wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-06 15:13:56 +02:00
Code Issues Projects Releases Wiki Activity

GCE: Static external ip (optional) (#1125)

Browse source
This commit is contained in:
Jack Ivanov 2018-09-27 11:18:00 +03:00 committed by Dan Guido
parent 810358f1cc
commit 6c0753e3b8
2 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config.cfg
View file

@ -83,7 +83,7 @@ congrats:
p12_pass: | p12_pass: |
"# The p12 and SSH keys password for new users is {{ p12_export_password }} #" "# The p12 and SSH keys password for new users is {{ p12_export_password }} #"
ca_key_pass: | ca_key_pass: |
"# The CA key password is {{ CA_password }} #" "# The CA key password is {{ CA_password }} #"
ssh_access: | ssh_access: |
"# Shell access: ssh -i {{ ansible_ssh_private_key_file|default(omit) }} {{ ansible_ssh_user|default(omit) }}@{{ ansible_ssh_host|default(omit) }} #" "# Shell access: ssh -i {{ ansible_ssh_private_key_file|default(omit) }} {{ ansible_ssh_user|default(omit) }}@{{ ansible_ssh_host|default(omit) }} #"
@ -101,9 +101,9 @@ cloud_providers:
image: "ubuntu-18-04-x64" image: "ubuntu-18-04-x64"
# Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest. # Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest.
# Warning: the Algo script will take approximately 6 minutes longer to complete. # Warning: the Algo script will take approximately 6 minutes longer to complete.
# Also note that the documented AWS minimum permissions aren't sufficient. # Also note that the documented AWS minimum permissions aren't sufficient.
# You will have to edit the AWS user policy documented at # You will have to edit the AWS user policy documented at
# https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage". # https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage".
# See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html
ec2: ec2:
encrypted: false encrypted: false
@ -114,6 +114,7 @@ cloud_providers:
gce: gce:
size: f1-micro size: f1-micro
image: ubuntu-1804 image: ubuntu-1804
external_static_ip: false
lightsail: lightsail:
size: nano_1_0 size: nano_1_0
image: ubuntu_16_04 image: ubuntu_16_04

17
roles/cloud-gce/tasks/main.yml
View file

@ -14,10 +14,27 @@
credentials_file: "{{ credentials_file_path }}" credentials_file: "{{ credentials_file_path }}"
project_id: "{{ project_id }}" project_id: "{{ project_id }}"
- block:
- name: External IP allocated
gce_eip:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file_path }}"
project_id: "{{ project_id }}"
name: "{{ algo_server_name }}"
region: "{{ algo_region.split('-')[0:2] | join('-') }}"
state: present
register: gce_eip
- name: Set External IP as a fact
set_fact:
external_ip: "{{ gce_eip.address }}"
when: cloud_providers.gce.external_static_ip
- name: "Creating a new instance..." - name: "Creating a new instance..."
gce: gce:
instance_names: "{{ algo_server_name }}" instance_names: "{{ algo_server_name }}"
zone: "{{ algo_region }}" zone: "{{ algo_region }}"
external_ip: "{{ external_ip | default('ephemeral') }}"
machine_type: "{{ cloud_providers.gce.size }}" machine_type: "{{ cloud_providers.gce.size }}"
image: "{{ cloud_providers.gce.image }}" image: "{{ cloud_providers.gce.image }}"
service_account_email: "{{ service_account_email }}" service_account_email: "{{ service_account_email }}"