role/deploy_flask_app - change required parameter key pair with path to ssh key file

changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml

@@ -0,0 +1,10 @@
+---
+breaking_changes:
+  - >-
+    roles/deploy_flask_app - Add parameter ``deploy_flask_app_bastion_ssh_private_key`` to define
+    the path to the ssh private key file to use to connect to the bastion host (https://github.com/redhat-cop/cloud.aws_ops/issues/103).
+  - >-
+    roles/deploy_flask_app - The following parameters no longer required have been removed
+    ``deploy_flask_app_bastion_host_required_packages``, ``deploy_flask_app_local_registry_port``,
+    ``deploy_flask_app_local_registry_pwd``, ``deploy_flask_app_local_registry_user``,
+    ``deploy_flask_app_git_repository`` (https://github.com/redhat-cop/cloud.aws_ops/issues/103).

playbooks/webapp/README.md

@@ -101,16 +101,6 @@ To delete the webapp:
 * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance. Default: `"{{ resource_prefix }}-bastion"`
 * **bastion_host_type** (str): Instance type for the EC2 instance. Default: `t2.xlarge`
 * **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user. Default: `fedora`
-* **deploy_flask_app_bastion_host_required_packages** (list, elements str): Packages to be installed on the bastion host. Default:
-  ```yaml
-  - python3
-  - python-virtualenv
-  - sshpass
-  - git
-  - podman
-  - httpd-tools
-  - ansible
-  ```
 
 ### Networking
 
@@ -142,12 +132,8 @@ To delete the webapp:
 
