create stacks with more generic role things

author Justin Wind <j.wind@partner.samsung.com>

Tue, 14 Mar 2017 20:01:58 +0000 (13:01 -0700)

committer Justin Wind <j.wind@partner.samsung.com>

Tue, 14 Mar 2017 20:01:58 +0000 (13:01 -0700)
author Justin Wind <j.wind@partner.samsung.com>
Tue, 14 Mar 2017 20:01:58 +0000 (13:01 -0700)
committer Justin Wind <j.wind@partner.samsung.com>
Tue, 14 Mar 2017 20:01:58 +0000 (13:01 -0700)
diff --git a/init_vpcaccess.yml b/init_vpcaccess-dev.yml

similarity index 55%

rename from init_vpcaccess.yml

rename to init_vpcaccess-dev.yml

index 3b9d6244405b8d264776aef7008b4958b955409a..ec38ac26568d59374ed975ec67b0c50067dd247e 100644 (file)
--- a/init_vpcaccess.yml
+++ b/init_vpcaccess-dev.yml
@@ -4,4 +4,6 @@
    gather_facts: False
    become: no
    roles:
-  - vpcaccess-infrastructure
+  - role: vpcaccess-infrastructure
+    phase: dev
+    version: "0000"
diff --git a/roles/autoscalinggroup/meta/main.yml b/roles/autoscalinggroup/meta/main.yml

new file mode 100644 (file)

index 0000000..0995b3c
--- /dev/null
+++ b/roles/autoscalinggroup/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - { role: aws-vpc }
+  - { role: aws-management-queues }
diff --git a/roles/autoscalinggroup/tasks/main.yml b/roles/autoscalinggroup/tasks/main.yml

new file mode 100644 (file)

index 0000000..d0c1692
--- /dev/null
+++ b/roles/autoscalinggroup/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+- assert:
+    that:
+    - zone in ('pub', 'priv')
+    - module != ''
+    - version != ''
+    - region|default(vpc_region) != ''
+  tags: ['check_vars']
+
+- set_fact:
+    asg_n:
+    - "{{ module }}"
+    - "{{ stack }}"
+    - "{{ country|ternary('c0', '') }}{{ country|default('') }}"
+    - "{{ phase|ternary('d0', '') }}{{ phase|default('') }}"
+
+- name: suss out our subnets
+  ec2_vpc_subnet_facts:
+    region: "{{ vpc_region }}"
+    filters:
+      vpc_id: "{{ vpc.vpc.id }}"
+      "tag:zone": "{{ zone }}"
+  register: partial_subnet_ids
+
+- name: autoscalinggroup
+  ec2_asg:
+    region: "{{ vpc_region }}"
+    name: "{{ asg_n|select|join('-') }}"
+    min_size: "{{ min_size|default(0) }}"
+    max_size: "{{ max_size|default(omit) }}"
+    desired_capacity: "{{ desired_capacity|default(omit) }}"
+    default_cooldown: 10
+    vpc_zone_identifier: "{{ partial_subnet_ids.subnets|default([])|map(attribute='id')|list }}"
+    launch_config_name: "{{ asg_n|select|join('-') }}-{{ version }}"
+    notification_topic: "{{ management_topic.sns_arn }}"
+    load_balancers: "{{ load_balancers|default(omit) }}"
+    tags:
+    - account: "{{ ACCT_NAME }}"
+      propagate_at_launch: yes
+    - module: "{{ module }}"
+      propagate_at_launch: yes
+    - stack: "{{ stack }}"
+      propagate_at_launch: yes
+    - country: "{{ country }}"
+      propagate_at_launch: yes
+    - phase: "{{ phase }}"
+      propagate_at_launch: yes
+
diff --git a/roles/common-infrastructure/tasks/main.yml b/roles/common-infrastructure/tasks/main.yml

index 0d3910b836b14ae59f4f37df2818a31a85202dc8..c3495bca78eb010105cd3a3d389c4273190efebe 100644 (file)
--- a/roles/common-infrastructure/tasks/main.yml
+++ b/roles/common-infrastructure/tasks/main.yml
@@ -18,3 +18,23 @@
      - proto: all
        cidr_ip: 0.0.0.0/0
    register: sg_ssh
+
+- name: sg icmp
+  delegate_to: localhost
+  become: no
+  ec2_group:
+    vpc_id: "{{ vpc.vpc.id }}"
+    region: "{{ vpc_region }}"
+    state: present
+    name: icmp
+    description: "allow icmp from anywhere"
+    purge_rules: false
+    rules:
+    - proto: icmp
+      from_port: -1
+      to_port: -1
+      cidr_ip: 0.0.0.0/0
+    rules_egress:
+    - proto: all
+      cidr_ip: 0.0.0.0/0
+  register: sg_icmp
diff --git a/roles/launchconfig/meta/main.yml b/roles/launchconfig/meta/main.yml

