- block: - name: set connection information for all tasks set_fact: aws_connection_info: &aws_connection_info aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token }}" region: "{{ aws_region }}" awscli_connection_info: &awscli_connection_info AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" AWS_SESSION_TOKEN: "{{ security_token }}" AWS_DEFAULT_REGION: "{{ aws_region }}" no_log: yes - name: create VPC ec2_vpc_net: cidr_block: 10.228.228.0/22 name: "{{ resource_prefix }}_vpc" state: present <<: *aws_connection_info register: vpc - name: create internet gateway ec2_vpc_igw: vpc_id: "{{ vpc.vpc.id }}" state: present tags: Name: "{{ resource_prefix }}" <<: *aws_connection_info register: igw - name: create public subnet ec2_vpc_subnet: cidr: "{{ item.cidr }}" az: "{{ aws_region}}{{ item.az }}" vpc_id: "{{ vpc.vpc.id }}" state: present tags: Public: "{{ item.public|string }}" Name: "{{ item.public|ternary('public', 'private') }}-{{ item.az }}" <<: *aws_connection_info with_items: - cidr: 10.228.228.0/24 az: "a" public: "True" - cidr: 10.228.229.0/24 az: "b" public: "True" - cidr: 10.228.230.0/24 az: "a" public: "False" - cidr: 10.228.231.0/24 az: "b" public: "False" register: subnets - ec2_vpc_subnet_info: filters: vpc-id: "{{ vpc.vpc.id }}" <<: *aws_connection_info register: vpc_subnets - name: create list of subnet ids set_fact: alb_subnets: "{{ vpc_subnets|json_query('subnets[?tags.Public == `True`].id') }}" private_subnets: "{{ vpc_subnets|json_query('subnets[?tags.Public != `True`].id') }}" - name: create a route table ec2_vpc_route_table: vpc_id: "{{ vpc.vpc.id }}" <<: *aws_connection_info tags: Name: igw-route Created: "{{ resource_prefix }}" subnets: "{{ alb_subnets + private_subnets }}" routes: - dest: 0.0.0.0/0 gateway_id: "{{ igw.gateway_id }}" register: route_table - ec2_group: name: "{{ resource_prefix }}" description: "security group for Ansible ALB integration tests" state: present vpc_id: "{{ vpc.vpc.id }}" rules: - proto: tcp from_port: 1 to_port: 65535 cidr_ip: 0.0.0.0/0 <<: *aws_connection_info register: sec_group - name: create a target group for testing elb_target_group: name: "{{ tg_name }}" protocol: http port: 80 vpc_id: "{{ vpc.vpc.id }}" state: present <<: *aws_connection_info register: tg - name: create privatekey for testing openssl_privatekey: path: ./ansible_alb_test.pem size: 2048 - name: create csr for cert openssl_csr: path: ./ansible_alb_test.csr privatekey_path: ./ansible_alb_test.pem C: US ST: AnyPrincipality L: AnyTown O: AnsibleIntegrationTest OU: Test CN: ansible-alb-test.example.com - name: create certificate openssl_certificate: path: ./ansible_alb_test.crt privatekey_path: ./ansible_alb_test.pem csr_path: ./ansible_alb_test.csr provider: selfsigned # This really should be an ACM Cert, but there is no acm_cert resource module - name: upload server cert to iam iam_cert: name: "{{ alb_name }}" state: present cert: ./ansible_alb_test.crt key: ./ansible_alb_test.pem <<: *aws_connection_info register: cert_upload - name: register certificate arn to acm_arn fact set_fact: cert_arn: "{{ cert_upload.arn }}" - include_tasks: test_alb_bad_listener_options.yml - include_tasks: test_alb_tags.yml - include_tasks: test_creating_alb.yml - include_tasks: test_alb_with_asg.yml - include_tasks: test_modifying_alb_listeners.yml - include_tasks: test_deleting_alb.yml - include_tasks: test_multiple_actions.yml always: ############################################################################# # TEAR DOWN STARTS HERE ############################################################################# - name: destroy ALB elb_application_lb: name: "{{ alb_name }}" state: absent wait: yes wait_timeout: 600 <<: *aws_connection_info ignore_errors: yes - name: destroy target group if it was created elb_target_group: name: "{{ tg_name }}" protocol: http port: 80 vpc_id: "{{ vpc.vpc.id }}" state: absent wait: yes wait_timeout: 600 <<: *aws_connection_info register: remove_tg retries: 5 delay: 3 until: remove_tg is success when: tg is defined ignore_errors: yes - name: destroy acm certificate iam_cert: name: "{{ alb_name }}" state: absent <<: *aws_connection_info register: remove_cert retries: 5 delay: 3 until: remove_cert is success when: cert_arn is defined ignore_errors: yes - name: destroy sec group ec2_group: name: "{{ sec_group.group_name }}" description: "security group for Ansible ALB integration tests" state: absent vpc_id: "{{ vpc.vpc.id }}" <<: *aws_connection_info register: remove_sg retries: 10 delay: 5 until: remove_sg is success ignore_errors: yes - name: remove route table ec2_vpc_route_table: vpc_id: "{{ vpc.vpc.id }}" route_table_id: "{{ route_table.route_table.route_table_id }}" lookup: id state: absent <<: *aws_connection_info register: remove_rt retries: 10 delay: 5 until: remove_rt is success ignore_errors: yes - name: destroy subnets ec2_vpc_subnet: cidr: "{{ item.cidr }}" vpc_id: "{{ vpc.vpc.id }}" state: absent <<: *aws_connection_info register: remove_subnet retries: 10 delay: 5 until: remove_subnet is success with_items: - cidr: 10.228.228.0/24 - cidr: 10.228.229.0/24 - cidr: 10.228.230.0/24 - cidr: 10.228.231.0/24 ignore_errors: yes - name: destroy internet gateway ec2_vpc_igw: vpc_id: "{{ vpc.vpc.id }}" tags: Name: "{{ resource_prefix }}" state: absent <<: *aws_connection_info register: remove_igw retries: 10 delay: 5 until: remove_igw is success ignore_errors: yes - name: destroy VPC ec2_vpc_net: cidr_block: 10.228.228.0/22 name: "{{ resource_prefix }}_vpc" state: absent <<: *aws_connection_info register: remove_vpc retries: 10 delay: 5 until: remove_vpc is success ignore_errors: yes