├── .gitignore ├── ANSIBLE_DOCKER_ENV ├── Dockerfile ├── LICENSE.txt ├── README.md ├── build-ansible.sh ├── editvault.sh ├── example-cluster ├── infrastructure │ ├── common.yml │ └── dev.yml └── services │ ├── ecs-nginx-proxy │ ├── common.yml │ └── dev.yml │ └── postgres-example │ ├── common.yml │ └── dev.yml ├── infrastructure.yml ├── roles ├── DO_NOT_CHANGE ├── aws.ec2-autoscaling-group │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── etc │ │ │ ├── profile.d │ │ │ └── 99-dockercmd.sh │ │ │ ├── security │ │ │ └── limits.d │ │ │ │ └── file_limit.conf │ │ │ └── sysconfig │ │ │ └── docker │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── ecs.config.j2 │ ├── tests │ │ ├── inventory │ │ └── test.yml │ └── vars │ │ └── main.yml ├── aws.ec2-loadbalancer │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── tests │ │ ├── inventory │ │ └── test.yml ├── aws.ec2-security-groups │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── tests │ │ ├── inventory │ │ └── test.yml ├── aws.ecs-cluster │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── tests │ │ ├── inventory │ │ └── test.yml ├── aws.ecs-ecr │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── policy.json.j2 │ └── tests │ │ ├── inventory │ │ └── test.yml ├── aws.ecs-service │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── tests │ │ ├── inventory │ │ └── test.yml └── custom-services │ ├── files │ └── README.md │ ├── tasks │ ├── cloudwatch_log_group.yml │ ├── main.yml │ └── postgres-example.yml │ └── templates │ └── README.md ├── run-infrastructure.sh ├── run-service.sh ├── scripts ├── editvault-infrastructure.sh ├── editvault-services.sh ├── run-infrastructure.sh └── run-service.sh ├── service.yml └── update-ansible.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .vaultpassword 3 | *.retry 4 | ansible-aws-infra-services-* 5 | # IntelliJ 6 | *.iml -------------------------------------------------------------------------------- /ANSIBLE_DOCKER_ENV: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | export ANSIBLE_BRANCH=devel 3 | export ANSIBLE_VERSION=2.4.1.0-0.2.beta2 4 | export ANSIBLE_COMMIT_HASH=6dab8b7bfa154a841e868f7cb16a2a45e1326d70 5 | export DOCKER_TAG=$ANSIBLE_BRANCH-$ANSIBLE_VERSION-$ANSIBLE_COMMIT_HASH 6 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2.7.12 2 | 3 | RUN apt-get update && apt-get install -y nano 4 | ENV EDITOR=nano 5 | 6 | # Contains the version we need to pull for ansible 7 | COPY ANSIBLE_DOCKER_ENV / 8 | 9 | # Collect Ansible 10 | RUN /bin/bash -c 'source /ANSIBLE_DOCKER_ENV \ 11 | && pip install git+https://github.com/ansible/ansible.git@$ANSIBLE_COMMIT_HASH#egg=ansible boto boto3 awscli' 12 | 13 | VOLUME ["/project", "/root/.aws"] 14 | WORKDIR /project 15 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright Simple Machines 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible New Template 2 | 3 | This template is divided into two sub-templates. 4 | 5 | - infrastructure: that's where the security groups and the instances within the autoscaling groups are defined. theoritically it is managed by infrastructure teams and should contain large instances as these will run many "services". It should be detached and run separately from any projects. That means management of clusters is *centralized*. 6 | 7 | - services: that's where the services are managed. each service definition should be a companion to the project it is deploying. That means that management of services is *decentralized* 8 | 9 | # Getting Started 10 | 11 | ``` 12 | curl -L https://github.com/simple-machines/ansible-aws-infra-services/archive/master.tar.gz | tar zxv 13 | mv ansible-aws-infra-services-master ansible 14 | cd ansible 15 | # the vault password is never committed into the repository 16 | echo "" >> .vaultpassword 17 | ``` 18 | 19 | ## Adding password file and edit the secret variables 20 | ### Infrastructure 21 | To change the vault for Infrastructure it follows 22 | ./editvault.sh [cluster name] [environment] 23 | ``` 24 | # the vault password is never committed into the repository 25 | echo "" >> .vaultpassword 26 | ./editvault.sh example-cluster dev 27 | ``` 28 | 29 | ### Services 30 | To change the vault for Services it follows 31 | ./editvault.sh [cluster name] [service name] [environment] 32 | ``` 33 | # the vault password is never committed into the repository 34 | echo "" >> .vaultpassword 35 | ./editvault.sh example-cluster postgres-example dev 36 | ``` 37 | 38 | # Infrastructure 39 | 40 | ## Description 41 | 42 | Infrastructures are managed in a centralized way. Each cluster should live under `infrastructure/environment/`. In case of any updates the folder `infrastructure/roles` and the file `infrastructure/site.yml` are expected to change and therefore shouldn't be changed by the user. 43 | 44 | ## Directory Structure 45 | 46 | ``` 47 | cluster-name/ 48 | > infrastructure/ 49 | > common.yml 50 | > dev.yml 51 | > prod.yml 52 | > roles/ 53 | > aws.ec2-autoscaling-group/ 54 | > aws.ec2-security-groups/ 55 | infrastructure.yml 56 | run-infrastructure.sh 57 | ``` 58 | 59 | ## Update 60 | 61 | Update of the template will be done running `infrastructure/update.sh` 62 | 63 | ## Running 64 | 65 | Running of the template is currently done using the following: 66 | 67 | ./run-infrastructure.sh [cluster name] [environment] 68 | 69 | ``` 70 | ./run-infrastructure.sh example-cluster dev 71 | ``` 72 | 73 | ## Variables 74 | 75 | Variables can be common to all environments or specific to dev/test/prod. 76 | 77 | ### Environment specific 78 | 79 | Environment specific variables usually end by `_env` to make them distinguishable. They can look like the following: 80 | 81 | ``` 82 | aws_profile_env: "" 83 | vpc_id_env: "" 84 | asg_launch_config_key_name_env: "" 85 | asg_launch_config_instance_profile_name_env: "" 86 | asg_subnets_env: [] 87 | asg_additional_security_groups_env: [] 88 | ``` 89 | 90 | ### Common 91 | 92 | Some variables can be top level such as: 93 | 94 | ``` 95 | aws_region: "ap-southeast-2" 96 | aws_profile: "{{ aws_profile_env }}" 97 | vpc_id: "{{ vpc_id_env }}" 98 | ``` 99 | 100 | 101 | ### Security Groups 102 | 103 | Here you define a list of security groups (usually app specific) to attach to every ec2 instance that will boot up within the auto scaling group. Can be usually composed of an "app" security group (list of ports to allow) and an "ssh" security group. Please note that if you choose to have one security group per app (which is perfectly fine), after creating the security groups they won't be automatically attached to existing and long running instances. *This will be addressed in a future ticket*. The names of the security groups will be prepended the target cluster name 104 | 105 | The role `aws.ec2-security-groups` expects a list under `sg_list` and a `sg_cluster_name` that look like the following: 106 | 107 | ``` 108 | sg_cluster_name: "{{ cluster_name }}" 109 | sg_list: 110 | - sg_name: "TEST - SSH" 111 | sg_description: "TEST - SSH" 112 | sg_vpc_id: "{{ vpc_id }}" 113 | sg_region: "{{ aws_region }}" 114 | sg_profile: "{{ aws_profile }}" 115 | sg_state: present 116 | sg_rules: 117 | - proto: tcp 118 | from_port: 22 119 | to_port: 22 120 | cidr_ip: "12.34.56.78/32" 121 | - proto: tcp 122 | from_port: 22 123 | to_port: 22 124 | cidr_ip: "10.1.0.0/16" 125 | ``` 126 | 127 | ### Auto Scaling Groups 128 | 129 | Here you define characteristics of your security group so that instances can boot up with the right setup one would expect. 130 | 131 | The following variables are mandatory: 132 | ``` 133 | asg_ecs_cluster_name: "{{ cluster_name }}" 134 | asg_launch_config_key_name: "{{ asg_launch_config_key_name_env }}" 135 | asg_subnets: "{{ asg_subnets_env }}" 136 | asg_vpc_id: "{{ vpc_id }}" 137 | ``` 138 | 139 | The following variables are available for customization: 140 | 141 | ``` 142 | --- 143 | # defaults file for ansible-infra.aws-asg 144 | # setup variables 145 | asg_additional_python_pip_packages: "" 146 | asg_additional_user_data_bootcmd: "" 147 | asg_additional_write_files: "" 148 | asg_additional_ecs_config: "" 149 | asg_additional_user_data_runcmd: "" 150 | asg_additional_cloud_config_commands: "" 151 | asg_additional_yum_packages: "" 152 | 153 | asg_launch_config_assign_public_ip: false 154 | asg_min_size: 0 155 | asg_max_size: 1 156 | asg_desired_capacity: 1 157 | asg_subnets: [] 158 | asg_launch_config_instance_size: "t2.small" 159 | asg_launch_config_root_volume_size: 100 160 | 161 | asg_additional_security_groups: [] # adding additional non tagged security groups 162 | asg_additional_tags: [] 163 | 164 | # values to override for sure: 165 | asg_ecs_cluster_name: "" 166 | asg_launch_config_key_name: "" 167 | asg_launch_config_instance_profile_name: "" 168 | ``` 169 | 170 | 171 | # Service 172 | 173 | ## Description 174 | 175 | Services are managed in a decentralized way. Each service should live with its companion project. The roles folder are expected to change over time and therefore shouldn't be modified by the user. The same goes for `service/site.yml` 176 | 177 | ## Directory Structure 178 | 179 | ``` 180 | cluster-name/ 181 | > services/ 182 | > service-name-1/ 183 | > common.yml 184 | > dev.yml 185 | > prod.yml 186 | > service-name-2/ 187 | > common.yml 188 | > dev.yml 189 | > prod.yml 190 | roles/ 191 | > aws.ec2-loadbalancer/ 192 | > aws.ecs-ecr/ 193 | > aws.ecs-service/ 194 | service.yml 195 | run-service.sh 196 | ``` 197 | 198 | ## Update 199 | 200 | Update of the template will be done running `service/update.sh` 201 | 202 | ## Running 203 | 204 | Running of the template is currently done using the following: 205 | 206 | run-services.sh [cluster name] [service name] [environment] 207 | 208 | ``` 209 | ./run-services.sh example-cluster postgres-example dev 210 | ``` 211 | 212 | Please note that the `cluster_name` and `service_name` are set at runtime and therefore shouldn't be set within your playbooks. This guarantees consistency and enforces strict naming convention over folders. 