new file mode 100644 (file)

index 0000000..96ecf5e
--- /dev/null
+++ b/roles/launchconfig/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: aws-vpc }
+\ No newline at end of file
diff --git a/roles/launchconfig/tasks/main.yml b/roles/launchconfig/tasks/main.yml

new file mode 100644 (file)

index 0000000..59768fd
--- /dev/null
+++ b/roles/launchconfig/tasks/main.yml
@@ -0,0 +1,71 @@
+---
+- assert:
+    that:
+    - module != ''
+    - version != ''
+    - ami|default(DEFAULT_AMI) != ''
+    - region|default(vpc_region) != ''
+    - security_group_ids != ''
+    - instance_type != ''
+  tags: ['check_vars']
+
+- set_fact:
+    ud_cluster:
+    - "{{ module }}"
+    - "{{ country|ternary('c0', '') }}{{ country|default('') }}"
+    - "{{ phase|ternary('d0', '') }}{{ phase|default('') }}"
+
+- set_fact:
+    ud_asgn:
+    - "{{ module }}"
+    - "{{ stack|default('') }}"
+    - "{{ country|ternary('c0', '') }}{{ country|default('') }}"
+    - "{{ phase|ternary('d0', '') }}{{ phase|default('') }}"
+
+- set_fact:
+    lc_n:
+    - "{{ module }}"
+    - "{{ stack|default('') }}"
+    - "{{ country|ternary('c0', '') }}{{ country|default('') }}"
+    - "{{ phase|ternary('d0', '') }}{{ phase|default('') }}"
+    - "{{ version }}"
+
+- name: assemble user data
+  set_fact:
+    user_data:
+      EC2_REGION: "{{ region|default(vpc_region) }}"
+      CLOUD_COUNTRIES: "{{ country|default() }}"
+      CLOUD_ENVIRONMENT: "{{ ACCT_NAME }}"
+      CLOUD_MONITOR_BUCKET: "{{ module }}"
+      CLOUD_APP: "{{ module }}"
+      CLOUD_STACK: "{{ stack|default('None') }}"
+      CLOUD_DEV_PHASE: "{{ phase|default() }}"
+      CLOUD_CLUSTER: "{{ ud_cluster|select|join('-') }}"
+      CLOUD_AUTO_SCALE_GROUP: "{{ ud_asgn|select|join('-') }}"
+      CLOUD_LAUNCH_CONFIG: "{{ lc_n|select|join('-') }}"
+
+- name: launchconfig
+  ec2_lc:
+    region: "{{ region|default(vpc_region) }}"
+    name: "{{ lc_n|select|join('-') }}"
+    image_id: "{{ ami|default(DEFAULT_AMI) }}"
+    key_name: "{{ MANAGEMENT_KEY_NAME }}"
+    instance_profile_name: "{{ module }}"
+    security_groups: "{{ security_group_ids }}"
+    instance_type: "{{ instance_type}}"
+    volumes:
+# setting the root volume seems to prevent instances from launching
+#    - device_name: /dev/sda
+#      volume_size: 8
+#      volume_type: gp2
+#      delete_on_termination: true
+    - device_name: /dev/sdb
+      ephemeral: ephemeral0
+    - device_name: /dev/sdc
+      ephemeral: ephemeral1
+    - device_name: /dev/sdd
+      ephemeral: ephemeral2
+    - device_name: /dev/sde
+      ephemeral: ephemeral3
+    user_data: "{{ lookup('template', 'userdata.sh.j2') }}"
+  register: launchconfig
diff --git a/roles/launchconfig/templates/userdata.sh.j2 b/roles/launchconfig/templates/userdata.sh.j2

new file mode 100644 (file)

index 0000000..e8a987e
--- /dev/null
+++ b/roles/launchconfig/templates/userdata.sh.j2
@@ -0,0 +1,4 @@
+{% for k,v in user_data.iteritems() %}
+export {{ k }}={{ v }}
+{% endfor %}
+{{ user_data_extra|default() }}
diff --git a/roles/module-aws-stack/meta/main.yml b/roles/module-aws-stack/meta/main.yml

new file mode 100644 (file)

index 0000000..17574a4
--- /dev/null
+++ b/roles/module-aws-stack/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - { role: aws-vpc }
+  - { role: common-infrastructure }
diff --git a/roles/module-aws-stack/tasks/main.yml b/roles/module-aws-stack/tasks/main.yml

new file mode 100644 (file)

