133 lines
4.1 KiB
YAML
133 lines
4.1 KiB
YAML
---
|
|
- name: get resource group info
|
|
become: true
|
|
become_user: root
|
|
# become_method: runas
|
|
hosts: localhost
|
|
tasks:
|
|
## create the resource group
|
|
- name: create resource_group
|
|
azure_rm_resourcegroup:
|
|
name: "rg-clean_room"
|
|
location: westeurope
|
|
## create the vnet with subnets
|
|
- name: Create virtual network vnet-clean_room
|
|
azure_rm_virtualnetwork:
|
|
resource_group: "rg-clean_room"
|
|
name: vnet-clean_room
|
|
address_prefixes:
|
|
- "10.10.0.0/24"
|
|
- "10.245.140.0/22"
|
|
dns_servers:
|
|
- "10.245.142.82"
|
|
- "10.245.142.83"
|
|
|
|
- name: create nsg
|
|
azure.azcollection.azure_rm_securitygroup:
|
|
resource_group: "rg-clean_room"
|
|
name: nsg-clean-room
|
|
rules:
|
|
- name: DENYOUTBOUNDINTERNET
|
|
protocol: "*"
|
|
access: Deny
|
|
priority: 100
|
|
destination_address_prefix: Internet
|
|
direction: Outbound
|
|
state: present
|
|
- name: Add subnet clean_room
|
|
azure_rm_subnet:
|
|
resource_group: "rg-clean_room"
|
|
name: sn-clean_room
|
|
address_prefix: "10.245.140.0/24"
|
|
virtual_network: vnet-clean_room
|
|
security_group:
|
|
name: nsg-clean-room
|
|
resource_group: rg-clean_room
|
|
- name: Add subnet clean_room1
|
|
azure_rm_subnet:
|
|
resource_group: "rg-clean_room"
|
|
name: sn-clean_room1
|
|
address_prefix: "10.245.141.0/24"
|
|
virtual_network: vnet-clean_room
|
|
security_group:
|
|
name: nsg-clean-room
|
|
resource_group: rg-clean_room
|
|
- name: Add subnet clean_room2
|
|
azure_rm_subnet:
|
|
resource_group: "rg-clean_room"
|
|
name: sn-clean_room2
|
|
address_prefix: "10.245.142.0/24"
|
|
virtual_network: vnet-clean_room
|
|
security_group:
|
|
name: nsg-clean-room
|
|
resource_group: rg-clean_room
|
|
- name: Add subnet clean_room3
|
|
azure_rm_subnet:
|
|
resource_group: "rg-clean_room"
|
|
name: sn-clean_room3
|
|
address_prefix: "10.245.143.0/24"
|
|
virtual_network: vnet-clean_room
|
|
security_group:
|
|
name: nsg-clean-room
|
|
resource_group: rg-clean_room
|
|
- name: Add subnet Azure Bastion
|
|
azure_rm_subnet:
|
|
resource_group: "rg-clean_room"
|
|
name: AzureBastionSubnet
|
|
address_prefix: "10.10.0.0/26"
|
|
virtual_network: vnet-clean_room
|
|
register: bastion_subnet
|
|
## create Bastion
|
|
- name: Create a public ip address
|
|
azure_rm_publicipaddress:
|
|
resource_group: "rg-clean_room"
|
|
name: bastion_pub_ip
|
|
sku: "Standard"
|
|
allocation_method: static
|
|
- name: get pubip info
|
|
azure_rm_publicipaddress_info:
|
|
resource_group: "rg-clean_room"
|
|
name: bastion_pub_ip
|
|
register: pub_ip
|
|
#domain_name: foobar
|
|
- name: check if bastion host exists
|
|
azure.azcollection.azure_rm_bastionhost_info:
|
|
name: "Bastion-clean_room"
|
|
resource_group: rg-clean_room
|
|
register: bastion
|
|
- name: Create Bastion host
|
|
azure.azcollection.azure_rm_bastionhost:
|
|
name: "Bastion-clean_room"
|
|
resource_group: "rg-clean_room"
|
|
ip_configurations:
|
|
- name: bastion-cr_ipconfig
|
|
public_ip_address:
|
|
id: "{{ pub_ip.publicipaddresses[0].id }}"
|
|
subnet:
|
|
id: "{{bastion_subnet.state.id}}"
|
|
sku:
|
|
name: "Standard"
|
|
state: present
|
|
when: bastion == None
|
|
## create staging storage account
|
|
- name: create staging storage account
|
|
azure_rm_storageaccount:
|
|
resource_group: "rg-clean_room"
|
|
name: sacleanroomstaging
|
|
type: "Standard_LRS"
|
|
kind: "StorageV2"
|
|
location: westeurope
|
|
public_network_access: "Enabled"
|
|
- name: Create container VHDS
|
|
azure_rm_storageblob:
|
|
resource_group: "rg-clean_room"
|
|
storage_account_name: sacleanroomstaging
|
|
container: vhds
|
|
|
|
|
|
|
|
environment:
|
|
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
|
|
- AZURE_SECRET: "{{AZURE_SECRET}}"
|
|
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
|
|
- AZURE_TENANT: "{{AZURE_TENANT}}" |