role/deploy_flask_app - change required parameter key pair with path to ssh key file

changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml

@@ -0,0 +1,10 @@
+---
+breaking_changes:
+  - >-
+    roles/deploy_flask_app - Add parameter ``deploy_flask_app_bastion_ssh_private_key`` to define
+    the path to the ssh private key file to use to connect to the bastion host (https://github.com/redhat-cop/cloud.aws_ops/issues/103).
+  - >-
+    roles/deploy_flask_app - The following parameters no longer required have been removed
+    ``deploy_flask_app_bastion_host_required_packages``, ``deploy_flask_app_local_registry_port``,
+    ``deploy_flask_app_local_registry_pwd``, ``deploy_flask_app_local_registry_user``,
+    ``deploy_flask_app_git_repository`` (https://github.com/redhat-cop/cloud.aws_ops/issues/103).

playbooks/webapp/README.md

@@ -101,16 +101,6 @@ To delete the webapp:
 * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance. Default: `"{{ resource_prefix }}-bastion"`
 * **bastion_host_type** (str): Instance type for the EC2 instance. Default: `t2.xlarge`
 * **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user. Default: `fedora`
-* **deploy_flask_app_bastion_host_required_packages** (list, elements str): Packages to be installed on the bastion host. Default:
-  ```yaml
-  - python3
-  - python-virtualenv
-  - sshpass
-  - git
-  - podman
-  - httpd-tools
-  - ansible
-  ```
 
 ### Networking
 
@@ -142,12 +132,8 @@ To delete the webapp:
 