213 | 214 | # Services 215 | 216 | Variables can be common (common.yml) to all environments or specific to dev/test/prod (dev.yml, test.yml, prod.yml, etc). 217 | 218 | ## ECR 219 | 220 | To create one or more ECR repositories, place `ecr_create: true` in 221 | `common.yml`. The module will create a new ECR repository for each 222 | value in the `{{ ecr_repository_name }}` variable. This can either be 223 | a single value or a list of values. 224 | 225 | ```` 226 | ecr_repository_name: "{{ service_name }}" 227 | ```` 228 | 229 | or 230 | 231 | ```` 232 | ecr_repository_name: 233 | - "{{ service_name }}/container1" 234 | - "{{ service_name }}/container2" 235 | - "{{ service_name }}/container3" 236 | ```` 237 | 238 | To use images in an ECR repository you might like to specify it like 239 | so in your containter definitions: 240 | 241 | ```` 242 | image: "{{ aws_account_id['stdout'] }}.dkr.ecr.{{ aws_region }}.amazonaws.com/{{ service_name }}:latest" 243 | ```` 244 | 245 | | variable name | importance | default | description | 246 | |---------------------------------|------------|------------------|--------------------------------------------------------------------------------------------------| 247 | | ecr_repository_name | **mandatory** | | Name for repository *or* YAML list of names. | 248 | | ecr_additional_aws_account_list | medium | [] | List of additional AWS accounts to grant access to the repository. | 249 | 250 | ## ELB 251 | 252 | To activate the creation of an ELB, place `elb_create: true` in `common.yml`. 253 | 254 | The module will create: 255 | - a security group for your ELB (the security group will be named `{{ elb_cluster_name }}-{{ elb_service_name }}-lb`) 256 | - tags for that security group 257 | - the ELB (classic) (the ELB will be named `{{ elb_cluster_name }}-{{ elb_service_name }}-lb`) 258 | 259 | The module outputs: 260 | - a variable named `_elb_ecs_load_balancers` containing information about the load balancer (used behind the scenes by the ecs_service module, not needed from a user perspective) 261 | 262 | Information: 263 | - You can find a list of defaults at [roles/aws.ec2-loadbalancer/defaults/main.yml](roles/aws.ec2-loadbalancer/defaults/main.yml) 264 | - You can find the list of tasks at [roles/aws.ec2-loadbalancer/tasks/main.yml](roles/aws.ec2-loadbalancer/tasks/main.yml) 265 | 266 | 267 | | variable name | importance | default | description | 268 | |---------------------------------|------------|------------------|--------------------------------------------------------------------------------------------------| 269 | | elb_cluster_name | **mandatory** | | Your cluster name. You should set it to “{{ cluster_name }}” | 270 | | elb_service_name | **mandatory** | | Your cluster name. You should set it to “{{ service_name }}” | 271 | | elb_vpc_id | **mandatory** | | The VPC id of where your ELB will be created. | 272 | | elb_subnets | **mandatory** | | list of subnets to deploy the ELB to,ex: [‘subnet-id1’,‘subnet-id2’] | 273 | | elb_listeners | **mandatory** | | list of listeners, see example provided orhttp://docs.ansible.com/ansible/ec2_elb_lb_module.html | 274 | | elb_sg_rules | **mandatory** | [] | List of rules for your ELB security group. Read doc at or view examples folder | 275 | | elb_container_name | **mandatory** | | ECS Container name that your load balancer will be pointing to | 276 | | elb_container_port | **mandatory** | | ECS Container port that your load balancer will be pointing to | 277 | | elb_scheme | high | internet-facing | internal (for internal traffic), internet-facing (for external traffic) | 278 | | elb_connection_draining_timeout | medium | 60 | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 279 | | elb_cross_az_load_balancing | medium | no | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 280 | | elb_stickiness | medium | | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 281 | | elb_health_check | medium | | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 282 | | elb_access_logs | medium | | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 283 | | elb_sg_description | low | default/main.yml | Description of ELB security group | 284 | | elb_sg_purge_rules | low | yes | Clear out unmatched rules, should remain true | 285 | | elb_sg_purge_rules_egress | low | yes | Clear out unmatched egress rules, should remain true | 286 | | elb_idle_timeout | low | | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 287 | | elb_zones | low | | see http://docs.ansible.com/ansible/ec2_elb_lb_module.html doc | 288 | 289 | 290 | ## Custom Tasks 291 | 292 | In case you require extra components to be set-up (for example, an RDS database, an SQS queue, a SNS topic, etc...), you can write your own playbooks and have them being included automatically. Any variable registered through them will be available in your other playbooks, for example to extract an environment variable for your ECS task definition. 293 | 294 | An example is provided as part of example-cluster [example-cluster/services/postgres-example/common.yml](example-cluster/services/postgres-example/common.yml) and [roles/custom-services/tasks/postgres-example.yml](roles/custom-services/tasks/postgres-example.yml) 295 | 296 | Writing custom tasks is easy. 297 | 1) create the `custom_task_files` variable as an array of filenames you'd like to include 298 | - Example: `custom_task_files: ['my-custom-task.yml']` 299 | 2) write your custom task file in `roles/custon-services/tasks/my-custom-task.yml` 300 | 3) create variables required by the task files in `common.yml`, or `dev.yml`, etc.. 301 | 302 | Please note custom tasks are run *before* the ELB, ECR and ECS module. 303 | 304 | ### CloudWatch Log Groups 305 | 306 | You can use the `cloudwatch_log_group.yml` custom task to create a log 307 | group: 308 | 309 | ```` 310 | cloudwatch_log_group_name: "{{ cloudwatch_log_group_name_env }} 311 | custom_task_files: 312 | - cloudwatch_log_group.yml 313 | ```` 314 | 315 | This will create a log group with the specified name and set the 316 | `cloudwatch_log_group_arn` variable with the ARN of the log group. 317 | 318 | # EC2 Instances Shortcuts (alias and functions) 319 | 320 | - `dps`: shortcut for docker ps 321 | - `dl` : get the id of running docker container 322 | - `dlog` : get the log of the running container 323 | - `dlogp ` : get the log of the matching container name 324 | - `dlogf` : get the tailing log of the running container. Useful to do `dlogf --tail=200` 325 | - `dlogfp ` : get the tailing log of the matching container name 326 | - `dlogt` : get the log with timestamps of the running container 327 | - `dlog -ft` : get the log of the running container with tailing and timestamps 328 | - `dex ` : docker execute command (interactive mode) on the running container (ex: dex bash) 329 | - `dattach`: print log as it streams (docker attach --no-stdin --sig-proxy=false) 330 | - `dstop`: docker stop the latest container. Useful to do `dstop --time=200` 331 | -------------------------------------------------------------------------------- /build-ansible.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # You shouldn't have to run this file 4 | # This describes how Docker Hub will build the images based on tags 5 | source ANSIBLE_DOCKER_ENV 6 | 7 | docker build . -t simplemachines/ansible-template:$DOCKER_TAG 8 | -------------------------------------------------------------------------------- /editvault.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # NAME 4 | # editvault.sh - Edit ansible vault contents 5 | # 6 | # SYNOPSIS 7 | # ./editvault.sh CLUSTER SERVICE ENV 8 | # ./editvault.sh CLUSTER ENV 9 | # ./editvault.sh 10 | 11 | set -eu -o pipefail 12 | 13 | source ANSIBLE_DOCKER_ENV 14 | 15 | USAGE=$(sed -E -e '/^$/q' -e 's/^#($|!.*| (.