The VPC role

The first role we are going to create is the one which creates the VPC itself. Everything we are going to configure/create in the upcoming roles needs to be hosted within a VPC, so it needs to be created and then we need to gather some information on it so we can proceed with the rest of the playbook.

To bootstrap the role, run the following command from within your working folder:

$ ansible-galaxy init roles/vpc

Now that we have the files for the role, open roles/vpc/tasks/main.yml and enter the following:

- name: ensure that the VPC is present
  ec2_vpc_net:
    region: "{{ ec2_region }}"
    name: "{{ environment_name }}"
    state: present
    cidr_block: "{{ vpc_cidr_block }}"
    resource_tags: { "Name" : "{{ environment_name }}", "Environment" : "{{ environment_name }}" }
  register: vpc_info

# - name: print the information we have registered
#   debug:
#     msg: "{{ vpc_info }}"

As you can see, we are using an Ansible module called ec2_vpc_net; this module replaces one called ec2_vpc which was deprecated and removed in Ansible 2.5.

We are using three variables within the task; the first two, ec2_region and environment_name, should be placed in group_vars/common.yml as we will be using them in most of the of the roles we will be creating:

environment_name: "my-vpc"
ec2_region: "eu-west-1"

Both variables are self-explanatory: the first is the name we will be using to reference the various elements we will be launching in AWS and the second lets Ansible know where we would like the VPC to be created.

The third variable, vpc_cidr_block, should be placed in the roles/vpc/defaults/main.yml file:

vpc_cidr_block: "10.0.0.0/16"

This defines the CIDR we want to use; 10.0.0.0/16 means that we would like to reserve 10.0.0.1 to 10.0.255.254 which gives us a range of around 65,534 usable IP address, which should be more than enough for our tests.

At the end of the first task, we are using the register flag to take all of the content which has been captured during the creation of the VPC and register that as a variable. We are then using the debug module to print this content to the screen.

Now that we have our first role, we can add some content to our site.yml file:

- name: Create and configure an Amazon VPC
  hosts: localhost
  connection: local
  gather_facts: True

  vars_files:
    - group_vars/common.yml
    - group_vars/firewall.yml
    - group_vars/secrets.yml
    - group_vars/words.yml
    - group_vars/keys.yml

  roles:
    - roles/vpc

Then run the playbook using:

$ ansible-playbook site.yml

This should give you something like the following output:

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit
localhost does not match 'all'

PLAY [Create and configure an Amazon VPC] *******************************************************

TASK [Gathering Facts] **************************************************************************
ok: [localhost]

TASK [roles/vpc : ensure that the VPC is present] ***********************************************
changed: [localhost]

TASK [roles/vpc : print the information we have registered] *************************************
ok: [localhost] => {
    "msg": {
        "changed": true,
        "failed": false,
        "vpc": {
            "cidr_block": "10.0.0.0/16",
            "cidr_block_association_set": [
                {
                    "association_id": "vpc-cidr-assoc-1eee5575",
                    "cidr_block": "10.0.0.0/16",
                    "cidr_block_state": {
                        "state": "associated"
                    }
                }
            ],
            "classic_link_enabled": false,
            "dhcp_options_id": "dopt-44851321",
            "id": "vpc-ccef75aa",
            "instance_tenancy": "default",
            "is_default": false,
            "state": "available",
            "tags": {
                "Environment": "my-vpc",
                "Name": "my-vpc"
            }
        }
    }
}

PLAY RECAP **************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=0

Checking the VPC section of the AWS console should show you that the VPC has been created, and the information should match what has been captured by Ansible:

If you rerun the playbook, you will notice that, rather than creating the VPC again, Ansible recognizes that there is already a VPC called my-vpc and it discovers the information on the already existing VPC and populates the vpc_info variable. This is useful as we will be using the information gathered in the next role.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.141.31.240