forked from evolix/ansible-roles
Add Amazon EC2 role
This role is intended to setup and start EC2 instances, before Evolinux roles.
This commit is contained in:
parent
95c34c5d88
commit
4d6cbb52cd
58
amazon-ec2/README
Normal file
58
amazon-ec2/README
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# amazon-ec2
|
||||||
|
|
||||||
|
Manage Amazon EC2 instances.
|
||||||
|
|
||||||
|
This role is intended to be called before any other role to setup and start EC2
|
||||||
|
instances.
|
||||||
|
|
||||||
|
## Dependancies
|
||||||
|
|
||||||
|
You should first ensure that you have python-boto package installed on your
|
||||||
|
machine and an Amazon security access key pair created for your account.
|
||||||
|
|
||||||
|
## Tasks
|
||||||
|
|
||||||
|
By default, this role does nothing (no `main.yml` file).
|
||||||
|
|
||||||
|
* `create-instance.yml`: create new EC2 instances
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
- `aws_access_key` and `aws_secret_key`: your AWS credentials
|
||||||
|
- `aws_region`: where to create instances. Default: ca-central-1
|
||||||
|
- `ec2_public_ip`: assign public elastic IP address. Default: False
|
||||||
|
- `ec2_instance_count`: how many instance to launch. Default: 1
|
||||||
|
- `ec2_security_group: EC2 security group to use. See
|
||||||
|
ec2_evolinux_security_group in `defaults/main.yml` to define your own.
|
||||||
|
Default: ec2_evolinux_security_group
|
||||||
|
- `ec2_base_ami`: EC2 image to use. Default is to use Debian official ones,
|
||||||
|
depending on the region
|
||||||
|
- `ec2_instance_type`: EC2 instance type to use
|
||||||
|
- `ssh_pubkey_file`: SSH public key file to push to AWS. Do not try to put
|
||||||
|
your ED25519 key here, AWS does not support it. Default: ~/.ssh/id_rsa.pub
|
||||||
|
- `ec2_keyname: a name to give to your public key on AWS. Default is to use
|
||||||
|
$USER environment variable.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
In your main evolinux playbook put this play before Evolinux one:
|
||||||
|
|
||||||
|
```
|
||||||
|
---
|
||||||
|
- name: Prepare Amazon EC2 instance
|
||||||
|
hosts: localhost
|
||||||
|
gather_facts: False
|
||||||
|
|
||||||
|
vars:
|
||||||
|
aws_access_key:
|
||||||
|
aws_secret_key:
|
||||||
|
# Any other variable you want to set.
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- include_role:
|
||||||
|
name: amazon-ec2
|
||||||
|
tasks_from: create-instance.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
See amazon-ec2-evolinux.yml for an almost ready-to-use playbook to set up
|
||||||
|
Amazon EC2 instances running Evolinux.
|
59
amazon-ec2/amazon-ec2-evolinux.yml
Normal file
59
amazon-ec2/amazon-ec2-evolinux.yml
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
---
|
||||||
|
- name: Prepare Amazon EC2 instance
|
||||||
|
hosts: localhost
|
||||||
|
gather_facts: False
|
||||||
|
|
||||||
|
vars:
|
||||||
|
aws_access_key:
|
||||||
|
aws_secret_key:
|
||||||
|
aws_region: ca-central-1
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- include_role:
|
||||||
|
name: amazon-ec2
|
||||||
|
tasks_from: create-instance.yml
|
||||||
|
|
||||||
|
- name: Install Evolinux
|
||||||
|
hosts: launched-instances
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
vars_files:
|
||||||
|
- 'vars/secrets.yml'
|
||||||
|
|
||||||
|
vars:
|
||||||
|
admin_users: "{{ admin_users }}"
|
||||||
|
minifirewall_trusted_ips: "{{ trusted_ips }}"
|
||||||
|
fail2ban_ignore_ips: "{{ trusted_ips }}"
|
||||||
|
evolinux_hostname:
|
||||||
|
evolinux_domain:
|
||||||
|
evolinux_fqdn:
|
||||||
|
evolinux_internal_hostname:
|
||||||
|
minifirewall_public_ports_tcp: [80, 443]
|
||||||
|
minifirewall_public_ports_udp: []
|
||||||
|
minifirewall_semipublic_ports_tcp: [22]
|
||||||
|
nagios_nrpe_allowed_hosts: "{{ trusted_ips }}"
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- etc-git
|
||||||
|
- evolinux-base
|
||||||
|
- admin-users
|
||||||
|
- munin
|
||||||
|
- minifirewall
|
||||||
|
- fail2ban
|
||||||
|
- nagios-nrpe
|
||||||
|
- listupgrade
|
||||||
|
- evomaintenance
|
||||||
|
- evocheck
|
||||||
|
- packweb-apache
|
||||||
|
- mysql
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- include_role:
|
||||||
|
name: etc-git
|
||||||
|
tasks_from: commit.yml
|
||||||
|
vars:
|
||||||
|
commit_message: "Ansible post-run Evolinux playbook"
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: evocheck
|
||||||
|
tasks_from: exec.yml
|
48
amazon-ec2/defaults/main.yml
Normal file
48
amazon-ec2/defaults/main.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
aws_region: ca-central-1
|
||||||
|
ec2_public_ip: False
|
||||||
|
ec2_instance_count: 1
|
||||||
|
ec2_security_group: "{{ec2_evolinux_security_group}}"
|
||||||
|
ec2_base_ami: "{{ec2_debian_base_ami[aws_region]}}"
