-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5453e29
commit d4f38ea
Showing
7 changed files
with
273 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| --- | ||
| namespace: lab | ||
| name: aws_infrastructure_config_demos | ||
| version: 3.0.0 | ||
| version: 3.1.0 | ||
| readme: README.md | ||
| authors: | ||
| - Scott Harwell <[email protected]> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| --- | ||
| - name: Deploy automation mesh demo | ||
| hosts: localhost | ||
| connection: local | ||
| gather_facts: false | ||
| tasks: | ||
| - name: Create automation mesh demo | ||
| ansible.builtin.include_role: | ||
| name: lab.aws_infrastructure_config_demos.mesh_demo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| Role Name | ||
| ========= | ||
|
|
||
| A brief description of the role goes here. | ||
|
|
||
| Requirements | ||
| ------------ | ||
|
|
||
| Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. | ||
|
|
||
| Role Variables | ||
| -------------- | ||
|
|
||
| A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. | ||
|
|
||
| Dependencies | ||
| ------------ | ||
|
|
||
| A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. | ||
|
|
||
| Example Playbook | ||
| ---------------- | ||
|
|
||
| Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: | ||
|
|
||
| - hosts: servers | ||
| roles: | ||
| - { role: username.rolename, x: 42 } | ||
|
|
||
| License | ||
| ------- | ||
|
|
||
| BSD | ||
|
|
||
| Author Information | ||
| ------------------ | ||
|
|
||
| An optional section for the role authors to include contact information, or a website (HTML is not allowed). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| mesh_demo_aws_region: us-east-1 | ||
| mesh_demo_tenancy: default | ||
| mesh_demo_vpc_priv_net_cidr: 10.0.0.0/20 | ||
| mesh_demo_priv_subnet_cidr: 10.0.0.0/24 | ||
| mesh_demo_pub_subnet_cidr: 10.0.1.0/24 | ||
| mesh_demo_ami: ami-0b46e917b9dee4f61 | ||
| mesh_demo_ssh_key_name: default_keypair | ||
| mesh_demo_hop_node_instance_type: t2.small | ||
| mesh_demo_hop_node_instance_name: hop_node | ||
| mesh_demo_execution_node_instance_type: t2.small | ||
| mesh_demo_execution_node_instance_name: execution_node |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| --- | ||
| - name: Include VNET Tasks | ||
| ansible.builtin.include_tasks: vnet.yml | ||
|
|
||
| - name: Import VM Tasks | ||
| ansible.builtin.include_tasks: vms.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| --- | ||
| - name: Provision hop node VM | ||
| amazon.aws.ec2_instance: | ||
| count: 1 | ||
| image: | ||
| id: "{{ mesh_demo_ami | trim }}" | ||
| instance_type: "{{ mesh_demo_hop_node_instance_type }}" | ||
| key_name: "{{ mesh_demo_ssh_key_name }}" | ||
| name: "{{ mesh_demo_hop_node_instance_name }}" | ||
| network: | ||
| assign_public_ip: true | ||
| delete_on_termination: true | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| security_groups: | ||
| - "{{ dmz_sg.group_id }}" | ||
| state: running | ||
| tags: | ||
| deployment: ansible | ||
| purpose: hop-node | ||
| ansible-role: mesh_demo | ||
| tenancy: "{{ mesh_demo_tenancy }}" | ||
| vpc_subnet_id: "{{ mesh_demo_pub_subnet.subnet.id }}" | ||
| wait: true | ||
| register: hop_node | ||
|
|
||
| - name: Provision execution node VM | ||
| amazon.aws.ec2_instance: | ||
| count: 1 | ||
| image: | ||
| id: "{{ mesh_demo_ami | trim }}" | ||
| instance_type: "{{ mesh_demo_execution_node_instance_type }}" | ||
| key_name: "{{ mesh_demo_ssh_key_name }}" | ||
| name: "{{ mesh_demo_execution_node_instance_name }}" | ||
| network: | ||
| assign_public_ip: false | ||
| delete_on_termination: true | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| security_groups: | ||
| - "{{ priv_network_sg.group_id }}" | ||
| state: running | ||
| tags: | ||
| deployment: ansible | ||
| purpose: execution-node | ||
| ansible-role: mesh_demo | ||
| tenancy: "{{ mesh_demo_tenancy }}" | ||
| vpc_subnet_id: "{{ mesh_demo_priv_subnet.subnet.id }}" | ||
| wait: true | ||
| register: hop_node |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,159 @@ | ||
| --- | ||
| - name: Create VPC | ||
| amazon.aws.ec2_vpc_net: | ||
| name: automation-mesh-demo-vpc | ||
| cidr_block: "{{ mesh_demo_vpc_priv_net_cidr }}" | ||
| purge_tags: false | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| tenancy: "{{ mesh_demo_tenancy }}" | ||
