Hello all,
I am creating a VPC with two subnets, a security group and trying to use
those for launching an EC2 with a private IP address from one of the
freshly created subnets.
The problem seems to be that there is no ordering done by the VPC module in
regards to the CIDRs. If that would be happening, it would enable a more
predictable access of the subnet by using "{{ vpc.subnets[0].id }}"
Right now, this makes the new EC2 instance randomly use one of the created
subnets.
Another solution could be for the ec2 module to accept the subnet's CIDR...
but then again, what if you have the same CIDR but in another AZ, that
wouldn't work...
I'm sure the must be a way around this :)
vpc.yml
---
- name: VPC, SG, EC
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: create the VPC
local_action:
module: ec2_vpc
cidr_block: 10.0.0.0/16
dns_hostnames: yes
dns_support: yes
instance_tenancy: default
internet_gateway: yes
region: "{{ region }}"
resource_tags: { "Environment": "test" }
route_tables:
- subnets:
- 10.0.0.0/24
routes:
- dest: 0.0.0.0/0
gw: igw
state: present
subnets:
- cidr: 10.0.0.0/24
az: "{{ zone }}"
resource_tags: { "Environment":"test", "Name" : "Public subnet" }
- cidr: 10.0.1.0/24
az: "{{ zone }}"
resource_tags: { "Environment":"test", "Name" : "Private subnet" }
wait: yes
register: vpc
- debug: var=vpc
- include: secgroup.yml
secgroup.yml
---
- name: VPC, SG, EC2
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: create the security group
local_action:
module: ec2_group
name: "{{ security_group }}"
description: a test EC2 group
vpc_id: "{{ vpc.vpc_id }}"
region: "{{ region }}"
rules:
- proto: all
from_port: 0
to_port: 65535
cidr_ip: "{{ myip }}"/32
rules_egress:
- proto: all
from_port: 0
to_port: 65535
cidr_ip: 0.0.0.0/0
register: secgroup
- debug: var=secgroup
- include: ec2prov.yml
ec2prov.yml
---
- name: VPC, SG, EC2
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: spin up the instance
local_action:
module: ec2
count: 1
region: "{{ region }}"
zone: "{{ zone }}"
instance_type: "{{ instance_type }}"
image: "{{ ami }}"
ebs_optimized: yes
state: present
group_id: "{{ secgroup.group_id }}"
vpc_subnet_id: "{{ vpc.subnets[0].id }}"
key_name: "{{ keypair }}"
monitoring: yes
assign_public_ip: yes
private_ip: 10.0.0.10
wait: yes
wait_timeout: 300
volumes:
- device_name: /dev/xvda
volume_size: 50
device_type: gp2
- device_name: /dev/xvdb
volume_size: 80
device_type: gp2
ephemeral: ephemeral0
- device_name: /dev/xvdc
volume_size: 80
device_type: gp2
ephemeral: ephemeral1
register: ec2
tags: ec2
- debug: var=ec2
- name: add EIP to the instance
local_action: ec2_eip in_vpc=yes instance_id={{ item.id }} region={{
region }}
with_items: ec2.instances
register: eip
- name: add instance to host group
local_action: add_host hostname={{ item.public_ip }} groupname={{
security_group }}
with_items: eip.results
- name: tag instance
local_action: ec2_tag resource={{ item.id }} region={{ region }}
state=present
with_items: ec2.instances
args:
tags:
Name: "{{ instance_name }}"
- name: add instance to local host group
local_action: lineinfile dest=hosts regexp="{{ item.public_ip }}"
insertafter="[launched]" line={{ item.public_ip }}
with_items: eip.results
- name: wait for the instance to start
local_action: wait_for state=started host={{ item.public_ip }} port=22
with_items: eip.results
ignore_errors: yes
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/52a5b293-be6f-44dd-939c-f89d2122d38c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
