forked from evolix/ansible-roles
Merge branch 'amazon-ec2' into unstable
This commit is contained in:
commit
eaff68a9e5
59
amazon-ec2/README
Normal file
59
amazon-ec2/README
Normal file
|
@ -0,0 +1,59 @@
|
|||
# amazon-ec2
|
||||
|
||||
Manage Amazon EC2 instances.
|
||||
|
||||
This role is intended to be called before any other role to setup and start EC2
|
||||
instances.
|
||||
|
||||
## Dependencies
|
||||
|
||||
You should first ensure that you have `python-boto` package installed on your
|
||||
machine and an Amazon security access key pair created for your account.
|
||||
|
||||
## Tasks
|
||||
|
||||
By default, this role does nothing (no `main.yml` file).
|
||||
|
||||
* `create-instance.yml`: create new EC2 instances
|
||||
* `post-install.yml`: remove admin user created on Debian instances
|
||||
|
||||
## Variables
|
||||
|
||||
- `aws_access_key` and `aws_secret_key`: your AWS credentials
|
||||
- `aws_region`: where to create instances. Default: ca-central-1
|
||||
- `ec2_public_ip`: assign public elastic IP address. Default: False
|
||||
- `ec2_instance_count`: how many instance to launch. Default: 1
|
||||
- `ec2_security_group: EC2 security group to use. See
|
||||
ec2_evolinux_security_group in `defaults/main.yml` to define your own.
|
||||
Default: ec2_evolinux_security_group
|
||||
- `ec2_base_ami`: EC2 image to use. Default is to use Debian official ones,
|
||||
depending on the region
|
||||
- `ec2_instance_type`: EC2 instance type to use
|
||||
- `ssh_pubkey_file`: SSH public key file to push to AWS. Do not try to put
|
||||
your ED25519 key here, AWS does not support it. Default: ~/.ssh/id_rsa.pub
|
||||
- `ec2_keyname: a name to give to your public key on AWS. Default is to use
|
||||
$USER environment variable.
|
||||
|
||||
## Examples
|
||||
|
||||
In your main evolinux playbook put this play before Evolinux one:
|
||||
|
||||
```
|
||||
---
|
||||
- name: Prepare Amazon EC2 instance
|
||||
hosts: localhost
|
||||
gather_facts: False
|
||||
|
||||
vars:
|
||||
aws_access_key:
|
||||
aws_secret_key:
|
||||
# Any other variable you want to set.
|
||||
|
||||
tasks:
|
||||
- include_role:
|
||||
name: amazon-ec2
|
||||
tasks_from: create-instance.yml
|
||||
```
|
||||
|
||||
See amazon-ec2-evolinux.yml for an almost ready-to-use playbook to set up
|
||||
Amazon EC2 instances running Evolinux.
|
59
amazon-ec2/amazon-ec2-evolinux.yml
Normal file
59
amazon-ec2/amazon-ec2-evolinux.yml
Normal file
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
- name: Prepare Amazon EC2 instance
|
||||
hosts: localhost
|
||||
gather_facts: False
|
||||
|
||||
vars:
|
||||
aws_access_key:
|
||||
aws_secret_key:
|
||||
aws_region: ca-central-1
|
||||
|
||||
tasks:
|
||||
- include_role:
|
||||
name: amazon-ec2
|
||||
tasks_from: create-instance.yml
|
||||
|
||||
- name: Install Evolinux
|
||||
hosts: launched-instances
|
||||
become: yes
|
||||
|
||||
vars_files:
|
||||
- 'vars/secrets.yml'
|
||||
|
||||
vars:
|
||||
admin_users: "{{ admin_users }}"
|
||||
minifirewall_trusted_ips: "{{ trusted_ips }}"
|
||||
fail2ban_ignore_ips: "{{ trusted_ips }}"
|
||||
evolinux_hostname:
|
||||
evolinux_domain:
|
||||
evolinux_fqdn:
|
||||
evolinux_internal_hostname:
|
||||
minifirewall_public_ports_tcp: [80, 443]
|
||||
minifirewall_public_ports_udp: []
|
||||
minifirewall_semipublic_ports_tcp: [22]
|
||||
nagios_nrpe_allowed_hosts: "{{ trusted_ips }}"
|
||||
|
||||
roles:
|
||||
- etc-git
|
||||
- evolinux-base
|
||||
- admin-users
|
||||
- munin
|
||||
- minifirewall
|
||||
- fail2ban
|
||||
- nagios-nrpe
|
||||
- listupgrade
|
||||
- evomaintenance
|
||||
- evocheck
|
||||
- packweb-apache
|
||||
- mysql
|
||||
|
||||
post_tasks:
|
||||
- include_role:
|
||||
name: etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
commit_message: "Ansible post-run Evolinux playbook"
|
||||
|
||||
- include_role:
|
||||
name: evocheck
|
||||
tasks_from: exec.yml
|
135
amazon-ec2/defaults/main.yml
Normal file
135
amazon-ec2/defaults/main.yml
Normal file
|
@ -0,0 +1,135 @@
|
|||
---
|
||||
aws_region: ca-central-1
|
||||
ec2_public_ip: False
|
||||
ec2_instance_count: 1
|
||||
ec2_security_group: "{{ ec2_evolinux_security_group }}"
|
||||
ec2_base_ami: "{{ ec2_debian_base_ami[aws_region] }}"
