Last active
November 11, 2019 14:32
-
-
Save russmckendrick/6f277ebd3d22fb008e406f7cd2886c51 to your computer and use it in GitHub Desktop.
Ansible and the Azure Rest API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: Create a Azure Private DNS zone using Ansible | |
hosts: localhost | |
connection: local | |
gather_facts: true | |
vars: | |
resource_group: "myResourceGroup" | |
location: "uksouth" | |
network: | |
name: "iac-vnet" | |
cidr_block: "10.10.0.0/23" | |
subnets: | |
- { name: 'app-sub', subnet: '10.10.0.0/24' } | |
- { name: 'gateway-sub', subnet: '10.10.1.0/27' } | |
dnszone: "iac.int" | |
tasks: | |
- name: Create a resource group | |
azure_rm_resourcegroup: | |
name: "{{ resource_group }}" | |
location: "{{ location }}" | |
- name: create virtual network | |
azure_rm_virtualnetwork: | |
resource_group: "{{ resource_group }}" | |
name: "{{ network.name }}" | |
address_prefixes: "{{ network.cidr_block }}" | |
- name: add the subnets | |
azure_rm_subnet: | |
resource_group: "{{ resource_group }}" | |
name: "{{ item.name }}" | |
address_prefix: "{{ item.subnet }}" | |
virtual_network: "{{ network.name }}" | |
with_items: "{{ network.subnets }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: create a private DNS zone for {{ dnszone }} | |
azure_rm_resource: | |
api_version: "2018-09-01" | |
resource_group: "{{ resource_group }}" | |
provider: "network" | |
resource_type: "privatednszones" | |
resource_name: "{{ dnszone }}" | |
body: | |
location: "Global" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/privateDnsZones/iac.int?api-version=2018-09-01 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"location": "Global" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: wait for the {{ dnszone }} private dns zone to finish registering before progressing | |
azure_rm_resource_info: | |
api_version: "2018-09-01" | |
resource_group: "{{ resource_group }}" | |
provider: "network" | |
resource_type: "privatednszones" | |
resource_name: "{{ dnszone }}" | |
register: dnszone_output | |
until: dnszone_output.response[0].code != 'NotFound' | |
delay: 10 | |
retries: 10 | |
ignore_errors: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/privateDnsZones/iac.int/virtualNetworkLinks/iac.int?api-version=2018-09-01 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"location": "Global", | |
"properties": { | |
"virtualNetwork": { | |
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/iac-vnet" | |
}, | |
"registrationEnabled": true | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: get facts about our resource group so we can get the subscription id | |
azure_rm_resourcegroup_info: | |
name: "{{ resource_group }}" | |
register: "current_sub_id" | |
- name: set the current subscription id using the facts we just grabbed as a variable using some regex | |
set_fact: | |
sub_id: "{{ current_sub_id.resourcegroups[0].id | regex_findall('^/[^/]+/([^/]*)') | list | join }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: link {{ dnszone }} to {{ network.name }} and allow registrations | |
azure_rm_resource: | |
api_version: '2018-09-01' | |
resource_group: "{{ resource_group }}" | |
provider: network | |
resource_type: privatednszones | |
resource_name: "{{ dnszone }}" | |
subresource: | |
- type: virtualnetworklinks | |
name: "{{ network.name }}" | |
body: | |
location: Global | |
properties: | |
virtualNetwork: | |
id: /subscriptions/{{ sub_id }}/resourceGroups/{{ resource_group }}/providers/Microsoft.Network/virtualNetworks/{{ network.name }} | |
registrationEnabled: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: localhost | |
vars: | |
resource_group: | |
tasks: | |
- name: Sample for Azure REST API - PrivateZones_CreateOrUpdate | |
azure_rm_resource: | |
# url: /subscriptions/{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateDnsZones/{privateZoneName} | |
api_version: '2018-09-01' | |
resource_group: "{{ resource_group }}" | |
provider: network | |
resource_type: privatednszones | |
resource_name: "{{ privatezonename }}" | |
body: | |
location: Global | |
tags: | |
key1: value1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: localhost | |
vars: | |
resource_group: | |
tasks: | |
- name: Sample for Azure REST API - ApplicationGateways_CreateOrUpdate | |
azure_rm_resource: | |
# url: /subscriptions/{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName} | |
api_version: '2019-09-01' | |
resource_group: "{{ resource_group }}" | |
provider: network | |
resource_type: applicationgateways | |
resource_name: "{{ applicationgatewayname }}" | |
body: | |
identity: | |
type: UserAssigned | |
userAssignedIdentities: | |
/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1: | |
location: eastus | |
properties: | |
sku: | |
name: Standard_v2 | |
tier: Standard_v2 | |
capacity: 3 | |
gatewayIPConfigurations: | |
- name: appgwipc | |
properties: | |
subnet: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet/subnets/appgwsubnet | |
sslCertificates: | |
- name: sslcert | |
properties: | |
data: **** | |
password: **** | |
- name: sslcert2 | |
properties: | |
keyVaultSecretId: https://kv/secret | |
trustedRootCertificates: | |
- name: rootcert | |
properties: | |
data: **** | |
- name: rootcert1 | |
properties: | |
keyVaultSecretId: https://kv/secret | |
frontendIPConfigurations: | |
- name: appgwfip | |
properties: | |
publicIPAddress: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/appgwpip | |
frontendPorts: | |
- name: appgwfp | |
properties: | |
port: 443 | |
- name: appgwfp80 | |
properties: | |
port: 80 | |
backendAddressPools: | |
- name: appgwpool | |
properties: | |
