Merge pull request #109 from abikouo/fix_int_target_test_deploy_flask…

…_app role/deploy_flask_app - change required parameter key pair with path to ssh key file
redhat-cop · Feb 9, 2024 · 7a63084 · 7a63084
2 parents fcab549 + 4de99e5
commit 7a63084
Show file tree

Hide file tree

Showing 46 changed files with 781 additions and 979 deletions.
diff --git a/changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml b/changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml
@@ -0,0 +1,10 @@
+---
+breaking_changes:
+  - >-
+    roles/deploy_flask_app - Add parameter ``deploy_flask_app_bastion_ssh_private_key`` to define
+    the path to the ssh private key file to use to connect to the bastion host (https://github.com/redhat-cop/cloud.aws_ops/issues/109).
+  - >-
+    roles/deploy_flask_app - The following parameters no longer required have been removed
+    ``deploy_flask_app_bastion_host_required_packages``, ``deploy_flask_app_local_registry_port``,
+    ``deploy_flask_app_local_registry_pwd``, ``deploy_flask_app_local_registry_user``,
+    ``deploy_flask_app_git_repository`` (https://github.com/redhat-cop/cloud.aws_ops/issues/103).
diff --git a/playbooks/webapp/README.md b/playbooks/webapp/README.md
@@ -101,16 +101,6 @@ To delete the webapp:
 * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance. Default: `"{{ resource_prefix }}-bastion"`
 * **bastion_host_type** (str): Instance type for the EC2 instance. Default: `t2.xlarge`
 * **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user. Default: `fedora`
-* **deploy_flask_app_bastion_host_required_packages** (list, elements str): Packages to be installed on the bastion host. Default:
-  ```yaml
-  - python3
-  - python-virtualenv
-  - sshpass
-  - git
-  - podman
-  - httpd-tools
-  - ansible
-  ```
 
 ### Networking
 
@@ -142,12 +132,8 @@ To delete the webapp:
 
