-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathansible-provision.yml
112 lines (103 loc) · 4.06 KB
/
ansible-provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
##############################################################
# Please specify AWS auth info on the command line for Boto:
#
# export AWS_ACCESS_KEY_ID=
# export AWS_SECRET_ACCESS_KEY=
# export AWS_DEFAULT_REGION=
#
# export STACK_NAME=
# export ENV_GROUP=
#
# Execute with:
# ansible-playbook ansible-provision.yml -e "@aws-params.json" -e "stack_name=$STACK_NAME" -e "env_group=$ENV_GROUP"
# where
# '@aws-params.json' is pointing to the parameter file. The idea is to store those parameters here what are not meant to be changing between runs.
# 'STACK_NAME' & 'ENV_GROUP' are used for the 'aws::cloudformation::stack_name' tag
#
# Expect long running time as the stack takes about 5 - 10 minutes to complete
##############################################################
---
- hosts: localhost
connection: local
gather_facts: true
vars:
out_dir: "out-{{ stack_name }}-{{ env_group }}"
elb_log_bucket: "{{ stack_name }}-{{ env_group }}-elb-logs-{{ par_aws_acc_id }}"
bootstrap_bucket: "{{ stack_name }}-{{ env_group }}-boostrap-{{ par_aws_acc_id }}"
elb_access_policy_uuid: "{{ ansible_date_time.iso8601_micro | to_uuid }}"
tasks:
# Local stuff first
- name: Create the output directory
file: path={{ out_dir }} state=directory mode=0755
tags: create
- name: Create the S3 policy based on the template
template:
src: "templates/elb_access_policy.j2"
dest: "{{ out_dir }}/elb_access_policy.json"
force: "no"
tags: create
# The remote stuff
#
# Normally this is left untouched once created but because of the issue below it gets re-created every time
# Should work proper when upgrading to Ansible 2.2
- name: Create ELB log bucket
s3_bucket:
name: "{{ elb_log_bucket }}"
#policy: "{{ lookup('file','{{ out_dir }}/elb_access_policy.json') }}"
region: "{{ par_aws_region }}"
state: present
tags: create
# See: https://github.com/ansible/ansible-modules-extras/issues/1813
- name: Attach the policy.
command: aws s3api put-bucket-policy --bucket {{ elb_log_bucket }} --policy file://{{ out_dir }}/elb_access_policy.json
tags: create
- name: Create boostrap bucket
s3_bucket:
name: "{{ bootstrap_bucket }}"
region: "{{ par_aws_region }}"
state: present
tags: create
- name: Upload bootstrap files into S3
s3:
bucket: "{{ bootstrap_bucket }}"
mode: put
object: "{{ item }}"
src: "bootstrap/{{ item }}"
overwrite: "different"
with_items:
- "bootstrap_bastion.sh"
- "bootstrap_config_service.sh"
- "bootstrap_jenkins_master.sh"
- "bootstrap_nexus.sh"
tags: upload
- name: Upload template(s) into S3
s3:
bucket: "{{ par_s3_template_bucket }}"
mode: put
object: "{{ item }}"
src: "cft/{{ item }}"
overwrite: "different"
with_items:
- "build-services-vpc.template"
tags: upload
- name: Create the Build Services VPC from scratch
cloudformation:
stack_name: "{{ stack_name }}-{{ env_group }}"
state: "present"
region: "{{ par_aws_region }}"
disable_rollback: false
template_url: "https://s3-{{ par_aws_region }}.amazonaws.com/{{ par_s3_template_bucket }}/build-services-vpc.template"
template_parameters:
ParDNSHostedZoneId: "{{ par_hosted_zone_id }}"
ParEnvironmentGroup: "{{ env_group }}"
ParRestrictedNetworkEgress: "{{ par_restricted_egress_ip }}"
ParAnsibleSSHAccessKey: "{{ par_ansible_ssh_key }}"
ParBastionSSHAccessKey: "{{ par_bastion_ssh_key }}"
ParELBLogBucket: "{{ elb_log_bucket }}"
ParS3BootstrapBucket: "{{ bootstrap_bucket }}"
ParMySQLAdminPassword: "{{ lookup('password', './{{ out_dir }}/mysqlpassword.pwd length=15') }}"
ZDidYouCheckAllValues: "Yes"
tags:
created_by: "{{ lookup('env', 'USER') }}"
created_on: "{{ lookup('pipe', 'date \"+%Y-%m-%d %H:%M:%S\"') }}"
tags: create-vpc