-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsystem-setup-playbook.yml
121 lines (106 loc) · 3.77 KB
/
system-setup-playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
---
- hosts: localhost
connection: local
vars:
rds_instance_name: demo-rds
parampath: /michael-paddle/demo/
vars_file_name: default_vars.yml
new_master_password: "{{ lookup( 'password', '/dev/null' ) }}"
old_db_master_password: "{{ lookup('aws_ssm', parampath ~ 'db_master_password', region='us-east-2', ) }}"
new_db_password: "{{ lookup( 'password', '/dev/null' ) }}"
old_db_password: "{{ lookup('aws_ssm', parampath ~ 'db_password', region='us-east-2', ) }}"
db_password: "{{ old_db_password | default(new_db_password) }}"
db_master_password: "{{ old_db_master_password | default(new_db_master_password) }}"
tasks:
- shell: "ls -l /Users/michael-mbp/.aws/ ; whoami ; env; ls -l /root/.aws"
register: result
- name: show
debug:
msg: "listing of creds and other details: {{ result }}"
- name: show what account we are using for debugging
debug:
msg: "account info: {{ lookup('aws_account_attribute', wantlist='true') }}"
- name: set the master password in the store to a new value
aws_ssm_parameter_store:
name: parampath ~ '/db_master_password'
value: '{{new_db_master_password}}'
secure_string: True
overwrite: False
string_type: SecureString
notify: database password changed
when: old_db_master_password is undefined
- name: set the db password in the store to a new value
aws_ssm_parameter_store:
name: parampath ~ '/db_password'
value: '{{new_db_password}}'
secure_string: True
overwrite: False
string_type: SecureString
notify: database password changed
when: old_db_password is undefined
- name: assert parameters match
assert:
that:
- "db_password == '{{ lookup('aws_ssm', parampath ~ 'db_password', region='us-east-2', ) }}'"
- "db_master_password == '{{ lookup('aws_ssm', parampath ~ 'db_master_password', region='us-east-2', ) }}'"
- name: identify image for webservers
ec2_ami_facts:
region: us-east-1
owner: amazon
filters:
architecture: x86_64
# is_public: 'true'
name: "amzn-ami-hvm-2017.09.1*x86_64-gp2"
# name: "amzn-*2017.09*"
hypervisor: xen
image-type: machine
state: available
virtualization-type: hvm
register: ami_facts_return
tags: host
- name: create web servers
ec2:
region: us-east-1
image: "{{ami_facts_return.images[0].image_id}}"
# assign_public_ip: yes
# count: 3
count_tag:
type: ansible_demo_webserver
key_name: "deployer-key"
exact_count: 3
# group: ansible_demo_webserver
user_data: "#!/bin/bash\nshutdown -h 300 \n"
instance_initiated_shutdown_behavior: terminate
instance_tags:
type: ansible_demo_webserver
tags: host
- name: create rds instance
rds_instance:
id: "{{ rds_instance_name }}"
wait_timeout: 1200
wait: yes
size: 5
db_name: actual_db
db_instance_class: db.t2.micro
engine: postgres
master_username: db_master
master_user_password: "world123$$"
region: us-east-1
tags:
TagOne: hello
TagTwo: world
register: rds_instance
- hosts: db_servers
handlers:
- name: database password changed
postgresql_user:
login_host: dbservers.mydomain.example.com
login_user: my_user
login_password: "{{ new_db_password }}"
port: 5432
- hosts: tag___type____ansible_demo_webserver__
handlers:
- name: database password changed
copy:
content: "{{ 'dbservers.mydomain.example.com:5432:main_db:my_user:' ~ new_db_password }}"
dest: /etc/appdb_pgpass