Skip to content

C
configuration
Commit 899bdf8f by Feanil Patel
Options

Co-opt the old vpc-play to create a blank vpc with a nat and a public and private routing table.

parent 13af72a8
Showing with 153 additions and 133 deletions
playbooks/edx-east/edx_vpc.yml
--- ---
- hosts: first_in_tag_role_mongo - name: Create a simple empty vpc
sudo: True hosts: all
vars_files: connection: local
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" gather_facts: True
- "{{ secure_dir }}/vars/common/common.yml" vars:
roles: vpc_state: present
- user tasks:
- role: 'mongo' # DO NOT use the subnet or route table sections of this command.
mongo_create_users: yes # They will delete any subnets or rts not defined here which is
#- hosts: tag_role_mongo:!first_in_tag_role_mongo # probably not what you want, since other services were added
# sudo: True # to the vpc whose subnets and rts are not enumerated here.
# vars_files: - name: create a vpc
# - "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" local_action:
# - "{{ secure_dir }}/vars/common/common.yml" module: 'ec2_vpc_1.8'
# roles: resource_tags: '{{ vpc_tags }}'
# - user cidr_block: '{{ vpc_cidr }}'
# - mongo region: '{{ aws_region }}'
- hosts: first_in_tag_role_edxapp state: '{{ vpc_state }}'
sudo: True internet_gateway: yes
serial: 1 wait: yes
vars_files: register: created_vpc
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml"
- "{{ secure_dir }}/vars/common/common.yml" # A public network acl is created
roles: # when a vpc is created so each VPC
- user # should have one.
- datadog - name: create public network acl
- role: nginx ec2_acl:
nginx_sites: # profile: "{{ profile }}"
- lms name: "{{ vpc_public_acl.name }}"
- cms vpc_id: "{{ created_vpc.vpc_id }}"
- lms-preview state: "present"
nginx_default_sites: region: "{{ aws_region }}"
- lms rules: "{{ vpc_public_acl.rules }}"
- role: 'edxapp' register: created_public_acl
edxapp_lms_env: 'lms.envs.load_test'
migrate_db: '{{ RUN_EDXAPP_MIGRATION }}' - name: create public route table
openid_workaround: 'yes' ec2_rt:
- splunkforwarder profile: "{{ profile }}"
- hosts: tag_role_edxapp:!first_in_tag_role_edxapp vpc_id: "{{ created_vpc.vpc_id }}"
sudo: True region: "{{ aws_region }}"
serial: 1 state: "present"
vars_files: name: "{{ vpc_name }}-public"
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" routes:
- "{{ secure_dir }}/vars/common/common.yml" - cidr: "{{ vpc_cidr }}"
roles: gateway: 'local'
- user - cidr: '0.0.0.0/0'
- datadog gateway: "{{ created_vpc.igw.id }}"
- role: nginx register: created_public_rt
nginx_sites:
- lms - name: create public subnets
- cms ec2_subnet:
- lms-preview profile: "{{ profile }}"
nginx_default_site: vpc_id: "{{ created_vpc.vpc_id }}"
- lms region: "{{ aws_region }}"
- role: 'edxapp' state: "present"
edxapp_lms_env: 'lms.envs.load_test' name: "{{ item.name }}"
- splunkforwarder cidr: "{{ item.cidr }}"
- hosts: tag_role_worker az: "{{ item.az }}"
sudo: True route_table_id: "{{ created_public_rt.id }}"
vars_files: network_acl_id: "{{ created_public_acl.id }}"
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" with_items: vpc_public_subnets
- "{{ secure_dir }}/vars/common/common.yml" register: created_public_subnets
roles:
- user - name: create NAT security group
- datadog ec2_group:
- role: nginx profile: "{{ profile }}"
nginx_sites: vpc_id: "{{ created_vpc.vpc_id }}"
- lms state: "present"
- cms region: "{{ aws_region }}"
- lms-preview name: "{{ nat_security_group.name }}"