 ### Webapp
 
-* **deploy_flask_app_git_repository** (str): Git repository for the webapp. Default: `https://github.com/abikouo/webapp_pyflask_demo.git`
 * **deploy_flask_app_number_of_workers** (int): Number of worker instances to create. Default: `2`
 * **deploy_flask_app_workers_instance_type** (str): EC2 instance type for workers. Default: `t2.xlarge`
-* **deploy_flask_app_local_registry_user** (str): Username for local Podman registry. Default: `ansible`
-* **deploy_flask_app_local_registry_pwd** (str): Password for local Podman registry. Default: `testing123`
-* **deploy_flask_app_local_registry_port** (int): Port for the local Podman registery. Default: `"{{ app_listening_port }}"`
 * **deploy_flask_app_config** (dict, elements dict): Configuration values for the webapp, passed as corresponding env variables FLASK_APP, FLASK_ENV, ADMIN_USER, and ADMIN_PASSWORD when the app is deployed. Default:
   ```yaml
   app_dir: /app/pyapp

playbooks/webapp/files/ec2-trust-policy.json

@@ -0,0 +1,13 @@
+{
+	"Version": "2008-10-17",
+	"Statement": [
+	  {
+		"Sid": "",
+		"Effect": "Allow",
+		"Principal": {
+		  "Service": "ec2.amazonaws.com"
+		},
+		"Action": "sts:AssumeRole"
+	  }
+	]
+  }

playbooks/webapp/migrate_webapp.yaml

@@ -53,16 +53,24 @@
         rds_snapshot_arn: "{{ result.db_snapshot_arn }}"
         region: "{{ dest_region }}"
 
-    - name: Deploy app
+    - name: Create workers and deploy application
       when: operation == "create"
-      ansible.builtin.import_role:
-        name: cloud.aws_ops.deploy_flask_app
-      vars:
-        deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}"
-        deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
-        deploy_flask_app_vm_info: "{{ vm_result }}"
-        deploy_flask_app_rds_info: "{{ rds_result }}"
-        deploy_flask_app_region: "{{ dest_region }}"
+      module_defaults:
+        group/aws:
+          aws_access_key: "{{ aws_access_key | default(omit) }}"
+          aws_secret_key: "{{ aws_secret_key | default(omit) }}"
+          security_token: "{{ security_token | default(omit) }}"
+          region: "{{ dest_region }}"
+      block:
+        - name: Deploy app
+          ansible.builtin.import_role:
+            name: cloud.aws_ops.deploy_flask_app
+          vars:
+            deploy_flask_app_bastion_ssh_private_key: "{{ ssh_key_file_path }}"
+            deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}"
+            deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
+            deploy_flask_app_vm_info: "{{ vm_result }}"
+            deploy_flask_app_rds_info: "{{ rds_result }}"
 
     - name: Delete RDS snapshots from different regions
       amazon.aws.rds_instance_snapshot:

playbooks/webapp/tasks/create.yaml

@@ -202,45 +202,36 @@
             db_instance_identifier: "{{ rds_identifier }}"
           register: rds_result
 
-    - name: Set 'sshkey_file' variable
-      ansible.builtin.set_fact:
-        sshkey_file: ~/private-key-{{ deploy_flask_app_sshkey_pair_name }}-{{ region | default(aws_region) }}
-
-    - name: Create key pair to connect to the VM
-      amazon.aws.ec2_key:
-        name: "{{ deploy_flask_app_sshkey_pair_name }}"
-      register: rsa_key
-
-    - name: Save private key into file
-      ansible.builtin.copy:
-        content: "{{ rsa_key.key.private_key }}"
-        dest: "{{ sshkey_file }}"
-        mode: 0400
-      when: rsa_key is changed
-
-    - name: Check if the vm exists
-      amazon.aws.ec2_instance_info:
-        filters:
-          instance-type: "{{ bastion_host_type }}"
-          key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
-          vpc-id: "{{ vpc.vpc.id }}"
-          instance-state-name: running
-      register: vm_result
+    - name: Create key pair to connect to the virtual machine
+      ansible.builtin.include_tasks: manage_keypair.yaml
+
+    - name: Ensure IAM instance role exists
+      amazon.aws.iam_role:
+        name: "{{ ec2_iam_role_name }}"
+        assume_role_policy_document: "{{ lookup('file', 'ec2-trust-policy.json') }}"
+        state: present
+        create_instance_profile: true
+        wait: true
+      register: role_output
 
     - name: Create a virtual machine
-      when: vm_result.instances | length == 0
       amazon.aws.ec2_instance:
         name: "{{ deploy_flask_app_bastion_host_name }}"
         instance_type: "{{ bastion_host_type }}"
         image_id: "{{ images.images.0.image_id }}"
         key_name: "{{ deploy_flask_app_sshkey_pair_name }}"
         subnet_id: "{{ subnet.subnet.id }}"
+        ebs_optimized: true
+        instance_role: "{{ role_output.iam_role.role_name }}"
         network:
           assign_public_ip: true
           groups:
             - "{{ secgroup.group_id }}"
         security_groups:
           - "{{ secgroup.group_id }}"
+        user_data: |
+          #!/bin/bash
+          yum install -y python3 python-virtualenv sshpass netcat ansible
         wait: true
         state: started
       register: vm_result

playbooks/webapp/tasks/delete.yaml

@@ -8,6 +8,11 @@
       region: "{{ region | default(aws_region) }}"
 
   block:
+    - name: Delete S3 bucket
+      amazon.aws.s3_bucket:
+        name: "{{ bucket_name }}"
+        state: absent
+        force: true
 
     - name: Get vpc information
       amazon.aws.ec2_vpc_net_info:
@@ -22,54 +27,37 @@
           ansible.builtin.set_fact:
             vpc_id: "{{ vpc.vpcs.0.vpc_id }}"
 
-        - name: Get bastion instance info
+        # Delete Load balancer
