2018-02-08 06:50:41 +00:00
|
|
|
---
|
|
|
|
# A Note about ec2 environment variable name preference:
|
|
|
|
# - EC2_URL -> AWS_URL
|
|
|
|
# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
|
|
|
|
# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
|
|
|
|
# - EC2_REGION -> AWS_REGION
|
|
|
|
#
|
|
|
|
|
|
|
|
# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_instance
|
|
|
|
|
|
|
|
- block:
|
|
|
|
|
|
|
|
# ============================================================
|
|
|
|
- name: set connection information for all tasks
|
|
|
|
set_fact:
|
|
|
|
aws_connection_info: &aws_connection_info
|
|
|
|
aws_access_key: "{{ aws_access_key }}"
|
|
|
|
aws_secret_key: "{{ aws_secret_key }}"
|
|
|
|
security_token: "{{ security_token }}"
|
|
|
|
region: "{{ aws_region }}"
|
|
|
|
no_log: true
|
|
|
|
|
|
|
|
- name: Create VPC for use in testing
|
|
|
|
ec2_vpc_net:
|
|
|
|
name: "{{ resource_prefix }}-vpc"
|
|
|
|
cidr_block: 10.22.32.0/23
|
|
|
|
tags:
|
|
|
|
Name: Ansible ec2_instance Testing VPC
|
|
|
|
tenancy: default
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: testing_vpc
|
|
|
|
|
|
|
|
- name: Create internet gateway for use in testing
|
|
|
|
ec2_vpc_igw:
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
state: present
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: igw
|
|
|
|
|
|
|
|
- name: Create default subnet in zone A
|
|
|
|
ec2_vpc_subnet:
|
|
|
|
state: present
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
cidr: 10.22.32.0/24
|
|
|
|
az: "{{ aws_region }}a"
|
|
|
|
resource_tags:
|
|
|
|
Name: "{{ resource_prefix }}-subnet-a"
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: testing_subnet_a
|
|
|
|
|
|
|
|
- name: Create secondary subnet in zone B
|
|
|
|
ec2_vpc_subnet:
|
|
|
|
state: present
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
cidr: 10.22.33.0/24
|
|
|
|
az: "{{ aws_region }}b"
|
|
|
|
resource_tags:
|
|
|
|
Name: "{{ resource_prefix }}-subnet-b"
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: testing_subnet_b
|
|
|
|
|
|
|
|
- name: create routing rules
|
|
|
|
ec2_vpc_route_table:
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
tags:
|
|
|
|
created: "{{ resource_prefix }}-route"
|
|
|
|
routes:
|
|
|
|
- dest: 0.0.0.0/0
|
|
|
|
gateway_id: "{{ igw.gateway_id }}"
|
|
|
|
subnets:
|
|
|
|
- "{{ testing_subnet_a.subnet.id }}"
|
|
|
|
- "{{ testing_subnet_b.subnet.id }}"
|
|
|
|
<<: *aws_connection_info
|
|
|
|
|
|
|
|
- name: create a security group with the vpc
|
|
|
|
ec2_group:
|
|
|
|
name: "{{ resource_prefix }}-sg"
|
|
|
|
description: a security group for ansible tests
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
rules:
|
|
|
|
- proto: tcp
|
|
|
|
from_port: 22
|
|
|
|
to_port: 22
|
|
|
|
cidr_ip: 0.0.0.0/0
|
|
|
|
- proto: tcp
|
|
|
|
from_port: 80
|
|
|
|
to_port: 80
|
|
|
|
cidr_ip: 0.0.0.0/0
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: sg
|
|
|
|
|
|
|
|
- include_tasks: tasks/termination_protection.yml
|
|
|
|
- include_tasks: tasks/tags_and_vpc_settings.yml
|
|
|
|
- include_tasks: tasks/external_resource_attach.yml
|
|
|
|
- include_tasks: tasks/block_devices.yml
|
|
|
|
- include_tasks: tasks/default_vpc_tests.yml
|
2018-04-03 15:39:39 +00:00
|
|
|
- include_tasks: tasks/iam_instance_role.yml
|
2018-02-08 06:50:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
# ============================================================
|
|
|
|
|
|
|
|
always:
|
|
|
|
- name: remove any instances in the test VPC
|
|
|
|
ec2_instance:
|
|
|
|
filters:
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
state: absent
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove ENIs
|
|
|
|
ec2_eni_facts:
|
|
|
|
filters:
|
|
|
|
vpc-id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: enis
|
|
|
|
|
|
|
|
- name: delete all ENIs
|
|
|
|
ec2_eni:
|
|
|
|
eni_id: "{{ item.id }}"
|
|
|
|
state: absent
|
|
|
|
<<: *aws_connection_info
|
|
|
|
until: removed is not failed
|
|
|
|
with_items: "{{ enis.network_interfaces }}"
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove the security group
|
|
|
|
ec2_group:
|
|
|
|
name: "{{ resource_prefix }}-sg"
|
|
|
|
description: a security group for ansible tests
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
state: absent
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove routing rules
|
|
|
|
ec2_vpc_route_table:
|
|
|
|
state: absent
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
tags:
|
|
|
|
created: "{{ resource_prefix }}-route"
|
|
|
|
routes:
|
|
|
|
- dest: 0.0.0.0/0
|
|
|
|
gateway_id: "{{ igw.gateway_id }}"
|
|
|
|
subnets:
|
|
|
|
- "{{ testing_subnet_a.subnet.id }}"
|
|
|
|
- "{{ testing_subnet_b.subnet.id }}"
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove internet gateway
|
|
|
|
ec2_vpc_igw:
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
state: absent
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove subnet A
|
|
|
|
ec2_vpc_subnet:
|
|
|
|
state: absent
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
cidr: 10.22.32.0/24
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove subnet B
|
|
|
|
ec2_vpc_subnet:
|
|
|
|
state: absent
|
|
|
|
vpc_id: "{{ testing_vpc.vpc.id }}"
|
|
|
|
cidr: 10.22.33.0/24
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
- name: remove the VPC
|
|
|
|
ec2_vpc_net:
|
|
|
|
name: "{{ resource_prefix }}-vpc"
|
|
|
|
cidr_block: 10.22.32.0/23
|
|
|
|
state: absent
|
|
|
|
tags:
|
|
|
|
Name: Ansible Testing VPC
|
|
|
|
tenancy: default
|
|
|
|
<<: *aws_connection_info
|
|
|
|
register: removed
|
|
|
|
until: removed is not failed
|
|
|
|
ignore_errors: yes
|
|
|
|
retries: 10
|