1 Starting up a new AWSible environment
2 -------------------------------------
4 * initialize CA for environment
6 env="myAwsibleEnvironment"
9 curl -fOL https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
11 tar -C "${env}_ca" --strip-components 1 -x -f EasyRSA-3.0.1.tgz
19 # create openVPN region server cert
20 ./easyrsa build-server-full ${region}.${env} nopass
26 openvpn --genkey --secret ta.key
30 * generate ansible variables for VPN
32 ./generate-ansible-vpcaccess-vars.sh ${env} ${region}
34 * create ssh keypair as keys/management{,.pub}
36 * configure group_vars/all with:
38 - DEFAULT_AMI ami of amazon linux in chosen region
41 * install managed policies by hand
42 for f in roles/aws-infrastructure/files/*-policy.json
44 n=$(basename "$f" .json)
45 aws --region "{{ vpc_region }}" iam create-policy --policy-name "$n" --description "{{ get this from somewhere }}" --policy-document file://"$f"
48 * ansible-playbook init_vpc.yml
50 * add IGW to VPC Main route table
52 * change pub-subnets to auto-assign external IPs
54 * bootstrap vpcaccess from external system
55 ansible-playbook init_vpcaccess.yml
56 aws --region ${region} iam create-policy --policy-name vpcaccess-policy --description vpcaccess --policy-document file://../roles/vpcaccess-infrastructure/files/vpcaccess-policy.json
57 # attach policy to role
58 INVENTORY_PUBLIC=1 ansible-playbook vpcaccess-d0stage
60 * configure group_vars/all with chosen MANAGEMENT_SUBNET
62 * ansible-playbook init_management.yml
64 * add base and management policies to management IAM role
66 * create persistant management data volume
68 mkfs -t ext4 -j -m 0 -L /media/data /dev/xvdf
70 mkdir /media/data && chown ec2-user:ec2-user /media/data
71 LABEL=/media/data /media/data ext4 defaults 0 2
73 * install AWSible repo in /data/management/
75 * bootstrap management server from external system
76 ansible-playbook management.yml