-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjavapp_stack_setup.yml
196 lines (179 loc) · 5.74 KB
/
javapp_stack_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
---
- name: Setup project stack for simple Java app - Tomcat, Mysql, Nginx
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Import VPC setup variables
include_vars: vars/stack_setup
- name: Import VPC output variables
include_vars: vars/output_vars
- name: Create an ec2 key pair
amazon.aws.ec2_key:
name: loginkey
region: "{{ region }}"
register: loginkey_out
- name: Save private key into loginkey.pem
ansible.builtin.copy:
content: "{{ loginkey_out.key.private_key }}"
dest: "./loginkey.pem"
mode: "0600"
when: loginkey_out.changed
- name: Create security group for load balancer
amazon.aws.ec2_group:
name: "projectelb-sg"
description: Allow port 80 from everywhere and all ports within sg
vpc_id: "{{ vpcid }}"
region: "{{ region }}"
purge_rules: false
rules:
- proto: tcp
ports:
- 80
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 80
register: projectelbsg_out
- name: Create security group for project stack EC2 instances
amazon.aws.ec2_group:
name: "projectstack-sg"
description: Allow port 22 from everywhere and all ports within sg
vpc_id: "{{ vpcid }}"
region: "{{ region }}"
purge_rules: false
rules:
- proto: tcp
ports:
- 80
rule_desc: allow all from the load balancer sg
group_id: "{{ projectelbsg_out.group_id }}"
- proto: tcp
ports:
- 22
group_id: "{{ BastionSGid }}"
rule_desc: allow all on port 22 from Bastion host SG
register: projectstacksg_out
- name: Update security group for project stack with it's own id
amazon.aws.ec2_group:
name: "projectstack-sg"
description: Allow port 22 from everywhere and all ports within sg
vpc_id: "{{ vpcid }}"
region: "{{ region }}"
purge_rules: false
rules:
- proto: all
group_id: "{{ projectstacksg_out.group_id }}"
- name: Creating Nginx server - web
amazon.aws.ec2_instance:
key_name: loginkey
region: "{{ region }}"
instance_type: t2.micro
image: "{{ nginx_ami }}"
wait: true
wait_timeout: 300
instance_tags:
Name: "web"
Project: Ans_AWS_vpc
Owner: Maybelle
exact_count: 1
count_tag:
Name: "web"
Project: Ans_AWS_vpc
Owner: Maybelle
group_id: "{{ projectstacksg_out.group_id }}"
vpc_subnet_id: "{{ privsub1id }}"
register: web_out
- name: Creating Tomcat server - app
amazon.aws.ec2_instance:
key_name: loginkey
region: "{{ region }}"
instance_type: t2.micro
image: "{{ tomcat_ami }}"
wait: true
wait_timeout: 300
instance_tags:
Name: "app"
Project: Ans_AWS_vpc
Owner: Maybelle
exact_count: 1
count_tag:
Name: "app"
Project: Ans_AWS_vpc
Owner: Maybelle
group_id: "{{ projectstacksg_out.group_id }}"
vpc_subnet_id: "{{ privsub1id }}"
register: app_out
- name: Creating MySql instance db
ec2:
key_name: loginkey
region: "{{ region }}"
instance_type: t2.micro
image: "{{ mysql_ami }}"
wait: true
wait_timeout: 300
instance_tags:
Name: "db"
Project: Ans_AWS_vpc
Owner: Maybelle
exact_count: 1
count_tag:
Name: "db"
Project: Ans_AWS_vpc
Owner: Maybelle
group_id: "{{ projectstacksg_out.group_id }}"
vpc_subnet_id: "{{ privsub1id }}"
register: db_out
- name: View instance return val
debug:
var: db_out.tagged_instances[0].id
- amazon.aws.elb_classic_lb:
name: "project-elb"
region: "{{region}}"
state: present
instance_ids:
- "{{ web_out.tagged_instances[0].id }}"
purge_instance_ids: true
security_group_ids: "{{ projectelbsg_out.group_id }}"
subnets:
- "{{ pubsub1id }}"
- "{{ pubsub2id }}"
- "{{ pubsub3id }}"
listeners:
- protocol: http # options are http, https, ssl, tcp
load_balancer_port: 80
instance_port: 80
- name: Insert/Update Hosts IP / names in file provision-stack/group_vars/hostsip
ansible.builtin.blockinfile:
path: vars/hostsip
block: |
web_ip: {{ web_out.tagged_instances[0].private_ip }}
app_ip: {{ app_out.tagged_instances[0].private_ip }}
db_ip: {{ db_out.tagged_instances[0].private_ip }}
- name: Copy login key to provision_stack directory
ansible.builtin.copy:
src: loginkey.pem
dest: vars/loginkey.pem
mode: '0400'
- name: Insert/Update inventory file vars/inventoryfile
ansible.builtin.blockinfile:
path: vars/inventoryfile
block: |
web ansible_host={{ web_out.tagged_instances[0].private_ip }}
app ansible_host={{ app_out.tagged_instances[0].private_ip }}
db ansible_host={{ db_out.tagged_instances[0].private_ip }}
cntl ansible_host=127.0.0.1 ansible_connection=local
[webgrp]
web01
[appgrp]
app01
[dbgrp]
db01
[control]
cntl
[stack_inst:children]
webgrp
appgrp
dbgrp
[stack_inst:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=loginkey.pem
#ansible_python_interpreter=/usr/bin/python3