*))$/\2/' "$0") 16 | 17 | case $# in 18 | 3) 19 | CLUSTER_NAME_PARAM="${1}" 20 | SERVICE_NAME_PARAM="${2}" 21 | TARGET_ENV_PARAM="${3}" 22 | docker run -it \ 23 | -v "${PWD}:/project" \ 24 | -v ~/.aws:/root/.aws \ 25 | -e "TARGET_ENV=$TARGET_ENV_PARAM" \ 26 | -e "CLUSTER_NAME=$CLUSTER_NAME_PARAM" \ 27 | -e "SERVICE_NAME=$SERVICE_NAME_PARAM" \ 28 | "simplemachines/ansible-template:$DOCKER_TAG" \ 29 | scripts/editvault-services.sh 30 | ;; 31 | 2) 32 | CLUSTER_NAME_PARAM="${1}" 33 | TARGET_ENV_PARAM="${2}" 34 | docker run -it \ 35 | -v "$PWD:/project" \ 36 | -v ~/.aws:/root/.aws \ 37 | -e "TARGET_ENV=$TARGET_ENV_PARAM" \ 38 | -e "CLUSTER_NAME=$CLUSTER_NAME_PARAM" \ 39 | "simplemachines/ansible-template:$DOCKER_TAG" \ 40 | scripts/editvault-infrastructure.sh 41 | ;; 42 | *) # Display usage along with suggested arguments 43 | cat <" 2 | vpc_id_env: "" 3 | asg_launch_config_key_name_env: "" 4 | asg_launch_config_instance_profile_name_env: "" 5 | asg_subnets_env: [''] 6 | asg_additional_security_groups_env: [''] 7 | -------------------------------------------------------------------------------- /example-cluster/services/ecs-nginx-proxy/common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aws_region: "ap-southeast-2" 3 | aws_profile: "{{ aws_profile_env }}" 4 | 5 | # variables that are top level to encourage re-use 6 | container_name: "{{ ecs_service_name }}" 7 | container_port: 80 8 | elb_http_port: 80 9 | 10 | # ELB role specific 11 | elb_create: true 12 | elb_cluster_name: "{{ cluster_name }}" 13 | elb_service_name: "{{ service_name }}" 14 | elb_sg_rules: 15 | - proto: tcp 16 | from_port: "{{ elb_http_port }}" 17 | to_port: "{{ elb_http_port }}" 18 | cidr_ip: "0.0.0.0/0" 19 | elb_vpc_id: "{{ elb_vpc_id_env }}" 20 | elb_subnets: "{{ elb_subnets_env }}" 21 | elb_scheme: "internet-facing" # could be "internal" if private 22 | elb_listeners: 23 | - protocol: http 24 | load_balancer_port: "{{ elb_http_port }}" 25 | instance_port: "{{ container_port }}" 26 | elb_health_check: # optional 27 | ping_protocol: http # options are http, https, ssl, tcp 28 | ping_port: "{{ container_port }}" 29 | ping_path: "/" # not required for tcp or ssl 30 | response_timeout: 5 # seconds 31 | interval: 30 # seconds 32 | unhealthy_threshold: 2 33 | healthy_threshold: 10 34 | elb_container_name: "{{ container_name }}" 35 | elb_container_port: 80 # has to be a number because of a bug 36 | elb_access_logs: 37 | interval: 5 # minutes (defaults to 60) 38 | s3_location: "{{ elb_logs_s3_location_env }}" 39 | s3_prefix: "{{ elb_logs_s3_prefix_env }}" 40 | 41 | # ECR role specific 42 | ecr_create: true 43 | ecr_repository_name: "{{ service_name }}" 44 | ecr_additional_aws_account_list: [] 45 | 46 | # ECS role specific 47 | ecs_service_desired_count: "{{ ecs_service_desired_count_env }}" 48 | ecs_cluster_name: "{{ cluster_name }}" 49 | ecs_service_name: "{{ service_name }}" 50 | ecs_taskdefinition_containers: 51 | - name: "{{ ecs_service_name }}" 52 | essential: true 53 | image: codesuki/ecs-nginx-proxy:latest 54 | memory: 128 55 | environment: 56 | - name: "ECS_GEN_REGION" 57 | value: "{{ aws_region }}" 58 | portMappings: 59 | - hostPort: "{{ container_port }}" 60 | containerPort: "{{ container_port }}" 61 | protocol: http 62 | 63 | ecs_deployment_configuration: 64 | minimum_healthy_percent: 0 65 | maximum_percent: 200 66 | -------------------------------------------------------------------------------- /example-cluster/services/ecs-nginx-proxy/dev.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | aws_profile_env: "default" 4 | elb_vpc_id_env: "" 5 | elb_subnets_env: ['subnet-id1', 'subnet-id2', 'subnet-id3'] 6 | ecs_service_desired_count_env: 1 7 | elb_logs_s3_location_env: "" 8 | elb_logs_s3_prefix_env: "" 9 | -------------------------------------------------------------------------------- /example-cluster/services/postgres-example/common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | aws_region: "ap-southeast-2" 4 | aws_profile: "{{ aws_profile_env }}" 5 | 6 | # Run some custom tasks for postgres-example 7 | custom_task_files: 8 | - postgres-example.yml 9 | postgres_hello_world: "custom postgres task variable!" 10 | 11 | # ECR role specific 12 | ecr_create: true 13 | ecr_repository_name: "{{ service_name }}" 14 | ecr_additional_aws_account_list: [''] 15 | 16 | # ECS role specific 17 | ecs_service_desired_count: 0 18 | ecs_cluster_name: "{{ cluster_name }}" 19 | ecs_service_name: "{{ service_name }}" 20 | ecs_taskdefinition_containers: 21 | - name: "{{ ecs_service_name }}" 22 | essential: true 23 | image: postgres:latest 24 | memory: 500 25 | environment: 26 | - name: "POSTGRES_PASSWORD" 27 | value: "mysecretpassword" 28 | labels: 29 | # this variable actually comes from the custom playbook at 30 | # roles/custom-services/tasks/postgres-example.yml 31 | postgres_custom_label: "{{ postgres_custom_label }}" 32 | portMappings: 33 | - hostPort: 5432 34 | containerPort: 5432 35 | protocol: tcp 36 | -------------------------------------------------------------------------------- /example-cluster/services/postgres-example/dev.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | aws_profile_env: "default" 4 | -------------------------------------------------------------------------------- /infrastructure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: localhost 4 | gather_facts: no 5 | vars_files: 6 | - "{{ cluster_name }}/infrastructure/common.yml" # include common variables 7 | - ["{{ cluster_name }}/infrastructure/{{ env }}.vault.yml", "{{ cluster_name }}/infrastructure/{{ env }}.yml"] # load vault if exists 8 | - "{{ cluster_name }}/infrastructure/{{ env }}.yml" # include environment specific variables 9 | roles: 10 | - roles/aws.ec2-security-groups # create security groups 11 | - roles/aws.ec2-autoscaling-group # create the auto scaling group 12 | - roles/aws.ecs-cluster # create ecs cluster 13 | -------------------------------------------------------------------------------- /roles/DO_NOT_CHANGE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simple-machines/ansible-aws-infra-services/7713960641da55a412a2b8ab5c645ebe4e4a2154/roles/DO_NOT_CHANGE -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-infra.aws-asg 3 | # setup variables 4 | asg_additional_python_pip_packages: "" 5 | asg_additional_user_data_bootcmd: "" 6 | asg_additional_write_files: "" 7 | asg_additional_ecs_config: "" 8 | asg_additional_user_data_runcmd: "" 9 | asg_additional_cloud_config_commands: "" 10 | asg_additional_yum_packages: "" 11 | 12 | asg_launch_config_assign_public_ip: false 13 | asg_min_size: 0 14 | asg_max_size: 1 15 | asg_desired_capacity: 1 16 | asg_subnets: [] 17 | asg_launch_config_instance_size: "t2.small" 18 | asg_launch_config_root_volume_size: 16 # Volume of the root volume on the ecs instance ( in GB ) 19 | 20 | asg_additional_security_groups: [] # adding additional non tagged security groups 21 | asg_additional_tags: [] 22 | asg_additional_volumes: [] 23 | 24 | # values to override for sure: 25 | asg_ecs_cluster_name: "" 26 | asg_launch_config_key_name: "" 27 | asg_launch_config_instance_profile_name: "" 28 | 29 | # asg_launch_config_amis_per_region is defined in vars.yml and can't be overriden. 30 | asg_launch_config_ami: "{{ asg_launch_config_amis_per_region[aws_region] }}" 31 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/files/etc/profile.d/99-dockercmd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | alias watch='watch ' 3 | alias dps='docker ps' 4 | 5 | function dl { docker ps -lq; } 6 | function dlr { docker ps -lq -f "status=running"; } 7 | function dlog { x="$(dl)"; if [ -z "$x" ]; then echo "No containers running."; else docker logs "$@" $x; fi ;} 8 | alias dlogf='dlog -f' 9 | alias dlogt='dlog -t' 10 | 11 | # Show docker logs for a container that matches the provided pattern. 12 | # The pattern match happens on the 'docker ps' command output, so you can search for 13 | # container id, image name, status, etc. 14 | # Examples: 15 | # $ dlogp topics # logs for a container that has 'topics' in it's image name 16 | # $ dlogp kafka # logs for a container that has 'kafka' in it's image name 17 | # $ dlogp 8082 # logs for a container that has '8082' in it's ports field 18 | function dlogp { 19 | if [[ "$#" -eq "0" ]]; then 20 | echo "Usage: dlogp " 21 | return 1 22 | fi 23 | 24 | read -r -a CONTAINERS <<< $(docker ps | grep $1 | awk '{print $1}') 25 | # we have to count it this way otherwise the file can't go in cloud-init 26 | N_CONTAINERS=$(docker ps | grep $1 | awk '{print $1}' | wc -l ) 27 | if [[ "$N_CONTAINERS" -eq "1" ]]; then 28 | # Found one container matching $1 29 | shift 30 | docker logs "$@" ${CONTAINERS[0]} 31 | elif [[ "$N_CONTAINERS" -eq "0" ]]; then 32 | echo "No container matching $1" 33 | else 34 | echo "$N_CONTAINERS containers matching $1" 35 | docker ps | grep "$1" 36 | fi 37 | } 38 | 39 | # Similar to dlogp but the logs are followed (docker logs -f) 40 | # 41 | # Example: 42 | # $ dlogfp topics # follow logs for a container that has 'topics' in it's image name 43 | function dlogfp { 44 | dlogp $1 -f; 45 | } 46 | 47 | # Similar to dlogp but the logs are tailed (docker logs -t) 48 | # 49 | # Example: 50 | # $ dlogtp topics # tail logs for a container that has 'topics' in it's image name 51 | function dlogtp { 52 | dlogp $1 -f; 53 | } 54 | 55 | function dex { x="$(dlr)"; if [ -z "$x" ]; then echo "Container not running."; else docker exec -it $x "$@"; fi ;} 56 | function