From 41f20691b9d561a8dfa2ec8fb44b7ea87a9af222 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Fri, 11 Oct 2024 15:27:54 +0300 Subject: [PATCH 1/9] AWS: Create a VPC, if no default --- .../roles/cloud-resources/tasks/aws.yml | 101 +++++++++++------- 1 file changed, 62 insertions(+), 39 deletions(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index a71810094..c99e995fe 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -60,52 +60,75 @@ # Create (if state is present) - block: # if server_network is specified, get vpc id for this subnet - - name: "AWS: Gather information about VPC for '{{ server_network }}'" - amazon.aws.ec2_vpc_subnet_info: - region: "{{ server_location }}" - subnet_ids: "{{ server_network }}" - register: vpc_subnet_info - when: server_network | length > 0 + - block: + - name: "AWS: Gather information about VPC for '{{ server_network }}'" + amazon.aws.ec2_vpc_subnet_info: + region: "{{ server_location }}" + subnet_ids: "{{ server_network }}" + register: vpc_subnet_info - - name: "Set variable: vpc_id" - ansible.builtin.set_fact: - vpc_id: "{{ vpc_subnet_info.subnets[0].vpc_id }}" - when: - - server_network | length > 0 - - vpc_subnet_info.subnets[0].vpc_id is defined + - name: "Set variable: vpc_id" + ansible.builtin.set_fact: + vpc_id: "{{ vpc_subnet_info.subnets[0].vpc_id }}" + when: vpc_subnet_info.subnets[0].vpc_id is defined + when: server_network | length > 0 # if server_network is not specified, use default vpc subnet - - name: "AWS: Gather information about default VPC" - amazon.aws.ec2_vpc_net_info: - region: "{{ server_location }}" - filters: - "is-default": true - register: vpc_info + - block: + - name: "AWS: Gather information about default VPC" + amazon.aws.ec2_vpc_net_info: + region: "{{ server_location }}" + filters: + "is-default": true + register: vpc_info + + # if no default vpc + - name: "No default VPC found" + ansible.builtin.debug: + msg: "No default VPC found in region {{ server_location }}" + when: vpc_info.vpcs | length == 0 or vpc_info.vpcs[0].id is not defined + + - name: "AWS: Gather information about VPC subnet for default VPC" + amazon.aws.ec2_vpc_subnet_info: + region: "{{ server_location }}" + filters: + vpc-id: "{{ vpc_info.vpcs[0].id }}" + register: vpc_subnet_info + when: vpc_info.vpcs[0].id is defined + + - name: "Set variable: vpc_id" + ansible.builtin.set_fact: + vpc_id: "{{ vpc_info.vpcs[0].id }}" + when: vpc_info.vpcs[0].id is defined + + - name: "Set variable: server_network" + ansible.builtin.set_fact: + server_network: "{{ vpc_subnet_info.subnets[0].id }}" + when: vpc_subnet_info.subnets[0].id is defined when: server_network | length < 1 - - name: "AWS: Gather information about VPC subnet for default VPC" - amazon.aws.ec2_vpc_subnet_info: - region: "{{ server_location }}" - filters: - vpc-id: "{{ vpc_info.vpcs[0].id }}" - register: vpc_subnet_info - when: - - server_network | length < 1 - - vpc_info.vpcs[0].id is defined + # if server_network is not specified and there is no default VPC, create a VPC and subnet + - block: + - name: "AWS: Create VPC" + amazon.aws.ec2_vpc_net: + name: "{{ aws_vpc_name | default('postgres-cluster-vpc') }}" + cidr_block: "{{ aws_vpc_cidr | default('10.0.0.0/16') }}" + region: "{{ server_location }}" + state: present + register: aws_vpc - - name: "Set variable: vpc_id" - ansible.builtin.set_fact: - vpc_id: "{{ vpc_info.vpcs[0].id }}" - when: - - server_network | length < 1 - - vpc_info.vpcs[0].id is defined + - name: "AWS: Create subnet" + amazon.aws.ec2_vpc_subnet: + vpc_id: "{{ aws_vpc.vpc.id }}" + cidr: "{{ aws_subnet_cidr | default('10.0.1.0/24') }}" + region: "{{ server_location }}" + state: present + register: aws_subnet - - name: "Set variable: server_network" - ansible.builtin.set_fact: - server_network: "{{ vpc_subnet_info.subnets[0].id }}" - when: - - server_network | length < 1 - - vpc_subnet_info.subnets[0].id is defined + - name: "Set variable: server_network" + ansible.builtin.set_fact: + server_network: "{{ aws_subnet.subnet.id }}" + when: server_network | length < 1 # Security Group (Firewall) - name: "AWS: Create or modify Security Group" From 47d8c2e14767415865074e311b675f4b14010fe8 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Fri, 11 Oct 2024 15:34:35 +0300 Subject: [PATCH 2/9] Set variable: vpc_id --- automation/roles/cloud-resources/tasks/aws.