index 0000000..9700328
--- /dev/null
+++ b/roles/module-aws-stack/tasks/main.yml
@@ -0,0 +1,78 @@
+---
+- assert:
+    that:
+    - module != ''
+    - zone in ('pub', 'priv')
+    - sg_rules is defined
+    - elb_type|default('') in ('', 'internal', 'internet-facing')
+  tags: ['check_vars']
+
+- name: determine subnets for ELB
+  ec2_vpc_subnet_facts:
+    region: "{{ vpc_region }}"
+    filters:
+      vpc_id: "{{ vpc.vpc.id }}"
+      "tag:zone": "{{ zone }}"
+  register: elb_subnet_ids
+
+- name: module IAM role
+  iam:
+    name: "{{ module }}"
+    iam_type: role
+    state: present
+
+- name: module ELB securitygroup
+  when: elb_type is defined
+  ec2_group:
+    vpc_id: "{{ vpc.vpc.id }}"
+    region: "{{ vpc_region }}"
+    state: present
+    name: "{{ module }}-{{ (elb_type == 'internal')|ternary('int', 'ext') }}-elb"
+    description: "sg for {{ (elb_type == 'internal')|ternary('internal', 'external') }} elb for {{ module }}"
+    purge_rules: false
+    rules: "{{ elb_rules }}"
+    rules_egress:
+    - proto: all
+      cidr_ip: 0.0.0.0/0
+
+- name: module securitygroup
+  ec2_group:
+    vpc_id: "{{ vpc.vpc.id }}"
+    region: "{{ vpc_region }}"
+    state: present
+    name: "{{ module }}"
+    description: "{{ module }} rules"
+    purge_rules: false
+    rules: "{{ sg_rules }}"
+    rules_egress:
+    - proto: all
+      cidr_ip: 0.0.0.0/0
+  register: sg_module
+
+- name: module ELB
+  when: elb_type is defined
+  ec2_elb_lb:
+    region: "{{ vpc_region }}"
+    state: present
+    name: "{{ module }}-{{ (elb_type == 'internal')|ternary('int', 'ext') }}-elb"
+    cross_az_load_balancing: yes
+    scheme: "{{ elb_type }}"
+    subnets: "{{ elb_subnet_ids.subnets|default([])|map(attribute='id')|list }}"
+    security_group_names:
+    - "{{ module }}-{{ (elb_type == 'internal')|ternary('int', 'ext') }}-elb"
+    listeners: "{{ elb_listeners }}"
+    health_check: "{{ elb_healthcheck }}"
+  register: loadbalancer
+
+- include_role:
+    name: launchconfig
+  vars:
+    security_group_ids:
+    - "{{ sg_ssh.group_id }}"
+    - "{{ sg_icmp.group_id }}"
+    - "{{ sg_module.group_id }}"
+
+- include_role:
+    name: autoscalinggroup
+  vars:
+    load_balancers: "{{ loadbalancer.elb.name|default(omit) }}"
diff --git a/roles/vpcaccess-infrastructure/defaults/main.yml b/roles/vpcaccess-infrastructure/defaults/main.yml

new file mode 100644 (file)

index 0000000..bce0225
--- /dev/null
+++ b/roles/vpcaccess-infrastructure/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+module: vpcaccess
+stack:
+country:
+phase:
+version:
+instance_type: m4.large 
+zone: 'pub'
diff --git a/roles/vpcaccess/files/vpcaccess-policy.json b/roles/vpcaccess-infrastructure/files/vpcaccess-policy.json

similarity index 100%

rename from roles/vpcaccess/files/vpcaccess-policy.json

rename to roles/vpcaccess-infrastructure/files/vpcaccess-policy.json
diff --git a/roles/vpcaccess-infrastructure/tasks/main.yml b/roles/vpcaccess-infrastructure/tasks/main.yml

index 3faf612466e8e223505116090de13409bf596c3c..878402e72982bcb0ecc74122cd8bafa6be440c7f 100644 (file)
--- a/roles/vpcaccess-infrastructure/tasks/main.yml
+++ b/roles/vpcaccess-infrastructure/tasks/main.yml
@@ -3,91 +3,32 @@
      that:
    tags: ['check_vars']
  
