highops / ansible_ec2_vpc_nat_asg Goto Github PK

View Code? Open in Web Editor NEW

61.0 61.0 11.0 455 KB

Ansible repo for creating a multi-az ec2 VPC with a NAT auto scaling group

License: MIT License

Python 98.50% Shell 1.50%

ansible_ec2_vpc_nat_asg's People

Contributors

Stargazers

Watchers

Forkers

ksmaheshkumar eegilbert strongpa55word chrisolido dmelamedcl judev-forks nethershaw vishwambhar codyrat vinthedark narendar75

ansible_ec2_vpc_nat_asg's Issues

Use ansible-modules-core and ansible-modules-extras without patches

Hello,

This repository is absolutely awesome, great work!

Would it be OK to keep this issue open until the Ansible setup steps are no longer required? I'm a little uneasy using development versions for production, but really want to use this configuration 😛

Cheers,
Ryan

update custom.py

the ['subnet_id'] key doesn't seem to exist and is now ['subnet']['id'], e.g.

TASK [debug var=ec2_vpc_subnet_out.results] *************************************
ok: [localhost] => {
    "changed": false, 
    "ec2_vpc_subnet_out.results": [
        {
            "changed": false, 
            "item": {
                "az": "ap-southeast-1a", 
                "cidr": "10.30.0.0/23", 
                "resource_tags": {
                    "Environment": "prod", 
                    "Name": "prod_public_0", 
                    "Type": "public"
                }
            }, 
            "subnet": {
                "availability_zone": "ap-southeast-1a", 
                "available_ip_address_count": 507, 
                "cidr_block": "10.30.0.0/23", 
                "default_for_az": "false", 
                "id": "subnet-33a31444", 
                "map_public_ip_on_launch": "false", 
                "state": "available", 
                "tags": {
                    "Environment": "prod", 
                    "Name": "prod_public_0", 
                    "Type": "public"
                }, 
                "vpc_id": "vpc-a1ed36c4"
            }
        },

applies to

def get_subnet_route_map(value, routes, tag_key='Type', tag_value='public'):

and

def get_subnets(value, tag_key, tag_value, return_type='subnet_id'):

update readme with git changes

the git comments in the readme are for forked repositories, change upstream to origin.

also, the ansible-modules-core actions can be changed, keeping in mind ansible/ansible-modules-core#1848.

update bootstrap_vpc.yml to use a variable for bastion ami

the bootstrap_vpc.yml currently has a hardcoded ami for the bastion instance. change it to pull from the var file.

'get a list of public subnet-id,route-id maps' fails due to missing variable.

HI, I've picked this up after intending to try Ansible for repeatable AWS VPC setups for a while now. Very nice work. I am hitting a few issues however, and here is one.

I have successfully run through and created the VPC, and then when making a small change and re-running the playbook, I hit this.

$ ansible-playbook -v plays/operation/bootstrap_vpc.yml --extra-vars "env=rea_prod"
<snip>

TASK [create the private route tables] *****************************************
failed: [localhost] => (item={u'routes': [{u'dest': u'0.0.0.0/0', u'gateway_id': u'igw'}], u'resource_tags': {u'environment': u'production', u'Name': u'rea_prod/private_rtable_a'}, u'subnets': [u'rea_prod/application_subnet_a']}) => {"failed": true, "item": {"resource_tags": {"Name": "rea_prod/private_rtable_a", "environment": "production"}, "routes": [{"dest": "0.0.0.0/0", "gateway_id": "igw"}], "subnets": ["rea_prod/application_subnet_a"]}, "msg": "Unable to ensure routes for route table RouteTable:rtb-7a6ad41f, error: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>RouteAlreadyExists</Code><Message>The route identified by 0.0.0.0/0 already exists.</Message></Error></Errors><RequestID>c1234fc0-bf4a-4409-899f-2d24cd7e8620</RequestID></Response>"}
failed: [localhost] => (item={u'routes': [{u'dest': u'0.0.0.0/0', u'gateway_id': u'igw'}], u'resource_tags': {u'environment': u'production', u'Name': u'rea_prod/private_rtable_b'}, u'subnets': [u'rea_prod/application_subnet_b']}) => {"failed": true, "item": {"resource_tags": {"Name": "rea_prod/private_rtable_b", "environment": "production"}, "routes": [{"dest": "0.0.0.0/0", "gateway_id": "igw"}], "subnets": ["rea_prod/application_subnet_b"]}, "msg": "Unable to ensure routes for route table RouteTable:rtb-456ad420, error: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>RouteAlreadyExists</Code><Message>The route identified by 0.0.0.0/0 already exists.</Message></Error></Errors><RequestID>e3e85e52-fe02-424b-8cf1-db5afbdba147</RequestID></Response>"}
...ignoring

