Skip to content
Permalink
96f415e4a4
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

comanage-registry-training-ansible/ssh_bastion.yml

Go to file
 
 
Cannot retrieve contributors at this time
121 lines (107 sloc) 3.93 KB
Raw Blame
---
- hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Security group SSH into bastion host
amazon.aws.ec2_group:
name: COmanage Training SSH bastion
tags:
Name: comanage_training_ssh_bastion
tier: all
description: COmanage Training SSH bastion
vpc_id: "{{ comanage_training_vpc.vpc.id }}"
region: "{{ comanage_training_region }}"
rules:
- proto: tcp
ports: 22
cidr_ip: 0.0.0.0/0
rule_desc: SSH from anywhere
register: bastion_ssh_security_group
# For each public subnet, build a bastion host
- name: Provision SSH bastion hosts
amazon.aws.ec2:
key_name: "{{ training_node_ssh_key_name }}"
group_id: "{{ bastion_ssh_security_group.group_id }}"
instance_type: "{{ ssh_bastion_instance_type }}"
image: "{{ ssh_bastion_ami_id }}"
wait: true
region: "{{ comanage_training_region }}"
assign_public_ip: yes
instance_initiated_shutdown_behavior: stop
monitoring: no
vpc_subnet_id: "{{ item.subnet.id }}"
private_ip: "{{ item.item.value.bastion_ip }}"
volumes:
- device_name: "{{ ssh_bastion_device_name }}"
volume_type: "{{ ssh_bastion_volume_type }}"
volume_size: "{{ ssh_bastion_volume_size }}"
delete_on_termination: yes
instance_tags:
Name: "comanage_training_{{ item.item.value.bastion_hostname }}"
public_fqdn: "{{ item.item.value.bastion_hostname }}.{{ r53_dns_domain }}"
private_fqdn: "{{ item.item.value.bastion_hostname }}.{{ r53_dns_domain }}"
comanage_training: True
role : bastion
count_tag:
Name: "comanage_training_{{ item.item.value.bastion_hostname }}"
exact_count: 1
register: bastion
loop: "{{ subnet_public.results }}"
- name: List EC2 instance ID information
debug:
msg: "{{ item.tagged_instances[0].id }}"
loop: "{{ bastion.results }}"
- name: Create CNAME entries for bastion hosts
community.aws.route53:
state: present
zone: "{{ r53_hosted_zone }}"
record: "{{ item.tagged_instances[0].tags.public_fqdn }}"
value: "{{ item.tagged_instances[0].public_dns_name }}"
type: CNAME
ttl: 30
overwrite: yes
wait: no
loop: "{{ bastion.results }}"
- name: Build Ansible inventory host group of bastions
add_host:
name: "{{ item.tagged_instances[0].public_dns_name }}"
groups: ssh_bastion_hosts
loop: "{{ bastion.results }}"
- name: Build ssh_config from bastion host list
template:
src: ssh_config.j2
dest: ssh_config
backup: false
- name: Build bastion_internal_ip from bastion host list
set_fact:
bastion_internal_ip: "{{ bastion_internal_ip | default([]) + [item.tagged_instances[0].private_ip + '/32']}}"
loop: "{{ bastion.results }}"
- name: Wait for SSH to come up on SSH bastion hosts
delegate_to: "{{ item.tagged_instances[0].public_dns_name }}"
wait_for_connection:
timeout: 300
register: bastion_ssh_connections
loop: "{{ bastion.results }}"
- name: Pause two minutes for bastion nodes to come up
ansible.builtin.pause:
minutes: 2
# Now provision inside all of the bastion hosts
- hosts: ssh_bastion_hosts
become: yes
gather_facts: True
# Run in parallel
strategy: free
tasks:
- import_role:
# Refer to the file roles/common/tasks/main.yml
name: common
- name: Configure DHCP to set domain search
lineinfile:
path: /etc/dhcp/dhclient.conf
regexp: "^prepend domain-search"
line: "prepend domain-search \"{{ r53_dns_domain }}\";"
register: bastion_domain_config
- name: Reboot bastion host
reboot:
when: bastion_domain_config.changed