dattach { x="$(dl)"; if [ -z "$x" ]; then echo "Container not running."; else docker attach --no-stdin --sig-proxy=false $x "$@"; fi ;} 57 | alias di='docker images' 58 | alias drm='docker rm' 59 | alias drmi='docker rmi' 60 | function dstop { x="$(dlr)"; if [ -z "$x" ]; then echo "Container not running."; else time docker stop "$@" $x; fi ;} 61 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/files/etc/security/limits.d/file_limit.conf: -------------------------------------------------------------------------------- 1 | # /etc/security/limits.d/file_limit.conf 2 | # This file sets the limit of files open at the system level at the same time 3 | 4 | * soft nofile 20000 5 | * hard nofile 20000 6 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/files/etc/sysconfig/docker: -------------------------------------------------------------------------------- 1 | # The max number of open files for the daemon itself, and all 2 | # running containers. The default value of 1048576 mirrors the value 3 | # used by the systemd service unit. 4 | DAEMON_MAXFILES=1048576 5 | 6 | # Additional startup options for the Docker daemon, for example: 7 | # OPTIONS="--ip-forward=true --iptables=true" 8 | # By default we limit the number of open files per container 9 | # OPTIONS="--default-ulimit nofile=1024:4096" 10 | OPTIONS="--default-ulimit nofile=1048576:1048576" 11 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # Below are all platforms currently available. Just uncomment the ones that apply 34 | # to your role. If you don't see your platform on this list, let us know, 35 | # and we'll get it added! 36 | # 37 | #platforms: 38 | #- name: OpenBSD 39 | # versions: 40 | # - all 41 | # - 5.6 42 | # - 5.7 43 | # - 5.8 44 | # - 5.9 45 | # - 6.0 46 | #- name: Fedora 47 | # versions: 48 | # - all 49 | # - 16 50 | # - 17 51 | # - 18 52 | # - 19 53 | # - 20 54 | # - 21 55 | # - 22 56 | # - 23 57 | # - 24 58 | # - 25 59 | #- name: DellOS 60 | # versions: 61 | # - all 62 | # - 10 63 | # - 6 64 | # - 9 65 | #- name: MacOSX 66 | # versions: 67 | # - all 68 | # - 10.10 69 | # - 10.11 70 | # - 10.12 71 | # - 10.7 72 | # - 10.8 73 | # - 10.9 74 | #- name: Synology 75 | # versions: 76 | # - all 77 | # - any 78 | #- name: Junos 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: GenericBSD 83 | # versions: 84 | # - all 85 | # - any 86 | #- name: Void Linux 87 | # versions: 88 | # - all 89 | # - any 90 | #- name: GenericLinux 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: NXOS 95 | # versions: 96 | # - all 97 | # - any 98 | #- name: IOS 99 | # versions: 100 | # - all 101 | # - any 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | # - 2016.03 108 | # - 2016.09 109 | #- name: ArchLinux 110 | # versions: 111 | # - all 112 | # - any 113 | #- name: FreeBSD 114 | # versions: 115 | # - all 116 | # - 10.0 117 | # - 10.1 118 | # - 10.2 119 | # - 10.3 120 | # - 11.0 121 | # - 8.0 122 | # - 8.1 123 | # - 8.2 124 | # - 8.3 125 | # - 8.4 126 | # - 9.0 127 | # - 9.1 128 | # - 9.1 129 | # - 9.2 130 | # - 9.3 131 | #- name: Ubuntu 132 | # versions: 133 | # - all 134 | # - lucid 135 | # - maverick 136 | # - natty 137 | # - oneiric 138 | # - precise 139 | # - quantal 140 | # - raring 141 | # - saucy 142 | # - trusty 143 | # - utopic 144 | # - vivid 145 | # - wily 146 | # - xenial 147 | # - yakkety 148 | #- name: Debian 149 | # versions: 150 | # - all 151 | # - etch 152 | # - jessie 153 | # - lenny 154 | # - sid 155 | # - squeeze 156 | # - stretch 157 | # - wheezy 158 | #- name: Alpine 159 | # versions: 160 | # - all 161 | # - any 162 | #- name: EL 163 | # versions: 164 | # - all 165 | # - 5 166 | # - 6 167 | # - 7 168 | #- name: Windows 169 | # versions: 170 | # - all 171 | # - 2012R2 172 | #- name: SmartOS 173 | # versions: 174 | # - all 175 | # - any 176 | #- name: opensuse 177 | # versions: 178 | # - all 179 | # - 12.1 180 | # - 12.2 181 | # - 12.3 182 | # - 13.1 183 | # - 13.2 184 | #- name: SLES 185 | # versions: 186 | # - all 187 | # - 10SP3 188 | # - 10SP4 189 | # - 11 190 | # - 11SP1 191 | # - 11SP2 192 | # - 11SP3 193 | # - 11SP4 194 | # - 12 195 | # - 12SP1 196 | #- name: GenericUNIX 197 | # versions: 198 | # - all 199 | # - any 200 | #- name: Solaris 201 | # versions: 202 | # - all 203 | # - 10 204 | # - 11.0 205 | # - 11.1 206 | # - 11.2 207 | # - 11.3 208 | #- name: eos 209 | # versions: 210 | # - all 211 | # - Any 212 | 213 | galaxy_tags: [] 214 | # List tags for your role here, one per line. A tag is a keyword that describes 215 | # and categorizes the role. Users find roles by searching for tags. Be sure to 216 | # remove the '[]' above, if you add tags to this list. 217 | # 218 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 219 | # Maximum 20 tags per role. 220 | 221 | dependencies: [] 222 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 223 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-infra.aws-asg 3 | - name: Set bootcommands 4 | set_fact: 5 | _bootcmd: | 6 | - yum update -y ecs-init 7 | - yum install -y nc telnet bind-utils xfsprogs gcc python27-devel {{ asg_additional_yum_packages }} 8 | - /usr/bin/easy_install pip 9 | - /usr/local/bin/pip install --upgrade boto3 boto awscli requests psutil {{ asg_additional_python_pip_packages }} 10 | {{ asg_additional_user_data_bootcmd }} 11 | 12 | - name: Set write_files 13 | set_fact: 14 | _write_files: | 15 | - path: /etc/ecs/ecs.config 16 | permissions: 0644 17 | owner: root 18 | content: | 19 | {{ lookup('template', 'ecs.config.j2') | indent(4, false) }} 20 | - path: /etc/profile.d/99-dockercmd.sh 21 | permissions: 0644 22 | owner: root 23 | content: | 24 | {{ lookup('file', './etc/profile.d/99-dockercmd.sh') | indent(4, false) }} 25 | - path: /etc/security/limits.d/file_limit.conf 26 | permissions: 0644 27 | owner: root 28 | content: | 29 | {{ lookup('file', './etc/security/limits.d/file_limit.conf') | indent(4, false) }} 30 | - path: /etc/sysconfig/docker 31 | permissions: 0644 32 | owner: root 33 | content: | 34 | {{ lookup('file', './etc/sysconfig/docker') | indent(4, false) }} 35 | {{ asg_additional_write_files }} 36 | 37 | - name: Set runcommands 38 | set_fact: 39 | _runcmd: | 40 | - echo "this only get executed on the first boot" 41 | {{ asg_additional_user_data_runcmd }} 42 | 43 | - name: Determine userdata 44 | set_fact: 45 | _launch_config_user_data: | 46 | #cloud-config 47 | write_files: 48 | {{ _write_files | indent(2, false) }} 49 | bootcmd: 50 | {{ _bootcmd | indent(2, false) }} 51 | runcmd: 52 | {{ _runcmd | indent(2, false) }} 53 | {{ asg_additional_cloud_config_commands }} 54 | 55 | - name: Set launch config volumes fact 56 | set_fact: 57 | _launch_config_volumes: 58 | - device_name: /dev/xvda 59 | volume_size: "{{ asg_launch_config_root_volume_size }}" 60 | delete_on_termination: true 61 | 62 | - name: Set launch config params fact 63 | set_fact: 64 | _launch_config_params: 65 | name: "{{ asg_ecs_cluster_name }}" # this is used for the hash, the actual LC will have a differnet name ( see _launch_config_name ) 66 | image_id: "{{ asg_launch_config_ami }}" 67 | key_name: "{{ asg_launch_config_key_name }}" 68 | region: "{{ aws_region }}" 69 | profile: "{{ aws_profile }}" 70 | security_groups: "{{ asg_additional_security_groups + [sg_info_output.group_id] }}" 71 | instance_type: "{{ asg_launch_config_instance_size }}" 72 | user_data: "{{ _launch_config_user_data }}" 73 | instance_profile_name: "{{ asg_launch_config_instance_profile_name }}" 74 | assign_public_ip: "{{ asg_launch_config_assign_public_ip }}" 75 | volumes: "{{ _launch_config_volumes + asg_additional_volumes }}" 76 | 77 | - name: Set launch config hash fact 78 | set_fact: 79 | _launch_config_params_hash: "{{ _launch_config_params | to_json | hash('sha1') }}" 80 | 81 | - name: Set launch config name fact 82 | set_fact: 83 | _launch_config_name: "{{ asg_ecs_cluster_name }}_{{ _launch_config_params_hash }}" 84 | 85 | - name: Launch configuration 86 | ec2_lc: "{{ _launch_config_params | combine({'name': _launch_config_name }) }}" 87 | register: app_launch_config 88 | 89 | - name: create autoscaling group 90 | ec2_asg: 91 | name: "{{ asg_ecs_cluster_name }}" 92 | launch_config_name: "{{ app_launch_config['name'] }}" 93 | region: "{{ aws_region }}" 94 | profile: "{{ aws_profile }}" 95 | min_size: "{{ asg_min_size }}" 96 | max_size: "{{ asg_max_size }}" 97 | desired_capacity: "{{ asg_desired_capacity }}" 98 | vpc_zone_identifier: "{{ asg_subnets }}" # | join(',') 99 | health_check_type: EC2 100 | health_check_period: 300 101 | tags: "{{ asg_tags }}" 102 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/templates/ecs.config.j2: -------------------------------------------------------------------------------- 1 | ECS_CLUSTER={{ asg_ecs_cluster_name }} 2 | AWS_DEFAULT_REGION={{ aws_region }} 3 | ECS_AVAILABLE_LOGGING_DRIVERS=["awslogs","fluentd","gelf","json-file","journald","splunk","syslog"] 4 | {{ asg_additional_ecs_config }} 5 | ECS_ENABLE_TASK_IAM_ROLE=true 6 | ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=true 7 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - ansible-infra.aws-asg -------------------------------------------------------------------------------- /roles/aws.ec2-autoscaling-group/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-infra.aws-asg 3 | 4 | # Launch config related 5 | # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html 6 | asg_launch_config_amis_per_region: 7 | us-east-2: "ami-9f9cbafa" 8 | us-east-1: "ami-83af8395" 9 | us-west-2: "ami-11120768" 10 | us-west-1: "ami-c1c6eba1" 11 | eu-west-2: "ami-767e6812" 12 | eu-west-1: "ami-5f140c39" 13 | eu-central-1: "ami-e656f189" 14 | ap-northeast-1: "ami-fd10059a" 15 | ap-southeast-2: "ami-2ab95148" 16 | ap-southeast-1: "ami-1926ab7a" 17 | ca-central-1: "ami-ead8678e" 18 | 19 | asg_tag_name: 20 | Name: "{{ asg_ecs_cluster_name }}" 21 | propagate_at_launch: true 22 | 23 | asg_tags: "{{ asg_additional_tags + [ asg_tag_name ] }}" 24 | -------------------------------------------------------------------------------- /roles/aws.ec2-loadbalancer/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/aws.ec2-loadbalancer/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for aws.ec2-loadbalancer 3 | elb_sg_description: "Security group for the ELB: {{ elb_cluster_name }} / {{ elb_service_name }}" 4 | elb_sg_rules: [] 5 | elb_sg_purge_rules: yes 6 | elb_sg_purge_rules_egress: yes 7 | 8 | elb_connection_draining_timeout: 60 9 | elb_cross_az_load_balancing: no 10 | elb_scheme: internet-facing 11 | -------------------------------------------------------------------------------- /roles/aws.ec2-loadbalancer/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # Below are all platforms currently available. Just uncomment the ones that apply 34 | # to your role. If you don't see your platform on this list, let us know, 35 | # and we'll get it added! 36 | # 37 | #platforms: 38 | #- name: OpenBSD 39 | # versions: 40 | # - all 41 | # - 5.6 42 | # - 5.7 43 | # - 5.8 44 | # - 5.9 45 | # - 6.0 46 | #- name: Fedora 47 | # versions: 48 | # - all 49 | # - 16 50 | # - 17 51 | # - 18 52 | # - 19 53 | # - 20 54 | # - 21 55 | # - 22 56 | # - 23 57 | # - 24 58 | # - 25 59 | #- name: DellOS 60 | # versions: 61 | # - all 62 | # - 10 63 | # - 6 64 | # - 9 65 | #- name: MacOSX 66 | # versions: 67 | # - all 68 | # - 10.10 69 | # - 10.11 70 | # - 10.12 71 | # - 10.7 72 | # - 10.8 73 | # - 10.9 74 | #- name: Synology 75 | # versions: 76 | # - all 77 | # - any 78 | #- name: Junos 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: GenericBSD 83 | # versions: 84 | # - all 85 | # - any 86 | #- name: Void Linux 87 | # versions: 88 | # - all 89 | # - any 90 | #- name: GenericLinux 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: NXOS 95 | # versions: 96 | # - all 97 | # - any 98 | #- name: IOS 99 | # versions: 100 | # - all 101 | # - any 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | # - 2016.03 108 | # - 2016.09 109 | #- name: ArchLinux 110 | # versions: 111 | # - all 112 | # - any 113 | #- name: FreeBSD 114 | # versions: 115 | # - all 116 | # - 10.0 117 | # - 10.1 118 | # - 10.2 119 | # - 10.3 120 | # - 11.0 121 | # - 8.0 122 | # - 8.1 123 | # - 8.2 124 | # - 8.3 125 | # - 8.4 126 | # - 9.0 127 | # - 9.1 128 | # - 9.1 129 | # - 9.2 130 | # - 9.3 131 | #- name: Ubuntu 132 | # versions: 133 | # - all 134 | # - lucid 135 | # - maverick 136 | # - natty 137 | # - oneiric 138 | # - precise 139 | # - quantal 140 | # - raring 141 | # - saucy 142 | # - trusty 143 | # - utopic 144 | # - vivid 145 | # - wily 146 | # - xenial 147 | # - yakkety 148 | #- name: Debian 149 | # versions: 150 | # - all 151 | # - etch 152 | # - jessie 153 | # - lenny 154 | # - sid 155 | # - squeeze 156 | # - stretch 157 | # - wheezy 158 | #- name: Alpine 159 | # versions: 160 | # - all 161 | # - any 162 | #- name: EL 163 | # versions: 164 | # - all 165 | # - 5 166 | # - 6 167 | # - 7 168 | #- name: Windows 169 | # versions: 170 | # - all 171 | # - 2012R2 172 | #- name: SmartOS 173 | # versions: 174 | # - all 175 | # - any 176 | #- name: opensuse 177 | # versions: 178 | # - all 179 | # - 12.1 180 | # - 12.2 181 | # - 12.3 182 | # - 13.1 183 | # - 13.2 184 | #- name: SLES 185 | # versions: 186 | # - all 187 | # - 10SP3 188 | # - 10SP4 189 | # - 11 190 | # - 11SP1 191 | # - 11SP2 192 | # - 11SP3 193 | # - 11SP4 194 | # - 12 195 | # - 12SP1 196 | #- name: GenericUNIX 197 | # versions: 198 | # - all 199 | # - any 200 | #- name: Solaris 201 | # versions: 202 | # - all 203 | # - 10 204 | # - 11.0 205 | # - 11.1 206 | # - 11.2 207 | # - 11.3 208 | #- name: eos 209 | # versions: 210 | # - all 211 | # - Any 212 | 213 | galaxy_tags: [] 214 | # List tags for your role here, one per line. A tag is a keyword that describes 215 | # and categorizes the role. Users find roles by searching for tags. Be sure to 216 | # remove the '[]' above, if you add tags to this list. 217 | # 218 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 219 | # Maximum 20 tags per role. 220 | 221 | dependencies: [] 222 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 223 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/aws.ec2-loadbalancer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for aws.ec2-loadbalancer 3 | - name: Create ELB Security group 4 | ec2_group: 5 | name: "{{ elb_cluster_name }}-{{ elb_service_name }}-lb" 6 | description: "{{ elb_sg_description }}" 7 | state: present 8 | region: "{{ aws_region }}" 9 | profile: "{{ aws_profile }}" 10 | rules: "{{ elb_sg_rules }}" 11 | purge_rules: "{{ elb_sg_purge_rules }}" 12 | purge_rules_egress: "{{ elb_sg_purge_rules_egress }}" 13 | vpc_id: "{{ elb_vpc_id }}" 14 | register: _elb_sg_info 15 | 16 | - name: Tag ELB Security Group 17 | ec2_tag: 18 | resource: "{{ _elb_sg_info.group_id }}" 19 | region: "{{ aws_region }}" 20 | profile: "{{ aws_profile }}" 21 | state: present 22 | tags: 23 | Name: "{{ elb_cluster_name }}-{{ elb_service_name }}-lb" 24 | ClusterName: "{{ elb_cluster_name }}" 25 | EcsServiceName: "{{ elb_service_name }}" 26 | 27 | - name: create load balancer 28 | ec2_elb_lb: 29 | profile: "{{ aws_profile }}" 30 | region: "{{ aws_region }}" 31 | name: "{{ elb_cluster_name }}-{{ elb_service_name }}-lb" 32 | state: present 33 | subnets: "{{ elb_subnets | join(',') }}" 34 | security_group_names: "['{{ elb_cluster_name }}-{{ elb_service_name }}-lb']" 35 | connection_draining_timeout: "{{ elb_connection_draining_timeout }}" 36 | cross_az_load_balancing: "{{ elb_cross_az_load_balancing }}" 37 | idle_timeout: "{{ elb_idle_timeout | default(omit) }}" 38 | scheme: "{{ elb_scheme }}" 39 | listeners: "{{ elb_listeners }}" 40 | stickiness: "{{ elb_stickiness | default(omit) }}" 41 | health_check: "{{ elb_health_check | default(omit) }}" 42 | zones: "{{ elb_zones | default(omit) }}" 43 | access_logs: "{{ elb_access_logs | default(omit) }}" 44 | tags: 45 | Name: "{{ elb_cluster_name }}-{{ elb_service_name }}-lb" 46 | ClusterName: "{{ elb_cluster_name }}" 47 | EcsServiceName: "{{ elb_service_name }}" 48 | register: _elb_load_balancer 49 | 50 | 51 | - name: Extract load balancer parameters from elb module 52 | set_fact: 53 | _elb_ecs_load_balancers: 54 | - loadBalancerName: "{{ elb_cluster_name }}-{{ elb_service_name }}-lb" 55 | containerName: "{{ elb_container_name }}" 56 | containerPort: "{{ elb_container_port }}" 57 | -------------------------------------------------------------------------------- /roles/aws.ec2-loadbalancer/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/aws.ec2-loadbalancer/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - aws.ec2-loadbalancer -------------------------------------------------------------------------------- /roles/aws.ec2-security-groups/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/aws.ec2-security-groups/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for roles/ansible-infra.aws-sg 3 | sg_list: [] 4 | sg_state: present 5 | sg_rules: [] 6 | sg_purge_rules: true 7 | sg_purge_rules_egress: true 8 | -------------------------------------------------------------------------------- /roles/aws.ec2-security-groups/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # Below are all platforms currently available. Just uncomment the ones that apply 34 | # to your role. If you don't see your platform on this list, let us know, 35 | # and we'll get it added! 