Skip to content

Instantly share code, notes, and snippets.

@russmckendrick

russmckendrick/01.yml

Last active November 11, 2019 14:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save russmckendrick/6f277ebd3d22fb008e406f7cd2886c51 to your computer and use it in GitHub Desktop.
Save russmckendrick/6f277ebd3d22fb008e406f7cd2886c51 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible and the Azure Rest API
Raw
01.yml
- name: Create a Azure Private DNS zone using Ansible
hosts: localhost
connection: local
gather_facts: true
vars:
resource_group: "myResourceGroup"
location: "uksouth"
network:
name: "iac-vnet"
cidr_block: "10.10.0.0/23"
subnets:
- { name: 'app-sub', subnet: '10.10.0.0/24' }
- { name: 'gateway-sub', subnet: '10.10.1.0/27' }
dnszone: "iac.int"
tasks:
- name: Create a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: create virtual network
azure_rm_virtualnetwork:
resource_group: "{{ resource_group }}"
name: "{{ network.name }}"
address_prefixes: "{{ network.cidr_block }}"
- name: add the subnets
azure_rm_subnet:
resource_group: "{{ resource_group }}"
name: "{{ item.name }}"
address_prefix: "{{ item.subnet }}"
virtual_network: "{{ network.name }}"
with_items: "{{ network.subnets }}"
Raw
02.yml
- name: create a private DNS zone for {{ dnszone }}
azure_rm_resource:
api_version: "2018-09-01"
resource_group: "{{ resource_group }}"
provider: "network"
resource_type: "privatednszones"
resource_name: "{{ dnszone }}"
body:
location: "Global"
Raw
03.html
PUT https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/privateDnsZones/iac.int?api-version=2018-09-01
Raw
04.json
{
"location": "Global"
}
Raw
05.yml
- name: wait for the {{ dnszone }} private dns zone to finish registering before progressing
azure_rm_resource_info:
api_version: "2018-09-01"
resource_group: "{{ resource_group }}"
provider: "network"
resource_type: "privatednszones"
resource_name: "{{ dnszone }}"
register: dnszone_output
until: dnszone_output.response[0].code != 'NotFound'
delay: 10
retries: 10
ignore_errors: true
Raw
06.html
PUT https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/privateDnsZones/iac.int/virtualNetworkLinks/iac.int?api-version=2018-09-01
Raw
07.json
{
"location": "Global",
"properties": {
"virtualNetwork": {
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/iac-vnet"
},
"registrationEnabled": true
}
}
Raw
08.yml
- name: get facts about our resource group so we can get the subscription id
azure_rm_resourcegroup_info:
name: "{{ resource_group }}"
register: "current_sub_id"
- name: set the current subscription id using the facts we just grabbed as a variable using some regex
set_fact:
sub_id: "{{ current_sub_id.resourcegroups[0].id | regex_findall('^/[^/]+/([^/]*)') | list | join }}"
Raw
09.yml
- name: link {{ dnszone }} to {{ network.name }} and allow registrations
azure_rm_resource:
api_version: '2018-09-01'
resource_group: "{{ resource_group }}"
provider: network
resource_type: privatednszones
resource_name: "{{ dnszone }}"
subresource:
- type: virtualnetworklinks
name: "{{ network.name }}"
body:
location: Global
properties:
virtualNetwork:
id: /subscriptions/{{ sub_id }}/resourceGroups/{{ resource_group }}/providers/Microsoft.Network/virtualNetworks/{{ network.name }}
registrationEnabled: true
Raw
10.yml
- hosts: localhost
vars:
resource_group:
tasks:
- name: Sample for Azure REST API - PrivateZones_CreateOrUpdate
azure_rm_resource:
# url: /subscriptions/{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateDnsZones/{privateZoneName}
api_version: '2018-09-01'
resource_group: "{{ resource_group }}"
provider: network
resource_type: privatednszones
resource_name: "{{ privatezonename }}"
body:
location: Global
tags:
key1: value1
Raw
11.yml
- hosts: localhost
vars:
resource_group:
tasks:
- name: Sample for Azure REST API - ApplicationGateways_CreateOrUpdate
azure_rm_resource:
# url: /subscriptions/{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}
api_version: '2019-09-01'
resource_group: "{{ resource_group }}"
provider: network
resource_type: applicationgateways
resource_name: "{{ applicationgatewayname }}"
body:
identity:
type: UserAssigned
userAssignedIdentities:
/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1:
location: eastus
properties:
sku:
name: Standard_v2
tier: Standard_v2
capacity: 3
gatewayIPConfigurations:
- name: appgwipc
properties:
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet/subnets/appgwsubnet
sslCertificates:
- name: sslcert
properties:
data: ****
password: ****
- name: sslcert2
properties:
keyVaultSecretId: https://kv/secret
trustedRootCertificates:
- name: rootcert
properties:
data: ****
- name: rootcert1
properties:
keyVaultSecretId: https://kv/secret
frontendIPConfigurations:
- name: appgwfip
properties:
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/appgwpip
frontendPorts:
- name: appgwfp
properties:
port: 443
- name: appgwfp80
properties:
port: 80
backendAddressPools:
- name: appgwpool
properties:
backendAddresses:
