[Ansible] vpc subnet gateway routing table keypair instance 생성

스크립트

---
- name: Ansible test
  hosts: localhost
  vars:
    ansible_python_interpreter: /usr/bin/python3
    vpc_name: tmp_VPC
    vpc_cidr_block: 10.0.0.0/16

    gateway_name: tmp_gateway_name

    subnet_name: tmp_subnet_name
    subnet_cidr_block: 10.0.0.0/24

    routing_table_name: tmp_routing_table_name

    region: ap-northeast-2
    avail_zone_of_region: ap-northeast-2a

    security_group_name: tmp_security_group_name

    key_name: temp_key

    instance_name: tmp_instance_name
    image_id: ami-0ba5cd124d7a79612 # ubuntu18.04
    instance_type: t2.micro
    instance_cnt: 1
  tasks:
    - name: create VPC
      ec2_vpc_net:
        name: "{{ vpc_name }}"
        cidr_block: "{{ vpc_cidr_block }}"
        region: "{{ region }}"
        state: present
      register: vpc_result

    - name: Create Internet Gateway
      ec2_vpc_igw:
        vpc_id: "{{ vpc_result.vpc.id }}"
        region: "{{ region }}"
        state: present
        tags:
          Name: "{{ gateway_name }}"
      register: gateway_result
      
    - name: Create Public Subnet
      ec2_vpc_subnet:
        cidr: "{{ subnet_cidr_block }}"
        vpc_id: "{{ vpc_result.vpc.id }}"
        region: "{{ region }}"
        az: "{{ avail_zone_of_region }}"
        map_public: yes
        state: present
        tags:
          Name: "{{ subnet_name }}"
      register: subnet_result
    
    - name: Create Routing Table
      ec2_vpc_route_table:
        vpc_id: "{{ vpc_result.vpc.id }}"
        region: "{{ region }}"
        state: present
        subnets: ["{{ subnet_result.subnet.id }}"]
        tags:
          Name: "{{ routing_table_name }}"
        routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ gateway_result.gateway_id }}"


    - name: Create Security Group
      ec2_group:
        name: "{{ security_group_name }}"
        vpc_id: "{{ vpc_result.vpc.id }}"
        region: "{{ region }}"
        state: present
        description: allow 22, 80
        tags:
          Name: "{{ security_group_name }}"
        rules:
        - proto: tcp
          ports:
          - 22
          cidr_ip: 0.0.0.0/0
        - proto: tcp
          ports:
          - 80
          cidr_ip: 0.0.0.0/0

    - name: Run whoami without become.
      command: whoami
      changed_when: false
      become: false
      register: whoami

    - name: Create EC2 key
      ec2_key:
        name: "{{ key_name }}"
        region: "{{ region }}"
      register: key_result

    - name: Save Private Key
      copy: content="{{ key_result.key.private_key }}" dest=/{{ whoami.stdout }}/.ssh/{{ key_name }}.pem mode=0400
      when: key_result.changed

    - name: Create EC2
      ec2:
        key_name: "{{ key_name }}"
        instance_tags:
          Name: "{{ instance_name }}"
        region: "{{ region }}"
        instance_type: "{{ instance_type }}"
        image: "{{ image_id }}"
        group: "{{ security_group_name }}"
        wait: yes
        count: "{{ instance_cnt }}"
        vpc_subnet_id: "{{ subnet_result.subnet.id }}"
        assign_public_ip: yes

instance name이나 CIDR 블럭 등을 수정할 때마다 코드를 수정하는게 말이 안되는거 같아서 playbook 실행할 때 외부 변수로 주는걸로 변경.

실행 커맨드 예제

ansible-playbook vpc-instance-all.yml \
-e "vpc_name=my_vpc gateway_name=my_gateway subnet_name=my_subnet routing_table_name=my_rt security_group_name=my_sg key_name=my_key instance_name=myubuntu image_id=ami-0284bfcf888d18f7
0 instance_cnt=2"

구분점이나 세미콜론같은 특수문자를 변수로 넘기는게 아니면 단순 공백으로 모두 전달 가능

 

한계점

만드는건 완성했는데 삭제는 어떤식으로 해야할지. Terraform처럼 cli로 resource 목록을 볼수 있으면 좋을거 같은데 Ansible은 없는거 같다. (물론 있을 수도 있음)

파일로 resourece들의 id를 빼내는게 최선인듯 싶다. (당장은)