backendAddresses: | |
- ipAddress: 10.0.1.1 | |
- ipAddress: 10.0.1.2 | |
backendHttpSettingsCollection: | |
- name: appgwbhs | |
properties: | |
port: 80 | |
protocol: Http | |
cookieBasedAffinity: Disabled | |
requestTimeout: 30 | |
httpListeners: | |
- name: appgwhl | |
properties: | |
frontendIPConfiguration: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendIPConfigurations/appgwfip | |
frontendPort: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendPorts/appgwfp | |
protocol: Https | |
sslCertificate: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert | |
requireServerNameIndication: false | |
- name: appgwhttplistener | |
properties: | |
frontendIPConfiguration: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendIPConfigurations/appgwfip | |
frontendPort: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendPorts/appgwfp80 | |
protocol: Http | |
urlPathMaps: | |
- name: pathMap1 | |
properties: | |
defaultBackendAddressPool: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendAddressPools/appgwpool | |
defaultBackendHttpSettings: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendHttpSettingsCollection/appgwbhs | |
defaultRewriteRuleSet: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1 | |
pathRules: | |
- name: apiPaths | |
properties: | |
paths: | |
- /api | |
- /v1/api | |
backendAddressPool: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendAddressPools/appgwpool | |
backendHttpSettings: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendHttpSettingsCollection/appgwbhs | |
rewriteRuleSet: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1 | |
requestRoutingRules: | |
- name: appgwrule | |
properties: | |
ruleType: Basic | |
priority: 10 | |
httpListener: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/httpListeners/appgwhl | |
backendAddressPool: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendAddressPools/appgwpool | |
backendHttpSettings: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendHttpSettingsCollection/appgwbhs | |
rewriteRuleSet: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1 | |
- name: appgwPathBasedRule | |
properties: | |
ruleType: PathBasedRouting | |
priority: 20 | |
httpListener: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/httpListeners/appgwhttplistener | |
urlPathMap: | |
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/urlPathMaps/pathMap1 | |
rewriteRuleSets: | |
- name: rewriteRuleSet1 | |
properties: | |
rewriteRules: | |
- name: Set X-Forwarded-For | |
ruleSequence: 102 | |
conditions: | |
- variable: http_req_Authorization | |
pattern: ^Bearer | |
ignoreCase: true | |
negate: false | |
actionSet: | |
requestHeaderConfigurations: | |
- headerName: X-Forwarded-For | |
headerValue: var_add_x_forwarded_for_proxy | |
responseHeaderConfigurations: | |
- headerName: Strict-Transport-Security | |
headerValue: max-age=31536000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: Create a Azure Private DNS zone using Ansible | |
hosts: localhost | |
connection: local | |
gather_facts: true | |
vars: | |
resource_group: "myResourceGroup" | |
location: "uksouth" | |
network: | |
name: "iac-vnet" | |
cidr_block: "10.10.0.0/23" | |
subnets: | |
- { name: 'app-sub', subnet: '10.10.0.0/24' } | |
- { name: 'gateway-sub', subnet: '10.10.1.0/27' } | |
dnszone: "iac.int" | |
tasks: | |
- name: Create a resource group | |
azure_rm_resourcegroup: | |
name: "{{ resource_group }}" | |
location: "{{ location }}" | |
- name: create virtual network | |
azure_rm_virtualnetwork: | |
resource_group: "{{ resource_group }}" | |
name: "{{ network.name }}" | |
address_prefixes: "{{ network.cidr_block }}" | |
- name: add the subnets | |
azure_rm_subnet: | |
resource_group: "{{ resource_group }}" | |
name: "{{ item.name }}" | |
address_prefix: "{{ item.subnet }}" | |
virtual_network: "{{ network.name }}" | |
with_items: "{{ network.subnets }}" | |
- name: create a private DNS zone for {{ dnszone }} | |
azure_rm_resource: | |
api_version: "2018-09-01" | |
resource_group: "{{ resource_group }}" | |
provider: "network" | |
resource_type: "privatednszones" | |
resource_name: "{{ dnszone }}" | |
body: | |
location: "Global" | |
- name: wait for the {{ dnszone }} private dns zone to finish registering before progressing | |
azure_rm_resource_info: | |
api_version: "2018-09-01" | |
resource_group: "{{ resource_group }}" | |
provider: "network" | |
resource_type: "privatednszones" | |
resource_name: "{{ dnszone }}" | |
register: dnszone_output | |
until: dnszone_output.response[0].code != 'NotFound' | |
delay: 10 | |
retries: 10 | |
ignore_errors: true | |
- name: get facts about our resource group so we can get the subscription id | |
azure_rm_resourcegroup_info: | |
name: "{{ resource_group }}" | |
register: "current_sub_id" | |
- name: set the current subscription id using the facts we just grabbed as a variable using some regex | |
set_fact: | |
sub_id: "{{ current_sub_id.resourcegroups[0].id | regex_findall('^/[^/]+/([^/]*)') | list | join }}" | |
- name: link {{ dnszone }} to {{ network.name }} and allow registrations | |
azure_rm_resource: | |
api_version: '2018-09-01' | |
resource_group: "{{ resource_group }}" | |
provider: network | |
resource_type: privatednszones | |
resource_name: "{{ dnszone }}" | |
subresource: | |
- type: virtualnetworklinks | |
name: "{{ network.name }}" | |
body: | |
location: Global | |
properties: | |
virtualNetwork: | |
id: /subscriptions/{{ sub_id }}/resourceGroups/{{ resource_group }}/providers/Microsoft.Network/virtualNetworks/{{ network.name }} | |
registrationEnabled: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment