使用Ansible在AWS中创建VPC
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用Ansible在AWS中创建VPC相关的知识,希望对你有一定的参考价值。
以下显示了我在AWS中创建VPC的Ansible手册。
PLaybook将执行:
- 使用CIDR创建VPC
- 然后创建路由表
- 然后标记路由表
- 最后创建路由表。
这是代码:
---
- name: To set up internet gateway
hosts: all
tasks:
- name: creating vpc
ec2_vpc:
region: ap-northeast-1
state: present
cidr_block: 20.0.0.0/16
resource_tags: { "Name":"Test" }
register: vpc
- name: Creating internet gateway for the vpc created
ec2_vpc_igw:
region: ap-northeast-1
state: present
vpc_id: "{{ vpc.vpc_id }}"
register: igw
- name: Tagging the gateway we just created
ec2_tag:
resource: "{{ igw.gateway_id }}"
#with_items: igw.gateway_id
state: present
region: ap-northeast-1
tags:
Name: test-test
- name: Creating route table
ec2_vpc_route_table:
region: ap-northeast-1
propagating_vgw_ids: yes
vpc_id: "{{ vpc.vpc_id }}"
subnets:
- '20.0.0.0/16'
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ igw.gateway_id }}"
但是当我执行我的剧本时,我得到的错误如下
failed: [172.30.1.237] => {"failed": true, "parsed": false}
Traceback (most recent call last):
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 2411, in <module>
main()
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 588, in main
result = ensure_route_table_present(connection, module)
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 519, in ensur e_route_table_present
check_mode=check_mode)
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 398, in ensure_propagation
dry_run=check_mode)
File "/usr/local/lib/python2.7/dist-packages/boto/vpc/__init__.py", line 1492, in enable_vgw_route_propagation
return self.get_status('EnableVgwRoutePropagation', params)
File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1227, in get_status
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>Gateway.NotAttached</Code><Message>resource True</Message></Error></Errors><RequestI D>4f34cefd-08c2-4180-b532-dd6e9e74f7e7</RequestID></Response>
除了缩进的错误,我在哪里犯错误。它创建了VPC,以及互联网网关。但是在使用路由表模块时。我收到了错误。
答案
我建议创建VPC这样的互联网网关:
- name: To set up internet gateway
hosts: all
tasks:
- name: Create VPC and Subnet
ec2_vpc:
state: present
region: ap-northeast-1
cidr_block: 20.0.0.0/16
subnets:
- cidr: 20.0.0.0/16
resource_tags: {"Name":"Test Subnet"}
route_tables:
- subnets:
- 20.0.0.0/16
routes:
- dest: 0.0.0.0/0
gw: igw
wait: yes
internet_gateway: yes
resource_tags:
Name: "Test VPC"
register: vpc
- name: get igw
ec2_vpc_igw:
vpc_id: "{{ vpc.vpc_id }}"
region: ap-northeast-1
state: present
register: igw
- name: Tagging the new internet gateway created
ec2_tag:
resource: "{{ igw.gateway_id }}"
state: present
region: ap-northeast-1
tags:
Name: test-gateway
'gw'选项可以接受'igw'并自动创建一个互联网网关,你可以在创建带有注册变量'vpc'的VPC后标记互联网网关。
编辑:我更新了剧本并测试了它,它的工作原理。 像这样使用它。
另一答案
完整而紧凑的ansible角色可能对您有所帮助。
roles/vpc/defaults/main.yml
文件看起来像这样:
---
# Variables that can provide as extra vars
VPC_NAME: test
VPC_REGION: us-east-1 # N.Virginia
VPC_CIDR: "172.25.0.0/16"
VPC_CLASS_DEFAULT: "172.25"
# Variables for VPC
vpc_name: "{{ VPC_NAME }}"
vpc_region: "{{ VPC_REGION }}"
vpc_cidr_block: "{{ VPC_CIDR }}"
public_cidr_1: "{{ VPC_CLASS_DEFAULT }}.10.0/24"
public_az_1: "{{ vpc_region }}a"
public_cidr_2: "{{ VPC_CLASS_DEFAULT }}.20.0/24"
public_az_2: "{{ vpc_region }}b"
private_cidr_1: "{{ VPC_CLASS_DEFAULT }}.30.0/24"
private_az_1: "{{ vpc_region }}a"
private_cidr_2: "{{ VPC_CLASS_DEFAULT }}.40.0/24"
private_az_2: "{{ vpc_region }}b"
# Please don't change the variables below, until you know what you are doing
#
# Subnets Defination for VPC
vpc_subnets:
- cidr: "{{ public_cidr_1 }}" # Public Subnet-1
az: "{{ public_az_1 }}"
resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_1 }}-public_subnet-1", "Type":"Public", "Alias":"Public_Subnet_1" }
- cidr: "{{ public_cidr_2 }}" # Public Subnet-2
az: "{{ public_az_2 }}"
resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_2 }}-public-subnet-2", "Type":"Public", "Alias":"Public_Subnet_2" }
- cidr: "{{ private_cidr_1 }}" # Private Subnet-1
az: "{{ private_az_1 }}"
resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_1 }}-private-subnet-1", "Type":"Private", "Alias":"Private_Subnet_1" }
- cidr: "{{ private_cidr_2 }}" # Private Subnet-2
az: "{{ private_az_2 }}"
resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_2 }}-private-subnet-2", "Type":"Private", "Alias":"Private_Subnet_2" }
然后roles/vpc/tasks/main.yml
文件将是这样的:
---
- name: Creating an AWS VPC inside mentioned Region
ec2_vpc:
region: "{{ vpc_region }}"
state: present
cidr_block: "{{ vpc_cidr_block }}"
resource_tags: { "Name":"{{ vpc_name }}-vpc", "Environment":"{{ ENVIRONMENT }}" }
subnets: "{{ vpc_subnets }}"
internet_gateway: yes
register: vpc
- name: Tag the Internet Gateway
ec2_tag:
resource: "{{ vpc.igw_id }}"
region: "{{ vpc_region }}"
state: present
tags:
Name: "{{ vpc_name }}-igw"
register: igw
- name: Set up Public Subnets Route Table
ec2_vpc_route_table:
vpc_id: "{{ vpc.vpc_id }}"
region: "{{ vpc_region }}"
state: present
tags:
Name: "Public-RT-for-{{ vpc_name }}-vpc"
subnets:
"{{ vpc.subnets | get_public_subnets_ids('Type','Public') }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ vpc.igw_id }}"
register: public_rt
如需完整参考,请查看此github repo。
希望它能帮到你或他人。
另一答案
删除此条目...
propagating_vgw_ids: yes
...来自您的路线表定义。它应该工作。
以上是关于使用Ansible在AWS中创建VPC的主要内容,如果未能解决你的问题,请参考以下文章
使用 terraform 在非默认 VPC 中创建 AWS RDS 实例
AWS Beanstalk - 无法在没有来自 CLI 的负载均衡器的情况下在 VPC 中创建环境
即使在我指定了自定义 VPC 之后,我的用于自动缩放组的 Cloudformation YAML 也会继续在默认 VPC 中创建 EC2 实例