+        - name: List Load balancer(s) from VPC
+          community.aws.elb_classic_lb_info:
+          register: load_balancers
+
+        - name: Set fact for list of load balancers to delete
+          ansible.builtin.set_fact:
+            load_balancers_to_delete: "{{ load_balancers.elbs | selectattr('vpc_id', 'equalto', vpc_id) | map(attribute='load_balancer_name') | list }}"
+
+        - name: Delete load balancer(s)
+          amazon.aws.elb_classic_lb:
+            name: "{{ item }}"
+            wait: true
+            state: absent
+          with_items: "{{ load_balancers_to_delete }}"
+
+        # Delete EC2 instances
+        - name: Get EC2 instance info
           amazon.aws.ec2_instance_info:
             filters:
-              instance-type: "{{ bastion_host_type }}"
-              key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
               vpc-id: "{{ vpc_id }}"
-              instance-state-name: running
-          register: bastion
-
-        - name: Delete EC2 instances with dependant Resources
-          when: bastion.instances | length == 1
-          block:
-            - name: Set 'instance_host_name' variable
-              ansible.builtin.set_fact:
-                instance_host_name: "{{ bastion.instances.0.public_dns_name | split('.') | first }}"
-
-            - name: Delete workers key pair
-              amazon.aws.ec2_key:
-                name: "{{ instance_host_name }}-key"
-                state: absent
-
-            - name: Delete load balancer
-              amazon.aws.elb_classic_lb:
-                name: "{{ instance_host_name }}-lb"
-                wait: true
-                state: absent
-
-            - name: List workers
-              amazon.aws.ec2_instance_info:
-                filters:
-                  tag:Name: "{{ instance_host_name }}-workers"
-                  instance-state-name: running
-              register: running
-
-            - name: Delete workers
-              when: running.instances | length != 0
-              amazon.aws.ec2_instance:
-                instance_ids: "{{ running.instances | map(attribute='instance_id') | list }}"
-                wait: true
-                state: terminated
-
-            - name: Delete bastion host
-              amazon.aws.ec2_instance:
-                instance_ids:
-                  - "{{ bastion.instances.0.instance_id }}"
-                wait: true
-                state: terminated
+          register: ec2_instances
+
+        - name: Delete ec2 instances from VPC
+          amazon.aws.ec2_instance:
+            instance_ids: "{{ ec2_instances.instances | map(attribute='instance_id') | list }}"
+            wait: true
+            state: terminated
+          when: ec2_instances.instances | length > 0
 
+        # Delete RDS instance
         - name: Delete RDS instance
           amazon.aws.rds_instance:
             state: absent
@@ -87,19 +75,7 @@
             name: "{{ rds_subnet_group_name }}"
             state: absent
 
-        - name: List Security group from VPC
-          amazon.aws.ec2_security_group_info:
-            filters:
-              vpc-id: "{{ vpc_id }}"
-              tag:prefix: "{{ resource_prefix }}"
-          register: secgroups
-
-        - name: Delete security groups
-          amazon.aws.ec2_security_group:
-            state: absent
-            group_id: "{{ item }}"
-          with_items: "{{ secgroups.security_groups | map(attribute='group_id') | list }}"
-
+        # Delete VPC route table
         - name: List routes table from VPC
           amazon.aws.ec2_vpc_route_table_info:
             filters:
@@ -115,6 +91,7 @@
             state: absent
           with_items: "{{ route_table.route_tables | map(attribute='id') | list }}"
 
+        # Delete NAT Gateway
         - name: Get NAT gateway
           amazon.aws.ec2_vpc_nat_gateway_info:
             filters:
@@ -128,20 +105,39 @@
             wait: true
           with_items: "{{ nat_gw.result | map(attribute='nat_gateway_id') | list }}"
 
+        # Delete Internet gateway
         - name: Delete internet gateway
           amazon.aws.ec2_vpc_igw:
             vpc_id: "{{ vpc_id }}"
             state: absent
 
+        # Delete Subnets
+        - name: List Subnets from VPC
+          amazon.aws.ec2_vpc_subnet_info:
+            filters:
+              vpc-id: "{{ vpc_id }}"
+          register: vpc_subnets
+
         - name: Delete subnets
           amazon.aws.ec2_vpc_subnet:
             cidr: "{{ item }}"
             state: absent
             vpc_id: "{{ vpc_id }}"
-          with_items: "{{ subnet_cidr }}"
+          with_items: "{{ vpc_subnets.subnets | map(attribute='cidr_block') | list }}"
+
+        # Delete Security groups
+        - name: List Security group from VPC
+          amazon.aws.ec2_security_group_info:
+            filters:
+              vpc-id: "{{ vpc_id }}"
+          register: secgroups
+
+        - name: Delete security groups
+          amazon.aws.ec2_security_group:
+            state: absent
+            group_id: "{{ item }}"
+          with_items: "{{ secgroups.security_groups | rejectattr('group_name', 'equalto', 'default') | map(attribute='group_id') | list }}"
 
-        # As ec2_vpc_route_table can't delete route table, the vpc still has dependencies and cannot be deleted.
-        # You need to do it delete it manually using either the console or the cli.
         - name: Delete VPC
           amazon.aws.ec2_vpc_net:
             name: "{{ vpc_name }}"