├── README.md ├── vpc ├── README.md ├── roles │ └── common │ │ ├── tasks │ │ └── main.yml │ │ ├── vars │ │ └── main.yml │ │ ├── defaults │ │ └── main.yml │ │ ├── handlers │ │ └── main.yml │ │ ├── README.md │ │ └── meta │ │ └── main.yml ├── group_vars │ └── all ├── templates │ └── subnet_id.j2 ├── envs │ └── dev └── ec2_vpc.yml └── non-vpc ├── README.md ├── group_vars └── all └── ec2-launch.yml /README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /vpc/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /non-vpc/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /vpc/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for common 3 | -------------------------------------------------------------------------------- /vpc/roles/common/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for common 3 | -------------------------------------------------------------------------------- /vpc/roles/common/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for common 3 | -------------------------------------------------------------------------------- /vpc/roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for common 3 | -------------------------------------------------------------------------------- /non-vpc/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | ec2_access_key: 3 | ec2_secret_key: 4 | ec2_region: 5 | ec2_zone: 6 | ec2_image: 7 | ec2_instance_type: 8 | ec2_keypair: 9 | ec2_security_group: default 10 | ec2_instance_count: 2 -------------------------------------------------------------------------------- /vpc/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | ec2_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}" 3 | ec2_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}" 4 | ec2_region: 5 | ec2_zone: 6 | ec2_image: 7 | ec2_instance_type: 8 | ec2_keypair: 9 | ec2_security_group: default 10 | ec2_instance_count: -------------------------------------------------------------------------------- /vpc/templates/subnet_id.j2: -------------------------------------------------------------------------------- 1 | {% set val = '' %} 2 | {% for i in vpc.subnets %} 3 | {% if loop.last %} 4 | {% set val = val + '"' + i.cidr + '": ' + '"' + i.id + '"' %} 5 | {{ '{' + val + '}' }} 6 | {% else %} 7 | {% set val = val + '"' + i.cidr + '": ' + '"' + i.id + '", ' %} 8 | {% endif %} 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /non-vpc/ec2-launch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #Provision some instances: 3 | - hosts: localhost 4 | connection: local 5 | gather_facts: False 6 | vars_files: 7 | - group_vars/all 8 | tasks: 9 | - name: Launch instances 10 | ec2: > 11 | access_key="{{ ec2_access_key }}" 12 | secret_key="{{ ec2_secret_key }}" 13 | keypair="{{ ec2_keypair }}" 14 | group="{{ ec2_security_group }}" 15 | type="{{ ec2_instance_type }}" 16 | image="{{ ec2_image }}" 17 | region="{{ ec2_region }}" 18 | instance_tags="{'name':'tagnamehere', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}'}" 19 | count="{{ ec2_instance_count }}" 20 | wait=true 21 | register: ec2 22 | 23 | - name: Add new instance to host group 24 | local_action: add_host 25 | hostname="{{ item.public_ip }}" 26 | groupname=tagnamehere 27 | with_items: ec2.instances 28 | 29 | - name: Wait for SSH to come up 30 | local_action: wait_for host={{ item.public_dns_name }} 31 | port=22 delay=60 timeout=320 state=started 32 | with_items: ec2.instances 33 | -------------------------------------------------------------------------------- /vpc/roles/common/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ======== 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by the ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | License 22 | ------- 23 | 24 | BSD 25 | 26 | Author Information 27 | ------------------ 28 | 29 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 30 | -------------------------------------------------------------------------------- /vpc/envs/dev: -------------------------------------------------------------------------------- 1 | ###VPC Below - note: ami-4f9fee26 is an amazon marketplace AMI for VPC Nat infrastructure 2 | subnets_hash: 3 | name: dev 4 | vpc_cidr_block: 10.0.0.0/16 5 | vpc_subnets: 6 | - cidr: 10.0.1.0/24 7 | az: us-east-1a 8 | - cidr: 10.0.2.0/24 9 | az: us-east-1b 10 | - cidr: 10.0.3.0/24 11 | az: us-east-1c 12 | vpc_internet_gateway: "yes" 13 | vpc_route_tables: 14 | - subnets: 15 | - 10.0.1.0/24 16 | routes: 17 | - dest: 0.0.0.0/0 18 | gw: igw 19 | vpc_public_subnet: 10.0.1.0/24 20 | vpc_nat_instance_id: ami-4f9fee26 21 | vpc_nat_instance_type: t1.micro 22 | vpc_group: 23 | name: dev_vpc 24 | desc: the security group for the dev vpc 25 | rules: 26 | - proto: tcp 27 | from_port: 22 28 | to_port: 22 29 | cidr_ip: 0.0.0.0/0 30 | 31 | vpc_instances: 32 | - instance_type: m1.medium 33 | image: 34 | keypair: 35 | group: dev_vpc 36 | instance_tags: 37 | Name: dev_db 38 | # exact_count: 2 39 | # count_tag: 40 | # Name: dev_db_count 41 | subnet: 10.0.3.0/24 42 | 43 | - instance_type: m1.medium 44 | image: 45 | keypair: 46 | group: dev_vpc 47 | instance_tags: 48 | Name: dev_app 49 | # exact_count: 2 50 | # count_tag: 51 | # Name: dev_app_count 52 | subnet: 10.0.2.0/24 53 | 54 | - instance_type: m1.medium 55 | image: 56 | keypair: 57 | group: dev_proxy 58 | instance_tags: 59 | Name: dev_proxy 60 | # exact_count: 2 61 | # count_tag: 62 | # Name: dev_proxy_count 63 | subnet: 10.0.1.0/24 -------------------------------------------------------------------------------- /vpc/roles/common/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: David Federlein 4 | description: Common Role for Vital Reactor 5 | company: Ansible 6 | license: license (GPLv2, CC-BY, etc) 7 | min_ansible_version: 1.2 8 | # 9 | # Below are all platforms currently available. Just uncomment 10 | # the ones that apply to your role. If you don't see your 11 | # platform on this list, let us know and we'll get it added! 12 | # 13 | #platforms: 14 | #- name: EL 15 | # versions: 16 | # - all 17 | # - 5 18 | # - 6 19 | #- name: GenericUNIX 20 | # versions: 21 | # - all 22 | # - any 23 | #- name: Fedora 24 | # versions: 25 | # - all 26 | # - 16 27 | # - 17 28 | # - 18 29 | # - 19 30 | # - 20 31 | #- name: opensuse 32 | # versions: 33 | # - all 34 | # - 12.1 35 | # - 12.2 36 | # - 12.3 37 | # - 13.1 38 | # - 13.2 39 | #- name: GenericBSD 40 | # versions: 41 | # - all 42 | # - any 43 | #- name: FreeBSD 44 | # versions: 45 | # - all 46 | # - 8.0 47 | # - 8.1 48 | # - 8.2 49 | # - 8.3 50 | # - 8.4 51 | # - 9.0 52 | # - 9.1 53 | # - 9.1 54 | # - 9.2 55 | #- name: Ubuntu 56 | # versions: 57 | # - all 58 | # - lucid 59 | # - maverick 60 | # - natty 61 | # - oneiric 62 | # - precise 63 | # - quantal 64 | # - raring 65 | # - saucy 66 | # - trusty 67 | #- name: SLES 68 | # versions: 69 | # - all 70 | # - 10SP3 71 | # - 10SP4 72 | # - 11 73 | # - 11SP1 74 | # - 11SP2 75 | # - 11SP3 76 | #- name: GenericLinux 77 | # versions: 78 | # - all 79 | # - any 80 | #- name: Debian 81 | # versions: 82 | # - all 83 | # - etch 84 | # - lenny 85 | # - squeeze 86 | # - wheezy 87 | # 88 | # Below are all categories currently available. Just as with 89 | # the platforms above, uncomment those that apply to your role. 90 | # 91 | #categories: 92 | #- cloud 93 | #- cloud:ec2 94 | #- cloud:gce 95 | #- cloud:rax 96 | #- database 97 | #- database:nosql 98 | #- database:sql 99 | #- development 100 | #- monitoring 101 | #- networking 102 | #- packaging 103 | #- system 104 | #- web 105 | dependencies: [] 106 | # List your role dependencies here, one per line. Only 