forked from Islandora-Devops/islandora-playbook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws_create_2ndservices.yml
176 lines (166 loc) · 5.91 KB
/
aws_create_2ndservices.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
- hosts: localhost
connection: local
gather_facts: False
vars:
instance_type: t2.medium
security_group: PROD-ASU-IP-ALL
image: ami-06d51e91cea0dac8d
keypair: ASU-LIB-EC2-General
region: us-west-2
dr_region: us-east-1
count: 1
prefix: islandora-
private_subnet: subnet-0e93560dfb1864c2d
public_subnet_a: subnet-07f370cafffaa5206
public_subnet_b: subnet-021ff3f60cc4e56f6
vpc_id: vpc-09949d0d16ed55e42
asu_vpn_ip_1: 172.31.32.0/20
asu_vpn_ip_2: 172.31.16.0/20
# security_group: DEV-SSH-ASU-IPs
# keypair: Islandora-Dev
# image: ami-057ac73a387f70be5
# private_subnet: subnet-0b74ab7097f3deb11
# public_subnet_a: subnet-02b1343bf83ae6322
# public_subnet_b: subnet-0a175a933a579e7ea
# vpc_id: vpc-01f9ed4702108fef0
vars_files:
# - aws_keys.yml
# - inventory/stage/group_vars/all/passwords.yml
- aws_keys_prod.yml
- inventory/prod/group_vars/all/passwords.yml
tasks:
- name: get the services server IP
ec2_instance_facts:
aws_secret_key: "{{ aws_secret_key }}"
aws_access_key: "{{ aws_access_key }}"
region: "{{ region }}"
filters:
"tag:repository_purpose": "{{ prefix }}split"
"tag:Name": "{{ prefix }}services2"
register: services_instances
- name: create services ec2
ec2:
key_name: "{{ keypair }}"
aws_secret_key: "{{ aws_secret_key }}"
aws_access_key: "{{ aws_access_key }}"
group: "{{ security_group }}"
instance_type: "{{ instance_type }}"
image: "{{ image }}"
wait: true
region: "{{ region }}"
count: "{{ count }}"
vpc_subnet_id: "{{ private_subnet }}"
assign_public_ip: no
instance_tags:
repository_purpose: "{{ prefix }}split"
Name: "{{ prefix }}{{ item }}"
volumes:
- device_name: /dev/sda1
volume_size: 50
delete_on_termination: true
with_items:
- "services2"
register: ec2-services
when: services_instances.instances|length < 1
- name: get the services server IP
ec2_instance_facts:
aws_secret_key: "{{ aws_secret_key }}"
aws_access_key: "{{ aws_access_key }}"
region: "{{ region }}"
filters:
"tag:repository_purpose": "{{ prefix }}split"
"tag:Name": "{{ prefix }}services2"
register: services_instances
- name: make services ip string
set_fact:
services_priv_ip: "{{ services_instances.instances[0].private_ip_address }}/32"
- name: check for services security group
ec2_group_facts:
region: "{{ region }}"
aws_secret_key: "{{ aws_secret_key }}"
aws_access_key: "{{ aws_access_key }}"
filters:
"group-name": "{{ prefix}}services2"
register: services_security_group
- name: create services security group
ec2_group:
region: "{{ region }}"
aws_secret_key: "{{ aws_secret_key }}"
aws_access_key: "{{ aws_access_key }}"
description: "security group for islandora services server"
name: "{{ prefix}}services2"
vpc_id: "{{ vpc_id }}"
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
cidr_ipv6: ::/0
rules:
# - proto: tcp
# ports:
# - 8080 # tomcat
# - 8161 # activemq
# - 61613 # activemq
# - 61616 # activemq / karaf
# - 8983 # solr
# - 80 # apache
# - 443 # apache
# cidr_ip:
# - "{{ asu_vpn_ip_1 }}" #ASU VPN 1
# - "{{ asu_vpn_ip_1 }}" #ASU VPN 2
# - 149.169.0.0/16 #ASU PUBLIC 1
# - 129.219.0.0/16 #ASU PUBLIC 2
# - 209.147.128.0/18 #ASU PUBLIC 3
# # - 10.192.36.190/32 #private IP
# # - "{{web_priv_ip}}" #private IP services
# # - 52.25.225.253/32 #ELB
# # - 35.167.139.18/32 #ELB
# - 34.208.70.8/32 # new public IP of webserver
# # - 35.163.77.215/32 #webserver IP
# - 98.177.147.219/32 #eli at home
# - proto: tcp # this might not be needed since its all on the private subnet
# ports: 3306 # mysql
# cidr_ip:
# - 10.192.36.190/32
# - proto: all
# cidr_ip:
# - "{{ web_priv_ip }}" #webserver
# - "{{ services_priv_ip }}" #itself
# - 52.25.225.253/32 # ELB of webserver
# - 35.167.139.18/32 # ELB of webserver
# we think it might just be the 10.192.*
# with restrict it to the webserver security group
# and possibly the public IPs of the ELB
# plus whatever small group of humans (devs) need to access
- proto: all
# group_id: "{{ elb_webserver_security_group.group_id }}"
group_id: "sg-07f5a790fc67ba969"
- proto: all
# group_id: "{{ webserver_security_group.group_id }}"
group_id: "sg-0ab6b099ca77d3158"
- proto: all
cidr_ip:
- 10.192.0.0/16
- proto: tcp
ports:
- 22
- 80
- 8080
- 443
- 8983
cidr_ip:
- "{{ asu_vpn_ip_1 }}"
- "{{ asu_vpn_ip_2 }}"
register: services_security_group
- name: assign services security group
ec2:
state: running
aws_secret_key: "{{ aws_secret_key }}"
aws_access_key: "{{ aws_access_key }}"
instance_ids:
- "{{ item.instance_id }}"
region: "{{ region }}"
groups:
- "{{ services_security_group.group_name }}"
# - "{{ security_group }}"
with_items: "{{ services_instances.instances }}"
# note that elb redirect from 80 -> 443 done manually in the aws console