| state: present | ||
| tags: | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: mesh_demo_vpc | ||
|
|
||
| - name: Create private subnet | ||
| amazon.aws.ec2_vpc_subnet: | ||
| state: present | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| cidr: "{{ mesh_demo_priv_subnet_cidr }}" | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| tags: | ||
| Name: private-subnet | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: mesh_demo_priv_subnet | ||
|
|
||
| - name: Create public subnet | ||
| amazon.aws.ec2_vpc_subnet: | ||
| state: present | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| cidr: "{{ mesh_demo_pub_subnet_cidr }}" | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| tags: | ||
| Name: public-subnet | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: mesh_demo_pub_subnet | ||
|
|
||
| - name: Create Internet Gateway | ||
| amazon.aws.ec2_vpc_igw: | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| state: present | ||
| tags: | ||
| Name: priv-network-ig | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: mesh_demo_igw | ||
|
|
||
| - name: Create NAT gateway and allocate EIP if a nat gateway does not yet exist in the subnet | ||
| amazon.aws.ec2_vpc_nat_gateway: | ||
| state: present | ||
| subnet_id: "{{ mesh_demo_pub_subnet.subnet.id }}" | ||
| wait: true | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| if_exist_do_not_create: true | ||
| tags: | ||
| Name: priv-network-nat-gw | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: mesh_demo_nat_gateway | ||
|
|
||
| - name: Create pub network security group | ||
| amazon.aws.ec2_security_group: | ||
| name: mesh-demo-dmz-sg | ||
| description: DMZ security group | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| rules: | ||
| - proto: tcp | ||
| ports: | ||
| - 22 | ||
| cidr_ip: 0.0.0.0/0 | ||
| rule_desc: allow all on port 22 | ||
| - proto: tcp | ||
| cidr_ip: 0.0.0.0/0 | ||
| from_port: 0 | ||
| to_port: 27199 | ||
| rule_desc: allow on port 27199 for automation mesh | ||
| - proto: icmp | ||
| cidr_ip: 10.0.0.0/8 | ||
| from_port: -1 | ||
| to_port: -1 | ||
| rule_desc: allow all local network icmp traffic | ||
| rules_egress: | ||
| - proto: all | ||
| cidr_ip: 0.0.0.0/0 | ||
| rule_desc: allow all outbound traffic | ||
| tags: | ||
| Name: mesh_demo-dmz-sg | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: dmz_sg | ||
|
|
||
| - name: Create priv network security group | ||
| amazon.aws.ec2_security_group: | ||
| name: mesh-demo-private-network-sg | ||
| description: Private network security group | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| rules: | ||
| - proto: tcp | ||
| from_port: 0 | ||
| to_port: 22 | ||
| cidr_ip: 10.0.0.0/8 | ||
| rule_desc: allow all ssh traffic in private networks | ||
| - proto: tcp | ||
| from_port: 0 | ||
| to_port: 27199 | ||
| cidr_ip: 10.0.0.0/8 | ||
| rule_desc: allow all automation mesh traffic in private networks | ||
| - proto: icmp | ||
| from_port: -1 | ||
| to_port: -1 | ||
| cidr_ip: 10.0.0.0/8 | ||
| rule_desc: allow all icmp traffic in private networks | ||
| rules_egress: | ||
| - proto: all | ||
| cidr_ip: 0.0.0.0/0 | ||
| rule_desc: allow all outbound traffic | ||
| tags: | ||
| Name: mesh-demo-private-network-sg | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| register: priv_network_sg | ||
|
|
||
| - name: Setup public subnet route table | ||
| amazon.aws.ec2_vpc_route_table: | ||
| purge_tags: false | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| routes: | ||
| - dest: 0.0.0.0/0 | ||
| gateway_id: "{{ mesh_demo_igw.gateway_id }}" | ||
| subnets: | ||
| - "{{ mesh_demo_pub_subnet.subnet.id }}" | ||
| state: present | ||
| tags: | ||
| Name: mesh-demo-pub-subnet-rt | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| register: pub_subnet_rt | ||
|
|
||
| - name: Setup private subnet route table | ||
| amazon.aws.ec2_vpc_route_table: | ||
| purge_tags: false | ||
| region: "{{ mesh_demo_aws_region }}" | ||
| routes: | ||
| - dest: 0.0.0.0/0 | ||
| gateway_id: "{{ mesh_demo_nat_gateway.nat_gateway_id }}" | ||
| subnets: | ||
| - "{{ mesh_demo_priv_subnet.subnet.id }}" | ||
| state: present | ||
| tags: | ||
| Name: mesh-demo-priv-subnet-rt | ||
| deployment: ansible | ||
| ansible-role: mesh_demo | ||
| vpc_id: "{{ mesh_demo_vpc.vpc.id }}" | ||
| register: priv_subnet_rt |