36 | # 37 | #platforms: 38 | #- name: OpenBSD 39 | # versions: 40 | # - all 41 | # - 5.6 42 | # - 5.7 43 | # - 5.8 44 | # - 5.9 45 | # - 6.0 46 | #- name: Fedora 47 | # versions: 48 | # - all 49 | # - 16 50 | # - 17 51 | # - 18 52 | # - 19 53 | # - 20 54 | # - 21 55 | # - 22 56 | # - 23 57 | # - 24 58 | # - 25 59 | #- name: DellOS 60 | # versions: 61 | # - all 62 | # - 10 63 | # - 6 64 | # - 9 65 | #- name: MacOSX 66 | # versions: 67 | # - all 68 | # - 10.10 69 | # - 10.11 70 | # - 10.12 71 | # - 10.7 72 | # - 10.8 73 | # - 10.9 74 | #- name: Synology 75 | # versions: 76 | # - all 77 | # - any 78 | #- name: Junos 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: GenericBSD 83 | # versions: 84 | # - all 85 | # - any 86 | #- name: Void Linux 87 | # versions: 88 | # - all 89 | # - any 90 | #- name: GenericLinux 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: NXOS 95 | # versions: 96 | # - all 97 | # - any 98 | #- name: IOS 99 | # versions: 100 | # - all 101 | # - any 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | # - 2016.03 108 | # - 2016.09 109 | #- name: ArchLinux 110 | # versions: 111 | # - all 112 | # - any 113 | #- name: FreeBSD 114 | # versions: 115 | # - all 116 | # - 10.0 117 | # - 10.1 118 | # - 10.2 119 | # - 10.3 120 | # - 11.0 121 | # - 8.0 122 | # - 8.1 123 | # - 8.2 124 | # - 8.3 125 | # - 8.4 126 | # - 9.0 127 | # - 9.1 128 | # - 9.1 129 | # - 9.2 130 | # - 9.3 131 | #- name: Ubuntu 132 | # versions: 133 | # - all 134 | # - lucid 135 | # - maverick 136 | # - natty 137 | # - oneiric 138 | # - precise 139 | # - quantal 140 | # - raring 141 | # - saucy 142 | # - trusty 143 | # - utopic 144 | # - vivid 145 | # - wily 146 | # - xenial 147 | # - yakkety 148 | #- name: Debian 149 | # versions: 150 | # - all 151 | # - etch 152 | # - jessie 153 | # - lenny 154 | # - sid 155 | # - squeeze 156 | # - stretch 157 | # - wheezy 158 | #- name: Alpine 159 | # versions: 160 | # - all 161 | # - any 162 | #- name: EL 163 | # versions: 164 | # - all 165 | # - 5 166 | # - 6 167 | # - 7 168 | #- name: Windows 169 | # versions: 170 | # - all 171 | # - 2012R2 172 | #- name: SmartOS 173 | # versions: 174 | # - all 175 | # - any 176 | #- name: opensuse 177 | # versions: 178 | # - all 179 | # - 12.1 180 | # - 12.2 181 | # - 12.3 182 | # - 13.1 183 | # - 13.2 184 | #- name: SLES 185 | # versions: 186 | # - all 187 | # - 10SP3 188 | # - 10SP4 189 | # - 11 190 | # - 11SP1 191 | # - 11SP2 192 | # - 11SP3 193 | # - 11SP4 194 | # - 12 195 | # - 12SP1 196 | #- name: GenericUNIX 197 | # versions: 198 | # - all 199 | # - any 200 | #- name: Solaris 201 | # versions: 202 | # - all 203 | # - 10 204 | # - 11.0 205 | # - 11.1 206 | # - 11.2 207 | # - 11.3 208 | #- name: eos 209 | # versions: 210 | # - all 211 | # - Any 212 | 213 | galaxy_tags: [] 214 | # List tags for your role here, one per line. A tag is a keyword that describes 215 | # and categorizes the role. Users find roles by searching for tags. Be sure to 216 | # remove the '[]' above, if you add tags to this list. 217 | # 218 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 219 | # Maximum 20 tags per role. 220 | 221 | dependencies: [] 222 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 223 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/aws.ec2-security-groups/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create Security group 3 | ec2_group: 4 | name: "{{ sg_cluster_name }}-cluster" 5 | description: "{{ sg_description }}" 6 | state: "{{ sg_state }}" 7 | region: "{{ aws_region }}" 8 | profile: "{{ aws_profile }}" 9 | rules: "{{ sg_rules }}" 10 | purge_rules: "{{ sg_purge_rules }}" 11 | purge_rules_egress: "{{ sg_purge_rules_egress }}" 12 | vpc_id: "{{ sg_vpc_id }}" 13 | register: sg_info_output 14 | 15 | - name: Tag security groups 16 | ec2_tag: 17 | resource: "{{ sg_info_output.group_id }}" 18 | region: "{{ aws_region }}" 19 | profile: "{{ aws_profile }}" 20 | state: present 21 | tags: 22 | Name: "{{ sg_cluster_name }}-cluster" 23 | ClusterName: "{{ sg_cluster_name }}" 24 | -------------------------------------------------------------------------------- /roles/aws.ec2-security-groups/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/aws.ec2-security-groups/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - roles/ansible-infra.aws-sg -------------------------------------------------------------------------------- /roles/aws.ecs-cluster/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/aws.ecs-cluster/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for aws.ecs-cluster -------------------------------------------------------------------------------- /roles/aws.ecs-cluster/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # Below are all platforms currently available. Just uncomment the ones that apply 34 | # to your role. If you don't see your platform on this list, let us know, 35 | # and we'll get it added! 36 | # 37 | #platforms: 38 | #- name: OpenBSD 39 | # versions: 40 | # - all 41 | # - 5.6 42 | # - 5.7 43 | # - 5.8 44 | # - 5.9 45 | # - 6.0 46 | #- name: Fedora 47 | # versions: 48 | # - all 49 | # - 16 50 | # - 17 51 | # - 18 52 | # - 19 53 | # - 20 54 | # - 21 55 | # - 22 56 | # - 23 57 | # - 24 58 | # - 25 59 | #- name: DellOS 60 | # versions: 61 | # - all 62 | # - 10 63 | # - 6 64 | # - 9 65 | #- name: MacOSX 66 | # versions: 67 | # - all 68 | # - 10.10 69 | # - 10.11 70 | # - 10.12 71 | # - 10.7 72 | # - 10.8 73 | # - 10.9 74 | #- name: Synology 75 | # versions: 76 | # - all 77 | # - any 78 | #- name: Junos 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: GenericBSD 83 | # versions: 84 | # - all 85 | # - any 86 | #- name: Void Linux 87 | # versions: 88 | # - all 89 | # - any 90 | #- name: GenericLinux 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: NXOS 95 | # versions: 96 | # - all 97 | # - any 98 | #- name: IOS 99 | # versions: 100 | # - all 101 | # - any 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | # - 2016.03 108 | # - 2016.09 109 | #- name: ArchLinux 110 | # versions: 111 | # - all 112 | # - any 113 | #- name: FreeBSD 114 | # versions: 115 | # - all 116 | # - 10.0 117 | # - 10.1 118 | # - 10.2 119 | # - 10.3 120 | # - 11.0 121 | # - 8.0 122 | # - 8.1 123 | # - 8.2 124 | # - 8.3 125 | # - 8.4 126 | # - 9.0 127 | # - 9.1 128 | # - 9.1 129 | # - 9.2 130 | # - 9.3 131 | #- name: Ubuntu 132 | # versions: 133 | # - all 134 | # - lucid 135 | # - maverick 136 | # - natty 137 | # - oneiric 138 | # - precise 139 | # - quantal 140 | # - raring 141 | # - saucy 142 | # - trusty 143 | # - utopic 144 | # - vivid 145 | # - wily 146 | # - xenial 147 | # - yakkety 148 | #- name: Debian 149 | # versions: 150 | # - all 151 | # - etch 152 | # - jessie 153 | # - lenny 154 | # - sid 155 | # - squeeze 156 | # - stretch 157 | # - wheezy 158 | #- name: Alpine 159 | # versions: 160 | # - all 161 | # - any 162 | #- name: EL 163 | # versions: 164 | # - all 165 | # - 5 166 | # - 6 167 | # - 7 168 | #- name: Windows 169 | # versions: 170 | # - all 171 | # - 2012R2 172 | #- name: SmartOS 173 | # versions: 174 | # - all 175 | # - any 176 | #- name: opensuse 177 | # versions: 178 | # - all 179 | # - 12.1 180 | # - 12.2 181 | # - 12.3 182 | # - 13.1 183 | # - 13.2 184 | #- name: SLES 185 | # versions: 186 | # - all 187 | # - 10SP3 188 | # - 10SP4 189 | # - 11 190 | # - 11SP1 191 | # - 11SP2 192 | # - 11SP3 193 | # - 11SP4 194 | # - 12 195 | # - 12SP1 196 | #- name: GenericUNIX 197 | # versions: 198 | # - all 199 | # - any 200 | #- name: Solaris 201 | # versions: 202 | # - all 203 | # - 10 204 | # - 11.0 205 | # - 11.1 206 | # - 11.2 207 | # - 11.3 208 | #- name: eos 209 | # versions: 210 | # - all 211 | # - Any 212 | 213 | galaxy_tags: [] 214 | # List tags for your role here, one per line. A tag is a keyword that describes 215 | # and categorizes the role. Users find roles by searching for tags. Be sure to 216 | # remove the '[]' above, if you add tags to this list. 217 | # 218 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 219 | # Maximum 20 tags per role. 220 | 221 | dependencies: [] 222 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 223 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/aws.ecs-cluster/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for aws.ecs-cluster 3 | 4 | - name: Create ECS cluster 5 | ecs_cluster: 6 | name: "{{ ecs_cluster_name }}" 7 | state: present 8 | region: "{{ aws_region }}" 9 | profile: "{{ aws_profile }}" 10 | -------------------------------------------------------------------------------- /roles/aws.ecs-cluster/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/aws.ecs-cluster/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - aws.ecs-cluster -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for aws.ecs-ecr 3 | ecr_force_set_policy: no 4 | ecr_policy: omit 5 | ecr_state: present 6 | ecr_additional_aws_account_list: [] 7 | -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # Below are all platforms currently available. Just uncomment the ones that apply 34 | # to your role. If you don't see your platform on this list, let us know, 35 | # and we'll get it added! 