 ### Webapp
 
-* **deploy_flask_app_git_repository** (str): Git repository for the webapp. Default: `https://github.com/abikouo/webapp_pyflask_demo.git`
 * **deploy_flask_app_number_of_workers** (int): Number of worker instances to create. Default: `2`
 * **deploy_flask_app_workers_instance_type** (str): EC2 instance type for workers. Default: `t2.xlarge`
-* **deploy_flask_app_local_registry_user** (str): Username for local Podman registry. Default: `ansible`
-* **deploy_flask_app_local_registry_pwd** (str): Password for local Podman registry. Default: `testing123`
-* **deploy_flask_app_local_registry_port** (int): Port for the local Podman registery. Default: `"{{ app_listening_port }}"`
 * **deploy_flask_app_config** (dict, elements dict): Configuration values for the webapp, passed as corresponding env variables FLASK_APP, FLASK_ENV, ADMIN_USER, and ADMIN_PASSWORD when the app is deployed. Default:
   ```yaml
   app_dir: /app/pyapp

playbooks/webapp/files/ec2-trust-policy.json

@@ -0,0 +1,13 @@
+{
+	"Version": "2008-10-17",
+	"Statement": [
+	  {
+		"Sid": "",
+		"Effect": "Allow",
+		"Principal": {
+		  "Service": "ec2.amazonaws.com"
+		},
+		"Action": "sts:AssumeRole"
+	  }
+	]
+  }

playbooks/webapp/migrate_webapp.yaml

@@ -58,6 +58,7 @@
       ansible.builtin.import_role:
         name: cloud.aws_ops.deploy_flask_app
       vars:
+        deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}"
         deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}"
         deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
         deploy_flask_app_vm_info: "{{ vm_result }}"

playbooks/webapp/tasks/create.yaml

@@ -227,6 +227,15 @@
           instance-state-name: running
       register: vm_result
 
+    - name: Ensure IAM instance role exists
+      amazon.aws.iam_role:
+        name: "{{ ec2_iam_role_name }}"
+        assume_role_policy_document: "{{ lookup('file', 'ec2-trust-policy.json') }}"
+        state: present
+        create_instance_profile: true
+        wait: true
+      register: role_output
+
     - name: Create a virtual machine
       when: vm_result.instances | length == 0
       amazon.aws.ec2_instance:
@@ -235,12 +244,17 @@
         image_id: "{{ images.images.0.image_id }}"
         key_name: "{{ deploy_flask_app_sshkey_pair_name }}"
         subnet_id: "{{ subnet.subnet.id }}"
+        ebs_optimized: true
+        instance_role: "{{ role_output.iam_role.role_name }}"
         network:
           assign_public_ip: true
           groups:
             - "{{ secgroup.group_id }}"
         security_groups:
           - "{{ secgroup.group_id }}"
+        user_data: |
+          #!/bin/bash
+          yum install -y python3 python-virtualenv sshpass netcat
         wait: true
         state: started
       register: vm_result

playbooks/webapp/vars/main.yaml

@@ -14,6 +14,7 @@ operation: create
 
 image_filter: Fedora-Cloud-Base-35-*gp2-0
 public_secgroup_name: "{{ resource_prefix }}-sg"
+ec2_iam_role_name: "{{ resource_prefix }}-role"
 rds_subnet_group_name: "{{ resource_prefix }}-rds-sg"
 rds_secgroup_name: "{{ resource_prefix }}-rds-sec"
 rds_identifier: "{{ resource_prefix }}-rds-01"
@@ -30,29 +31,16 @@ rds_listening_port: 5432
 deploy_flask_app_sshkey_pair_name: "{{ resource_prefix }}-key"
 deploy_flask_app_bastion_host_name: "{{ resource_prefix }}-bastion"
 deploy_flask_app_bastion_host_username: fedora
-deploy_flask_app_bastion_host_required_packages:
-  - python3
-  - python-virtualenv
-  - sshpass
-  - git
-  - gcc
-  - podman
-  - httpd-tools
-  - ansible-core
 deploy_flask_app_workers_instance_type: t2.xlarge
 deploy_flask_app_workers_user_name: fedora
 deploy_flask_app_number_of_workers: 2
 deploy_flask_app_listening_port: 5000
-deploy_flask_app_git_repository: https://github.com/abikouo/webapp_pyflask_demo.git
 deploy_flask_app_config:
   env: development
   admin_user: admin
   admin_password: admin
   app_dir: /app/pyapp
 deploy_flask_app_force_init: false
-deploy_flask_app_local_registry_user: ansible
-deploy_flask_app_local_registry_pwd: testing123
-deploy_flask_app_local_registry_port: "{{ deploy_flask_app_listening_port }}"
 deploy_flask_app_rds_master_password: L#5cH2mgy_
 deploy_flask_app_rds_master_username: ansible
 

playbooks/webapp/webapp.yaml

@@ -26,6 +26,7 @@
       ansible.builtin.include_role:
         name: cloud.aws_ops.deploy_flask_app
       vars:
+        deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}"
         deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}"
         deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
         deploy_flask_app_vm_info: "{{ vm_result }}"

playbooks/webapp/webapp_ha_aurora.yaml

@@ -57,6 +57,7 @@
           ansible.builtin.include_role:
             name: cloud.aws_ops.deploy_flask_app
           vars:
+            deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}"
             deploy_flask_app_private_subnet_id: "{{ primary_private_subnet.subnets[0].id }}"
             deploy_flask_app_vpc_id: "{{ primary_vpc.vpcs[0].id }}"
             deploy_flask_app_vm_info: "{{ primary_vm_result }}"
@@ -96,6 +97,7 @@
           ansible.builtin.include_role:
             name: cloud.aws_ops.deploy_flask_app
           vars:
+            deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}"
             deploy_flask_app_private_subnet_id: "{{ replica_private_subnet.subnets[0].id }}"
             deploy_flask_app_vpc_id: "{{ replica_vpc.vpcs[0].id }}"
             deploy_flask_app_vm_info: "{{ replica_vm_result }}"

roles/deploy_flask_app/README.md

@@ -24,31 +24,27 @@ Role Variables
 ## variables to create new hosts and groups in inventory of in memory playbook.
 
 * **deploy_flask_app_region** (str): Region where the app is to be deployed.
-* **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user.
 * **deploy_flask_app_private_subnet_id** (str): Private subnet id of the bastion host
 * **deploy_flask_app_vpc_id** (str): vpc id for the host.
 * **deploy_flask_app_rds_info** (dict): A dict of information for the backend RDS. This dict has the output of amazon.aws.rds_instance_info mode.
 * **deploy_flask_app_rds_master_username** (str): Username for the RDS instance.
 * **deploy_flask_app_rds_master_password** (str): password for the RDS instance.
 * **deploy_flask_app_vm_info** (dict): A dict of information for the vm to use. This dict has the output of amazon.aws.ec2_instance_info module.
-* **deploy_flask_app_sshkey_pair_name** (str): Name for the EC2 key pair.
 
 ## variables needed for the deployment
 
 # Bastion host
 * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance.
-* **deploy_flask_app_bastion_host_required_packages** (list): Packages to be installed on the bastion host.
+* **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user.
+* **deploy_flask_app_sshkey_pair_name** (str): Name for the EC2 key pair.
+* **deploy_flask_app_bastion_ssh_private_key** (path): The path to the ssh private key file to use to connect to the bastion host.
 * **deploy_flask_app_number_of_workers** (int): Number of instances to create.
 * **deploy_flask_app_workers_instance_type** (str): RC2 instance type for workers.
 * **deploy_flask_app_workers_user_name** (str): Username for the workers.
 
 # App
-* **deploy_flask_app_git_repository** (str): Git repository to be cloned for the webapp.
 * **deploy_flask_app_listening_port** (int): Load balancer port.
 * **deploy_flask_app_force_init** (bool): A boolean value True to force init the app and False to not force init.
-* **deploy_flask_app_local_registry_port** (int): Port for the local Podman registry.
-* **deploy_flask_app_local_registry_user** (str): Registry user name.
-* **deploy_flask_app_local_registry_pwd** (str): Registry password.
 * **deploy_flask_app_config** (dict): A dict of config parameterys for the app.
     **env** (str): Flask env.
     **admin_user** (str): App config's admin username.

roles/deploy_flask_app/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+deploy_flask_app_workers_ssh_private_key: /tmp/id_rsa
+deploy_flask_app_container_image: docker.io/aubinredhat/webapp:1.0.0

roles/deploy_flask_app/meta/argument_specs.yml

@@ -16,11 +16,11 @@ argument_specs:
         description: Name for the EC2 instance.
         type: str
         required: True
-      deploy_flask_app_bastion_host_required_packages:
-        description: Packages to be installed on the bastion host.
-        type: list
-        elements: str
+      deploy_flask_app_bastion_ssh_private_key:
+        description: The path to ssh private key file to use to connect to the bastion host.
+        type: path
         required: True
+        version_added: 2.1.0
       deploy_flask_app_private_subnet_id:
         description: Private subnet id of the bastion host.
         type: str
@@ -60,10 +60,6 @@ argument_specs:
         description: Username for the workers.
         type: str
         required: True
-      deploy_flask_app_git_repository:
-        description: Git repository to be cloned for the webapp.
-        type: str
-        required: True
       deploy_flask_app_listening_port:
         description: Load balancer port.
         type: int
@@ -72,18 +68,6 @@ argument_specs:
         description: A boolean value True to force init the app and False to not force init.
         type: bool
         required: True
-      deploy_flask_app_local_registry_user:
-        description: Registry user name.
-        type: str
-        required: True
-      deploy_flask_app_local_registry_pwd:
-        description: Registry password.
-        type: str
-        required: True
-      deploy_flask_app_local_registry_port:
-        description: Registry port.
-        type: int
-        required: True
       deploy_flask_app_config:
         description: A dict of config parameterys for the app.
         type: dict