nginx_default_site: rules: "{{ nat_security_group.rules }}"
- lms description: "{{ nat_security_group.description }}"
- role: 'edxapp' rules_egress: "{{ nat_security_group.rules_egress }}"
edxapp_lms_env: 'lms.envs.load_test' register: created_nat_security_group
celery_worker: True
- splunkforwarder - name: check to see if we already have a nat instance
- hosts: tag_role_xserver local_action:
sudo: True module: "ec2_lookup"
vars_files: region: "{{ aws_region }}"
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" tags:
- "{{ secure_dir }}/vars/common/common.yml" Name: "{{ vpc_name }}-nat-instance"
roles: register: potential_existing_nat
- user
- role: nginx - debug: msg="{{ potential_existing_nat }}"
nginx_sites:
- xserver - name: create nat instance
- xserver local_action:
- splunkforwarder module: 'ec2'
- hosts: tag_role_rabbitmq state: 'present'
serial: 1 wait: "yes"
sudo: True region: "{{ aws_region }}"
vars_files: profile: "{{ profile }}"
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" group_id: "{{ created_nat_security_group.group_id }}"
- "{{ secure_dir }}/vars/common/common.yml" key_name: "{{ vpc_nat_keypair }}"
roles: vpc_subnet_id: "{{ created_public_subnets.results[0].subnet_id }}"
- user instance_type: "{{ vpc_nat_instance_type }}"
- rabbitmq instance_tags:
- splunkforwarder Name: "{{ vpc_name }}-nat-instance"
- hosts: first_in_tag_role_xqueue image: "{{ vpc_nat_ami_id }}"
sudo: True register: created_nat_instance
vars_files: when: potential_existing_nat.instances|length == 0
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml"
- "{{ secure_dir }}/vars/common/common.yml" - name: create private route table
roles: ec2_rt:
- user profile: "{{ profile }}"
- role: nginx vpc_id: "{{ created_vpc.vpc_id }}"
nginx_sites: region: "{{ aws_region }}"
- xqueue state: "present"
- role: xqueue name: "{{ vpc_name }}-private"
migrate_db: '{{ RUN_XQUEUE_MIGRATION }}' routes:
- splunkforwarder - cidr: "{{ vpc_cidr }}"
- hosts: tag_role_xqueue:!first_in_tag_role_xqueue gateway: 'local'
sudo: True - cidr: '0.0.0.0/0'
vars_files: instance: "{{ created_nat_instance.instances[0].id }}"
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" register: created_public_rt
- "{{ secure_dir }}/vars/common/common.yml" when: potential_existing_nat.instances|length == 0
roles:
- user
- role: nginx #
nginx_sites:
- xqueue # - name: create public subnets
- xqueue # ec2_subnet:
- splunkforwarder # profile: "{{ profile }}"
- hosts: tag_role_forum # name: "{{ item.name }}"
sudo: True # vpc_id: "{{ created_vpc.vpc_id }}"
vars_files: # state: "present"
- "{{ secure_dir }}/vars/{{ENVIRONMENT}}/{{CLOUDFORMATION_STACK_NAME}}.yml" # region: "{{ aws_region }}"
- "{{ secure_dir }}/vars/common/common.yml" # cidr_block: "{{ item.cidr }}"
roles: # az: "{{ item.az }}"
- user # route_table_id: "{{ item.route_table_id }}"
- oraclejdk # tags: "{{ item.tags }}"
- elasticsearch # register: created_vpc_subnets
- forum # with_item: vpc_subnets
# - name: create public subnets
# local_action:
# module:
# - name: create public route tables
# - name: Create a nat
# local_action:
# module: ec2
# image: '{{ vpc_nat_ami }}'
# instance_tags:
# environment: test
# deployment: test
# Name: test-vpc-nat
# instance_type: '{{ vpc_nat_instance_type }}'
# key_name: '{{ vpc_key_name }}'
# region: '{{ aws_region }}'
# vpc_subnet_id: '{{ public_subnets[0] }}'
# wait: yes
# - name: create a nat security group
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment