Add Amazon EC2 role

This role is intended to setup and start EC2 instances, before Evolinux
roles.

amazon-ec2/README

@@ -0,0 +1,58 @@
+# amazon-ec2
+
+Manage Amazon EC2 instances.
+
+This role is intended to be called before any other role to setup and start EC2
+instances.
+
+## Dependancies
+
+You should first ensure that you have python-boto package installed on your
+machine and an Amazon security access key pair created for your account.
+
+## Tasks
+
+By default, this role does nothing (no `main.yml` file).
+
+* `create-instance.yml`: create new EC2 instances
+
+## Variables
+
+  - `aws_access_key` and `aws_secret_key`: your AWS credentials
+  - `aws_region`: where to create instances. Default: ca-central-1
+  - `ec2_public_ip`: assign public elastic IP address. Default: False
+  - `ec2_instance_count`: how many instance to launch. Default: 1
+  - `ec2_security_group: EC2 security group to use. See
+    ec2_evolinux_security_group in `defaults/main.yml` to define your own.
+    Default: ec2_evolinux_security_group
+  - `ec2_base_ami`: EC2 image to use. Default is to use Debian official ones,
+    depending on the region
+  - `ec2_instance_type`: EC2 instance type to use
+  - `ssh_pubkey_file`: SSH public key file to push to AWS. Do not try to put
+    your ED25519 key here, AWS does not support it. Default: ~/.ssh/id_rsa.pub
+  - `ec2_keyname: a name to give to your public key on AWS. Default is to use
+    $USER environment variable.
+
+## Examples
+
+In your main evolinux playbook put this play before Evolinux one:
+
+```
+---
+- name: Prepare Amazon EC2 instance
+  hosts: localhost
+  gather_facts: False
+
+  vars:
+    aws_access_key: 
+    aws_secret_key: 
+    # Any other variable you want to set.
+
+  tasks:
+    - include_role:
+        name: amazon-ec2
+        tasks_from: create-instance.yml
+```
+
+See amazon-ec2-evolinux.yml for an almost ready-to-use playbook to set up
+Amazon EC2 instances running Evolinux.

amazon-ec2/amazon-ec2-evolinux.yml

@@ -0,0 +1,59 @@
+---
+- name: Prepare Amazon EC2 instance
+  hosts: localhost
+  gather_facts: False
+
+  vars:
+    aws_access_key: 
+    aws_secret_key: 
+    aws_region: ca-central-1
+
+  tasks:
+    - include_role:
+        name: amazon-ec2
+        tasks_from: create-instance.yml
+
+- name: Install Evolinux
+  hosts: launched-instances
+  become: yes
+
+  vars_files:
+  - 'vars/secrets.yml'
+
+  vars:
+    admin_users: "{{ admin_users }}"
+    minifirewall_trusted_ips: "{{ trusted_ips }}"
+    fail2ban_ignore_ips: "{{ trusted_ips }}"
+    evolinux_hostname:
+    evolinux_domain:
+    evolinux_fqdn:
+    evolinux_internal_hostname:
+    minifirewall_public_ports_tcp: [80, 443]
+    minifirewall_public_ports_udp: []
+    minifirewall_semipublic_ports_tcp: [22]
+    nagios_nrpe_allowed_hosts: "{{ trusted_ips }}"
+
+  roles:
+  - etc-git
+  - evolinux-base
+  - admin-users
+  - munin
+  - minifirewall
+  - fail2ban
+  - nagios-nrpe
+  - listupgrade
+  - evomaintenance
+  - evocheck
+  - packweb-apache
+  - mysql
+
+  post_tasks:
+  - include_role:
+      name: etc-git
+      tasks_from: commit.yml
+    vars:
+      commit_message: "Ansible post-run Evolinux playbook"
+
+  - include_role:
+      name: evocheck
+      tasks_from: exec.yml

amazon-ec2/defaults/main.yml

@@ -0,0 +1,48 @@
+---
+aws_region: ca-central-1
+ec2_public_ip: False
+ec2_instance_count: 1
+ec2_security_group: "{{ec2_evolinux_security_group}}"
+ec2_base_ami: "{{ec2_debian_base_ami[aws_region]}}"
+ec2_instance_type: t2.micro
+# Note: Do not try to put your ED25519 key here, AWS does not support it...
+ssh_pubkey_file: ~/.ssh/id_rsa.pub
+ec2_keyname: "{{lookup('env', 'USER')}}"
+
+# From https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
+ec2_debian_base_ami:
+  ap-northeast-1: ami-032dd665
+  ap-northeast-2: ami-e174ac8f
+  ap-south-1: ami-6e7a3e01
+  ap-southeast-1: ami-41365b22
+  ap-southeast-2: ami-51f61333
+  ca-central-1: ami-18239d7c
+  eu-central-1: ami-11bb0e7e
+  eu-west-1: ami-d037cda9
+  eu-west-2: ami-ece3f388
+  sa-east-1: ami-a24635ce
+  us-east-1: ami-ac5e55d7
+  us-east-2: ami-9fbb98fa
+  us-west-1: ami-560c3836
+  us-west-2: ami-fa18f282 
+
+ec2_evolinux_security_group:
+  name: evolinux-default
+  description: Evolinux default security group
+  rules:
+    - proto: icmp
+      cidr_ip: 0.0.0.0/0
+      from_port: -1
+      to_port: -1
+    - proto: tcp
+      from_port: 22
+      to_port: 22
+      cidr_ip: 0.0.0.0/0
+    - proto: tcp
+      from_port: 5666
+      to_port: 5666
+      cidr_ip: 0.0.0.0/0
+  rules_egress:
+    - proto: all
+      cidr_ip: 0.0.0.0/0
+

amazon-ec2/tasks/create-instance.yml

@@ -0,0 +1,55 @@
+---
+- name: Create default security group
+  ec2_group:
+    name: "{{ec2_security_group.name}}"
+    state: present
+    aws_access_key: "{{aws_access_key}}"
+    aws_secret_key: "{{aws_secret_key}}"
+    region: "{{aws_region}}"
+    description: "{{ec2_security_group.description}}"
+    rules: "{{ec2_security_group.rules}}"
+
+- name: Create key pair
+  ec2_key:
+    name: "{{ec2_keyname}}"
+    state: present
+    aws_access_key: "{{aws_access_key}}"
+    aws_secret_key: "{{aws_secret_key}}"
+    region: "{{aws_region}}"
+    key_material: "{{item}}"
+  with_file: "{{ssh_pubkey_file}}"
+
+- name: Launch new instance(s)
+  ec2:
+    state: present
+    aws_access_key: "{{aws_access_key}}"
+    aws_secret_key: "{{aws_secret_key}}"
+    region: "{{aws_region}}"
+    image: "{{ec2_base_ami}}"
+    instance_type: "{{ec2_instance_type}}"
+    count: "{{ec2_instance_count}}"
+    assign_public_ip: "{{ec2_public_ip}}"
+    group: "{{ec2_security_group.name}}"
+    key_name: "{{ec2_keyname}}"
+    wait: yes
+  register: ec2
+
+- name: Add newly created instance(s) to inventory
+  add_host:
+    hostname: "{{item.public_dns_name}}"
+    groupname: launched-instances
+    ansible_user: admin
+    ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
+  with_items: "{{ec2.instances}}"
+
+- debug:
+    msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
+  with_items: "{{ec2.instances}}"
+
+- name: Wait for SSH to come up on all instances (give up after 2m)
+  wait_for:
+    state: started
+    host: "{{item.public_dns_name}}"
+    port: 22
+    timeout: 120
+  with_items: "{{ec2.instances}}"