From: Justin Wind Date: Fri, 10 Mar 2017 19:56:39 +0000 (-0800) Subject: split out management infrastructure role further X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=61b2ef2ad67ef165855de4e15bb4e92ad965faa3;p=awsible split out management infrastructure role further reduce the workload of dependent roles --- diff --git a/roles/aws-management-infrastructure/meta/main.yml b/roles/aws-management-infrastructure/meta/main.yml index 96ecf5e..f4f0c2a 100644 --- a/roles/aws-management-infrastructure/meta/main.yml +++ b/roles/aws-management-infrastructure/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - { role: aws-vpc } \ No newline at end of file + - { role: aws-management-queues } diff --git a/roles/aws-management-infrastructure/tasks/main.yml b/roles/aws-management-infrastructure/tasks/main.yml index 8aa65bf..512f229 100644 --- a/roles/aws-management-infrastructure/tasks/main.yml +++ b/roles/aws-management-infrastructure/tasks/main.yml @@ -1,70 +1,10 @@ --- - assert: that: - - MANAGEMENT_EVENT_FAILURE_QUEUE != '' - - MANAGEMENT_EVENT_QUEUE != '' - MANAGEMENT_SUBNET != '' - DEFAULT_AMI != '' tags: ['check_vars'] -- name: Management failure queue. - sqs_queue: - state: present - region: "{{ vpc_region }}" - name: "{{ MANAGEMENT_EVENT_FAILURE_QUEUE }}" - default_visibility_timeout: 30 - message_retention_period: 1209600 - maximum_message_size: 262144 - delivery_delay: 0 - receive_message_wait_time: 0 - register: management_failure_queue - -# as of Ansible 2.2.1.0 sqs_queue does not seem to be returning queue_arn - -- name: Managment queue. - sqs_queue: - state: present - region: "{{ vpc_region }}" - name: "{{ MANAGEMENT_EVENT_QUEUE }}" - default_visibility_timeout: 30 - message_retention_period: 345600 - maximum_message_size: 262144 - delivery_delay: 0 - receive_message_wait_time: 20 - redrive_policy: - maxReceiveCount: 5 - deadLetterTargetArn: "arn:aws:sqs:{{ vpc_region }}:{{ ACCT_ID }}:{{ MANAGEMENT_EVENT_FAILURE_QUEUE }}" -# deadLetterTargetArn: "{{ management_failure_queue.queue_arn }}" - register: management_queue - -- name: Management topic and subscription. - sns_topic: - state: present - region: "{{ vpc_region }}" - name: "{{ MANAGEMENT_EVENT_QUEUE }}" - display_name: "{{ MANAGEMENT_EVENT_QUEUE_SHORT }}" - purge_subscriptions: False - subscriptions: -# - endpoint: "{{ management_queue.queue_arn }}" - - endpoint: "arn:aws:sqs:{{ vpc_region }}:{{ ACCT_ID }}:{{ MANAGEMENT_EVENT_QUEUE }}" - protocol: "sqs" - register: management_topic - -- name: Management notice topic - sns_topic: - state: present - region: "{{ vpc_region }}" - name: "{{ MANAGEMENT_NOTICE_TOPIC }}" - display_name: "{{ MANAGEMENT_NOTICE_TOPIC_SHORT }}" - purge_subscriptions: False - register: management_notice_topic - -- name: Management backup bucket - when: MANAGEMENT_BACKUP_S3_BUCKET is defined - s3_bucket: - state: present - name: "{{ MANAGEMENT_BACKUP_S3_BUCKET }}" - - name: sg ssh ec2_group: vpc_id: "{{ vpc.vpc.id }}" @@ -196,15 +136,23 @@ desired_capacity: 1 default_cooldown: 10 vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}" - launch_config_name: "{{ mgmt_lc.name }}" + launch_config_name: "{{ mgmt_lc.name|default('checkmode') }}" notification_topic: "{{ management_topic.sns_arn }}" notification_types: - autoscaling:EC2_INSTANCE_LAUNCH load_balancers: - management-int-elb tags: + - account: "{{ ACCT_NAME }}" + propagate_at_launch: yes - module: management propagate_at_launch: yes + - stack: "" + propagate_at_launch: yes + - country: "" + propagate_at_launch: yes + - phase: dev + propagate_at_launch: yes - name: not implemented yet debug: diff --git a/roles/aws-management-queues/defaults/main.yml b/roles/aws-management-queues/defaults/main.yml new file mode 100644 index 0000000..0db972b --- /dev/null +++ b/roles/aws-management-queues/defaults/main.yml @@ -0,0 +1,6 @@ +--- +MANAGEMENT_EVENT_QUEUE: management-events +MANAGEMENT_EVENT_QUEUE_SHORT: management +MANAGEMENT_EVENT_FAILURE_QUEUE: "{{ MANAGEMENT_EVENT_QUEUE }}-failed" +MANAGEMENT_NOTICE_TOPIC: management-notifications +MANAGEMENT_NOTICE_TOPIC_SHORT: notices diff --git a/roles/aws-management-queues/meta/main.yml b/roles/aws-management-queues/meta/main.yml new file mode 100644 index 0000000..96ecf5e --- /dev/null +++ b/roles/aws-management-queues/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: aws-vpc } \ No newline at end of file diff --git a/roles/aws-management-queues/tasks/main.yml b/roles/aws-management-queues/tasks/main.yml new file mode 100644 index 0000000..5c18f70 --- /dev/null +++ b/roles/aws-management-queues/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- assert: + that: + - MANAGEMENT_EVENT_FAILURE_QUEUE != '' + - MANAGEMENT_EVENT_QUEUE != '' + tags: ['check_vars'] + +- name: Management failure queue. + sqs_queue: + state: present + region: "{{ vpc_region }}" + name: "{{ MANAGEMENT_EVENT_FAILURE_QUEUE }}" + default_visibility_timeout: 30 + message_retention_period: 1209600 + maximum_message_size: 262144 + delivery_delay: 0 + receive_message_wait_time: 0 + register: management_failure_queue + +# as of Ansible 2.2.1.0 sqs_queue does not seem to be returning queue_arn + +- name: Managment queue. + sqs_queue: + state: present + region: "{{ vpc_region }}" + name: "{{ MANAGEMENT_EVENT_QUEUE }}" + default_visibility_timeout: 30 + message_retention_period: 345600 + maximum_message_size: 262144 + delivery_delay: 0 + receive_message_wait_time: 20 + redrive_policy: + maxReceiveCount: 5 + deadLetterTargetArn: "arn:aws:sqs:{{ vpc_region }}:{{ ACCT_ID }}:{{ MANAGEMENT_EVENT_FAILURE_QUEUE }}" +# deadLetterTargetArn: "{{ management_failure_queue.queue_arn }}" + register: management_queue + +- name: Management topic and subscription. + sns_topic: + state: present + region: "{{ vpc_region }}" + name: "{{ MANAGEMENT_EVENT_QUEUE }}" + display_name: "{{ MANAGEMENT_EVENT_QUEUE_SHORT }}" + purge_subscriptions: False + subscriptions: +# - endpoint: "{{ management_queue.queue_arn }}" + - endpoint: "arn:aws:sqs:{{ vpc_region }}:{{ ACCT_ID }}:{{ MANAGEMENT_EVENT_QUEUE }}" + protocol: "sqs" + register: management_topic + +- name: Management notice topic + sns_topic: + state: present + region: "{{ vpc_region }}" + name: "{{ MANAGEMENT_NOTICE_TOPIC }}" + display_name: "{{ MANAGEMENT_NOTICE_TOPIC_SHORT }}" + purge_subscriptions: False + register: management_notice_topic