36 | # 37 | #platforms: 38 | #- name: OpenBSD 39 | # versions: 40 | # - all 41 | # - 5.6 42 | # - 5.7 43 | # - 5.8 44 | # - 5.9 45 | # - 6.0 46 | #- name: Fedora 47 | # versions: 48 | # - all 49 | # - 16 50 | # - 17 51 | # - 18 52 | # - 19 53 | # - 20 54 | # - 21 55 | # - 22 56 | # - 23 57 | # - 24 58 | # - 25 59 | #- name: DellOS 60 | # versions: 61 | # - all 62 | # - 10 63 | # - 6 64 | # - 9 65 | #- name: MacOSX 66 | # versions: 67 | # - all 68 | # - 10.10 69 | # - 10.11 70 | # - 10.12 71 | # - 10.7 72 | # - 10.8 73 | # - 10.9 74 | #- name: Synology 75 | # versions: 76 | # - all 77 | # - any 78 | #- name: Junos 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: GenericBSD 83 | # versions: 84 | # - all 85 | # - any 86 | #- name: Void Linux 87 | # versions: 88 | # - all 89 | # - any 90 | #- name: GenericLinux 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: NXOS 95 | # versions: 96 | # - all 97 | # - any 98 | #- name: IOS 99 | # versions: 100 | # - all 101 | # - any 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | # - 2016.03 108 | # - 2016.09 109 | #- name: ArchLinux 110 | # versions: 111 | # - all 112 | # - any 113 | #- name: FreeBSD 114 | # versions: 115 | # - all 116 | # - 10.0 117 | # - 10.1 118 | # - 10.2 119 | # - 10.3 120 | # - 11.0 121 | # - 8.0 122 | # - 8.1 123 | # - 8.2 124 | # - 8.3 125 | # - 8.4 126 | # - 9.0 127 | # - 9.1 128 | # - 9.1 129 | # - 9.2 130 | # - 9.3 131 | #- name: Ubuntu 132 | # versions: 133 | # - all 134 | # - lucid 135 | # - maverick 136 | # - natty 137 | # - oneiric 138 | # - precise 139 | # - quantal 140 | # - raring 141 | # - saucy 142 | # - trusty 143 | # - utopic 144 | # - vivid 145 | # - wily 146 | # - xenial 147 | # - yakkety 148 | #- name: Debian 149 | # versions: 150 | # - all 151 | # - etch 152 | # - jessie 153 | # - lenny 154 | # - sid 155 | # - squeeze 156 | # - stretch 157 | # - wheezy 158 | #- name: Alpine 159 | # versions: 160 | # - all 161 | # - any 162 | #- name: EL 163 | # versions: 164 | # - all 165 | # - 5 166 | # - 6 167 | # - 7 168 | #- name: Windows 169 | # versions: 170 | # - all 171 | # - 2012R2 172 | #- name: SmartOS 173 | # versions: 174 | # - all 175 | # - any 176 | #- name: opensuse 177 | # versions: 178 | # - all 179 | # - 12.1 180 | # - 12.2 181 | # - 12.3 182 | # - 13.1 183 | # - 13.2 184 | #- name: SLES 185 | # versions: 186 | # - all 187 | # - 10SP3 188 | # - 10SP4 189 | # - 11 190 | # - 11SP1 191 | # - 11SP2 192 | # - 11SP3 193 | # - 11SP4 194 | # - 12 195 | # - 12SP1 196 | #- name: GenericUNIX 197 | # versions: 198 | # - all 199 | # - any 200 | #- name: Solaris 201 | # versions: 202 | # - all 203 | # - 10 204 | # - 11.0 205 | # - 11.1 206 | # - 11.2 207 | # - 11.3 208 | #- name: eos 209 | # versions: 210 | # - all 211 | # - Any 212 | 213 | galaxy_tags: [] 214 | # List tags for your role here, one per line. A tag is a keyword that describes 215 | # and categorizes the role. Users find roles by searching for tags. Be sure to 216 | # remove the '[]' above, if you add tags to this list. 217 | # 218 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 219 | # Maximum 20 tags per role. 220 | 221 | dependencies: [] 222 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 223 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for aws.ecs-ecr 3 | 4 | - name: Retrieve current AWS account_id 5 | command: aws sts get-caller-identity --output text --query 'Account' --profile "{{ aws_profile }}" 6 | register: aws_account_id 7 | changed_when: false 8 | failed_when: aws_account_id['stdout'] == 'None' 9 | 10 | - name: "Create ECR repository and apply policy if needed" 11 | ecs_ecr: 12 | region: "{{ aws_region }}" 13 | profile: "{{ aws_profile }}" 14 | name: "{{ item }}" 15 | force_set_policy: "{{ ecr_force_set_policy }}" 16 | policy: "{{ lookup('template', 'policy.json.j2') }}" 17 | state: "{{ ecr_state }}" 18 | with_items: 19 | - "{{ ecr_repository_name }}" 20 | -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/templates/policy.json.j2: -------------------------------------------------------------------------------- 1 | {% set ecr_aws_account_list = [ aws_account_id.stdout ] + ecr_additional_aws_account_list %} 2 | 3 | { 4 | "Version": "2008-10-17", 5 | "Statement": [ 6 | { 7 | "Sid": "allow-pull-from-prod", 8 | "Effect": "Allow", 9 | "Principal": { 10 | "AWS": 11 | {% if ecr_aws_account_list|length == 1 %} 12 | "arn:aws:iam::{{ ecr_aws_account_list[0] }}:root" 13 | {% else %} 14 | [{% for account_id in ecr_aws_account_list %}"arn:aws:iam::{{ account_id }}:root"{% if not loop.last %},{% endif %}{% endfor %}] 15 | {% endif %} 16 | }, 17 | "Action": [ 18 | "ecr:GetDownloadUrlForLayer", 19 | "ecr:BatchGetImage", 20 | "ecr:BatchCheckLayerAvailability" 21 | ] 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/aws.ecs-ecr/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - aws.ecs-ecr -------------------------------------------------------------------------------- /roles/aws.ecs-service/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/aws.ecs-service/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for aws.ec2-service 3 | ecs_container_essential: true 4 | ecs_service_desired_count: 0 5 | ecs_deployment_configuration: 6 | minimum_healthy_percent: 100 7 | maximum_percent: 200 8 | 9 | ecs_taskdefinition_state: present 10 | ecs_taskdefinition_network_mode: bridge 11 | ecs_taskdefinition_volumes: [] 12 | 13 | ecs_load_balancers: [] 14 | 15 | # task definition defaults 16 | ecs_taskdefinition_container_essential: true 17 | ecs_taskdefinition_family: "{{ ecs_cluster_name }}__{{ ecs_service_name }}" 18 | 19 | 20 | ecs_log_configuration_default: 21 | logDriver: "json-file" # other options include splunk, etc 22 | options: # options required based on log driver 23 | max-size: "200m" # the log won't occupy all the disk space 24 | 25 | ecs_containers_defaults: 26 | logConfiguration: "{{ ecs_log_configuration_default }}" 27 | 28 | ecs_apply_container_defaults: true 29 | 30 | ecs_role: ecsServiceRole 31 | -------------------------------------------------------------------------------- /roles/aws.ecs-service/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # Below are all platforms currently available. Just uncomment the ones that apply 34 | # to your role. If you don't see your platform on this list, let us know, 35 | # and we'll get it added! 36 | # 37 | #platforms: 38 | #- name: OpenBSD 39 | # versions: 40 | # - all 41 | # - 5.6 42 | # - 5.7 43 | # - 5.8 44 | # - 5.9 45 | # - 6.0 46 | #- name: Fedora 47 | # versions: 48 | # - all 49 | # - 16 50 | # - 17 51 | # - 18 52 | # - 19 53 | # - 20 54 | # - 21 55 | # - 22 56 | # - 23 57 | # - 24 58 | # - 25 59 | #- name: DellOS 60 | # versions: 61 | # - all 62 | # - 10 63 | # - 6 64 | # - 9 65 | #- name: MacOSX 66 | # versions: 67 | # - all 68 | # - 10.10 69 | # - 10.11 70 | # - 10.12 71 | # - 10.7 72 | # - 10.8 73 | # - 10.9 74 | #- name: Synology 75 | # versions: 76 | # - all 77 | # - any 78 | #- name: Junos 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: GenericBSD 83 | # versions: 84 | # - all 85 | # - any 86 | #- name: Void Linux 87 | # versions: 88 | # - all 89 | # - any 90 | #- name: GenericLinux 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: NXOS 95 | # versions: 96 | # - all 97 | # - any 98 | #- name: IOS 99 | # versions: 100 | # - all 101 | # - any 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | # - 2016.03 108 | # - 2016.09 109 | #- name: ArchLinux 110 | # versions: 111 | # - all 112 | # - any 113 | #- name: FreeBSD 114 | # versions: 115 | # - all 116 | # - 10.0 117 | # - 10.1 118 | # - 10.2 119 | # - 10.3 120 | # - 11.0 121 | # - 8.0 122 | # - 8.1 123 | # - 8.2 124 | # - 8.3 125 | # - 8.4 126 | # - 9.0 127 | # - 9.1 128 | # - 9.1 129 | # - 9.2 130 | # - 9.3 131 | #- name: Ubuntu 132 | # versions: 133 | # - all 134 | # - lucid 135 | # - maverick 136 | # - natty 137 | # - oneiric 138 | # - precise 139 | # - quantal 140 | # - raring 141 | # - saucy 142 | # - trusty 143 | # - utopic 144 | # - vivid 145 | # - wily 146 | # - xenial 147 | # - yakkety 148 | #- name: Debian 149 | # versions: 150 | # - all 151 | # - etch 152 | # - jessie 153 | # - lenny 154 | # - sid 155 | # - squeeze 156 | # - stretch 157 | # - wheezy 158 | #- name: Alpine 159 | # versions: 160 | # - all 161 | # - any 162 | #- name: EL 163 | # versions: 164 | # - all 165 | # - 5 166 | # - 6 167 | # - 7 168 | #- name: Windows 169 | # versions: 170 | # - all 171 | # - 2012R2 172 | #- name: SmartOS 173 | # versions: 174 | # - all 175 | # - any 176 | #- name: opensuse 177 | # versions: 178 | # - all 179 | # - 12.1 180 | # - 12.2 181 | # - 12.3 182 | # - 13.1 183 | # - 13.2 184 | #- name: SLES 185 | # versions: 186 | # - all 187 | # - 10SP3 188 | # - 10SP4 189 | # - 11 190 | # - 11SP1 191 | # - 11SP2 192 | # - 11SP3 193 | # - 11SP4 194 | # - 12 195 | # - 12SP1 196 | #- name: GenericUNIX 197 | # versions: 198 | # - all 199 | # - any 200 | #- name: Solaris 201 | # versions: 202 | # - all 203 | # - 10 204 | # - 11.0 205 | # - 11.1 206 | # - 11.2 207 | # - 11.3 208 | #- name: eos 209 | # versions: 210 | # - all 211 | # - Any 212 | 213 | galaxy_tags: [] 214 | # List tags for your role here, one per line. A tag is a keyword that describes 215 | # and categorizes the role. Users find roles by searching for tags. Be sure to 216 | # remove the '[]' above, if you add tags to this list. 217 | # 218 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 219 | # Maximum 20 tags per role. 220 | 221 | dependencies: [] 222 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 223 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/aws.ecs-service/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for aws.ec2-service 3 | - name: Apply default values to containers 4 | set_fact: 5 | _taskdefinition_containers_with_defaults: "{{ (_taskdefinition_containers_with_defaults | default([])) + 6 | [ ecs_containers_defaults | combine(item) ] }}" 7 | with_items: "{{ ecs_taskdefinition_containers }}" 8 | when: ecs_apply_container_defaults 9 | 10 | 11 | ## Create task definition 12 | - name: Create task definition 13 | ecs_taskdefinition: 14 | profile: "{{ aws_profile }}" 15 | region: "{{ aws_region }}" 16 | containers: "{{ _taskdefinition_containers_with_defaults | default(ecs_taskdefinition_containers) }}" 17 | state: "{{ ecs_taskdefinition_state }}" 18 | family: "{{ ecs_taskdefinition_family }}" 19 | revision: "{{ ecs_taskdefinition_revision | default(omit) }}" 20 | task_role_arn: "{{ ecs_taskdefinition_task_role_arn | default(omit) }}" 21 | network_mode: "{{ ecs_taskdefinition_network_mode }}" 22 | volumes: "{{ ecs_taskdefinition_volumes }}" 23 | register: _task_definition 24 | 25 | # tasks file for aws.ec2-service 26 | - name: Apply default values to containers 27 | set_fact: 28 | _load_balancers: "{{ _elb_ecs_load_balancers | default(ecs_load_balancers) }}" 29 | 30 | - name: Register ECS service 31 | ecs_service: 32 | profile: "{{ aws_profile }}" 33 | region: "{{ aws_region }}" 34 | state: present 35 | name: "{{ ecs_service_name }}" 36 | cluster: "{{ ecs_cluster_name }}" 37 | task_definition: "{{ _task_definition['taskdefinition']['taskDefinitionArn'] }}" 38 | load_balancers: "{{ _load_balancers }}" 39 | role: "{{ ecs_role if _load_balancers|length > 0 else omit }}" 40 | desired_count: "{{ ecs_service_desired_count }}" 41 | deployment_configuration: "{{ ecs_deployment_configuration }}" 42 | # placement_strategy: 43 | # placement_constraint: 44 | -------------------------------------------------------------------------------- /roles/aws.ecs-service/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/aws.ecs-service/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - aws.ec2-service -------------------------------------------------------------------------------- /roles/custom-services/files/README.md: -------------------------------------------------------------------------------- 1 | # Custom files 2 | 3 | Add any custom files here, just like you would for any other role. 4 | An example to look at would be the role aws.ec2-autoscaling-group 5 | -------------------------------------------------------------------------------- /roles/custom-services/tasks/cloudwatch_log_group.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create CloudWatch log group if required" 3 | register: _cloudwatch_log_group_create 4 | changed_when: "'CREATED' in _cloudwatch_log_group_create.stderr" 5 | shell: | 6 | set -eu 7 | REGION="{{ aws_region }}" 8 | PROFILE="{{ aws_profile }}" 9 | [ -z "{{ cloudwatch_log_group_name }}" ] && exit 1 10 | 11 | # Check whether it already exists. 12 | arn=$(aws logs describe-log-groups \ 13 | --region "$REGION" --profile "$PROFILE" --output text \ 14 | --max-items 1 --log-group-name-prefix "{{ cloudwatch_log_group_name }}" \ 15 | | awk '$4 == "{{ cloudwatch_log_group_name }}" { print $2 }') 16 | 17 | if [ -n "$arn" ]; then 18 | echo "UNCHANGED " > /dev/stderr 19 | echo "$arn" 20 | else 21 | aws logs create-log-group \ 22 | --region "$REGION" --profile "$PROFILE" --output text \ 23 | --log-group-name "{{ cloudwatch_log_group_name }}" 24 | echo "CREATED " > /dev/stderr 25 | aws logs describe-log-groups \ 26 | --region "$REGION" --profile "$PROFILE" --output text \ 27 | --max-items 1 --log-group-name-prefix "{{ cloudwatch_log_group_name }}" \ 28 | | awk '$4 == "{{ cloudwatch_log_group_name }}" { print $2 }' 29 | fi 30 | 31 | - name: "Register CloudWatch log group ARN fact" 32 | when: _cloudwatch_log_group_create|succeeded 33 | set_fact: 34 | cloudwatch_log_group_arn: "{{ _cloudwatch_log_group_create['stdout'] }}" 35 | -------------------------------------------------------------------------------- /roles/custom-services/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Make sure to create a file named .yml under the tasks directory 3 | - name: "Include service custom tasks" 4 | include: "{{ item }}" 5 | with_items: "{{ custom_task_files }}" 6 | -------------------------------------------------------------------------------- /roles/custom-services/tasks/postgres-example.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # custom tasks file for postgres-example 3 | - name: "Include any custom task for your service here. These will be executed before any other template" 4 | debug: 5 | msg: "Hi from: {{ postgres_hello_world }}" 6 | 7 | - name: "Export some result to be used by other tasks" 8 | set_fact: 9 | postgres_custom_label: "This variable is accessible from the other roles now" 10 | -------------------------------------------------------------------------------- /roles/custom-services/templates/README.md: -------------------------------------------------------------------------------- 1 | # Templates 2 | 3 | Any custom templates you might need for your tasks 4 | look at aws.ec2-autoscaling-group for an example 5 | -------------------------------------------------------------------------------- /run-infrastructure.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # NAME 4 | # run-infrastructure.sh - Run Ansible with infrastructure configurations 5 | # 6 | # SYNOPSIS 7 | # ./run-infrastructure.sh CLUSTER ENV 8 | # ./run-infrastructure.sh 9 | 10 | set -eu -o pipefail 11 | 12 | source ANSIBLE_DOCKER_ENV 13 | 14 | USAGE=$(sed -E -e '/^$/q' -e 's/^#($|!.*| (.*))$/\2/' "$0") 15 | 16 | case $# in 17 | 2) docker run -it -v "${PWD}:/project" \ 18 | -v ~/.aws:/root/.aws \ 19 | -e "CLUSTER_NAME=${1:?"Required argument missing. $USAGE"}" \ 20 | -e "ENV=${2:?"Required argument missing. $USAGE"}" \ 21 | "simplemachines/ansible-template:${DOCKER_TAG:?"Required variable missing. $USAGE"}" \ 22 | scripts/run-infrastructure.sh 23 | ;; 24 | *) # Display usage along with suggested arguments 25 | cat </dev/null 2>&1 || { echo "Please install ansible-vault before running this script." >&2; exit 1; } 16 | ansible-vault -vvv --vault-password-file=/project/.vaultpassword $OPERATION /project/$CLUSTER_NAME/infrastructure/$TARGET_ENV.vault.yml -------------------------------------------------------------------------------- /scripts/editvault-services.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | if ! [ -a .vaultpassword ] 4 | then 5 | echo "Vault password file '.vaultpassword' not found." 6 | exit 1 7 | fi 8 | OPERATION="edit" 9 | if ! [ -a /project/$CLUSTER_NAME/services/$SERVICE_NAME/$TARGET_ENV.vault.yml ] 10 | then 11 | echo "Creating new vault for $TARGET_ENV" 12 | OPERATION="create" 13 | fi 14 | 15 | command -v ansible-vault >/dev/null 2>&1 || { echo "Please install ansible-vault before running this script." >&2; exit 1; } 16 | ansible-vault -vvv --vault-password-file=/project/.vaultpassword $OPERATION /project/$CLUSTER_NAME/services/$SERVICE_NAME/$TARGET_ENV.vault.yml -------------------------------------------------------------------------------- /scripts/run-infrastructure.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ansible-playbook -vvv --vault-password-file=/project/.vaultpassword \ 3 | /project/infrastructure.yml \ 4 | -e "env=$ENV cluster_name=$CLUSTER_NAME" 5 | -------------------------------------------------------------------------------- /scripts/run-service.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ansible-playbook -vvv --vault-password-file=/project/.vaultpassword \ 3 | /project/service.yml \ 4 | -e "env=$ENV cluster_name=$CLUSTER_NAME service_name=$SERVICE_NAME" 5 | -------------------------------------------------------------------------------- /service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: localhost 4 | gather_facts: no 5 | vars_files: 6 | - "{{ cluster_name }}/services/{{ service_name }}/common.yml" # include common variables 7 | - ["{{ cluster_name }}/services/{{ service_name }}/{{ env }}.vault.yml", "{{ cluster_name }}/services/{{ service_name }}/{{ env }}.yml"] # load vault if exists 8 | - "{{ cluster_name }}/services/{{ service_name }}/{{ env }}.yml" # include environment specific variables 9 | roles: 10 | - role: custom-services # Include custom role for the service 11 | when: custom_task_files | default([]) 12 | - role: roles/aws.ec2-loadbalancer # create the load balancer for the service if needed 13 | when: elb_create | default(false) 14 | - role: roles/aws.ecs-ecr # create an ECR repository if needed 15 | when: ecr_create | default(false) 16 | - role: roles/aws.ecs-service # create the ecs service 17 | -------------------------------------------------------------------------------- /update-ansible.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | if [ ! -z "$1" ] 4 | then 5 | echo "Updating from $1" 6 | UPDATE_FROM=$1 7 | else 8 | echo "Updating from github" 9 | VERSION=master 10 | rm -Rf ansible-aws-infra-services-$VERSION 11 | curl -L --silent --show-error https://github.com/simple-machines/ansible-aws-infra-services/archive/$VERSION.tar.gz | tar xz 12 | UPDATE_FROM="ansible-aws-infra-services-$VERSION" 13 | fi 14 | 15 | rsync \ 16 | --exclude="example-cluster" \ 17 | --exclude="roles/custom*" \ 18 | --include="roles/***" \ 19 | --include="scripts/***" \ 20 | -rav $UPDATE_FROM/* . \ 21 | --------------------------------------------------------------------------------