|
||||
ec2_instance_type: t2.micro
|
||||
# Note: Do not try to put your ED25519 key here, AWS does not support it...
|
||||
ssh_pubkey_file: ~/.ssh/id_rsa.pub
|
||||
ec2_keyname: "{{ lookup('env', 'USER') }}"
|
||||
|
||||
# From https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
|
||||
ec2_debian_base_ami:
|
||||
ap-northeast-1: ami-032dd665
|
||||
ap-northeast-2: ami-e174ac8f
|
||||
ap-south-1: ami-6e7a3e01
|
||||
ap-southeast-1: ami-41365b22
|
||||
ap-southeast-2: ami-51f61333
|
||||
ca-central-1: ami-18239d7c
|
||||
eu-central-1: ami-11bb0e7e
|
||||
eu-west-1: ami-d037cda9
|
||||
eu-west-2: ami-ece3f388
|
||||
sa-east-1: ami-a24635ce
|
||||
us-east-1: ami-ac5e55d7
|
||||
us-east-2: ami-9fbb98fa
|
||||
us-west-1: ami-560c3836
|
||||
us-west-2: ami-fa18f282
|
||||
|
||||
ec2_evolinux_security_group:
|
||||
name: evolinux-default
|
||||
description: Evolinux default security group
|
||||
rules:
|
||||
- proto: icmp
|
||||
cidr_ip: 0.0.0.0/0
|
||||
from_port: -1
|
||||
to_port: -1
|
||||
- proto: tcp
|
||||
from_port: 22
|
||||
to_port: 22
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 5666
|
||||
to_port: 5666
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 53
|
||||
to_port: 53
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: udp
|
||||
from_port: 53
|
||||
to_port: 53
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 389
|
||||
to_port: 389
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 636
|
||||
to_port: 636
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 143
|
||||
to_port: 143
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 993
|
||||
to_port: 993
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 110
|
||||
to_port: 110
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 995
|
||||
to_port: 995
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 25
|
||||
to_port: 25
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 80
|
||||
to_port: 80
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 443
|
||||
to_port: 443
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 21
|
||||
to_port: 21
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 20
|
||||
to_port: 20
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 5001
|
||||
to_port: 5001
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 465
|
||||
to_port: 465
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 587
|
||||
to_port: 587
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 8181
|
||||
to_port: 8181
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 8282
|
||||
to_port: 8282
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 9091
|
||||
to_port: 9091
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 2222
|
||||
to_port: 2222
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 2223
|
||||
to_port: 2223
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: udp
|
||||
from_port: 123
|
||||
to_port: 123
|
||||
cidr_ip: 0.0.0.0/0
|
||||
rules_egress:
|
||||
- proto: all
|
||||
cidr_ip: 0.0.0.0/0
|
55
amazon-ec2/tasks/create-instance.yml
Normal file
55
amazon-ec2/tasks/create-instance.yml
Normal file
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
- name: Create default security group
|
||||
ec2_group:
|
||||
name: "{{ec2_security_group.name}}"
|
||||
state: present
|
||||
aws_access_key: "{{aws_access_key}}"
|
||||
aws_secret_key: "{{aws_secret_key}}"
|
||||
region: "{{aws_region}}"
|
||||
description: "{{ec2_security_group.description}}"
|
||||
rules: "{{ec2_security_group.rules}}"
|
||||
|
||||
- name: Create key pair
|
||||
ec2_key:
|
||||
name: "{{ec2_keyname}}"
|
||||
state: present
|
||||
aws_access_key: "{{aws_access_key}}"
|
||||
aws_secret_key: "{{aws_secret_key}}"
|
||||
region: "{{aws_region}}"
|
||||
key_material: "{{item}}"
|
||||
with_file: "{{ssh_pubkey_file}}"
|
||||
|
||||
- name: Launch new instance(s)
|
||||
ec2:
|
||||
state: present
|
||||
aws_access_key: "{{aws_access_key}}"
|
||||
aws_secret_key: "{{aws_secret_key}}"
|
||||
region: "{{aws_region}}"
|
||||
image: "{{ec2_base_ami}}"
|
||||
instance_type: "{{ec2_instance_type}}"
|
||||
count: "{{ec2_instance_count}}"
|
||||
assign_public_ip: "{{ec2_public_ip}}"
|
||||
group: "{{ec2_security_group.name}}"
|
||||
key_name: "{{ec2_keyname}}"
|
||||
wait: yes
|
||||
register: ec2
|
||||
|
||||
- name: Add newly created instance(s) to inventory
|
||||
add_host:
|
||||
hostname: "{{item.public_dns_name}}"
|
||||
groupname: launched-instances
|
||||
ansible_user: admin
|
||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||
with_items: "{{ec2.instances}}"
|
||||
|
||||
- debug:
|
||||
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
||||
with_items: "{{ec2.instances}}"
|
||||
|
||||
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||
wait_for:
|
||||
state: started
|
||||
host: "{{item.public_dns_name}}"
|
||||
port: 22
|
||||
timeout: 120
|
||||
with_items: "{{ec2.instances}}"
|
5
amazon-ec2/tasks/post-install.yml
Normal file
5
amazon-ec2/tasks/post-install.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: Remove admin user
|
||||
user:
|
||||
name: admin
|
||||
state: absent
|
Loading…
Reference in a new issue