}}"
+      admin_username: ApeAdmin
+      admin_password: "{{ password }}"
+      network_interfaces: "{{hostname}}-nic"
+      os_type: Windows
+      boot_diagnostics:
+        enabled: false
+      managed_disk_type: "Premium_LRS"
+      os_disk_name: "{{hostname}}-osdisk"
+      os_disk_size_gb: 128
+      os_disk_caching: "ReadWrite"
+      image:
+          offer: "{{ vm_offer }}"
+          publisher: "{{ vm_publisher }}"
+          sku: "{{win_sku}}"
+          version: latest
+      license_type: Windows_Server
+      tags:
+        Dexcare: "{{tag_dexcare}}"
+        ApplicationITContact: "{{tag_ApplicationITContact}}"
+        DexMach_IaaSOperations: "NoMDEAgent,NoProtection"
+        Schedule: "{{tag_Schedule}}"
+        ServiceHours: "{{tag_ServiceHours}}"
+        Criticality: "{{tag_Criticality}}"
+        UpdateSchedule: "{{tag_UpdateSchedule}}"
+        TeamSpecialist: "{{tag_TeamSpecialist}}"
+        NotificationTeam: "{{tag_NotificationTeam}}"
+    no_log: true
+
+  # - name: Create VM script extension to enable HTTPS WinRM listener
+  #   azure_rm_virtualmachineextension:
+  #     name: winrm-extension
+  #     resource_group: "{{RG_name}}" 
+  #     virtual_machine_name: "{{hostname}}"
+  #     publisher: Microsoft.Compute
+  #     virtual_machine_extension_type: CustomScriptExtension
+  #     type_handler_version: '1.9'
+  #     settings: '{"fileUris": ["https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"],"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1"}'
+  #     auto_upgrade_minor_version: true
+
+# - name: Get facts for one Public IP
+#     azure_rm_publicipaddress_info:
+#       resource_group: "{{RG_name}}"
+#       name: "{{hostname}}-pip"
+#     register: publicipaddresses
+
+#   - name: set public ip address fact
+#     set_fact: publicipaddress="{{ publicipaddresses | json_query('publicipaddresses[0].ip_address')}}"
+
+  # - name: wait for the WinRM HTTP port to come online
+  #   wait_for:
+  #     port: 5985
+  #     host: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
+  #     timeout: 60
+  #   ignore_errors: true
+
+  - name: Enable winrm + open port 5985
+    azure_rm_virtualmachineextension:
+      name: winrm-extension
+      resource_group: "{{RG_name}}"
+      virtual_machine_name: "{{hostname}}"
+      publisher: Microsoft.Compute
+      virtual_machine_extension_type: CustomScriptExtension
+      type_handler_version: '1.9'
+      settings: {"commandToExecute": "powershell winrm quickconfig -force; New-NetFirewallRule -DisplayName 'Winrm' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 5985"}
+      auto_upgrade_minor_version: true
+
+  - name: wait for the WinRM HTTP port to come online
+    wait_for:
+      port: 5985
+      host: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
+      timeout: 60
+    ignore_errors: true
+ 
+
+  - name: get vm facts
+    azure_rm_virtualmachine_info:
+      resource_group: "{{RG_name}}"
+      name: "{{hostname}}"
+    register: vminfo
+  - name: Display vm id 
+    debug:
+      var: "vminfo.vms[0].id"
+  - name: set the correct recovery service vault
+    azure.azcollection.azure_rm_backupazurevm:
+      resource_group: "{{vaultRg}}"
+      recovery_vault_name: "{{vaultName}}"
+      resource_id: "{{vminfo.vms[0].id}}"
+      backup_policy_id: "{{vaultId}}"
+
+    #when: accdevtest == 'PRD'
+    ignore_errors: true
+
+  # - name: set the correct recovery service vault if not PRD
+  #   azure.azcollection.azure_rm_backupazurevm:
+  #     resource_group: 'rg-management-awe'
+  #     recovery_vault_name: 'backupvault-awe-03'
+  #     resource_id: "{{vminfo.vms[0].id}}"
+  #     backup_policy_id: '/subscriptions/a7f4215b-c8f8-45ac-8fdd-062c940b02f6/resourceGroups/rg-management-awe/providers/Microsoft.RecoveryServices/vaults/backupvault-awe-03/backupPolicies/Daily-Ret3M-Schedule'
+  #   when: accdevtest != 'PRD'
+  #   ignore_errors: true
+