4 - MANAGEMENT_SUBNET != ''
10 - name: sg management-elb
12 vpc_id: "{{ vpc.vpc.id }}"
13 region: "{{ vpc_region }}"
15 name: "{{ module }}-elb"
16 description: "sg for internal elb for monitoring management"
29 vpc_id: "{{ vpc.vpc.id }}"
30 region: "{{ vpc_region }}"
33 description: "sg for management"
37 group_name: "{{ module }}"
39 group_name: "{{ module }}-elb"
40 register: sg_management
42 - name: elb management-int-elb
44 region: "{{ vpc_region }}"
46 name: "{{ module }}-int-elb"
47 cross_az_load_balancing: yes
49 subnets: "{{ MANAGEMENT_SUBNET }}"
54 load_balancer_port: 22
61 unhealthy_threshold: 2
63 register: elb_management
65 - name: management key
67 region: "{{ vpc_region }}"
68 name: "{{ MANAGEMENT_KEY_NAME }}"
69 key_material: "{{ item }}"
70 with_file: ../keys/{{ MANAGEMENT_KEY_NAME }}.pub
72 - name: management iam
77 register: role_management
79 # this is only ansible 2.3+
80 # - name: management role policies
85 # - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
86 # - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
89 msg: "If next step fails, wait a little while and retry."
95 - "{{ sg_ssh.group_id }}"
96 - "{{ sg_icmp.group_id }}"
97 - "{{ sg_management.group_id }}"
99 # # will need to rev name-version when changing AMI
100 # - name: management lc
102 # region: "{{ vpc_region }}"
103 # name: management-0000
104 # image_id: "{{ DEFAULT_AMI }}"
105 # key_name: "{{ MANAGEMENT_KEY_NAME }}"
106 # instance_profile_name: management
108 # - "{{ sg_management.group_id }}"
109 # - "{{ sg_ssh.group_id }}"
110 # - "{{ sg_icmp.group_id }}"
111 # instance_type: m4.large
113 # # setting the root volume seems to prevent instances from launching
114 # # - device_name: /dev/sda1
117 # # delete_on_termination: true
118 # - device_name: /dev/sdb
119 # ephemeral: ephemeral0
120 # - device_name: /dev/sdc
121 # ephemeral: ephemeral1
122 # - device_name: /dev/sdd
123 # ephemeral: ephemeral2
124 # - device_name: /dev/sde
125 # ephemeral: ephemeral3
129 name: autoscalinggroup
131 load_balancers: "{{ elb_management.elb.name }}"
134 subnet_ids: "{{ MANAGEMENT_SUBNET }}"
136 # - name: management asg
138 # region: "{{ vpc_region }}"
142 # desired_capacity: 1
143 # default_cooldown: 10
144 # vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
145 # launch_config_name: "{{ mgmt_lc.name|default('checkmode') }}"
146 # notification_topic: "{{ management_topic.sns_arn }}"
147 # notification_types:
148 # - autoscaling:EC2_INSTANCE_LAUNCH
150 # - management-int-elb
152 # - account: "{{ ACCT_NAME }}"
153 # propagate_at_launch: yes
154 # - module: management
155 # propagate_at_launch: yes
157 # propagate_at_launch: yes
159 # propagate_at_launch: yes
161 # propagate_at_launch: yes
163 - name: not implemented yet
166 attach policies to iam role