107 | # dependencies available via galaxy should be listed here. 108 | # Be sure to remove the '[]' above if you add dependencies 109 | # to this list. 110 | 111 | -------------------------------------------------------------------------------- /vpc/ec2_vpc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #Create and config the VPC 3 | - hosts: localhost 4 | connection: local 5 | gather_facts: False 6 | vars_files: 7 | - group_vars/all 8 | tasks: 9 | 10 | - name: Include the variables specific to the vpc 11 | include_vars: envs/{{ environ| default("dev") }} 12 | 13 | - name: Create the VPC 14 | local_action: 15 | module: ec2_vpc 16 | state: present 17 | region: "{{ ec2_region }}" 18 | ec2_access_key: "{{ ec2_access_key }}" 19 | ec2_secret_key: "{{ ec2_secret_key }}" 20 | cidr_block: "{{ vpc_cidr_block }}" 21 | subnets: "{{ vpc_subnets }}" 22 | internet_gateway: "{{ vpc_internet_gateway|string }}" 23 | route_tables: "{{ vpc_route_tables }}" 24 | wait: true 25 | register: vpc 26 | 27 | - name: Write out a temporary file for mapping subnet to id 28 | template: src=templates/subnet_id.j2 dest=/tmp/subnet_id 29 | 30 | - name: Get the contents of subnet mapping file and set it as a fact 31 | set_fact: 32 | subnet_maps: "{{ lookup('file', '/tmp/subnet_id') }}" 33 | 34 | ## This is the NAT instance for routing traffic and jumphost, etc. 35 | 36 | - name: Create the NAT Instance 37 | ec2: 38 | region: "{{ ec2_region }}" 39 | ec2_access_key: "{{ ec2_access_key }}" 40 | ec2_secret_key: "{{ ec2_secret_key }}" 41 | keypair: "{{ ec2_keypair }}" 42 | instance_type: "{{ vpc_nat_instance_type }}" 43 | image: "{{ vpc_nat_instance_id }}" 44 | vpc_subnet_id: "{{ item.id }}" 45 | wait: true 46 | instance_tags: 47 | Name: "{{ environ|default('dev') + '_nat_instance' }}" 48 | exact_count: 1 49 | count_tag: 50 | Name: "{{ environ|default('dev') + '_nat_instance' }}" 51 | 52 | register: ec2 53 | with_items: vpc.subnets 54 | when: vpc_internet_gateway and item['cidr'] == vpc_public_subnet 55 | 56 | - name: Get the routing table entry for the main table. 57 | shell: > 58 | {{ ec2_bin_path }}/ec2-describe-route-tables -O {{ ec2_access_key }} -W {{ ec2_secret_key }} -F vpc-id={{ vpc.vpc_id }} -F "association.main=true" | grep ROUTETABLE | awk '{ print $2 }' 59 | register: main_rtb 60 | when: vpc.changed and vpc_internet_gateway 61 | 62 | - name: Set the fact for NAT Instance variable 63 | set_fact: nat_instance="{{ item.tagged_instances[0].id }}" 64 | with_items: ec2.results 65 | when: item.tagged_instances is defined 66 | 67 | - name: Set the gateway to nat interface. 68 | shell: > 69 | {{ ec2_bin_path }}/ec2-create-route -O {{ ec2_access_key }} -W {{ ec2_secret_key }} {{ main_rtb.stdout }} -r 0.0.0.0/0 -i {{ nat_instance }} 70 | when: vpc.changed and vpc_internet_gateway 71 | 72 | - name: Create the security group for the VPC 73 | local_action: 74 | module: ec2_group 75 | name: "{{ vpc_group.name }}" 76 | description: "{{ vpc_group.desc }}" 77 | vpc_id: "{{ vpc.vpc_id }}" 78 | region: "{{ ec2_region }}" 79 | ec2_access_key: "{{ ec2_access_key }}" 80 | ec2_secret_key: "{{ ec2_secret_key }}" 81 | rules: "{{ vpc_group.rules }}" 82 | 83 | - name: Create the Instances for this vpc 84 | ec2: 85 | region: "{{ ec2_region }}" 86 | ec2_access_key: "{{ ec2_access_key }}" 87 | ec2_secret_key: "{{ ec2_secret_key }}" 88 | keypair: "{{ item.keypair }}" 89 | instance_type: "{{ item.instance_type }}" 90 | image: "{{ item.image }}" 91 | vpc_subnet_id: "{{ subnet_maps[item.subnet] }}" 92 | wait: true 93 | instance_tags: "{{ item.instance_tags }}" 94 | exact_count: "{{ item.exact_count }}" 95 | count_tag: "{{ item.count_tag }}" 96 | register: ec2 97 | with_items: vpc_instances --------------------------------------------------------------------------------