git.squeep.com Git - awsible/blob - roles/aws-management-infrastructure/tasks/main.yml

   1 ---
   2 - assert:
   3     that:
   4     - MANAGEMENT_SUBNET != ''
   5     - DEFAULT_AMI != ''
   6     - version != ''
   7     - phase != ''
   8   tags: ['check_vars']
   9
  10 - name: sg management-elb
  11   ec2_group:
  12     vpc_id: "{{ vpc.vpc.id }}"
  13     region: "{{ vpc_region }}"
  14     state: present
  15     name: management-elb
  16     description: "sg for internal elb for monitoring management"
  17     purge_rules: false
  18     rules:
  19     - proto: tcp
  20       from_port: 22
  21       to_port: 22
  22       cidr_ip: 0.0.0.0/0
  23     rules_egress:
  24     - proto: all
  25       cidr_ip: 0.0.0.0/0
  26
  27 - name: sg management
  28   ec2_group:
  29     vpc_id: "{{ vpc.vpc.id }}"
  30     region: "{{ vpc_region }}"
  31     state: present
  32     name: management
  33     description: "sg for management"
  34     purge_rules: false
  35     rules:
  36     - proto: all
  37       group_name: management
  38     - proto: all
  39       group_name: management-elb
  40   register: sg_management
  41
  42 - name: elb management-int-elb
  43   ec2_elb_lb:
  44     region: "{{ vpc_region }}"
  45     state: present
  46     name: management-int-elb
  47     cross_az_load_balancing: yes
  48     scheme: internal
  49     subnets: "{{ MANAGEMENT_SUBNET }}"
  50     security_group_names:
  51     - management-elb
  52     listeners:
  53     - protocol: tcp
  54       load_balancer_port: 22
  55       instance_port: 22
  56     health_check:
  57       ping_protocol: tcp
  58       ping_port: 22
  59       response_timeout: 5
  60       interval: 30
  61       unhealthy_threshold: 2
  62       healthy_threshold: 2
  63   register: elb_management
  64
  65 - name: management key
  66   ec2_key:
  67     region: "{{ vpc_region }}"
  68     name: "{{ MANAGEMENT_KEY_NAME }}"
  69     key_material: "{{ item }}"
  70   with_file: keys/{{ MANAGEMENT_KEY_NAME }}.pub
  71
  72 - name: management iam
  73   iam:
  74     name: management
  75     iam_type: role
  76     state: present
  77
  78 # this is only ansible 2.3+
  79 # - name: management role policies
  80 #   iam_role:
  81 #     name: management
  82 #     state: present
  83 #     managed_policy:
  84 #     - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
  85 #     - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
  86
  87 - include_role:
  88     name: launchconfig
  89   vars:
  90     security_group_ids:
  91     - "{{ sg_ssh.group_id }}"
  92     - "{{ sg_icmp.group_id }}"
  93     - "{{ sg_management.group_id }}"
  94
  95 # # will need to rev name-version when changing AMI
  96 # - name: management lc
  97 #   ec2_lc:
  98 #     region: "{{ vpc_region }}"
  99 #     name: management-0000
 100 #     image_id: "{{ DEFAULT_AMI }}"
 101 #     key_name: "{{ MANAGEMENT_KEY_NAME }}"
 102 #     instance_profile_name: management
 103 #     security_groups:
 104 #       - "{{ sg_management.group_id }}"
 105 #       - "{{ sg_ssh.group_id }}"
 106 #       - "{{ sg_icmp.group_id }}"
 107 #     instance_type: m4.large
 108 #     volumes:
 109 # # setting the root volume seems to prevent instances from launching
 110 # #    - device_name: /dev/sda1
 111 # #      volume_size: 8
 112 # #      volume_type: gp2
 113 # #      delete_on_termination: true
 114 #     - device_name: /dev/sdb
 115 #       ephemeral: ephemeral0
 116 #     - device_name: /dev/sdc
 117 #       ephemeral: ephemeral1
 118 #     - device_name: /dev/sdd
 119 #       ephemeral: ephemeral2
 120 #     - device_name: /dev/sde
 121 #       ephemeral: ephemeral3
 122 #   register: mgmt_lc
 123
 124 - include_role:
 125     name: autoscalinggroup
 126   vars:
 127     load_balancers: "{{ elb_management.elb.name }}"
 128     min_size: 1
 129     max_size: 1
 130     subnet_ids: "{{ MANAGEMENT_SUBNET }}"
 131
 132 # - name: management asg
 133 #   ec2_asg:
 134 #     region: "{{ vpc_region }}"
 135 #     name: management
 136 #     min_size: 1
 137 #     max_size: 1
 138 #     desired_capacity: 1
 139 #     default_cooldown: 10
 140 #     vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
 141 #     launch_config_name: "{{ mgmt_lc.name|default('checkmode') }}"
 142 #     notification_topic: "{{ management_topic.sns_arn }}"
 143 #     notification_types:
 144 #     - autoscaling:EC2_INSTANCE_LAUNCH
 145 #     load_balancers:
 146 #     - management-int-elb
 147 #     tags:
 148 #     - account: "{{ ACCT_NAME }}"
 149 #       propagate_at_launch: yes
 150 #     - module: management
 151 #       propagate_at_launch: yes
 152 #     - stack: ""
 153 #       propagate_at_launch: yes
 154 #     - country: ""
 155 #       propagate_at_launch: yes
 156 #     - phase: dev
 157 #       propagate_at_launch: yes
 158
 159 - name: not implemented yet
 160   debug:
 161     msg: |
 162       attach policies to iam role