Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
---
- hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Build idp_node_rules security group rules - bastion hosts - SSH tcp/22
set_fact:
idp_node_rules: "{{ idp_node_rules | default([]) | union( [{ 'proto': 'tcp' , 'ports': '22', 'cidr_ip': item, 'rule_desc': 'SSH from bastion'}] ) }}"
loop: "{{ bastion_internal_ip }}"
- name: Build idp_node_rules security group rules - ALB port tcp/8080
set_fact:
idp_node_rules: "{{ idp_node_rules | default([]) | union( [{ 'proto': 'tcp' , 'ports': '8080', 'cidr_ip': '192.168.0.0/16', 'rule_desc': 'web traffic port 8080'}] ) }}"
- name: Security group COmanage IdP node
amazon.aws.ec2_group:
name: "comanage-idp-node"
tags:
Name: "comanage-idp-node"
description: "COmanage idp node"
vpc_id: "{{ comanage_training_vpc.vpc.id }}"
region: "{{ comanage_training_region }}"
rules: "{{ idp_node_rules }}"
register: idp_node_sg
- name: Provision COmanage IdP node
amazon.aws.ec2_instance:
key_name: "{{ training_node_ssh_key_name }}"
security_group: "{{ idp_node_sg.group_id }}"
instance_type: "{{ idp_node_instance_type }}"
image_id: "{{ idp_node_ami_id }}"
region: "{{ comanage_training_region }}"
network:
assign_public_ip: false
instance_initiated_shutdown_behavior: stop
detailed_monitoring: false
# We only provision into one subnet since we do not need high
# availability for training.
vpc_subnet_id: "{{ private_subnet_id_by_az | dictsort | first | last }}"
volumes:
- device_name: "{{ idp_node_device_name }}"
ebs:
volume_type: "{{ idp_node_volume_type }}"
volume_size: "{{ idp_node_volume_size }}"
delete_on_termination: yes
tags:
Name: "comanage-idp-node"
private_fqdn: "login-private.{{ r53_dns_domain }}"
public_fqdn: "login.{{ r53_dns_domain }}"
comanage_training: True
role: idp
exact_count: 1
wait: true
register: idp_node
- name: Build Ansible inventory host group of IdP node
add_host:
name: "{{ idp_node.instances[0].private_ip_address }}"
groups: ssh_idp_node_host
- name: Create A record entry for IdP node private interface
community.aws.route53:
state: present
zone: "{{ r53_hosted_zone }}"
record: "{{ idp_node.instances[0].tags.private_fqdn }}"
value: "{{ idp_node.instances[0].private_ip_address }}"
type: A
ttl: 30
overwrite: yes
wait: no
- name: Wait for SSH to come up on IdP node
delegate_to: "{{ idp_node.instances[0].private_ip_address }}"
wait_for_connection:
timeout: 300
register: idp_node_ssh_connection
- name: Pause two minutes for IdP node to come up
ansible.builtin.pause:
minutes: 2
- hosts: ssh_idp_node_host
become: yes
gather_facts: True
strategy: free
tasks:
- import_role:
name: common
- import_role:
name: swarm
- import_role:
name: idp