|
--- |
|
- name: Deploy Spring Boot Applications and Configure Azure Resources |
|
hosts: localhost |
|
vars: |
|
resource_group: resourcegroup1 |
|
location: eastus |
|
app_plan_name: app-plan |
|
gw_plan_name: gw-plan |
|
app_instances: |
|
- testapp1 |
|
- testapp2 |
|
gw_instances: |
|
- gateway |
|
jar_directory: "/path/to/jars" |
|
num_app_instances: 4 # Global variable for the number of instances per app |
|
num_gw_instances: 1 # Number of gateway instances |
|
app_prefix: "app" |
|
gw_prefix: "gw" |
|
address_prefixes: "10.0.0.0/16" |
|
subnet_prefix: "10.0.1.0/24" |
|
app_gateway_subnet_prefix: "10.0.2.0/24" |
|
app_gateway_name: appGateway |
|
vnet_name: appVNet |
|
subnet_name: appSubnet |
|
app_gateway_subnet_name: appGatewaySubnet |
|
app_env: "{{ app_env_param }}" # Parameter for app.env, default value if not passed |
|
|
|
tasks: |
|
- name: Create resource group |
|
azure.azcollection.azure_rm_resourcegroup: |
|
name: "{{ resource_group }}" |
|
location: "{{ location }}" |
|
ignore_errors: yes |
|
|
|
- name: Determine spring_boot_apps for app_instances |
|
set_fact: |
|
spring_boot_apps: "{{ spring_boot_apps | default([]) + [{'name': item, 'jar_path': lookup('file', jar_directory + '/' + item + '.jar'), 'plan': app_plan_name}] }}" |
|
with_items: "{{ app_instances }}" |
|
|
|
- name: Determine spring_boot_apps for gw_instances |
|
set_fact: |
|
spring_boot_apps: "{{ spring_boot_apps + [{'name': item, 'jar_path': lookup('file', jar_directory + '/' + item + '.jar'), 'plan': gw_plan_name}] }}" |
|
with_items: "{{ gw_instances }}" |
|
|
|
- name: Create service plans |
|
azure.azcollection.azure_rm_appserviceplan: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.plan }}" |
|
location: "{{ location }}" |
|
sku: F1 |
|
is_linux: true |
|
loop: |
|
- "{{ app_plan_name }}" |
|
- "{{ gw_plan_name }}" |
|
|
|
- name: Create web apps |
|
azure.azcollection.azure_rm_webapp: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.name }}" |
|
plan: "{{ item.plan }}" |
|
location: "{{ location }}" |
|
state: present |
|
linux_fx_version: "JAVA|11-java11" |
|
with_items: "{{ spring_boot_apps }}" |
|
|
|
- name: Deploy JAR files to Azure Web Apps |
|
command: | |
|
az webapp deploy --resource-group {{ resource_group }} --name {{ item.name }} --src-path {{ item.jar_path }} --type jar |
|
with_items: "{{ spring_boot_apps }}" |
|
|
|
- name: Set spring.profiles.active and app.env properties |
|
azure.azcollection.azure_rm_webapp_config: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.name }}" |
|
app_settings: |
|
- name: spring.profiles.active |
|
value: "azure" |
|
- name: app.env |
|
value: "{{ app_env }}" |
|
with_items: "{{ spring_boot_apps }}" |
|
|
|
- name: Get App Plan ID |
|
command: az appservice plan show --name {{ app_plan_name }} --resource-group {{ resource_group }} --query id --output tsv |
|
register: app_plan_id |
|
changed_when: false |
|
|
|
- name: Get GW Plan ID |
|
command: az appservice plan show --name {{ gw_plan_name }} --resource-group {{ resource_group }} --query id --output tsv |
|
register: gw_plan_id |
|
changed_when: false |
|
|
|
- name: Create Virtual Network |
|
azure.azcollection.azure_rm_virtualnetwork: |
|
name: "{{ vnet_name }}" |
|
resource_group: "{{ resource_group }}" |
|
address_prefixes: "{{ address_prefixes }}" |
|
location: "{{ location }}" |
|
subnets: |
|
- name: "{{ subnet_name }}" |
|
address_prefix: "{{ subnet_prefix }}" |
|
- name: "{{ app_gateway_subnet_name }}" |
|
address_prefix: "{{ app_gateway_subnet_prefix }}" |
|
|
|
- name: Create and Move App Instances |
|
azure.azcollection.azure_rm_webapp: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.app_name }}-{{ item.instance }}" |
|
plan: "{{ app_plan_id.stdout }}" |
|
location: "{{ location }}" |
|
with_subelements: |
|
- "{{ app_instances | map('product', with_sequence('start=1 end=' + num_app_instances|string)) | list }}" |
|
- list |
|
|
|
- name: Create and Move GW Instances |
|
azure.azcollection.azure_rm_webapp: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ gw_prefix }}-{{ item }}" |
|
plan: "{{ gw_plan_id.stdout }}" |
|
location: "{{ location }}" |
|
with_sequence: start=1 end={{ num_gw_instances }} |
|
|
|
- name: Integrate App Instances with VNet |
|
