X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=roles%2Faws-infrastructure%2Ftasks%2Fmain.yml;h=83085db12097b4cc945dff3ab20aca5476385265;hp=b4663f5ca1fd4fe256d862494107431bd94faa66;hb=e482b07ff313d339805b75a654f2ec17badb0cd2;hpb=0901b0eeb5d83a02b09067e77c3a20c5d9d2ef31

diff --git a/roles/aws-infrastructure/tasks/main.yml b/roles/aws-infrastructure/tasks/main.yml
index b4663f5..83085db 100644
--- a/roles/aws-infrastructure/tasks/main.yml
+++ b/roles/aws-infrastructure/tasks/main.yml
@@ -19,8 +19,7 @@
     receive_message_wait_time: 0
   register: management_failure_queue
 
-- debug:
-    var: management_failure_queue
+# as of Ansible 2.2.1.0 sqs_queue does not seem to be returning queue_arn
 
 - name: Managment queue.
   sqs_queue:
@@ -60,11 +59,11 @@
     purge_subscriptions: False
   register: management_notice_topic
 
-# - name: Ensure management backup bucket exists.
-#   s3_bucket:
-#     when: MANAGEMENT_BACKUP_S3_BUCKET is defined
-#     state: present
-#     name: "{{ MANAGEMENT_BACKUP_S3_BUCKET }}"
+- name: Management backup bucket
+  when: MANAGEMENT_BACKUP_S3_BUCKET is defined
+  s3_bucket:
+    state: present
+    name: "{{ MANAGEMENT_BACKUP_S3_BUCKET }}"
 
 - name: sg ssh
   ec2_group:
@@ -116,9 +115,6 @@
       group_name: management-elb
   register: sg_management
 
-- debug:
-    var: sg_management
-
 - name: elb management-int-elb
   ec2_elb_lb:
     region: "{{ vpc_region }}"
@@ -154,6 +150,16 @@
     iam_type: role
     state: present
 
+# this is only ansible 2.3+
+# - name: management role policies
+#   iam_role:
+#     name: management
+#     state: present
+#     managed_policy:
+#     - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
+#     - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
+
+# will need to rev name-version when changing AMI
 - name: management lc
   ec2_lc:
     region: "{{ vpc_region }}"
@@ -166,10 +172,11 @@
       - "{{ sg_ssh.group_id }}"
     instance_type: m4.large
     volumes:
-    - device_name: /dev/sda1
-      volume_size: 8
-      volume_type: gp2
-      delete_on_termination: true
+# setting the root volume seems to prevent instances from launching
+#    - device_name: /dev/sda1
+#      volume_size: 8
+#      volume_type: gp2
+#      delete_on_termination: true
     - device_name: /dev/sdb
       ephemeral: ephemeral0
     - device_name: /dev/sdc
@@ -180,9 +187,6 @@
       ephemeral: ephemeral3
   register: mgmt_lc
 
-- debug:
-    var: mgmt_lc
-
 - name: management asg
   ec2_asg:
     region: "{{ vpc_region }}"
@@ -190,6 +194,7 @@
     min_size: 1
     max_size: 1
     desired_capacity: 1
+    default_cooldown: 10
     vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
     launch_config_name: "{{ mgmt_lc.name }}"
     notification_topic: "{{ management_topic.sns_arn }}"
@@ -199,5 +204,9 @@
     - management-int-elb
     tags:
     - module: management
-      propogate_at_launch: yes
+      propagate_at_launch: yes
 
+- name: not implemented yet
+  debug:
+    msg: |
+      attach policies to iam role