--- # tasks file for test_ec2_ami - block: # ============================================================ # SETUP: vpc, ec2 key pair, subnet, security group, ec2 instance, snapshot - name: create a VPC to work in ec2_vpc_net: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' cidr_block: 10.0.0.0/24 state: present name: '{{ ec2_ami_name }}_setup' resource_tags: Name: '{{ ec2_ami_name }}_setup' register: setup_vpc - name: create a key pair to use for creating an ec2 instance ec2_key: name: '{{ ec2_ami_name }}_setup' state: present ec2_region: '{{ ec2_region }}' ec2_access_key: '{{ ec2_access_key }}' ec2_secret_key: '{{ ec2_secret_key }}' security_token: '{{ security_token }}' register: setup_key - name: create a subnet to use for creating an ec2 instance ec2_vpc_subnet: ec2_region: '{{ ec2_region }}' ec2_access_key: '{{ ec2_access_key }}' ec2_secret_key: '{{ ec2_secret_key }}' security_token: '{{ security_token }}' az: '{{ ec2_region }}a' tags: '{{ ec2_ami_name }}_setup' vpc_id: '{{ setup_vpc.vpc.id }}' cidr: 10.0.0.0/24 state: present resource_tags: Name: '{{ ec2_ami_name }}_setup' register: setup_subnet - name: create a security group to use for creating an ec2 instance ec2_group: name: '{{ ec2_ami_name }}_setup' ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' description: 'created by Ansible integration tests' state: present vpc_id: '{{ setup_vpc.vpc.id }}' register: setup_sg - name: provision ec2 instance to create an image ec2: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' key_name: '{{ setup_key.key.name }}' instance_type: t2.micro state: present image: '{{ ec2_region_images[ec2_region] }}' wait: yes instance_tags: '{{ec2_ami_name}}_instance_setup': 'integration_tests' group_id: '{{ setup_sg.group_id }}' vpc_subnet_id: '{{ setup_subnet.subnet.id }}' register: setup_instance - name: take a snapshot of the instance to create an image ec2_snapshot: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' instance_id: '{{ setup_instance.instance_ids[0] }}' device_name: /dev/xvda state: present register: setup_snapshot # ============================================================ - name: create an image from the instance ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' instance_id: '{{ setup_instance.instance_ids[0] }}' state: present name: '{{ ec2_ami_name }}_ami' description: '{{ ec2_ami_description }}' tags: Name: '{{ ec2_ami_name }}_ami' wait: yes root_device_name: /dev/xvda register: result - name: assert that image has been created assert: that: - "result.changed" - "result.image_id.startswith('ami-')" - "'Name' in result.tags and result.tags.Name == ec2_ami_name + '_ami'" - name: set image id fact for deletion later set_fact: ec2_ami_image_id: "{{ result.image_id }}" # ============================================================ - name: gather facts about the image created ec2_ami_facts: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' image_ids: '{{ ec2_ami_image_id }}' register: ami_facts_result ignore_errors: true - name: assert that the right image was found assert: that: - "ami_facts_result.images[0].image_id == ec2_ami_image_id" # ============================================================ - name: delete the image ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' instance_id: '{{ setup_instance.instance_ids[0] }}' state: absent delete_snapshot: yes name: '{{ ec2_ami_name }}_ami' description: '{{ ec2_ami_description }}' image_id: '{{ result.image_id }}' tags: Name: '{{ ec2_ami_name }}_ami' wait: yes ignore_errors: true register: result - name: assert that the image has been deleted assert: that: - "result.changed" - "'image_id' not in result" # ============================================================ - name: test removing an ami if no image ID is provided (expected failed=true) ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: absent register: result ignore_errors: yes - name: assert that an image ID is required assert: that: - "result.failed" - "result.msg == 'state is absent but all of the following are missing: image_id'" # ============================================================ - name: create an image from the snapshot ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' name: '{{ ec2_ami_name }}_ami' description: '{{ ec2_ami_description }}' state: present launch_permissions: user_ids: [] tags: Name: '{{ ec2_ami_name }}_ami' root_device_name: /dev/xvda device_mapping: - device_name: /dev/xvda volume_type: gp2 size: 8 delete_on_termination: true snapshot_id: '{{ setup_snapshot.snapshot_id }}' register: result ignore_errors: true - name: assert a new ami has been created assert: that: - "result.changed" - "result.image_id.startswith('ami-')" - name: set image id fact for deletion later set_fact: ec2_ami_image_id: "{{ result.image_id }}" ec2_ami_snapshot: "{{ result.block_device_mapping['/dev/xvda'].snapshot_id }}" # ============================================================ - name: test default launch permissions idempotence ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' description: '{{ ec2_ami_description }}' state: present name: '{{ ec2_ami_name }}_ami' tags: Name: '{{ ec2_ami_name }}_ami' root_device_name: /dev/xvda image_id: '{{ result.image_id }}' launch_permissions: user_ids: [] device_mapping: - device_name: /dev/xvda volume_type: gp2 size: 8 delete_on_termination: true snapshot_id: '{{ setup_snapshot.snapshot_id }}' register: result - name: assert a new ami has not been created assert: that: - "not result.changed" - "result.image_id.startswith('ami-')" # ============================================================ - name: add a tag to the AMI ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: present description: '{{ ec2_ami_description }}' image_id: '{{ result.image_id }}' name: '{{ ec2_ami_name }}_ami' tags: New: Tag register: result - name: assert a tag was added assert: that: - "'Name' in result.tags and result.tags.Name == ec2_ami_name + '_ami'" - "'New' in result.tags and result.tags.New == 'Tag'" - name: use purge_tags to remove a tag from the AMI ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: present description: '{{ ec2_ami_description }}' image_id: '{{ result.image_id }}' name: '{{ ec2_ami_name }}_ami' tags: New: Tag purge_tags: yes register: result - name: assert a tag was removed assert: that: - "'Name' not in result.tags" - "'New' in result.tags and result.tags.New == 'Tag'" # ============================================================ - name: update AMI launch permissions ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: present image_id: '{{ result.image_id }}' name: '{{ ec2_ami_name }}_ami' description: '{{ ec2_ami_description }}' tags: Name: '{{ ec2_ami_name }}_ami' launch_permissions: group_names: ['all'] register: result - name: assert launch permissions were updated assert: that: - "result.changed" # ============================================================ - name: modify the AMI description ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: present image_id: '{{ result.image_id }}' name: '{{ ec2_ami_name }}_ami' description: '{{ ec2_ami_description }}CHANGED' tags: Name: '{{ ec2_ami_name }}_ami' launch_permissions: group_names: ['all'] register: result - name: assert the description changed assert: that: - "result.changed" # ============================================================ - name: remove public launch permissions ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: present image_id: '{{ result.image_id }}' name: '{{ ec2_ami_name }}_ami' tags: Name: '{{ ec2_ami_name }}_ami' launch_permissions: group_names: [] register: result - name: assert launch permissions were updated assert: that: - "result.changed" # ============================================================ - name: delete ami without deleting the snapshot (default is not to delete) ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' instance_id: '{{ setup_instance.instance_ids[0] }}' state: absent name: '{{ ec2_ami_name }}_ami' image_id: '{{ ec2_ami_image_id }}' tags: Name: '{{ ec2_ami_name }}_ami' wait: yes ignore_errors: true register: result - name: assert that the image has been deleted assert: that: - "result.changed" - "'image_id' not in result" - name: ensure the snapshot still exists ec2_snapshot_facts: snapshot_ids: - '{{ ec2_ami_snapshot }}' ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' register: snapshot_result - name: assert the snapshot wasn't deleted assert: that: - "snapshot_result.snapshots[0].snapshot_id == ec2_ami_snapshot" - name: delete ami for a second time ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' instance_id: '{{ setup_instance.instance_ids[0] }}' state: absent name: '{{ ec2_ami_name }}_ami' image_id: '{{ ec2_ami_image_id }}' tags: Name: '{{ ec2_ami_name }}_ami' wait: yes register: result - name: assert that image does not exist assert: that: - not result.changed - not result.failed # ============================================================ always: # ============================================================ # TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc - name: Announce teardown start debug: msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****" - name: delete ami ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: absent image_id: "{{ ec2_ami_image_id }}" name: '{{ ec2_ami_name }}_ami' wait: yes ignore_errors: yes - name: remove setup snapshot of ec2 instance ec2_snapshot: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' state: absent snapshot_id: '{{ setup_snapshot.snapshot_id }}' ignore_errors: yes - name: remove setup ec2 instance ec2: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' instance_type: t2.micro instance_ids: '{{ setup_instance.instance_ids }}' state: absent wait: yes instance_tags: '{{ec2_ami_name}}_instance_setup': 'integration_tests' group_id: '{{ setup_sg.group_id }}' vpc_subnet_id: '{{ setup_subnet.subnet.id }}' ignore_errors: yes - name: remove setup keypair ec2_key: name: '{{ec2_ami_name}}_setup' state: absent ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' ignore_errors: yes - name: remove setup security group ec2_group: name: '{{ ec2_ami_name }}_setup' ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' description: 'created by Ansible integration tests' state: absent vpc_id: '{{ setup_vpc.vpc.id }}' ignore_errors: yes - name: remove setup subnet ec2_vpc_subnet: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' az: '{{ ec2_region }}a' tags: '{{ec2_ami_name}}_setup' vpc_id: '{{ setup_vpc.vpc.id }}' cidr: 10.0.0.0/24 state: absent resource_tags: Name: '{{ ec2_ami_name }}_setup' ignore_errors: yes - name: remove setup VPC ec2_vpc_net: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' cidr_block: 10.0.0.0/24 state: absent name: '{{ ec2_ami_name }}_setup' resource_tags: Name: '{{ ec2_ami_name }}_setup' ignore_errors: yes