 ### Webapp
 
-* **deploy_flask_app_git_repository** (str): Git repository for the webapp. Default: `https://github.com/abikouo/webapp_pyflask_demo.git`
 * **deploy_flask_app_number_of_workers** (int): Number of worker instances to create. Default: `2`
 * **deploy_flask_app_workers_instance_type** (str): EC2 instance type for workers. Default: `t2.xlarge`
-* **deploy_flask_app_local_registry_user** (str): Username for local Podman registry. Default: `ansible`
-* **deploy_flask_app_local_registry_pwd** (str): Password for local Podman registry. Default: `testing123`
-* **deploy_flask_app_local_registry_port** (int): Port for the local Podman registery. Default: `"{{ app_listening_port }}"`
 * **deploy_flask_app_config** (dict, elements dict): Configuration values for the webapp, passed as corresponding env variables FLASK_APP, FLASK_ENV, ADMIN_USER, and ADMIN_PASSWORD when the app is deployed. Default:
   ```yaml
   app_dir: /app/pyapp

diff --git a/playbooks/webapp/files/ec2-trust-policy.json b/playbooks/webapp/files/ec2-trust-policy.json
@@ -0,0 +1,13 @@
+{
+	"Version": "2008-10-17",
+	"Statement": [
+	  {
+		"Sid": "",
+		"Effect": "Allow",
+		"Principal": {
+		  "Service": "ec2.amazonaws.com"
+		},
+		"Action": "sts:AssumeRole"
+	  }
+	]
+  }
diff --git a/playbooks/webapp/files/run_app.yaml b/playbooks/webapp/files/run_app.yaml
diff --git a/playbooks/webapp/migrate_webapp.yaml b/playbooks/webapp/migrate_webapp.yaml
@@ -53,16 +53,23 @@
         rds_snapshot_arn: "{{ result.db_snapshot_arn }}"
         region: "{{ dest_region }}"
 
-    - name: Deploy app
+    - name: Create workers and deploy application
       when: operation == "create"
-      ansible.builtin.import_role:
-        name: cloud.aws_ops.deploy_flask_app
-      vars:
-        deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}"
-        deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
-        deploy_flask_app_vm_info: "{{ vm_result }}"
-        deploy_flask_app_rds_info: "{{ rds_result }}"
-        deploy_flask_app_region: "{{ dest_region }}"
+      module_defaults:
+        group/aws:
+          aws_access_key: "{{ aws_access_key | default(omit) }}"
+          aws_secret_key: "{{ aws_secret_key | default(omit) }}"
+          security_token: "{{ security_token | default(omit) }}"
+          region: "{{ dest_region }}"
+      block:
+        - name: Deploy app
+          ansible.builtin.import_role:
+            name: cloud.aws_ops.deploy_flask_app
+          vars:
+            deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}"
+            deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
+            deploy_flask_app_vm_info: "{{ vm_result }}"
+            deploy_flask_app_rds_info: "{{ rds_result }}"
 
     - name: Delete RDS snapshots from different regions
       amazon.aws.rds_instance_snapshot:

diff --git a/playbooks/webapp/tasks/add_route53_records.yaml b/playbooks/webapp/tasks/add_route53_records.yaml
@@ -43,6 +43,7 @@
         failover: "PRIMARY"
         health_check: "{{ healthchk_primary_result.health_check.id }}"
         alias_hosted_zone_id: "{{ primary_lb.elb.hosted_zone_id }}"
+        overwrite: true
       register: alias_record_primary_result
 
     - name: Add an alias record that points to an aws ELB in the replica region
@@ -57,6 +58,7 @@
         failover: "SECONDARY"
         health_check: "{{ healthchk_replica_result.health_check.id }}"
         alias_hosted_zone_id: "{{ replica_lb.elb.hosted_zone_id }}"
+        overwrite: true
       register: alias_record_replica_result
 
     - name: Pause for 30 secs for the alias records to be active

diff --git a/playbooks/webapp/tasks/create.yaml b/playbooks/webapp/tasks/create.yaml
@@ -202,45 +202,50 @@
             db_instance_identifier: "{{ rds_identifier }}"
           register: rds_result
 
-    - name: Set 'sshkey_file' variable
+    - name: Set variable for SSH private key file path
       ansible.builtin.set_fact:
-        sshkey_file: ~/private-key-{{ deploy_flask_app_sshkey_pair_name }}-{{ region | default(aws_region) }}
+        deploy_flask_app_bastion_ssh_private_key_path: "~/.{{ resource_prefix }}_id_rsa"
+      when: deploy_flask_app_bastion_ssh_private_key_path is undefined
 
-    - name: Create key pair to connect to the VM
+    - name: Create key pair to connect to the workers
       amazon.aws.ec2_key:
         name: "{{ deploy_flask_app_sshkey_pair_name }}"
-      register: rsa_key
+      register: keypair_result
 
-    - name: Save private key into file
+    - name: Save private key into a file
       ansible.builtin.copy:
-        content: "{{ rsa_key.key.private_key }}"
-        dest: "{{ sshkey_file }}"
-        mode: 0400
-      when: rsa_key is changed
-
-    - name: Check if the vm exists
-      amazon.aws.ec2_instance_info:
-        filters:
-          instance-type: "{{ bastion_host_type }}"
-          key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
-          vpc-id: "{{ vpc.vpc.id }}"
-          instance-state-name: running
-      register: vm_result
+        content: "{{ keypair_result.key.private_key }}"
+        dest: "{{ deploy_flask_app_bastion_ssh_private_key_path }}"
+        mode: 0600
+      when: keypair_result is changed
+
+    - name: Ensure IAM instance role exists
+      amazon.aws.iam_role:
+        name: "{{ ec2_iam_role_name }}"
+        assume_role_policy_document: "{{ lookup('file', 'ec2-trust-policy.json') }}"
+        state: present
+        create_instance_profile: true
+        wait: true
+      register: role_output
 
     - name: Create a virtual machine
-      when: vm_result.instances | length == 0
       amazon.aws.ec2_instance:
         name: "{{ deploy_flask_app_bastion_host_name }}"
         instance_type: "{{ bastion_host_type }}"
         image_id: "{{ images.images.0.image_id }}"
         key_name: "{{ deploy_flask_app_sshkey_pair_name }}"
         subnet_id: "{{ subnet.subnet.id }}"
+        ebs_optimized: true
+        instance_role: "{{ role_output.iam_role.role_name }}"
         network:
           assign_public_ip: true
           groups:
             - "{{ secgroup.group_id }}"
         security_groups:
           - "{{ secgroup.group_id }}"
+        user_data: |
+          #!/bin/bash
+          yum install -y python3 python-virtualenv sshpass netcat ansible
         wait: true
         state: started
       register: vm_result
diff --git a/playbooks/webapp/tasks/create_aurora_db_cluster.yaml b/playbooks/webapp/tasks/create_aurora_db_cluster.yaml
@@ -44,12 +44,6 @@
         create_rds_global_cluster_replica_cluster_vpc_security_group_ids:
           - "{{ rds_replica_sg.security_groups[0].group_id }}"
 
-    - name: Get primary instance info
-      amazon.aws.rds_instance_info:
-        db_instance_identifier: "{{ rds_primary_cluster_instance_name }}"
-        region: "{{ rds_primary_cluster_region }}"
-      register: primary_instance_info_result
-
     - name: Get primary cluster info
       amazon.aws.rds_cluster_info:
         db_cluster_identifier: "{{ rds_primary_cluster_name }}"
@@ -62,12 +56,6 @@
         region: "{{ rds_replica_cluster_region }}"
       register: replica_cluster_info_result
 
-    - name: Get replica instance info
-      amazon.aws.rds_instance_info:
-        db_instance_identifier: "{{ rds_replica_cluster_instance_name }}"
-        region: "{{ rds_replica_cluster_region }}"
-      register: replica_instance_info_result
-
     - name: Get global db info
       amazon.aws.rds_global_cluster_info:
         global_cluster_identifier: "{{ rds_global_cluster_name }}"