- ipAddress: 10.0.1.1
- ipAddress: 10.0.1.2
backendHttpSettingsCollection:
- name: appgwbhs
properties:
port: 80
protocol: Http
cookieBasedAffinity: Disabled
requestTimeout: 30
httpListeners:
- name: appgwhl
properties:
frontendIPConfiguration:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendIPConfigurations/appgwfip
frontendPort:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendPorts/appgwfp
protocol: Https
sslCertificate:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert
requireServerNameIndication: false
- name: appgwhttplistener
properties:
frontendIPConfiguration:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendIPConfigurations/appgwfip
frontendPort:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/frontendPorts/appgwfp80
protocol: Http
urlPathMaps:
- name: pathMap1
properties:
defaultBackendAddressPool:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendAddressPools/appgwpool
defaultBackendHttpSettings:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendHttpSettingsCollection/appgwbhs
defaultRewriteRuleSet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1
pathRules:
- name: apiPaths
properties:
paths:
- /api
- /v1/api
backendAddressPool:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendAddressPools/appgwpool
backendHttpSettings:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendHttpSettingsCollection/appgwbhs
rewriteRuleSet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1
requestRoutingRules:
- name: appgwrule
properties:
ruleType: Basic
priority: 10
httpListener:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/httpListeners/appgwhl
backendAddressPool:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendAddressPools/appgwpool
backendHttpSettings:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/backendHttpSettingsCollection/appgwbhs
rewriteRuleSet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1
- name: appgwPathBasedRule
properties:
ruleType: PathBasedRouting
priority: 20
httpListener:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/httpListeners/appgwhttplistener
urlPathMap:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/urlPathMaps/pathMap1
rewriteRuleSets:
- name: rewriteRuleSet1
properties:
rewriteRules:
- name: Set X-Forwarded-For
ruleSequence: 102
conditions:
- variable: http_req_Authorization
pattern: ^Bearer
ignoreCase: true
negate: false
actionSet:
requestHeaderConfigurations:
- headerName: X-Forwarded-For
headerValue: var_add_x_forwarded_for_proxy
responseHeaderConfigurations:
- headerName: Strict-Transport-Security
headerValue: max-age=31536000
Raw
private-dns-zone.yml
- name: Create a Azure Private DNS zone using Ansible
hosts: localhost
connection: local
gather_facts: true
vars:
resource_group: "myResourceGroup"
location: "uksouth"
network:
name: "iac-vnet"
cidr_block: "10.10.0.0/23"
subnets:
- { name: 'app-sub', subnet: '10.10.0.0/24' }
- { name: 'gateway-sub', subnet: '10.10.1.0/27' }
dnszone: "iac.int"
tasks:
- name: Create a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: create virtual network
azure_rm_virtualnetwork:
resource_group: "{{ resource_group }}"
name: "{{ network.name }}"
address_prefixes: "{{ network.cidr_block }}"
- name: add the subnets
azure_rm_subnet:
resource_group: "{{ resource_group }}"
name: "{{ item.name }}"
address_prefix: "{{ item.subnet }}"
virtual_network: "{{ network.name }}"
with_items: "{{ network.subnets }}"
- name: create a private DNS zone for {{ dnszone }}
azure_rm_resource:
api_version: "2018-09-01"
resource_group: "{{ resource_group }}"
provider: "network"
resource_type: "privatednszones"
resource_name: "{{ dnszone }}"
body:
location: "Global"
- name: wait for the {{ dnszone }} private dns zone to finish registering before progressing
azure_rm_resource_info:
api_version: "2018-09-01"
resource_group: "{{ resource_group }}"
provider: "network"
resource_type: "privatednszones"
resource_name: "{{ dnszone }}"
register: dnszone_output
until: dnszone_output.response[0].code != 'NotFound'
delay: 10
retries: 10
ignore_errors: true
- name: get facts about our resource group so we can get the subscription id
azure_rm_resourcegroup_info:
name: "{{ resource_group }}"
register: "current_sub_id"
- name: set the current subscription id using the facts we just grabbed as a variable using some regex
set_fact:
sub_id: "{{ current_sub_id.resourcegroups[0].id | regex_findall('^/[^/]+/([^/]*)') | list | join }}"
- name: link {{ dnszone }} to {{ network.name }} and allow registrations
azure_rm_resource:
api_version: '2018-09-01'
resource_group: "{{ resource_group }}"
provider: network
resource_type: privatednszones
resource_name: "{{ dnszone }}"
subresource:
- type: virtualnetworklinks
name: "{{ network.name }}"
body:
location: Global
properties:
virtualNetwork:
id: /subscriptions/{{ sub_id }}/resourceGroups/{{ resource_group }}/providers/Microsoft.Network/virtualNetworks/{{ network.name }}
registrationEnabled: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment