The final role we are going to look at in this chapter is one which launches an Application Load Balancer. Well, it creates a target group which is then attached to an Application Load Balancer. The load balancer we will be creating with this role is basic; we will be going into a lot more detail in the later chapter.
Like the other roles, we first need to bootstrap the files:
$ ansible-galaxy init roles/elb
Now open roles/elb/tasks/main.yml and use the elb_target_group module to create the target group:
- name: provision the target group
elb_target_group:
name: "{{ environment_name }}-target-group"
region: "{{ ec2_region }}"
protocol: "http"
port: "80"
deregistration_delay_timeout: "15"
vpc_id: "{{ vpc_info.vpc.id }}"
state: "present"
modify_targets: "false"
As you can see, we are creating the target group in our VPC and calling it my-vpc-target-group. Now we have the target group, we can launch the Application Elastic Balancer using the elb_application_lb module:
- name: provision an application elastic load balancer
elb_application_lb:
region: "{{ ec2_region }}"
name: "{{ environment_name }}-elb"
security_groups: "{{ sg_elb.group_id }}"
subnets: "{{ subnet_elb_ids }}"
listeners:
- Protocol: "HTTP"
Port: "80"
DefaultActions:
- Type: "forward"
TargetGroupName: "{{ environment_name }}-target-group"
state: present
register: loadbalancer
Here, we are provisioning an Application Load Balancer called my-vpc-elb in our VPC; we are passing the IDs of the ELB subnets we created using the subnet_elb_ids. We are also adding the ELB security group to the load balancer using the sg_elb.group_id and configuring a listener on port 80, which forwards traffic to the my-vpc-target-group.
The final part of the task prints the information we have captured about the ELB:
# - name: print the information on the load balancer we have registered
# debug:
# msg: "{{ loadbalancer }}"
That completes our final role; update the site.yml file so it looks as follows:
- name: Create and configure an Amazon VPC
hosts: localhost
connection: local
gather_facts: True
vars_files:
- group_vars/common.yml
roles:
- roles/vpc
- roles/subnets
- roles/gateway
- roles/securitygroups
- roles/elb
We can now run our playbook for the final time by running:
$ ansible-playbook site.yml
You can probably guess that the output of the playbook run is going to look as follows:
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [Create and configure an Amazon VPC] *******************************************************
TASK [Gathering Facts] **************************************************************************
ok: [localhost]
TASK [roles/vpc : ensure that the VPC is present] ***********************************************
ok: [localhost]
TASK [roles/subnets : ensure that the subnets are present] **************************************
ok: [localhost] => (item={u'subnet': u'10.0.10.0/24', u'use': u'ec2', u'az': u'a'})
ok: [localhost] => (item={u'subnet': u'10.0.11.0/24', u'use': u'ec2', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.12.0/24', u'use': u'ec2', u'az': u'c'})
ok: [localhost] => (item={u'subnet': u'10.0.20.0/24', u'use': u'elb', u'az': u'a'})
ok: [localhost] => (item={u'subnet': u'10.0.21.0/24', u'use': u'elb', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.22.0/24', u'use': u'elb', u'az': u'c'})
ok: [localhost] => (item={u'subnet': u'10.0.30.0/24', u'use': u'rds', u'az': u'a'})
ok: [localhost] => (item={u'subnet': u'10.0.31.0/24', u'use': u'rds', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.40.0/24', u'use': u'efs', u'az': u'b'})
ok: [localhost] => (item={u'subnet': u'10.0.41.0/24', u'use': u'efs', u'az': u'c'})
TASK [roles/subnets : gather information about the ec2 subnets] *********************************
ok: [localhost]
TASK [roles/subnets : gather information about the elb subnets] *********************************
ok: [localhost]
TASK [roles/subnets : gather information about the rds subnets] *********************************
ok: [localhost]
TASK [roles/subnets : gather information about the efs subnets] *********************************
ok: [localhost]
TASK [roles/subnets : register just the IDs for each of the subnets] ****************************
ok: [localhost]
TASK [roles/gateway : ensure that there is an internet gateway] *********************************
ok: [localhost]
TASK [roles/gateway : check that we can route through internet gateway] *************************
ok: [localhost]
TASK [roles/securitygroups : provision elb security group] **************************************
ok: [localhost]
TASK [roles/securitygroups : find out your current public IP address using https://ipify.org/] **
ok: [localhost]
TASK [roles/securitygroups : set your public ip as a fact] **************************************
ok: [localhost]
TASK [roles/securitygroups : provision ec2 security group] **************************************
ok: [localhost]
TASK [roles/securitygroups : provision rds security group] **************************************
ok: [localhost]
TASK [roles/securitygroups : provision efs security group] **************************************
ok: [localhost]
TASK [roles/elb : provision the target group] ***************************************************
changed: [localhost]
TASK [roles/elb : provision an application elastic load balancer] *******************************
changed: [localhost]
TASK [roles/elb : print the information on the load balancer we have registered] ****************
ok: [localhost] => {
"msg": {
"access_logs_s3_bucket": "",
"access_logs_s3_enabled": "false",
"access_logs_s3_prefix": "",
"attempts": 1,
"availability_zones": [
{
"subnet_id": "subnet-51f15137",
"zone_name": "eu-west-1a"
},
{
"subnet_id": "subnet-64eb083e",
"zone_name": "eu-west-1c"
},
{
"subnet_id": "subnet-6744f22f",
"zone_name": "eu-west-1b"
}
],
"canonical_hosted_zone_id": "Z32O12XQLNTSW2",
"changed": true,
"created_time": "2018-04-22T16:12:31.780000+00:00",
"deletion_protection_enabled": "false",
"dns_name": "my-vpc-elb-374523105.eu-west-1.elb.amazonaws.com",
"failed": false,
"idle_timeout_timeout_seconds": "60",
"ip_address_type": "ipv4",
"listeners": [
{
"default_actions": [
{
"target_group_arn": "arn:aws:elasticloadbalancing:eu-west-1:687011238589:targetgroup/my-vpc-target-group/d5bab5efb2d314a8",
"type": "forward"
}
],
"listener_arn": "arn:aws:elasticloadbalancing:eu-west-1:687011238589:listener/app/my-vpc-elb/98dd881c7a931ab3/3f4be2b480657bf9",
"load_balancer_arn": "arn:aws:elasticloadbalancing:eu-west-1:687011238589:loadbalancer/app/my-vpc-elb/98dd881c7a931ab3",
"port": 80,
"protocol": "HTTP",
"rules": [
{
"actions": [
{
"target_group_arn": "arn:aws:elasticloadbalancing:eu-west-1:687011238589:targetgroup/my-vpc-target-group/d5bab5efb2d314a8",
"type": "forward"
}
],
"conditions": [],
"is_default": true,
"priority": "default",
"rule_arn": "arn:aws:elasticloadbalancing:eu-west-1:687011238589:listener-rule/app/my-vpc-elb/98dd881c7a931ab3/3f4be2b480657bf9/c70feab5b31460c2"
}
]
}
],
"load_balancer_arn": "arn:aws:elasticloadbalancing:eu-west-1:687011238589:loadbalancer/app/my-vpc-elb/98dd881c7a931ab3",
"load_balancer_name": "my-vpc-elb",
"routing_http2_enabled": "true",
"scheme": "internet-facing",
"security_groups": [
"sg-97778eea"
],
"state": {
"code": "provisioning"
},
"tags": {},
"type": "application",
"vpc_id": "vpc-ccef75aa"
}
}
PLAY RECAP ******************************************************************************************************************************
localhost : ok=19 changed=2 unreachable=0 failed=0
You should now be able to see the ELB in the EC2 part of the AWS console:
That concludes this chapter on the VPC playbook; we will be using elements of this in the next chapter, where we will be looking at deploying our WordPress installation into AWS using a VPC as the foundation of our installation.