forked from edwardcallahan/conductr-ansible
-
Notifications
You must be signed in to change notification settings - Fork 11
/
create-network-ec2.yml
170 lines (158 loc) · 4.78 KB
/
create-network-ec2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
---
#
# Creates a VPC network, subnets et al for use w/build-cluster-ec.yml
#
- name: Create Lightbend PS EC2 network
hosts: localhost
connection: local
gather_facts: False
vars:
node_sg_name: Lightbend Node SG
EC2_REGION: us-east-1
tasks:
- name: Create VPC
local_action:
module: ec2_vpc
cidr_block: 10.0.0.0/16
resource_tags:
Name: "Lightbend Cluster VPC"
region: "{{ EC2_REGION }}"
dns_hostnames: yes
dns_support: yes
internet_gateway: True
route_tables:
- subnets:
- 10.0.1.0/24
- 10.0.2.0/24
- 10.0.3.0/24
routes:
- dest: 0.0.0.0/0
gw: igw
subnets:
- cidr: 10.0.1.0/24
az: "{{ EC2_REGION }}a"
resource_tags:
Name: "Lightbend {{ EC2_REGION }}a SN"
- cidr: 10.0.2.0/24
az: "{{ EC2_REGION }}b"
resource_tags:
Name: "Lightbend {{ EC2_REGION }}b SN"
# Use 'a' or 'b' again for 2 AZs
- cidr: 10.0.3.0/24
az: "{{ EC2_REGION }}c"
resource_tags:
Name: "Lightbend {{ EC2_REGION }}c SN"
state: present
register: vpc
- name: Create Ingress SG
local_action:
module: ec2_group
name: Lightbend Ingress SG
description: Ingress SG to Lightbend Cluster
vpc_id: "{{ vpc.vpc_id }}"
region: "{{ vpc.vpc.region }}"
state: present
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 443
to_port: 443
cidr_ip: 0.0.0.0/0
register: ingress_sg
- name: Tag Ingress SG
local_action:
module: ec2_tag
region: "{{ EC2_REGION }}"
resource: "{{ ingress_sg.group_id }}"
state: present
tags:
Name: Lightbend ELB SG
# This can fail due to timing. Re-run playbook
- name: Create Nodes SG
local_action:
module: ec2_group
name: Lightbend Node SG
description: SG for Lightbend Nodes
vpc_id: "{{ vpc.vpc_id }}"
region: "{{ vpc.vpc.region }}"
rules:
# SSH
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
# Agent Remote Port
- proto: tcp
from_port: 2552
to_port: 2552
group_name: Lightbend Node SG
# Health
- proto: tcp
from_port: 9009
to_port: 9009
group_id: "{{ ingress_sg.group_id }}"
# Visualizer
- proto: tcp
from_port: 9999
to_port: 9999
group_id: "{{ ingress_sg.group_id }}"
# Akka remoting, control protocol, bundle transfer
# Status server, service locator
- proto: tcp
from_port: 9004
to_port: 9008
group_name: Lightbend Node SG
# Bundle endpoint assignments
- proto: tcp
from_port: 10000
to_port: 10999
group_name: Lightbend Node SG
state: present
register: node_sg
- name: Tag Node SG
local_action:
module: ec2_tag
region: "{{ EC2_REGION }}"
resource: "{{ node_sg.group_id }}"
state: present
tags:
Name: Lightbend Node SG
- name: Create ELB
local_action:
module: ec2_elb_lb
name: "Lightbend-PS-ELB-{{ EC2_REGION }}"
scheme: internet-facing
security_group_ids: "{{ ingress_sg.group_id }}"
state: present
cross_az_load_balancing: yes
region: "{{ EC2_REGION }}"
subnets:
- "{{ vpc.subnets[0].id }}"
- "{{ vpc.subnets[1].id }}"
- "{{ vpc.subnets[2].id }}"
listeners:
# Upload a cert to use SSL
# Example listener for Visualizer 80 -> 9999
- protocol: http
load_balancer_port: 80
instance_port: 9999
health_check:
ping_protocol: http
ping_port: 9009
ping_path: /status
response_timeout: 5
interval: 30
unhealthy_threshold: 2
healthy_threshold: 3
register: elb
- debug: msg="ELB zone name {{ elb.elb.dns_name }}"
- debug: msg="Add listeners to {{ elb.elb.dns_name }} to expose bundle endpoints"
- debug: msg="Upload x.509 certificate to ELB for SSL endpoints"
- name: Create vars file
template:
src: templates/vars.j2
dest: "vars/{{ EC2_REGION }}_vars.yml"
- debug: msg="Vars file vars/{{ EC2_REGION }}_vars.yml created. You MUST add KEYPAIR name to vars file before using!"