highops / ansible_ec2_vpc_nat_asg Goto Github PK
View Code? Open in Web Editor NEWAnsible repo for creating a multi-az ec2 VPC with a NAT auto scaling group
License: MIT License
Ansible repo for creating a multi-az ec2 VPC with a NAT auto scaling group
License: MIT License
Hello,
This repository is absolutely awesome, great work!
Would it be OK to keep this issue open until the Ansible setup steps are no longer required? I'm a little uneasy using development versions for production, but really want to use this configuration ๐
Cheers,
Ryan
the ['subnet_id'] key doesn't seem to exist and is now ['subnet']['id'], e.g.
TASK [debug var=ec2_vpc_subnet_out.results] *************************************
ok: [localhost] => {
"changed": false,
"ec2_vpc_subnet_out.results": [
{
"changed": false,
"item": {
"az": "ap-southeast-1a",
"cidr": "10.30.0.0/23",
"resource_tags": {
"Environment": "prod",
"Name": "prod_public_0",
"Type": "public"
}
},
"subnet": {
"availability_zone": "ap-southeast-1a",
"available_ip_address_count": 507,
"cidr_block": "10.30.0.0/23",
"default_for_az": "false",
"id": "subnet-33a31444",
"map_public_ip_on_launch": "false",
"state": "available",
"tags": {
"Environment": "prod",
"Name": "prod_public_0",
"Type": "public"
},
"vpc_id": "vpc-a1ed36c4"
}
},
applies to
def get_subnet_route_map(value, routes, tag_key='Type', tag_value='public'):
and
def get_subnets(value, tag_key, tag_value, return_type='subnet_id'):
the git comments in the readme are for forked repositories, change upstream to origin.
also, the ansible-modules-core actions can be changed, keeping in mind ansible/ansible-modules-core#1848.
the bootstrap_vpc.yml currently has a hardcoded ami for the bastion instance. change it to pull from the var file.
HI, I've picked this up after intending to try Ansible for repeatable AWS VPC setups for a while now. Very nice work. I am hitting a few issues however, and here is one.
I have successfully run through and created the VPC, and then when making a small change and re-running the playbook, I hit this.
$ ansible-playbook -v plays/operation/bootstrap_vpc.yml --extra-vars "env=rea_prod"
<snip>
TASK [create the private route tables] *****************************************
failed: [localhost] => (item={u'routes': [{u'dest': u'0.0.0.0/0', u'gateway_id': u'igw'}], u'resource_tags': {u'environment': u'production', u'Name': u'rea_prod/private_rtable_a'}, u'subnets': [u'rea_prod/application_subnet_a']}) => {"failed": true, "item": {"resource_tags": {"Name": "rea_prod/private_rtable_a", "environment": "production"}, "routes": [{"dest": "0.0.0.0/0", "gateway_id": "igw"}], "subnets": ["rea_prod/application_subnet_a"]}, "msg": "Unable to ensure routes for route table RouteTable:rtb-7a6ad41f, error: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>RouteAlreadyExists</Code><Message>The route identified by 0.0.0.0/0 already exists.</Message></Error></Errors><RequestID>c1234fc0-bf4a-4409-899f-2d24cd7e8620</RequestID></Response>"}
failed: [localhost] => (item={u'routes': [{u'dest': u'0.0.0.0/0', u'gateway_id': u'igw'}], u'resource_tags': {u'environment': u'production', u'Name': u'rea_prod/private_rtable_b'}, u'subnets': [u'rea_prod/application_subnet_b']}) => {"failed": true, "item": {"resource_tags": {"Name": "rea_prod/private_rtable_b", "environment": "production"}, "routes": [{"dest": "0.0.0.0/0", "gateway_id": "igw"}], "subnets": ["rea_prod/application_subnet_b"]}, "msg": "Unable to ensure routes for route table RouteTable:rtb-456ad420, error: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>RouteAlreadyExists</Code><Message>The route identified by 0.0.0.0/0 already exists.</Message></Error></Errors><RequestID>e3e85e52-fe02-424b-8cf1-db5afbdba147</RequestID></Response>"}
...ignoring
TASK [process security groups] *************************************************
ok: [localhost] => (item={u'rules': [{u'cidr_ip': u'10.49.21.0/24', u'proto': u'all'}], u'rules_egress': [{u'cidr_ip': u'0.0.0.0/0', u'proto': u'all'}], u'name': u'rea_prod/nat_security_group', u'description': u'allow outbound nat'}) => {"changed": false, "group_id": "sg-6885f20d", "item": {"description": "allow outbound nat", "name": "rea_prod/nat_security_group", "rules": [{"cidr_ip": "10.49.21.0/24", "proto": "all"}], "rules_egress": [{"cidr_ip": "0.0.0.0/0", "proto": "all"}]}}
ok: [localhost] => (item={u'rules': [{u'to_port': 22, u'from_port': 22, u'cidr_ip': u'59.101.127.161/32', u'proto': u'tcp'}, {u'to_port': -1, u'from_port': -1, u'cidr_ip': u'0.0.0.0/0', u'proto': u'icmp'}], u'rules_egress': [{u'cidr_ip': u'0.0.0.0/0', u'proto': u'all'}], u'name': u'rea_prod/bastion_security_group', u'description': u'access bastion, allow outbound nat'}) => {"changed": false, "group_id": "sg-6b85f20e", "item": {"description": "access bastion, allow outbound nat", "name": "rea_prod/bastion_security_group", "rules": [{"cidr_ip": "59.101.127.161/32", "from_port": 22, "proto": "tcp", "to_port": 22}, {"cidr_ip": "0.0.0.0/0", "from_port": -1, "proto": "icmp", "to_port": -1}], "rules_egress": [{"cidr_ip": "0.0.0.0/0", "proto": "all"}]}}
TASK [get a list of public subnet-id,route-id maps] ****************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'route_table_id'
fatal: [localhost]: FAILED! => {"failed": true, "stdout": ""}
PLAY RECAP *********************************************************************
localhost : ok=8 changed=1 unreachable=0 failed=1
It seems that this is failing due to the registered variable 'ec2_vpc_route_table_private_out' not being set as the private route tables already exist and the task is skipped.
- name: create the private route tables
ec2_vpc_route_table:
region: "{{ region }}"
resource_tags: "{{ item.resource_tags }}"
routes: "{{ item.routes }}"
subnets: "{{ item.subnets }}"
vpc_id: "{{ ec2_vpc_net_out.vpc.id }}"
with_items: vpc.route_tables.private
register: ec2_vpc_route_table_private_out
ignore_errors: yes
<snip>
- name: get a list of public subnet-id,route-id maps
set_fact:
subnet_route_map: "{{ ec2_vpc_subnet_out.results | get_subnet_route_map(ec2_vpc_route_table_private_out.results) }}"
- name: merge the eip allocated list with the subnet-id,route-id map list
set_fact:
subnet_route_map: "{{ nat_eipalloc_list | get_zip(subnet_route_map) }}"
I'm new to using these VPC modules, and registered variables. I'm wondering if I'm missing something here? I'm very curious as to how Ansible determines the difference between a change and an addition in this context, as I've also tried to alter a tag Key only to have a duplicate resource created, and am finding myself having to manually destroy the instances, and VPC etc in the console quite often to be able to run through the playbook again. Perhaps there's a way for an inventory to be built during the VPC bootstrap?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.