-- name: vpcaccess iam
-  iam:
-    name: vpcaccess
-    iam_type: role
-    state: present
-
-- name: sg vpcaccess
-  ec2_group:
-    vpc_id: "{{ vpc.vpc.id }}"
-    region: "{{ vpc_region }}"
-    state: present
-    name: vpcaccess
-    description: "vpcaccess rules"
-    purge_rules: false
-    rules:
+- include_role:
+    name: module-aws-stack
+  vars:
+    sg_rules:
      - proto: all
+      from_port: -1
+      to_port: -1
        cidr_ip: "{{ vpc.vpc.cidr_block }}"
-    rules_egress:
-    - proto: all
+    elb_type: internal
+    elb_rules:
+    - proto: tcp
+      from_port: 22
+      to_port: 22
        cidr_ip: 0.0.0.0/0
-  register: sg_vpcaccess
-
-- name: vpcaccess lc
-  ec2_lc:
-    region: "{{ vpc_region }}"
-    name: vpcaccess-0000
-    image_id: "{{ DEFAULT_AMI }}"
-    key_name: "{{ MANAGEMENT_KEY_NAME }}"
-    instance_profile_name: vpcaccess
-    security_groups:
-      - "{{ sg_vpcaccess.group_id }}"
-      - "{{ sg_ssh.group_id }}"
-    instance_type: m4.large
-    volumes:
-# setting the root volume seems to prevent instances from launching
-#    - device_name: /dev/sda1
-#      volume_size: 8
-#      volume_type: gp2
-#      delete_on_termination: true
-    - device_name: /dev/sdb
-      ephemeral: ephemeral0
-    - device_name: /dev/sdc
-      ephemeral: ephemeral1
-    - device_name: /dev/sdd
-      ephemeral: ephemeral2
-    - device_name: /dev/sde
-      ephemeral: ephemeral3
-  register: vpcaccess_lc
-
-- name: suss out our subnets
-  ec2_vpc_subnet_facts:
-    region: "{{ vpc_region }}"
-    filters:
-      vpc_id: "{{ vpc.vpc.id }}"
-      "tag:zone": pub
-  register: public_subnet_ids
-
-- debug:
-    var: public_subnet_ids
-
-- name: vpcaccess asg
-  ec2_asg:
-    region: "{{ vpc_region }}"
-    name: vpcaccess
-    min_size: 1
+    elb_listeners:
+    - protocol: tcp
+      load_balancer_port: 22
+      instance_port: 22
+    elb_healthcheck:
+      ping_protocol: tcp
+      ping_port: 22
+      response_timeout: 5
+      interval: 30
+      unhealthy_threshold: 2
+      healthy_threshold: 2
      max_size: 1
-    desired_capacity: 1
-    default_cooldown: 10
-    vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
-    launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
-    notification_topic: "{{ management_topic.sns_arn }}"
-    notification_types:
-    - autoscaling:EC2_INSTANCE_LAUNCH
-    load_balancers:
-    tags:
-    - account: "{{ ACCT_NAME }}"
-      propagate_at_launch: yes
-    - module: vpcaccess
-      propagate_at_launch: yes
-    - stack: ""
-      propagate_at_launch: yes
-    - country: ""
-      propagate_at_launch: yes
-    - phase: dev
-      propagate_at_launch: yes
  
  - name: not implemented yet
    debug:
diff --git a/vpcaccess.yml b/vpcaccess-d0dev.yml

similarity index 67%

rename from vpcaccess.yml

rename to vpcaccess-d0dev.yml

index 1abeed9ddd659b5f9f1d27405925ed70bd059fc4..f11242ea1f81befc92526014fa4d39a76c6f99bb 100644 (file)
--- a/vpcaccess.yml
+++ b/vpcaccess-d0dev.yml
@@ -1,5 +1,5 @@
  ---
-- hosts: vpcaccess
+- hosts: vpcaccess-d0dev
    become: true
    roles:
    - common
author	Justin Wind <j.wind@partner.samsung.com>
	Tue, 14 Mar 2017 20:01:58 +0000 (13:01 -0700)
committer	Justin Wind <j.wind@partner.samsung.com>
	Tue, 14 Mar 2017 20:01:58 +0000 (13:01 -0700)
init_vpcaccess-dev.yml	[moved from init_vpcaccess.yml with 55% similarity]	patch \| blob \| history
roles/autoscalinggroup/meta/main.yml	[new file with mode: 0644]	patch \| blob
roles/autoscalinggroup/tasks/main.yml	[new file with mode: 0644]	patch \| blob
roles/common-infrastructure/tasks/main.yml		patch \| blob \| history
roles/launchconfig/meta/main.yml	[new file with mode: 0644]	patch \| blob
roles/launchconfig/tasks/main.yml	[new file with mode: 0644]	patch \| blob
roles/launchconfig/templates/userdata.sh.j2	[new file with mode: 0644]	patch \| blob
roles/module-aws-stack/meta/main.yml	[new file with mode: 0644]	patch \| blob
roles/module-aws-stack/tasks/main.yml	[new file with mode: 0644]	patch \| blob
roles/vpcaccess-infrastructure/defaults/main.yml	[new file with mode: 0644]	patch \| blob
roles/vpcaccess-infrastructure/files/vpcaccess-policy.json	[moved from roles/vpcaccess/files/vpcaccess-policy.json with 100% similarity]	patch \| blob \| history
roles/vpcaccess-infrastructure/tasks/main.yml		patch \| blob \| history
vpcaccess-d0dev.yml	[moved from vpcaccess.yml with 67% similarity]	patch \| blob \| history