TASK [process security groups] *************************************************
ok: [localhost] => (item={u'rules': [{u'cidr_ip': u'10.49.21.0/24', u'proto': u'all'}], u'rules_egress': [{u'cidr_ip': u'0.0.0.0/0', u'proto': u'all'}], u'name': u'rea_prod/nat_security_group', u'description': u'allow outbound nat'}) => {"changed": false, "group_id": "sg-6885f20d", "item": {"description": "allow outbound nat", "name": "rea_prod/nat_security_group", "rules": [{"cidr_ip": "10.49.21.0/24", "proto": "all"}], "rules_egress": [{"cidr_ip": "0.0.0.0/0", "proto": "all"}]}}
ok: [localhost] => (item={u'rules': [{u'to_port': 22, u'from_port': 22, u'cidr_ip': u'59.101.127.161/32', u'proto': u'tcp'}, {u'to_port': -1, u'from_port': -1, u'cidr_ip': u'0.0.0.0/0', u'proto': u'icmp'}], u'rules_egress': [{u'cidr_ip': u'0.0.0.0/0', u'proto': u'all'}], u'name': u'rea_prod/bastion_security_group', u'description': u'access bastion, allow outbound nat'}) => {"changed": false, "group_id": "sg-6b85f20e", "item": {"description": "access bastion, allow outbound nat", "name": "rea_prod/bastion_security_group", "rules": [{"cidr_ip": "59.101.127.161/32", "from_port": 22, "proto": "tcp", "to_port": 22}, {"cidr_ip": "0.0.0.0/0", "from_port": -1, "proto": "icmp", "to_port": -1}], "rules_egress": [{"cidr_ip": "0.0.0.0/0", "proto": "all"}]}}

TASK [get a list of public subnet-id,route-id maps] ****************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'route_table_id'
fatal: [localhost]: FAILED! => {"failed": true, "stdout": ""}

PLAY RECAP *********************************************************************
localhost                  : ok=8    changed=1    unreachable=0    failed=1

It seems that this is failing due to the registered variable 'ec2_vpc_route_table_private_out' not being set as the private route tables already exist and the task is skipped.

- name: create the private route tables
        ec2_vpc_route_table:
          region: "{{ region }}"
          resource_tags: "{{ item.resource_tags }}"
          routes: "{{ item.routes }}"
          subnets: "{{ item.subnets }}"
          vpc_id: "{{ ec2_vpc_net_out.vpc.id }}"
        with_items: vpc.route_tables.private
        register: ec2_vpc_route_table_private_out
        ignore_errors: yes

<snip>

      - name: get a list of public subnet-id,route-id maps
        set_fact:
          subnet_route_map: "{{ ec2_vpc_subnet_out.results | get_subnet_route_map(ec2_vpc_route_table_private_out.results) }}"
      - name: merge the eip allocated list with the subnet-id,route-id map list
        set_fact:
          subnet_route_map: "{{ nat_eipalloc_list | get_zip(subnet_route_map) }}"

I'm new to using these VPC modules, and registered variables. I'm wondering if I'm missing something here? I'm very curious as to how Ansible determines the difference between a change and an addition in this context, as I've also tried to alter a tag Key only to have a duplicate resource created, and am finding myself having to manually destroy the instances, and VPC etc in the console quite often to be able to run through the playbook again. Perhaps there's a way for an inventory to be built during the VPC bootstrap?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.