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index c99e995fe..b40d18045 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -125,6 +125,11 @@ state: present register: aws_subnet + - name: "Set variable: vpc_id" + ansible.builtin.set_fact: + vpc_id: "{{ aws_vpc.vpc.id }}" + when: vpc_info.vpcs[0].id is defined + - name: "Set variable: server_network" ansible.builtin.set_fact: server_network: "{{ aws_subnet.subnet.id }}" From 76e884f306c27030729f351c643743e4f1953391 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Fri, 11 Oct 2024 15:34:58 +0300 Subject: [PATCH 3/9] Update aws.yml --- automation/roles/cloud-resources/tasks/aws.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index b40d18045..727f7d150 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -128,7 +128,6 @@ - name: "Set variable: vpc_id" ansible.builtin.set_fact: vpc_id: "{{ aws_vpc.vpc.id }}" - when: vpc_info.vpcs[0].id is defined - name: "Set variable: server_network" ansible.builtin.set_fact: From 7777f98bb5a1d1bbda65e24b20abca4e56476044 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Fri, 11 Oct 2024 15:42:47 +0300 Subject: [PATCH 4/9] Gather information about VPC subnet --- automation/roles/cloud-resources/tasks/aws.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index 727f7d150..04a41d9a3 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -61,7 +61,7 @@ - block: # if server_network is specified, get vpc id for this subnet - block: - - name: "AWS: Gather information about VPC for '{{ server_network }}'" + - name: "AWS: Gather information about VPC subnet for '{{ server_network }}'" amazon.aws.ec2_vpc_subnet_info: region: "{{ server_location }}" subnet_ids: "{{ server_network }}" @@ -125,6 +125,13 @@ state: present register: aws_subnet + - name: "AWS: Gather information about VPC subnet for {{ aws_vpc_name | default('postgres-cluster-vpc') }} VPC" + amazon.aws.ec2_vpc_subnet_info: + region: "{{ server_location }}" + filters: + vpc-id: "{{ aws_vpc.vpc.id }}" + register: vpc_subnet_info + - name: "Set variable: vpc_id" ansible.builtin.set_fact: vpc_id: "{{ aws_vpc.vpc.id }}" From ab2b73b7f5fb16d77d05b3cef3ba8836a471d3b2 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Fri, 11 Oct 2024 15:44:16 +0300 Subject: [PATCH 5/9] Update aws.yml --- automation/roles/cloud-resources/tasks/aws.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index 04a41d9a3..b56206331 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -125,7 +125,7 @@ state: present register: aws_subnet - - name: "AWS: Gather information about VPC subnet for {{ aws_vpc_name | default('postgres-cluster-vpc') }} VPC" + - name: "AWS: Gather information about VPC subnet for {{ aws_vpc_name | default('postgres-cluster-vpc') }}" amazon.aws.ec2_vpc_subnet_info: region: "{{ server_location }}" filters: From f5dcab66ad373484ef332d81fe72514a88b84389 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Fri, 11 Oct 2024 16:04:53 +0300 Subject: [PATCH 6/9] Create Internet gateway and route table --- automation/roles/cloud-resources/tasks/aws.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index b56206331..a5eac0cc7 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -107,7 +107,7 @@ when: vpc_subnet_info.subnets[0].id is defined when: server_network | length < 1 - # if server_network is not specified and there is no default VPC, create a VPC and subnet + # if server_network is not specified and there is no default VPC, create a VPC, subnet, gateway and route table - block: - name: "AWS: Create VPC" amazon.aws.ec2_vpc_net: @@ -125,6 +125,21 @@ state: present register: aws_subnet + - name: "AWS: Create Internet gateway" + amazon.aws.ec2_vpc_igw: + vpc_id: "{{ aws_vpc.vpc.id }}" + state: present + region: "{{ server_location }}" + register: aws_igw + + - name: "AWS: Update route table" + amazon.aws.ec2_vpc_route_table: + vpc_id: "{{ aws_vpc.vpc.id }}" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ aws_igw.gateway_id }}" + region: "{{ server_location }}" + - name: "AWS: Gather information about VPC subnet for {{ aws_vpc_name | default('postgres-cluster-vpc') }}" amazon.aws.ec2_vpc_subnet_info: region: "{{ server_location }}" From 97295bc2ba8ffe43ba5d83e3fe3717f002a2fb48 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Sat, 12 Oct 2024 23:54:21 +0300 Subject: [PATCH 7/9] Gather information about VPC route tables --- .../roles/cloud-resources/tasks/aws.yml | 33 ++++++++++++++----- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index a5eac0cc7..eed35d0df 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -125,6 +125,13 @@ state: present register: aws_subnet + - name: "AWS: Gather information about VPC subnet for {{ aws_vpc_name | default('postgres-cluster-vpc') }}" + amazon.aws.ec2_vpc_subnet_info: + region: "{{ server_location }}" + filters: + vpc-id: "{{ aws_vpc.vpc.id }}" + register: vpc_subnet_info + - name: "AWS: Create Internet gateway" amazon.aws.ec2_vpc_igw: vpc_id: "{{ aws_vpc.vpc.id }}" @@ -132,20 +139,28 @@ region: "{{ server_location }}" register: aws_igw - - name: "AWS: Update route table" + - name: "AWS: Gather information about VPC route tables" + amazon.aws.ec2_vpc_route_table_info: + region: "{{ server_location }}" + filters: + vpc-id: "{{ aws_vpc.vpc.id }}" + register: route_table_info + + - name: "AWS: Update the main route table" amazon.aws.ec2_vpc_route_table: - vpc_id: "{{ aws_vpc.vpc.id }}" + route_table_id: "{{ main_route_table_id }}" routes: - dest: 0.0.0.0/0 gateway_id: "{{ aws_igw.gateway_id }}" region: "{{ server_location }}" - - - name: "AWS: Gather information about VPC subnet for {{ aws_vpc_name | default('postgres-cluster-vpc') }}" - amazon.aws.ec2_vpc_subnet_info: - region: "{{ server_location }}" - filters: - vpc-id: "{{ aws_vpc.vpc.id }}" - register: vpc_subnet_info + vars: + main_route_table_id: >- + {{ route_table_info.route_tables + | selectattr('associations', 'defined') + | map(attribute='associations') + | selectattr('main', 'equalto', true) + | map(attribute='route_table_id') + | first }} - name: "Set variable: vpc_id" ansible.builtin.set_fact: From ebbaab0999843110a19ae20ee141b2b793d62214 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Sat, 12 Oct 2024 23:57:08 +0300 Subject: [PATCH 8/9] Update aws.yml --- automation/roles/cloud-resources/tasks/aws.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index eed35d0df..dcc6daa2d 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -148,19 +148,11 @@ - name: "AWS: Update the main route table" amazon.aws.ec2_vpc_route_table: - route_table_id: "{{ main_route_table_id }}" + route_table_id: "{{ route_table_info.route_tables[0].route_table_id }}" routes: - dest: 0.0.0.0/0 gateway_id: "{{ aws_igw.gateway_id }}" region: "{{ server_location }}" - vars: - main_route_table_id: >- - {{ route_table_info.route_tables - | selectattr('associations', 'defined') - | map(attribute='associations') - | selectattr('main', 'equalto', true) - | map(attribute='route_table_id') - | first }} - name: "Set variable: vpc_id" ansible.builtin.set_fact: From a1c94341a055766394ed3b4db5333f9c6f5be580 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Sun, 13 Oct 2024 00:15:18 +0300 Subject: [PATCH 9/9] Update aws.yml --- automation/roles/cloud-resources/tasks/aws.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/automation/roles/cloud-resources/tasks/aws.yml b/automation/roles/cloud-resources/tasks/aws.yml index dcc6daa2d..6129b4f58 100644 --- a/automation/roles/cloud-resources/tasks/aws.yml +++ b/automation/roles/cloud-resources/tasks/aws.yml @@ -144,11 +144,12 @@ region: "{{ server_location }}" filters: vpc-id: "{{ aws_vpc.vpc.id }}" - register: route_table_info + register: aws_route_table_info - name: "AWS: Update the main route table" amazon.aws.ec2_vpc_route_table: - route_table_id: "{{ route_table_info.route_tables[0].route_table_id }}" + vpc_id: "{{ aws_vpc.vpc.id }}" + route_table_id: "{{ aws_route_table_info.route_tables[0].route_table_id }}" routes: - dest: 0.0.0.0/0 gateway_id: "{{ aws_igw.gateway_id }}"