azure.azcollection.azure_rm_webapp_vnet_integration: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.app_name }}-{{ item.instance }}" |
|
vnet: "{{ vnet_name }}" |
|
subnet: "{{ subnet_name }}" |
|
with_subelements: |
|
- "{{ app_instances | map('product', with_sequence('start=1 end=' + num_app_instances|string)) | list }}" |
|
- list |
|
|
|
- name: Integrate GW Instances with VNet |
|
azure.azcollection.azure_rm_webapp_vnet_integration: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ gw_prefix }}-{{ item }}" |
|
vnet: "{{ vnet_name }}" |
|
subnet: "{{ subnet_name }}" |
|
with_sequence: start=1 end={{ num_gw_instances }} |
|
|
|
- name: Create Private Endpoints for App Instances |
|
azure.azcollection.azure_rm_private_endpoint: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.app_name }}-{{ item.instance }}PrivateEndpoint" |
|
vnet_name: "{{ vnet_name }}" |
|
subnet_name: "{{ subnet_name }}" |
|
private_connection_resource_id: "{{ lookup('azure.azcollection.azure_rm_webapp', 'name=' + item.app_name + '-' + item.instance + ' resource_group=' + resource_group).id }}" |
|
group_ids: "sites" |
|
connection_name: "{{ item.app_name }}-{{ item.instance }}Connection" |
|
with_subelements: |
|
- "{{ app_instances | map('product', with_sequence('start=1 end=' + num_app_instances|string)) | list }}" |
|
- list |
|
|
|
- name: Determine Private IP Addresses |
|
command: az network private-endpoint show --name "{{ item.app_name }}-{{ item.instance }}PrivateEndpoint" --resource-group "{{ resource_group }}" --query 'customDnsConfigurations[0].ipAddresses[0]' --output tsv |
|
register: private_ips |
|
with_subelements: |
|
- "{{ app_instances | map('product', with_sequence('start=1 end=' + num_app_instances|string)) | list }}" |
|
- list |
|
changed_when: false |
|
|
|
- name: Configure Private DNS Zones |
|
azure.azcollection.azure_rm_private_dnszone: |
|
resource_group: "{{ resource_group }}" |
|
name: privatelink.azurewebsites.net |
|
|
|
- name: Link VNet to Private DNS Zone |
|
azure.azcollection.azure_rm_private_dnszone_virtualnetwork_link: |
|
resource_group: "{{ resource_group }}" |
|
zone_name: privatelink.azurewebsites.net |
|
name: appVNetLink |
|
vnet_name: "{{ vnet_name }}" |
|
registration_enabled: false |
|
|
|
- name: Add DNS Records for App Instances |
|
azure.azcollection.azure_rm_private_dnsrecord: |
|
resource_group: "{{ resource_group }}" |
|
zone_name: privatelink.azurewebsites.net |
|
record_type: A |
|
name: "{{ item.item.app_name }}-{{ item.item.instance }}" |
|
ttl: 300 |
|
value: "{{ item.stdout }}" |
|
with_items: "{{ private_ips.results }}" |
|
with_subelements: |
|
- "{{ app_instances | map('product', with_sequence('start=1 end=' + num_app_instances|string)) | list }}" |
|
- list |
|
|
|
- name: Restrict Public Access to App Instances |
|
azure.azcollection.azure_rm_webapp_access_restriction: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item.app_name }}-{{ item.instance }}" |
|
rule_name: "DenyPublicAccess" |
|
priority: 100 |
|
action: Deny |
|
ip_address: "0.0.0.0/0" |
|
with_subelements: |
|
- "{{ app_instances | map('product', with_sequence('start=1 end=' + num_app_instances|string)) | list }}" |
|
- list |
|
|
|
- name: Remove Web App |
|
azure.azcollection.azure_rm_webapp: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item }}" |
|
state: absent |
|
when: "'{{ item }}' not in app_instances" |
|
loop: "{{ query('azure.azcollection.azure_rm_webapp', 'resource_group=' + resource_group) | map(attribute='name') }}" |
|
|
|
- name: Remove Private Endpoints |
|
azure.azcollection.azure_rm_private_endpoint: |
|
resource_group: "{{ resource_group }}" |
|
name: "{{ item }}PrivateEndpoint" |
|
state: absent |
|
when: "'{{ item }}' not in app_instances" |
|
loop: "{{ query('azure.azcollection.azure_rm_webapp', 'resource_group=' + resource_group) | map(attribute='name') }}" |
|
|
|
- name: Remove DNS Records |
|
azure.azcollection.azure_rm_private_dnsrecord: |
|
resource_group: "{{ resource_group }}" |
|
zone_name: privatelink.azurewebsites.net |
|
name: "{{ item }}.privatelink.azurewebsites.net" |
|
state: absent |
|
when: "'{{ item }}' not in app_instances" |
|
loop: "{{ query('azure.azcollection.azure_rm_webapp', 'resource_group=' + resource_group) | map(attribute='name') }}" |