|
||||||
|
ec2_instance_type: t2.micro
|
||||||
|
# Note: Do not try to put your ED25519 key here, AWS does not support it...
|
||||||
|
ssh_pubkey_file: ~/.ssh/id_rsa.pub
|
||||||
|
ec2_keyname: "{{lookup('env', 'USER')}}"
|
||||||
|
|
||||||
|
# From https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
|
||||||
|
ec2_debian_base_ami:
|
||||||
|
ap-northeast-1: ami-032dd665
|
||||||
|
ap-northeast-2: ami-e174ac8f
|
||||||
|
ap-south-1: ami-6e7a3e01
|
||||||
|
ap-southeast-1: ami-41365b22
|
||||||
|
ap-southeast-2: ami-51f61333
|
||||||
|
ca-central-1: ami-18239d7c
|
||||||
|
eu-central-1: ami-11bb0e7e
|
||||||
|
eu-west-1: ami-d037cda9
|
||||||
|
eu-west-2: ami-ece3f388
|
||||||
|
sa-east-1: ami-a24635ce
|
||||||
|
us-east-1: ami-ac5e55d7
|
||||||
|
us-east-2: ami-9fbb98fa
|
||||||
|
us-west-1: ami-560c3836
|
||||||
|
us-west-2: ami-fa18f282
|
||||||
|
|
||||||
|
ec2_evolinux_security_group:
|
||||||
|
name: evolinux-default
|
||||||
|
description: Evolinux default security group
|
||||||
|
rules:
|
||||||
|
- proto: icmp
|
||||||
|
cidr_ip: 0.0.0.0/0
|
||||||
|
from_port: -1
|
||||||
|
to_port: -1
|
||||||
|
- proto: tcp
|
||||||
|
from_port: 22
|
||||||
|
to_port: 22
|
||||||
|
cidr_ip: 0.0.0.0/0
|
||||||
|
- proto: tcp
|
||||||
|
from_port: 5666
|
||||||
|
to_port: 5666
|
||||||
|
cidr_ip: 0.0.0.0/0
|
||||||
|
rules_egress:
|
||||||
|
- proto: all
|
||||||
|
cidr_ip: 0.0.0.0/0
|
||||||
|
|
55
amazon-ec2/tasks/create-instance.yml
Normal file
55
amazon-ec2/tasks/create-instance.yml
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
---
|
||||||
|
- name: Create default security group
|
||||||
|
ec2_group:
|
||||||
|
name: "{{ec2_security_group.name}}"
|
||||||
|
state: present
|
||||||
|
aws_access_key: "{{aws_access_key}}"
|
||||||
|
aws_secret_key: "{{aws_secret_key}}"
|
||||||
|
region: "{{aws_region}}"
|
||||||
|
description: "{{ec2_security_group.description}}"
|
||||||
|
rules: "{{ec2_security_group.rules}}"
|
||||||
|
|
||||||
|
- name: Create key pair
|
||||||
|
ec2_key:
|
||||||
|
name: "{{ec2_keyname}}"
|
||||||
|
state: present
|
||||||
|
aws_access_key: "{{aws_access_key}}"
|
||||||
|
aws_secret_key: "{{aws_secret_key}}"
|
||||||
|
region: "{{aws_region}}"
|
||||||
|
key_material: "{{item}}"
|
||||||
|
with_file: "{{ssh_pubkey_file}}"
|
||||||
|
|
||||||
|
- name: Launch new instance(s)
|
||||||
|
ec2:
|
||||||
|
state: present
|
||||||
|
aws_access_key: "{{aws_access_key}}"
|
||||||
|
aws_secret_key: "{{aws_secret_key}}"
|
||||||
|
region: "{{aws_region}}"
|
||||||
|
image: "{{ec2_base_ami}}"
|
||||||
|
instance_type: "{{ec2_instance_type}}"
|
||||||
|
count: "{{ec2_instance_count}}"
|
||||||
|
assign_public_ip: "{{ec2_public_ip}}"
|
||||||
|
group: "{{ec2_security_group.name}}"
|
||||||
|
key_name: "{{ec2_keyname}}"
|
||||||
|
wait: yes
|
||||||
|
register: ec2
|
||||||
|
|
||||||
|
- name: Add newly created instance(s) to inventory
|
||||||
|
add_host:
|
||||||
|
hostname: "{{item.public_dns_name}}"
|
||||||
|
groupname: launched-instances
|
||||||
|
ansible_user: admin
|
||||||
|
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||||
|
with_items: "{{ec2.instances}}"
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
||||||
|
with_items: "{{ec2.instances}}"
|
||||||
|
|
||||||
|
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||||
|
wait_for:
|
||||||
|
state: started
|
||||||
|
host: "{{item.public_dns_name}}"
|
||||||
|
port: 22
|
||||||
|
timeout: 120
|
||||||
|
with_items: "{{ec2.instances}}"
|
Loading…
Reference in a new issue