官术网_书友最值得收藏!

首頁 >

Ansible 2 Cloud Automation Cookbook

How to do it...

We can create a VPC by using an ec2_vpc_net module. This module will take a name, the regions, and a CIDR block as the argument along with our credentials. 

  1. Let us define the task:
- name: Create AWS VPC
  ec2_vpc_net:
    name: "{{ vpc_name }}"
    cidr_block: "{{ vpc_cidr_block }}"
    region: "{{ aws_region }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
  register: my_first_vpc

Note that we have registered the output of the task in a variable called my_first_vpc. We will use values from this variable in the subsequent tasks. We have used quite a few variables as well. Using variables appropriately makes it easier to reuse the roles and playbooks at a later point. Other than access_key and secret_key, the rest of the variables are defined in chapter2/roles/ec2/vars/main.yml:

# VPC Information
vpc_name: "My VPC"
vpc_cidr_block: "10.0.0.0/16"
aws_region: "us-east-1"
  1. Now let us create a public and a private subnet using an ec2_vpc_subnet module. We will supply a smaller block of CIDR out of the CIDR block that we used while creating the VPC. We also need to provide information about the region and the availability zone within the region. We will get the VPC ID from the variable that we registered in the previous task:
- name: Create Public Subnet in VPC
  ec2_vpc_subnet:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    cidr: "{{ vpc_public_subnet_cidr }}"
    region: "{{ aws_region }}"
    az: "{{ aws_zone }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
    tags:
      Name: Public Subnet
  register: my_public_subnet

- name: Create Private Subnet in VPC
  ec2_vpc_subnet:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    cidr: "{{ vpc_private_subnet_cidr }}"
    region: "{{ aws_region }}"
    az: "{{ aws_zone }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
    tags:
      Name: Private Subnet
  register: my_private_subnet

We have created two subnets using these two tasks. The tasks are identical, except for the CIDR block allocated to them. At this point, there is not much of a difference between the public and private subnet in terms of functionality. The functional difference will arise when we attach route tables later. We will register the output of these tasks in a variable for further use. For these tasks, we need to add the following variables to our roles/ec2/vars/main.yml:

aws_zone: "us-east-1a"
    
# Subnets
vpc_public_subnet_cidr: "10.0.0.0/24"

# Subnets
vpc_private_subnet_cidr: "10.0.1.0/24"
  1. Let us create the Internet Gateway now. This is quite simple. All we need to do is provide the VPC ID and region along with the credentials. We will register the output of this task in a variable:
- name: Create Internet Gateway
  ec2_vpc_igw:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    region: "{{ aws_region }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
  register: my_first_igw
  1. After this, we will create the NAT Gateway. One thing to note here is that the NAT Gateway is attached to the private subnet but it is created in the public subnet. This is because inbound traffic needs to reach this instance, which will then be translated and forward onto instances in the private subnet. We will get the public subnet ID from the variable that we registered:
- name: Create NAT Gateway
  ec2_vpc_nat_gateway:
    if_exist_do_not_create: yes
    subnet_id: "{{ my_public_subnet.subnet.id }}"
    region: "{{ aws_region }}"
    state: present
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    wait: yes
  register: my_first_nat_gateway
  1. With both the Internet Gateway and NAT Gateway created, we will create and attach the routing table using an ec2_vpc_route_table module. We will get the VPC ID, subnet ID, and gateway ID from the variables that we have registered before:
- name: Create Route Table for Public Subnet
  ec2_vpc_route_table:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    region: "{{ aws_region }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ my_first_igw.gateway_id }}"
    subnets:
      - "{{ my_public_subnet.subnet.id }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    tags:
      Name: Public Subnet Route Table

- name: Create Route Table for Private Subnet
  ec2_vpc_route_table:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    region: "{{ aws_region }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ my_first_nat_gateway.nat_gateway_id }}"
    subnets:
      - "{{ my_private_subnet.subnet.id }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    tags:
      Name: Private Subnet Route Table

With these tasks, our VPC is configured and ready to use. We can create resources in this VPC and use them to deploy our applications.

主站蜘蛛池模板: 横山县| 峨边| 汉源县| 柳江县| 蒙阴县| 缙云县| 庄浪县| 长乐市| 应用必备| 含山县| 班戈县| 黄骅市| 都匀市| 嘉善县| 禹州市| 民丰县| 泉州市| 达拉特旗| 卢湾区| 滨海县| 武汉市| 中江县| 丹东市| 太原市| 体育| 青阳县| 巴林左旗| 乳山市| 巴南区| 远安县| 桓仁| 桂林市| 白山市| 静安区| 茶陵县| 红安县| 论坛| 建始县| 武宁县| 伊宁市| 行唐县|