-
Notifications
You must be signed in to change notification settings - Fork 13
123 lines (112 loc) · 4.79 KB
/
ansible-set-up.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Configuration with Ansible & Azure Dynamic Inventory
on:
workflow_call:
inputs:
runner:
type: string
required: false
default: ubuntu-latest
description: The Github action runner OS , on which the action runs.
playbook:
type: string
required: true
description: The playbook file which needs to be applied via ansible.
inventory:
type: string
required: false
default: my.azure_rm.yaml
description: The inventory file which will be used by ansible.
terraform-output-directory:
type: string
required: true
description: The Directory which contains configuration for terraform outputs. This code should be applied already to have outputs.
nsg-ssh-port:
type: number
required: false
description: The Port on which NSG will allow SSH connection, if customised.
default: 22
secrets:
ssh-private-key:
required: true
AZURE_CLIENT_ID:
required: true
AZURE_CLIENT_SECRET:
required: true
AZURE_TENANT_ID:
required: true
AZURE_SUBSCRIPTION_ID:
required: true
jobs:
configureWebservers:
name: Configure Linux VM as Nginx Webservers via Ansible
runs-on: "${{ inputs.runner }}"
steps:
- name: checkout the repository
uses: actions/checkout@v3
## https://github.com/Homebrew/actions/tree/master/setup-homebrew
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- uses: hashicorp/setup-terraform@v2
## https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable
## * https://github.com/hashicorp/setup-terraform/issues/20 ### :: This took my 2 Hours 😡 :: ####
- name: Terraform Outputs for Temporary NSG Rule
shell: bash
id: terraform-outputs
working-directory: ${{ github.workspace }}/${{ inputs.terraform-output-directory }}
run: |
terraform init
NSG_NAME=$(terraform-bin output nsg_name)
RESOURCE_GROUP_NAME=$(terraform-bin output resource_group)
WEBSERVERS_SNET_ADDRESS=$(terraform-bin output webservers_snet_address_prefix)
echo "NSG_NAME=$NSG_NAME" >> $GITHUB_ENV
echo "WEBSERVERS_SNET_ADDRESS=$WEBSERVERS_SNET_ADDRESS" >> $GITHUB_ENV
echo "RESOURCE_GROUP_NAME=$RESOURCE_GROUP_NAME" >> $GITHUB_ENV
env:
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Azure Login
uses: Azure/login@v1
with:
creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
- name: Create Temporary NSG Rule
uses: azure/CLI@v1
with:
azcliversion: 2.50.0
inlineScript: |
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
az network nsg rule create --resource-group $RESOURCE_GROUP_NAME \
--nsg-name $NSG_NAME --name TempAllowSSHAny --priority 4096 --protocol Tcp \
--destination-address-prefixes=$WEBSERVERS_SNET_ADDRESS --destination-port-ranges=${{ inputs.nsg-ssh-port }} --output none
## https://github.com/ansible/ansible/issues/80526
- name: Install Ansible
shell: bash
run: |
export LC_ALL=en_US.UTF-8
brew install ansible
pip3 install msrest -I
ansible-galaxy collection install azure.azcollection
pip3 install -r ~/.ansible/collections/ansible_collections/azure/azcollection/requirements-azure.txt
- name: Add private key to SSH Agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.ssh-private-key}}
- name: Run ansible playbook
shell: bash
working-directory: ${{ github.workspace }}/ansible
run: |-
ansible-playbook ${{ inputs.playbook }} --inventory-file ${{ inputs.inventory }}
env:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_TENANT: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Delete Temporary NSG Rule
uses: azure/CLI@v1
with:
azcliversion: 2.50.0
inlineScript: |
az network nsg rule delete --resource-group $RESOURCE_GROUP_NAME \
--nsg-name $NSG_NAME --name TempAllowSSHAny