diff --git a/cloud/create_infra.yml b/cloud/create_infra.yml deleted file mode 100644 index 1f48725..0000000 --- a/cloud/create_infra.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Create Cloud Infra - hosts: localhost - gather_facts: no - vars: - infra_provider: undef - aws_public_key: undef - tasks: - - include_role: - name: "demo.cloud.{{ infra_provider }}" - tasks_from: create_infra diff --git a/cloud/create_vpc.yml b/cloud/create_vpc.yml new file mode 100644 index 0000000..bb6005c --- /dev/null +++ b/cloud/create_vpc.yml @@ -0,0 +1,125 @@ +--- +- name: Create Cloud Infra + hosts: localhost + gather_facts: false + vars: + aws_vpc_name: aws-test-vpc + aws_owner_tag: default + aws_purpose_tag: ansible_demo + aws_tenancy: default + aws_vpc_cidr_block: 10.0.0.0/16 + aws_subnet_cidr: 10.0.1.0/24 + aws_region: us-east-1 + aws_sg_name: aws-test-sg + aws_subnet_name: aws-test-subnet + aws_rt_name: aws-test-rt + + tasks: + - name: Create VPC + amazon.aws.ec2_vpc_net: + state: present + name: "{{ aws_vpc_name }}" + cidr_block: "{{ aws_vpc_cidr_block }}" + tenancy: "{{ aws_tenancy }}" + region: "{{ aws_region }}" + tags: + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + register: aws_vpc + + - name: Create internet gateway + amazon.aws.ec2_vpc_igw: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + region: "{{ aws_region }}" + tags: + Name: "{{ aws_vpc_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + register: aws_gateway + + - name: Create security group internal + amazon.aws.ec2_security_group: + state: present + name: "{{ aws_sg_name }}" + region: "{{ aws_region }}" + description: Inbound WinRM and RDP, http for demo servers and internal AD ports + rules: + - proto: tcp + ports: + - 80 # HTTP + - 443 # HTTPS + - 22 # SSH + - 5986 # WinRM + - 3389 # RDP + - 9090 # Cockpit + cidr_ip: 0.0.0.0/0 + - proto: icmp + to_port: -1 + from_port: -1 + cidr_ip: 0.0.0.0/0 + - proto: tcp + ports: + - 80 # HTTP + - 5986 # WinRM + - 3389 # RDP + - 53 # DNS + - 88 # Kerberos Authentication + - 135 # RPC + - 139 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 5432 # PostgreSQL + - 636 # LDAPS (LDAP over TLS) + - 873 # Rsync + - 3268-3269 # Global Catalog + - 1024-65535 # Ephemeral RPC ports + cidr_ip: "{{ aws_vpc_cidr_block }}" + - proto: udp + ports: + - 53 # DNS + - 88 # Kerberos Authentication + - 123 # NTP + - 137-138 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 1024-65535 # Ephemeral RPC ports + cidr_ip: "{{ aws_vpc_cidr_block }}" + rules_egress: + - proto: -1 + cidr_ip: 0.0.0.0/0 + vpc_id: "{{ aws_vpc.vpc.id }}" + tags: + Name: "{{ aws_sg_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + + - name: Create a subnet on the VPC + amazon.aws.ec2_vpc_subnet: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + cidr: "{{ aws_subnet_cidr }}" + region: "{{ aws_region }}" + map_public: true + tags: + Name: "{{ aws_subnet_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + register: aws_subnet + + - name: Create a subnet route table + amazon.aws.ec2_vpc_route_table: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + region: "{{ aws_region }}" + subnets: + - "{{ aws_subnet.subnet.id }}" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ aws_gateway.gateway_id }}" + tags: + Name: "{{ aws_rt_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" diff --git a/cloud/setup.yml b/cloud/setup.yml index 97984e9..651e147 100644 --- a/cloud/setup.yml +++ b/cloud/setup.yml @@ -8,6 +8,7 @@ controller_components: - inventory_sources - groups - job_templates + - workflow_job_templates controller_execution_environments: - name: Cloud Services Execution Environment @@ -146,36 +147,28 @@ controller_templates: extra_vars: aws_region: us-east-1 - - name: Cloud / Create Infra + - name: Cloud / AWS / Create VPC job_type: run organization: Default credentials: - AWS - #- Azure project: Ansible official demo project - playbook: cloud/create_infra.yml + playbook: cloud/create_vpc.yml inventory: Workshop Inventory notification_templates_started: Telemetry notification_templates_success: Telemetry notification_templates_error: Telemetry survey_enabled: true extra_vars: - aws_region: us-east-2 + aws_region: us-east-1 survey: name: '' description: '' spec: - - question_name: Infra Provider - type: multiplechoice - variable: infra_provider + - question_name: Owner + type: text + variable: aws_owner_tag required: true - choices: - - aws - #- azure - - question_name: AWS Public Key (only required for aws provider) - type: textarea - required: false - variable: aws_public_key - name: Cloud / AWS / Create VM job_type: run @@ -190,6 +183,7 @@ controller_templates: notification_templates_success: Telemetry notification_templates_error: Telemetry survey_enabled: true + allow_simultaneous: true extra_vars: aws_region: us-east-1 aws_keypair_name: aws-test-key @@ -231,12 +225,12 @@ controller_templates: type: text variable: aws_vpc_subnet_name required: true - default: dmz-subnet + default: aws-test-subnet - question_name: Security Group type: text variable: aws_securitygroup_name required: true - default: dmz-sg + default: aws-test-sg - name: Cloud / AWS / Delete VM job_type: run @@ -323,3 +317,108 @@ controller_templates: type: text variable: aws_keypair_owner required: true + +controller_workflows: + - name: Deploy Cloud Stack in AWS + description: A workflow to deploy a cloud stack + organization: Default + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + extra_vars: + vm_deployment: cloud_stack + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Owner + type: text + variable: aws_owner_tag + required: true + - question_name: Environment + type: multiplechoice + variable: vm_environment + required: true + choices: + - Dev + - QA + - Prod + - question_name: Keypair Public Key + type: textarea + variable: aws_public_key + required: true + - question_name: Email + type: text + variable: email + required: true + simplified_workflow_nodes: + - identifier: Create Keypair + unified_job_template: Cloud / AWS / Create Keypair + extra_data: + aws_keypair_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - VPC Report + failure_nodes: + - Ticket - Keypair Failed + - identifier: Create VPC + unified_job_template: Cloud / AWS / Create VPC + success_nodes: + - VPC Report + failure_nodes: + - Ticket - VPC Failed + - identifier: Ticket - Keypair Failed + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to create AWS keypair + - identifier: VPC Report + unified_job_template: Cloud / AWS / VPC Report + all_parents_must_converge: true + success_nodes: + - Deploy Windows Blueprint + - Deploy RHEL8 Blueprint + - Deploy RHEL9 Blueprint + - identifier: Deploy Windows Blueprint + unified_job_template: Cloud / AWS / Create VM + extra_data: + vm_name: aws_win + vm_blueprint: windows_full + vm_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - Update Inventory + failure_nodes: + - Ticket - Instance Failed + - identifier: Deploy RHEL8 Blueprint + unified_job_template: Cloud / AWS / Create VM + extra_data: + vm_name: aws_rhel8 + vm_blueprint: rhel8 + vm_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - Update Inventory + failure_nodes: + - Ticket - Instance Failed + - identifier: Deploy RHEL9 Blueprint + unified_job_template: Cloud / AWS / Create VM + extra_data: + vm_name: aws_rhel9 + vm_blueprint: rhel9 + vm_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - Update Inventory + failure_nodes: + - Ticket - Instance Failed + - identifier: Ticket - VPC Failed + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to create AWS VPC + - identifier: Update Inventory + unified_job_template: AWS Inventory + success_nodes: + - Tag Report + - identifier: Ticket - Instance Failed + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to create AWS instance + - identifier: Tag Report + unified_job_template: Cloud / AWS / Tags Report