ansible/roles/azure_createwindowsvm/tasks/main.yml

---
# This Ansible playbook is designed to create a Windows virtual machine (VM) in Azure and perform several setup tasks on it.
# The tasks are executed on the localhost and are divided into several parts:
#
# 1. Get facts for one resource group: The playbook starts by gathering information about the Azure resource group where the VM will be created.
# 2. Create a network interface: The playbook then creates a network interface for the VM. The network interface is associated with a specific virtual network and subnet.
# 3. Get private IP of NIC: The playbook retrieves the private IP address of the newly created network interface.
# 4. Create VM: The playbook creates the VM. The VM is associated with the previously created network interface. The VM is configured with a specific size, admin username and password, OS type, managed disk type, and image. The VM is also tagged with several key-value pairs.
# 5. Enable WinRM and Open Port 5985: The playbook enables Windows Remote Management (WinRM) on the VM and opens port 5985. This is done using a VM extension that runs a PowerShell command.
# 6. Wait for WinRM HTTP Port to Come Online: The playbook waits for the WinRM HTTP port (5985) to come online. This is done using the wait_for module.
# 7. Get VM Facts: The playbook retrieves information about the newly created VM.
# 8. Set the Correct Recovery Service Vault: The playbook sets the recovery service vault for the VM. The recovery service vault is set to 'backupvault-awe-01' if the accdevtest variable is set to 'PRD', and 'backupvault-awe-03' otherwise.
#
# In all tasks, the resource_group parameter is set to the RG_name variable, and the name parameter is set to the hostname variable. The playbook uses the azure_rm modules to interact with Azure.

# tasks file for azure-createwindowsvm
  - name: Get facts for one resource group
    azure_rm_resourcegroup_info:
      name: "{{RG_name}}"
    register: rginfo
  - name: Create a network interface
    azure_rm_networkinterface:
      name: "{{hostname}}-nic"
      resource_group: "{{RG_name}}"
      location: "{{location}}" 
 #     virtual_network: "/subscriptions/a7f4215b-c8f8-45ac-8fdd-062c940b02f6/resourceGroups/rg-network-glb-02/providers/Microsoft.Network/virtualNetworks/vnet-awe-glb-02"
      virtual_network: "{{ vnetid }}"
      subnet_name: "{{subnetname}}"
      enable_accelerated_networking: True
      create_with_security_group: false
      #security_group: "/subscriptions/a7f4215b-c8f8-45ac-8fdd-062c940b02f6/resourceGroups/rg-network-glb-02/providers/Microsoft.Network/networkSecurityGroups/nsg-glb-02-green"
      ip_configurations:
        - name: default
         # public_ip_address_name: "{{hostname}}-pip"
          primary: True
    register: new_nic
  
  - name: Get private IP of NIC
    azure_rm_networkinterface_info:
      resource_group: "{{RG_name}}"
      name: "{{hostname}}-nic"
    register: nic_info

  - name: Display private IP of NIC
    debug:
      var: "nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address"

  - name: Create VM
    azure_rm_virtualmachine:
      resource_group: "{{RG_name}}" 
      name: "{{hostname}}"
      vm_size: "{{vmsize}}"
      admin_username: ApeAdmin
      admin_password: "{{ password }}"
      network_interfaces: "{{hostname}}-nic"
      os_type: Windows
      boot_diagnostics:
        enabled: false
      managed_disk_type: "Premium_LRS"
      os_disk_name: "{{hostname}}-osdisk"
      os_disk_size_gb: 128
      os_disk_caching: "ReadWrite"
      image:
          offer: "{{ vm_offer }}"
          publisher: "{{ vm_publisher }}"
          sku: "{{win_sku}}"
          version: latest
      license_type: Windows_Server
      tags:
        Dexcare: "{{tag_dexcare}}"
        ApplicationITContact: "{{tag_ApplicationITContact}}"
        DexMach_IaaSOperations: "NoMDEAgent,NoProtection"
        Schedule: "{{tag_Schedule}}"
        ServiceHours: "{{tag_ServiceHours}}"
        Criticality: "{{tag_Criticality}}"
        UpdateSchedule: "{{tag_UpdateSchedule}}"
        TeamSpecialist: "{{tag_TeamSpecialist}}"
        NotificationTeam: "{{tag_NotificationTeam}}"
    no_log: true

  # - name: Create VM script extension to enable HTTPS WinRM listener
  #   azure_rm_virtualmachineextension:
  #     name: winrm-extension
  #     resource_group: "{{RG_name}}" 
  #     virtual_machine_name: "{{hostname}}"
  #     publisher: Microsoft.Compute
  #     virtual_machine_extension_type: CustomScriptExtension
  #     type_handler_version: '1.9'
  #     settings: '{"fileUris": ["https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"],"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1"}'
  #     auto_upgrade_minor_version: true

# - name: Get facts for one Public IP
#     azure_rm_publicipaddress_info:
#       resource_group: "{{RG_name}}"
#       name: "{{hostname}}-pip"
#     register: publicipaddresses

#   - name: set public ip address fact
#     set_fact: publicipaddress="{{ publicipaddresses | json_query('publicipaddresses[0].ip_address')}}"

  # - name: wait for the WinRM HTTP port to come online
  #   wait_for:
  #     port: 5985
  #     host: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
  #     timeout: 60
  #   ignore_errors: true

  - name: Enable winrm + open port 5985
    azure_rm_virtualmachineextension:
      name: winrm-extension
      resource_group: "{{RG_name}}"
      virtual_machine_name: "{{hostname}}"
      publisher: Microsoft.Compute
      virtual_machine_extension_type: CustomScriptExtension
      type_handler_version: '1.9'
      settings: {"commandToExecute": "powershell winrm quickconfig -force; New-NetFirewallRule -DisplayName 'Winrm' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 5985"}
      auto_upgrade_minor_version: true

  - name: wait for the WinRM HTTP port to come online
    wait_for:
      port: 5985
      host: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
      timeout: 60
    ignore_errors: true
 

  - name: get vm facts
    azure_rm_virtualmachine_info:
      resource_group: "{{RG_name}}"
      name: "{{hostname}}"
    register: vminfo
  - name: Display vm id 
    debug:
      var: "vminfo.vms[0].id"
  - name: set the correct recovery service vault
    azure.azcollection.azure_rm_backupazurevm:
      resource_group: "{{vaultRg}}"
      recovery_vault_name: "{{vaultName}}"
      resource_id: "{{vminfo.vms[0].id}}"
      backup_policy_id: "{{vaultId}}"

    #when: accdevtest == 'PRD'
    ignore_errors: true

  # - name: set the correct recovery service vault if not PRD
  #   azure.azcollection.azure_rm_backupazurevm:
  #     resource_group: 'rg-management-awe'
  #     recovery_vault_name: 'backupvault-awe-03'
  #     resource_id: "{{vminfo.vms[0].id}}"
  #     backup_policy_id: '/subscriptions/a7f4215b-c8f8-45ac-8fdd-062c940b02f6/resourceGroups/rg-management-awe/providers/Microsoft.RecoveryServices/vaults/backupvault-awe-03/backupPolicies/Daily-Ret3M-Schedule'
  #   when: accdevtest != 'PRD'
  #   ignore_errors: true