Hi Michael,
Sorry for my late reply. See the Ansible version in my previous comment.
I don't have the playbook at hand while writing this comment but it fails
like so:
- vpc module successfully creates private and public subnets
- vpc module, as shown by using register and debug, returns the created
subnets in random order. "{{ vpc.subnets[0].id }}" would match the private
subnet right now but could match the public subnet 2 minutes later.
- my playbook fails at the task that's waiting for the SSH to come up as
the playbook might launch the instances in the private subnet
Hope that makes sense and you see the issue here. If not, I will fetch the
playbook and pass you the entire output.
On Monday, 17 November 2014 22:14:34 UTC+1, Michael DeHaan wrote:
>
> Can you please share what version of Ansible, the output of your ansible
> playbook, and how it fails?
>
> Thanks!
>
>
>
> On Thu, Nov 13, 2014 at 5:59 AM, Dan Vaida <[email protected]
> <javascript:>> wrote:
>
>> Hello all,
>>
>> I am creating a VPC with two subnets, a security group and trying to use
>> those for launching an EC2 with a private IP address from one of the
>> freshly created subnets.
>>
>> The problem seems to be that there is no ordering done by the VPC module
>> in regards to the CIDRs. If that would be happening, it would enable a more
>> predictable access of the subnet by using "{{ vpc.subnets[0].id }}"
>> Right now, this makes the new EC2 instance randomly use one of the
>> created subnets.
>>
>> Another solution could be for the ec2 module to accept the subnet's
>> CIDR... but then again, what if you have the same CIDR but in another AZ,
>> that wouldn't work...
>>
>> I'm sure the must be a way around this :)
>>
>>
>> vpc.yml
>> ---
>> - name: VPC, SG, EC
>> hosts: localhost
>> connection: local
>> gather_facts: False
>> tasks:
>>
>> - name: create the VPC
>> local_action:
>> module: ec2_vpc
>> cidr_block: 10.0.0.0/16
>> dns_hostnames: yes
>> dns_support: yes
>> instance_tenancy: default
>> internet_gateway: yes
>> region: "{{ region }}"
>> resource_tags: { "Environment": "test" }
>> route_tables:
>> - subnets:
>> - 10.0.0.0/24
>> routes:
>> - dest: 0.0.0.0/0
>> gw: igw
>> state: present
>> subnets:
>> - cidr: 10.0.0.0/24
>> az: "{{ zone }}"
>> resource_tags: { "Environment":"test", "Name" : "Public subnet"
>> }
>> - cidr: 10.0.1.0/24
>> az: "{{ zone }}"
>> resource_tags: { "Environment":"test", "Name" : "Private
>> subnet" }
>> wait: yes
>> register: vpc
>> - debug: var=vpc
>>
>> - include: secgroup.yml
>>
>> secgroup.yml
>> ---
>> - name: VPC, SG, EC2
>> hosts: localhost
>> connection: local
>> gather_facts: False
>> tasks:
>>
>> - name: create the security group
>> local_action:
>> module: ec2_group
>> name: "{{ security_group }}"
>> description: a test EC2 group
>> vpc_id: "{{ vpc.vpc_id }}"
>> region: "{{ region }}"
>> rules:
>> - proto: all
>> from_port: 0
>> to_port: 65535
>> cidr_ip: "{{ myip }}"/32
>> rules_egress:
>> - proto: all
>> from_port: 0
>> to_port: 65535
>> cidr_ip: 0.0.0.0/0
>> register: secgroup
>>
>> - debug: var=secgroup
>>
>> - include: ec2prov.yml
>>
>>
>> ec2prov.yml
>> ---
>>
>> - name: VPC, SG, EC2
>> hosts: localhost
>> connection: local
>> gather_facts: False
>> tasks:
>>
>> - name: spin up the instance
>> local_action:
>> module: ec2
>> count: 1
>> region: "{{ region }}"
>> zone: "{{ zone }}"
>> instance_type: "{{ instance_type }}"
>> image: "{{ ami }}"
>> ebs_optimized: yes
>> state: present
>> group_id: "{{ secgroup.group_id }}"
>> vpc_subnet_id: "{{ vpc.subnets[0].id }}"
>> key_name: "{{ keypair }}"
>> monitoring: yes
>> assign_public_ip: yes
>> private_ip: 10.0.0.10
>> wait: yes
>> wait_timeout: 300
>> volumes:
>> - device_name: /dev/xvda
>> volume_size: 50
>> device_type: gp2
>> - device_name: /dev/xvdb
>> volume_size: 80
>> device_type: gp2
>> ephemeral: ephemeral0
>> - device_name: /dev/xvdc
>> volume_size: 80
>> device_type: gp2
>> ephemeral: ephemeral1
>> register: ec2
>> tags: ec2
>>
>> - debug: var=ec2
>>
>> - name: add EIP to the instance
>> local_action: ec2_eip in_vpc=yes instance_id={{ item.id }} region={{
>> region }}
>> with_items: ec2.instances
>> register: eip
>>
>> - name: add instance to host group
>> local_action: add_host hostname={{ item.public_ip }} groupname={{
>> security_group }}
>> with_items: eip.results
>>
>> - name: tag instance
>> local_action: ec2_tag resource={{ item.id }} region={{ region }}
>> state=present
>> with_items: ec2.instances
>> args:
>> tags:
>> Name: "{{ instance_name }}"
>>
>> - name: add instance to local host group
>> local_action: lineinfile dest=hosts regexp="{{ item.public_ip }}"
>> insertafter="[launched]" line={{ item.public_ip }}
>> with_items: eip.results
>>
>> - name: wait for the instance to start
>> local_action: wait_for state=started host={{ item.public_ip }} port=22
>> with_items: eip.results
>> ignore_errors: yes
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/52a5b293-be6f-44dd-939c-f89d2122d38c%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/52a5b293-be6f-44dd-939c-f89d2122d38c%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0dd39424-0f57-4b81-8464-031c1e200a49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
