create vpc/subnet/route/... and switch to community module for
ec2_instance reboot server to enable wireguard kernel modules ...
This commit is contained in:
Stefan Märkle
parent
5dd380bcf1
commit
a8887edb74
@ -4,11 +4,47 @@
|
|||||||
key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"
|
key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"
|
||||||
region: "{{ aws_region }}"
|
region: "{{ aws_region }}"
|
||||||
|
|
||||||
|
- name: create a VPC and request an IPv6 CIDR
|
||||||
|
amazon.aws.ec2_vpc_net:
|
||||||
|
name: wg-aws-net
|
||||||
|
cidr_block: 10.10.0.0/16
|
||||||
|
ipv6_cidr: True
|
||||||
|
region: "{{ aws_region }}"
|
||||||
|
register: vpc_net
|
||||||
|
|
||||||
|
- name: Create subnet with IPv6 block assigned
|
||||||
|
amazon.aws.ec2_vpc_subnet:
|
||||||
|
state: present
|
||||||
|
assign_instances_ipv6: true
|
||||||
|
map_public: true
|
||||||
|
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||||
|
cidr: 10.10.0.0/24
|
||||||
|
ipv6_cidr: "{{ vpc_net.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('/56','/64') }}"
|
||||||
|
register: vpc_subnet
|
||||||
|
|
||||||
|
- name: create an internet gateway for vpc
|
||||||
|
ec2_vpc_igw:
|
||||||
|
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||||
|
state: present
|
||||||
|
register: igw
|
||||||
|
|
||||||
|
- name: Set up public subnet route table
|
||||||
|
ec2_vpc_route_table:
|
||||||
|
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||||
|
region: "{{ aws_region }}"
|
||||||
|
subnets:
|
||||||
|
- "{{ vpc_subnet.subnet.id }}"
|
||||||
|
routes:
|
||||||
|
- dest: 0.0.0.0/0
|
||||||
|
gateway_id: "{{ igw.gateway_id }}"
|
||||||
|
register: route
|
||||||
|
|
||||||
- name: network security policy that allows all traffic incoming and outgoing
|
- name: network security policy that allows all traffic incoming and outgoing
|
||||||
amazon.aws.ec2_group:
|
amazon.aws.ec2_group:
|
||||||
region: "{{ aws_region }}"
|
region: "{{ aws_region }}"
|
||||||
name: "vpn allow all"
|
name: "vpn allow all"
|
||||||
description: allow all traffic/protocol/ports
|
description: allow all traffic/protocol/ports
|
||||||
|
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||||
rules:
|
rules:
|
||||||
- proto: all
|
- proto: all
|
||||||
cidr_ip: 0.0.0.0/0
|
cidr_ip: 0.0.0.0/0
|
||||||
@ -20,18 +56,18 @@
|
|||||||
register: security_group
|
register: security_group
|
||||||
|
|
||||||
- name: create graviton spot instance
|
- name: create graviton spot instance
|
||||||
amazon.aws.ec2:
|
community.aws.ec2_instance:
|
||||||
region: "{{ aws_region }}"
|
region: "{{ aws_region }}"
|
||||||
spot_type: persistent
|
|
||||||
spot_wait_timeout: 120
|
|
||||||
key_name: vpn_key
|
key_name: vpn_key
|
||||||
group_id: "{{ security_group.group_id }}"
|
security_group: "{{ security_group.group_id }}"
|
||||||
instance_type: "{{ aws_type }}"
|
instance_type: "{{ aws_type }}"
|
||||||
image: "{{ aws_ami }}"
|
image_id: "{{ aws_ami }}"
|
||||||
wait: yes
|
vpc_subnet_id: "{{ vpc_subnet.subnet.id }}"
|
||||||
instance_initiated_shutdown_behavior: terminate
|
network:
|
||||||
vpc_subnet_id: "subnet-3df70f5a"
|
|
||||||
assign_public_ip: yes
|
assign_public_ip: yes
|
||||||
|
wait: yes
|
||||||
|
tags:
|
||||||
|
Environment: Testing
|
||||||
register: graviton
|
register: graviton
|
||||||
|
|
||||||
- name: generate route53 dns entry for the instance
|
- name: generate route53 dns entry for the instance
|
||||||
|
|||||||
@ -20,6 +20,9 @@
|
|||||||
name: "qrencode"
|
name: "qrencode"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Reboot to make shure wireguard kernel module is loadable
|
||||||
|
reboot:
|
||||||
|
|
||||||
- name: ensure wireguard services are stopped
|
- name: ensure wireguard services are stopped
|
||||||
command: "systemctl stop wg-quick@wg0"
|
command: "systemctl stop wg-quick@wg0"
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user