git.squeep.com Git - awsible/blob - roles/aws-management-infrastructure/tasks/main.yml

   1 ---
   2 - assert:
   3     that:
   4     - MANAGEMENT_SUBNET != ''
   5     - DEFAULT_AMI != ''
   6     - version != ''
   7     - phase != ''
   8   tags: ['check_vars']
   9
  10 - name: sg management-elb
  11   ec2_group:
  12     vpc_id: "{{ vpc.vpc.id }}"
  13     region: "{{ vpc_region }}"
  14     state: present
  15     name: "{{ module }}-elb"
  16     description: "sg for internal elb for monitoring management"
  17     purge_rules: false
  18     rules:
  19     - proto: tcp
  20       from_port: 22
  21       to_port: 22
  22       cidr_ip: 0.0.0.0/0
  23     rules_egress:
  24     - proto: all
  25       cidr_ip: 0.0.0.0/0
  26
  27 - name: sg management
  28   ec2_group:
  29     vpc_id: "{{ vpc.vpc.id }}"
  30     region: "{{ vpc_region }}"
  31     state: present
  32     name: "{{ module }}"
  33     description: "sg for management"
  34     purge_rules: false
  35     rules:
  36     - proto: all
  37       group_name: "{{ module }}"
  38     - proto: all
  39       group_name: "{{ module }}-elb"
  40   register: sg_management
  41
  42 - name: elb management-int-elb
  43   ec2_elb_lb:
  44     region: "{{ vpc_region }}"
  45     state: present
  46     name: "{{ module }}-int-elb"
  47     cross_az_load_balancing: yes
  48     scheme: internal
  49     subnets: "{{ MANAGEMENT_SUBNET }}"
  50     security_group_names:
  51     - "{{ module }}-elb"
  52     listeners:
  53     - protocol: tcp
  54       load_balancer_port: 22
  55       instance_port: 22
  56     health_check:
  57       ping_protocol: tcp
  58       ping_port: 22
  59       response_timeout: 5
  60       interval: 30
  61       unhealthy_threshold: 2
  62       healthy_threshold: 2
  63   register: elb_management
  64
  65 - name: management key
  66   ec2_key:
  67     region: "{{ vpc_region }}"
  68     name: "{{ MANAGEMENT_KEY_NAME }}"
  69     key_material: "{{ item }}"
  70   with_file: ../keys/{{ MANAGEMENT_KEY_NAME }}.pub
  71
  72 - name: management iam
  73   iam:
  74     name: "{{ module }}"
  75     iam_type: role
  76     state: present
  77   register: role_management
  78
  79 # this is only ansible 2.3+
  80 # - name: management role policies
  81 #   iam_role:
  82 #     name: management
  83 #     state: present
  84 #     managed_policy:
  85 #     - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
  86 #     - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
  87
  88 - debug:
  89     msg: "If next step fails, wait a little while and retry."
  90
  91 - include_role:
  92     name: launchconfig
  93   vars:
  94     security_group_ids:
  95     - "{{ sg_ssh.group_id }}"
  96     - "{{ sg_icmp.group_id }}"
  97     - "{{ sg_management.group_id }}"
  98
  99 # # will need to rev name-version when changing AMI
 100 # - name: management lc
 101 #   ec2_lc:
 102 #     region: "{{ vpc_region }}"
 103 #     name: management-0000
 104 #     image_id: "{{ DEFAULT_AMI }}"
 105 #     key_name: "{{ MANAGEMENT_KEY_NAME }}"
 106 #     instance_profile_name: management
 107 #     security_groups:
 108 #       - "{{ sg_management.group_id }}"
 109 #       - "{{ sg_ssh.group_id }}"
 110 #       - "{{ sg_icmp.group_id }}"
 111 #     instance_type: m4.large
 112 #     volumes:
 113 # # setting the root volume seems to prevent instances from launching
 114 # #    - device_name: /dev/sda1
 115 # #      volume_size: 8
 116 # #      volume_type: gp2
 117 # #      delete_on_termination: true
 118 #     - device_name: /dev/sdb
 119 #       ephemeral: ephemeral0
 120 #     - device_name: /dev/sdc
 121 #       ephemeral: ephemeral1
 122 #     - device_name: /dev/sdd
 123 #       ephemeral: ephemeral2
 124 #     - device_name: /dev/sde
 125 #       ephemeral: ephemeral3
 126 #   register: mgmt_lc
 127
 128 - include_role:
 129     name: autoscalinggroup
 130   vars:
 131     load_balancers: "{{ elb_management.elb.name }}"
 132     min_size: 1
 133     max_size: 1
 134     subnet_ids: "{{ MANAGEMENT_SUBNET }}"
 135
 136 # - name: management asg
 137 #   ec2_asg:
 138 #     region: "{{ vpc_region }}"
 139 #     name: management
 140 #     min_size: 1
 141 #     max_size: 1
 142 #     desired_capacity: 1
 143 #     default_cooldown: 10
 144 #     vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
 145 #     launch_config_name: "{{ mgmt_lc.name|default('checkmode') }}"
 146 #     notification_topic: "{{ management_topic.sns_arn }}"
 147 #     notification_types:
 148 #     - autoscaling:EC2_INSTANCE_LAUNCH
 149 #     load_balancers:
 150 #     - management-int-elb
 151 #     tags:
 152 #     - account: "{{ ACCT_NAME }}"
 153 #       propagate_at_launch: yes
 154 #     - module: management
 155 #       propagate_at_launch: yes
 156 #     - stack: ""
 157 #       propagate_at_launch: yes
 158 #     - country: ""
 159 #       propagate_at_launch: yes
 160 #     - phase: dev
 161 #       propagate_at_launch: yes
 162
 163 - name: not implemented yet
 164   debug:
 165     msg: |
 166       attach policies to iam role