blob: fa708ffa1def89f1ba6fe260c03a879c7a7e8039 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: get the necessary vars for ami building
include_vars: vars.yml
- name: create a vpc with the name <clusterid>
include_role:
name: openshift_aws_vpc
vars:
r_openshift_aws_vpc_clusterid: "{{ provision.clusterid }}"
r_openshift_aws_vpc_cidr: "{{ provision.vpc.cidr }}"
r_openshift_aws_vpc_subnets: "{{ provision.vpc.subnets }}"
r_openshift_aws_vpc_region: "{{ provision.region }}"
r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"
- name: create aws ssh keypair
include_role:
name: openshift_aws_ssh_keys
vars:
r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
r_openshift_aws_ssh_keys_region: "{{ provision.region }}"
- name: fetch the default subnet id
ec2_vpc_subnet_facts:
region: "{{ provision.region }}"
filters:
"tag:Name": "{{ provision.vpc.subnets[provision.region][0].az }}"
register: subnetout
- name: create instance for ami creation
ec2:
assign_public_ip: yes
region: "{{ provision.region }}"
key_name: "{{ provision.node_group_config.ssh_key_name }}"
group: "{{ provision.clusterid }}"
instance_type: m4.xlarge
vpc_subnet_id: "{{ subnetout.subnets[0].id }}"
image: "{{ provision.build.base_image }}"
volumes:
- device_name: /dev/sdb
volume_type: gp2
volume_size: 100
delete_on_termination: true
wait: yes
exact_count: 1
count_tag:
Name: ami_base
instance_tags:
Name: ami_base
register: amibase
- name: wait for ssh to become available
wait_for:
port: 22
host: "{{ amibase.tagged_instances.0.public_ip }}"
timeout: 300
search_regex: OpenSSH
- name: add host to group
add_host:
name: "{{ amibase.tagged_instances.0.public_dns_name }}"
groups: amibase
- hosts: amibase
remote_user: root
tasks:
- name: included required variables
include_vars: vars.yml
- name: run openshift image preparation
include_role:
name: openshift_ami_prep
vars:
r_openshift_ami_prep_yum_repositories: "{{ provision.build.yum_repositories }}"
r_openshift_ami_prep_node: atomic-openshift-node
r_openshift_ami_prep_master: atomic-openshift-master
- hosts: localhost
connection: local
become: no
tasks:
- name: bundle ami
ec2_ami:
instance_id: "{{ amibase.tagged_instances.0.id }}"
region: "{{ provision.region }}"
state: present
description: "This was provisioned {{ ansible_date_time.iso8601 }}"
name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}"
wait: yes
register: amioutput
- debug: var=amioutput
- when: provision.build.use_encryption | default(False)
block:
- name: setup kms key for encryption
include_role:
name: openshift_aws_iam_kms
vars:
r_openshift_aws_iam_kms_region: "{{ provision.region }}"
r_openshift_aws_iam_kms_alias: "alias/{{ provision.clusterid }}_kms"
- name: augment the encrypted ami tags with source-ami
set_fact:
source_tag:
source-ami: "{{ amioutput.image_id }}"
- name: copy the ami for encrypted disks
include_role:
name: openshift_aws_ami_copy
vars:
r_openshift_aws_ami_copy_region: "{{ provision.region }}"
r_openshift_aws_ami_copy_name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}-encrypted"
r_openshift_aws_ami_copy_src_ami: "{{ amioutput.image_id }}"
r_openshift_aws_ami_copy_kms_alias: "alias/{{ provision.clusterid }}_kms"
r_openshift_aws_ami_copy_tags: "{{ source_tag | combine(provision.build.openshift_ami_tags) }}"
r_openshift_aws_ami_copy_encrypt: "{{ provision.build.use_encryption }}"
# this option currently fails due to boto waiters
# when supported this need to be reapplied
#r_openshift_aws_ami_copy_wait: True
- name: Display newly created encrypted ami id
debug:
msg: "{{ r_openshift_aws_ami_copy_retval_custom_ami }}"
- name: terminate temporary instance
ec2:
state: absent
region: "{{ provision.region }}"
instance_ids: "{{ amibase.tagged_instances.0.id }}"
|