wg-aws/roles/aws_graviton_nano_spot/tasks/main.yml

- name: copy ssh public key
  amazon.aws.ec2_key:
    name: vpn_key
    key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"
    region: "{{ aws_region }}"

- name: create a VPC and request an IPv6 CIDR
  amazon.aws.ec2_vpc_net:
    name: wg-aws-net
    cidr_block: 10.10.0.0/16
    ipv6_cidr: True
    region: "{{ aws_region }}"
  register: vpc_net

- name: Create subnet with IPv6 block assigned
  amazon.aws.ec2_vpc_subnet:
    state: present
    assign_instances_ipv6: true
    map_public: true
    vpc_id: "{{ vpc_net.vpc.id }}"
    cidr: 10.10.0.0/24
    ipv6_cidr: "{{ vpc_net.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('/56','/64') }}"
  register: vpc_subnet
       
- name: create an internet gateway for vpc
  ec2_vpc_igw:
    vpc_id: "{{ vpc_net.vpc.id }}"
    state: present
  register: igw

- name: Set up public subnet route table
  ec2_vpc_route_table:
    vpc_id: "{{ vpc_net.vpc.id }}"
    region: "{{ aws_region }}"
    subnets:
      - "{{ vpc_subnet.subnet.id }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ igw.gateway_id }}"
  register: route
  
- name: network security policy that allows all traffic incoming and outgoing
  amazon.aws.ec2_group:
    region: "{{ aws_region }}"
    name: "vpn allow all"
    description: allow all traffic/protocol/ports
    vpc_id: "{{ vpc_net.vpc.id }}"
    rules:
      - proto: all
        cidr_ip: 0.0.0.0/0
      - proto: all
        group_name: "vpn allow all"
    rules_egress:
      - proto: all
        cidr_ip: 0.0.0.0/0
  register: security_group

- name: create graviton spot instance
  community.aws.ec2_instance:
    region: "{{ aws_region }}"
    key_name: vpn_key
    security_group: "{{ security_group.group_id }}"
    instance_type: "{{ aws_type }}"
    image_id: "{{ aws_ami }}"
    vpc_subnet_id:  "{{ vpc_subnet.subnet.id }}"
    network:
      assign_public_ip: yes
    wait: yes
    tags:
      Environment: Testing
  register: graviton

- name: generate route53 dns entry for the instance
  route53:
    command: create
    overwrite: yes
    zone: "{{ dns_zone_name }}"
    record: "{{ dns_name }}"
    type: CNAME
    ttl: 60
    value: "{{ item.public_dns_name }}"
  loop:  "{{ graviton.instances }}"
  when: dns_name != ""
  
- name: Wait for SSH to come up
  delegate_to: "{{ item.public_dns_name }}"
  wait_for_connection:
    delay: 60
    timeout: 320
  loop: "{{ graviton.instances }}"

- name: Add new instance to host group
  add_host:
    hostname: "{{ item.public_ip }}"
    groupname: launched
  loop: "{{ graviton.instances }}"

- name: Print public IP of this server
  debug:
     msg: Your instance has th public IP address  {{ item.public_ip }}
  loop: "{{ graviton.instances }}"
Umstellen auf ansible 2020-12-02 16:04:55 +01:00			`- name: copy ssh public key`
			`amazon.aws.ec2_key:`
			`name: vpn_key`
			`key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"`
Bugfix: Region explizit setzen 2020-12-28 15:44:22 +01:00			`region: "{{ aws_region }}"`
Umstellen auf ansible 2020-12-02 16:04:55 +01:00
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00			`- name: create a VPC and request an IPv6 CIDR`
			`amazon.aws.ec2_vpc_net:`
			`name: wg-aws-net`
			`cidr_block: 10.10.0.0/16`
			`ipv6_cidr: True`
			`region: "{{ aws_region }}"`
			`register: vpc_net`

			`- name: Create subnet with IPv6 block assigned`
			`amazon.aws.ec2_vpc_subnet:`
			`state: present`
			`assign_instances_ipv6: true`
			`map_public: true`
			`vpc_id: "{{ vpc_net.vpc.id }}"`
			`cidr: 10.10.0.0/24`
			`ipv6_cidr: "{{ vpc_net.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block \| replace('/56','/64') }}"`
			`register: vpc_subnet`

			`- name: create an internet gateway for vpc`
			`ec2_vpc_igw:`
			`vpc_id: "{{ vpc_net.vpc.id }}"`
			`state: present`
			`register: igw`

			`- name: Set up public subnet route table`
			`ec2_vpc_route_table:`
			`vpc_id: "{{ vpc_net.vpc.id }}"`
			`region: "{{ aws_region }}"`
			`subnets:`
			`- "{{ vpc_subnet.subnet.id }}"`
			`routes:`
			`- dest: 0.0.0.0/0`
			`gateway_id: "{{ igw.gateway_id }}"`
			`register: route`

installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: network security policy that allows all traffic incoming and outgoing`
			`amazon.aws.ec2_group:`
Bugfix: Region explizit setzen 2020-12-28 15:44:22 +01:00			`region: "{{ aws_region }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00			`name: "vpn allow all"`
			`description: allow all traffic/protocol/ports`
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00			`vpc_id: "{{ vpc_net.vpc.id }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00			`rules:`
			`- proto: all`
			`cidr_ip: 0.0.0.0/0`
			`- proto: all`
			`group_name: "vpn allow all"`
			`rules_egress:`
			`- proto: all`
			`cidr_ip: 0.0.0.0/0`
			`register: security_group`
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00
Umstellen auf ansible 2020-12-02 16:04:55 +01:00			`- name: create graviton spot instance`
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00			`community.aws.ec2_instance:`
installation von wireguard 2020-12-02 18:11:18 +01:00			`region: "{{ aws_region }}"`
Umstellen auf ansible 2020-12-02 16:04:55 +01:00			`key_name: vpn_key`
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00			`security_group: "{{ security_group.group_id }}"`
Umstellen auf ansible 2020-12-02 16:04:55 +01:00			`instance_type: "{{ aws_type }}"`
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00			`image_id: "{{ aws_ami }}"`
			`vpc_subnet_id: "{{ vpc_subnet.subnet.id }}"`
			`network:`
			`assign_public_ip: yes`
Umstellen auf ansible 2020-12-02 16:04:55 +01:00			`wait: yes`
create vpc/subnet/route/... and switch to community module for ec2_instance reboot server to enable wireguard kernel modules ... 2021-01-09 18:28:58 +01:00			`tags:`
			`Environment: Testing`
installation von wireguard 2020-12-02 18:11:18 +01:00			`register: graviton`

Neu mit optionalem route53 nameservereintrag 2020-12-16 11:42:13 +01:00			`- name: generate route53 dns entry for the instance`
			`route53:`
			`command: create`
			`overwrite: yes`
			`zone: "{{ dns_zone_name }}"`
			`record: "{{ dns_name }}"`
			`type: CNAME`
			`ttl: 60`
			`value: "{{ item.public_dns_name }}"`
			`loop: "{{ graviton.instances }}"`
			`when: dns_name != ""`

installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: Wait for SSH to come up`
			`delegate_to: "{{ item.public_dns_name }}"`
			`wait_for_connection:`
			`delay: 60`
			`timeout: 320`
			`loop: "{{ graviton.instances }}"`

			`- name: Add new instance to host group`
			`add_host:`
			`hostname: "{{ item.public_ip }}"`
			`groupname: launched`
			`loop: "{{ graviton.instances }}"`
Umstellen auf ansible 2020-12-02 16:04:55 +01:00
ignore joe backup files print out ip of server created do not register dns name delete playbook for installation only 2020-12-02 22:58:17 +01:00			`- name: Print public IP of this server`
			`debug:`
			`msg: Your instance has th public IP address {{ item.public_ip }}`
			`loop: "{{ graviton.instances }}"`