Generate a varfile for use with the edx_service.yml playbook.

50dc6a97 · Feanil Patel · 65815766 · 50dc6a97 · 50dc6a97 · 50dc6a97
Commit 50dc6a97 authored May 15, 2015 by Feanil Patel
Showing with 85 additions and 4 deletions

playbooks/edx-east/edx_service.yml
+5 -3

playbooks/library/ec2_group_local
+0 -0

playbooks/roles/edx_vpc/tasks/main.yml
+5 -1

playbooks/roles/edx_vpc/templates/vpc_config.yml.j2
+75 -0

No files found.
--- a/playbooks/edx-east/edx_service.yml
+++ b/playbooks/edx-east/edx_service.yml
@@ -17,7 +17,7 @@
        policies: "{{ role_policies }}"

    - name: Manage ELB security group
-      ec2_group:
+      ec2_group_local:
        profile: "{{ profile }}"
        description: "{{ elb_security_group.description }}"
        name: "{{ elb_security_group.name }}"
@@ -26,9 +26,11 @@
        rules: "{{ elb_security_group.rules }}"
        tags: "{{ elb_security_group.tags }}"
      register: elb_sec_group
-        
+
+    - debug: msg="{{ service_security_group.rules }}"
+
    - name: Manage service security group
-      ec2_group:
+      ec2_group_local:
        profile: "{{ profile }}"
        description: "{{ service_security_group.description }}"
        name: "{{ service_security_group.name }}"

--- a/playbooks/library/ec2_group_local
+++ b/playbooks/library/ec2_group_local
--- a/playbooks/roles/edx_vpc/tasks/main.yml
+++ b/playbooks/roles/edx_vpc/tasks/main.yml
@@ -182,4 +182,8 @@
    description: "{{ vpc_db_subnet_group.description }}"
    subnets: "{{ db_subnet_ids.function_output }}"
  
-  
+- name: output a vpc_config for using to build services
+  local_action:
+    module: template
+    src: "vpc_config.yml.j2"
+    dest: "~/{{ e_d }}.yml"
--- a/playbooks/roles/edx_vpc/templates/vpc_config.yml.j2
+++ b/playbooks/roles/edx_vpc/templates/vpc_config.yml.j2
+#
+# Configuration for the environment-deployment
+#
+profile: "{{ vpc_aws_profile }}"
+vpc_id: "{{ created_vpc.vpc_id }}"
+vpc_cidr: "{{ vpc_cidr }}"
+vpc_class_b: "{{ vpc_class_b }}"
+
+env: "{{ vpc_environment }}"
+deployment: "{{ vpc_deployment }}"
+e_d_c: "{{ vpc_environment }}-{{ vpc_deployment }}-{{ '{{' }} cluster {{ '}}' }}"
+aws_region: "{{ vpc_aws_region }}"
+
+
+aws_availability_zones:
+{% for subnet in vpc_public_subnets %}
+  - {{ subnet.az }}
+{% endfor %}
+
+# Should this be service specific
+ssl_cert: "{{ vpc_ssl_cert }}"
+
+# used for ELB
+public_route_table: "{{ created_public_rt.id }}"
+# used for service subnet
+private_route_table: "{{ created_private_rt.id }}"
+instance_key_name: "{{ vpc_keypair }}"
+
+# subject to change #TODO: provide the correct var for the eni
+nat_device: "{{ nat_instance.instances[0].id }}"
+
+public_subnet_1: "{{ vpc_public_subnets[0].cidr }}"
+public_subnet_2: "{{ vpc_public_subnets[1].cidr }}"
+
+# /28 per AZ NEEDE?
+# private_subnet_1: "{{ vpc_class_b }}.110.16/28"
+# private_subnet_2: "{{ vpc_class_b }}.120.16/28"
+
+elb_subnets:
+{% for subnet in created_public_subnets.results %}
+  - "{{ subnet.subnet_id }}"
+{% endfor %}
+
+#
+# Do not use vars in policies :(
+# Should be specific to the service right?
+role_policies: []
+#   - name: "{{ '{{ ' + 'e_d_c' + '}}' }}-s3-policy"
+#     document: |
+#       {
+#         "Statement":[
+#           {
+#             "Effect":"Allow",
+#             "Action":["s3:*"],
+#             "Resource":["arn:aws:s3:::edx-stage-edx"]
+#           }
+#         ]
+#         }  
+#   - name: "{{ '{{ ' + 'e_d_c' + '}}' }}-create-instance-tags"
+#     document: |
+#       {
+#         "Statement": [
+#           {
+#             "Effect": "Allow",
+#             "Action": ["ec2:CreateTags"],
+#             "Resource": ["arn:aws:ec2:us-east-1:xxxxxxxxxxxx:instance/*"]
+#           }
+#         ]
+#         }        
+#   - name: "{{ '{{ ' + 'e_d_c' + '}}' }}-describe-ec2"
+#     document: |
+#         {"Statement":[
+#         {"Resource":"*",
+#         "Action":["ec2:DescribeInstances","ec2:DescribeTags","ec2:DescribeVolumes"],
+#         "Effect":"Allow"}]}