The internet gateway role

While the internet gateway role is going to only variables which we have defined in common.yml, and through gathering information in previous tasks, we should continue to bootstrap the roles folder as we have been doing:

$ ansible-galaxy init roles/gateway

We are going to be using two modules in the role; the first, ec2_vpc_igw, creates the internet gateway and tags it:

- name: ensure that there is an internet gateway
  ec2_vpc_igw:
    region: "{{ ec2_region }}"
    vpc_id: "{{ vpc_info.vpc.id }}"
    state: present
    tags:
      "Name": "{{ environment_name }}_internet_gateway"
      "Environment": "{{ environment_name }}"
      "Use": "gateway"
  register: igw_info

We then print the information we have registered about the internet gateway to the screen:

# - name: print the information we have registered
#   debug:
#     msg: "{{ igw_info }}"

Before finally using the second module, ec2_vpc_route_table, we create a route which sends all traffic destined for 0.0.0.0/0 to the newly created internet gateway for just the EC2 subnets using the list of IDs we created in the previous role:

- name: check that we can route through internet gateway
  ec2_vpc_route_table:
    region: "{{ ec2_region }}"
    vpc_id: "{{ vpc_info.vpc.id }}"
    subnets: "{{ subnet_ec2_ids + subnet_elb_ids }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ igw_info.gateway_id }}"
    resource_tags:
      "Name": "{{ environment_name }}_outbound"
      "Environment": "{{ environment_name }}"

Add the role of the site.yml file:

- name: Create and configure an Amazon VPC
  hosts: localhost
  connection: local
  gather_facts: True

  vars_files:
    - group_vars/common.yml

  roles:
    - roles/vpc
    - roles/subnets
    - roles/gateway

Then run the playbook:

$ ansible-playbook site.yml

At this point, as we have run the playbook three times now, I should quickly mention the WARNING. This is because we are not using an inventory file, as we have defined localhost at the top of our site.yml file. You should receive something like the following output; again I have commented out the debug tasks from previous roles:

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Create and configure an Amazon VPC] *******************************************************

TASK [Gathering Facts] **************************************************************************
ok: [localhost]

TASK [roles/vpc : ensure that the VPC is present] ***********************************************
ok: [localhost]

TASK [roles/subnets : ensure that the subnets are present] **************************************
ok: [localhost] => (item={u'subnet': u'10.0.10.0/24', u'use': u'ec2', u'az': u'a'})
ok: [localhost] => (item={u'subnet': u'10.0.11.0/24', u'use': u'ec2', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.12.0/24', u'use': u'ec2', u'az': u'c'})
ok: [localhost] => (item={u'subnet': u'10.0.20.0/24', u'use': u'elb', u'az': u'a'})
ok: [localhost] => (item={u'subnet': u'10.0.21.0/24', u'use': u'elb', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.22.0/24', u'use': u'elb', u'az': u'c'})
ok: [localhost] => (item={u'subnet': u'10.0.30.0/24', u'use': u'rds', u'az': u'a'})
ok: [localhost] => (item={u'subnet': u'10.0.31.0/24', u'use': u'rds', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.40.0/24', u'use': u'efs', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.41.0/24', u'use': u'efs', u'az': u'c'})

TASK [roles/subnets : gather information about the ec2 subnets] *********************************
ok: [localhost]

TASK [roles/subnets : gather information about the elb subnets] *********************************
ok: [localhost]

TASK [roles/subnets : gather information about the rds subnets] *********************************
ok: [localhost]

TASK [roles/subnets : gather information about the efs subnets] *********************************
ok: [localhost]

TASK [roles/subnets : register just the IDs for each of the subnets] ****************************
ok: [localhost]

TASK [roles/gateway : ensure that there is an internet gateway] *********************************
changed: [localhost]

TASK [roles/gateway : print the information we have registered] *********************************
ok: [localhost] => {
    "msg": {
        "changed": true,
        "failed": false,
        "gateway_id": "igw-a74235c0",
        "tags": {
            "Environment": "my-vpc",
            "Name": "my-vpc_internet_gateway",
            "Use": "gateway"
        },
        "vpc_id": "vpc-ccef75aa"
    }
}

TASK [roles/gateway : check that we can route through internet gateway] *************************
changed: [localhost]

PLAY RECAP **************************************************************************************
localhost : ok=11 changed=2 unreachable=0 failed=0

Back to the AWS console. You should be able to view the internet gateway:

In the preceding screenshot, you can see the default VPC internet gateway and also the one we created using Ansible. You can also see the route table we created:

Here you can see the route Ansible configured along with the default route that was created when we created the VPC. This default route is set to be the main route and allows routing between all of the subnets we added in the previous role.

Next up, we need to add some security groups to our VPC.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.71.237