From 86cd3b0bfba87d9daccd5a47b3f7b2fb731364c0 Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Mon, 9 Dec 2024 09:33:02 -0500 Subject: [PATCH] Merge pull request #125 from gravesm/ec2-experience Add pattern for creating EC2 instance (cherry picked from commit 023783523f6fc63a741132c59351b645b1cca0eb) --- extensions/patterns/configure_ec2/README.md | 53 ++++++++++ .../exec_env/execution-environment.yml | 29 ++++++ .../playbooks/create_ec2_instance.yml | 58 +++++++++++ .../playbooks/group_vars/all.yml | 20 ++++ .../playbooks/terminate_ec2_instance.yml | 24 +++++ extensions/patterns/configure_ec2/setup.yml | 61 ++++++++++++ .../template_rhdh/configure_ec2.yml | 0 .../template_surveys/create_ec2_instance.yml | 97 +++++++++++++++++++ .../terminate_ec2_instance.yml | 27 ++++++ 9 files changed, 369 insertions(+) create mode 100644 extensions/patterns/configure_ec2/README.md create mode 100644 extensions/patterns/configure_ec2/exec_env/execution-environment.yml create mode 100644 extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml create mode 100644 extensions/patterns/configure_ec2/playbooks/group_vars/all.yml create mode 100644 extensions/patterns/configure_ec2/playbooks/terminate_ec2_instance.yml create mode 100644 extensions/patterns/configure_ec2/setup.yml create mode 100644 extensions/patterns/configure_ec2/template_rhdh/configure_ec2.yml create mode 100644 extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml create mode 100644 extensions/patterns/configure_ec2/template_surveys/terminate_ec2_instance.yml diff --git a/extensions/patterns/configure_ec2/README.md b/extensions/patterns/configure_ec2/README.md new file mode 100644 index 00000000..14647d01 --- /dev/null +++ b/extensions/patterns/configure_ec2/README.md @@ -0,0 +1,53 @@ +# Configure EC2 Instance Pattern + +## Description + +This pattern is designed to help get an EC2 instance up and running. + +## What This Pattern Covers + +### Projects + +- **AWS Operations / Configure EC2 Instance Pattern Project**: Defined in `setup.yml`, this project helps organize and manage all necessary components for the Configure EC2 Instance pattern. It ensures that relevant files, roles, and configurations are logically arranged, making it easier to maintain and execute automation tasks. + +### Job Templates + +- **AWS Operations / Create EC2 Instance**: This job template is designed to streamline the process of creating an EC2 instance. +- **AWS Operations / Terminate EC2 Instance**: This job template is designed to streamline the process of terminating (deleting) an EC2 instance. + +### Playbooks + +- **Create EC2 Instance Playbook**: This playbook creates an EC2 instance with optional networking configurations. +- **Terminate EC2 Instance Playbook**: This playbook terminates (deletes) an existing EC2 instance and associated networking resources. + +### Surveys + +- **Create EC2 Instance Survey**: This survey provides an interactive way to specify parameters for creating the EC2 instance. +- **Terminate EC2 Instance Survey**: This survey provides an interactive way to specify parameters for terminating the EC2 instance. + +## Resources Created by This Pattern + +1. **Project** + - Ensures that all relevant files, roles, and configurations are logically arranged, facilitating easier maintenance and execution of automation tasks. + +2. **Job Templates** + - Outline the necessary parameters and configurations to perform network backups using the provided playbooks. + - Provide surveys for specifying parameters needed to run the job templates. + +## How to Use + +1. **Use Seed Red Hat Pattern Job** + - Ensure the custom EE is correctly built and available in your Ansible Automation Platform. Execute the "Seed Red Hat Pattern" job within the Ansible Automation Platform, and select the "AWS Operations" category to load this pattern. + +2. **Use the Job Templates** + - In the `AWS Operations / EC2 Instance Patterns` execute the required job template to create the EC2 instance. Monitor the job execution and verify that the instance has been successfully created. + +## Contribution + +Contributions to this project are welcome. Please fork the repository, make your changes, and submit a pull request. + +## License + +GNU General Public License v3.0 or later. + +See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. This project is licensed under the MIT License. See the [LICENSE](https://github.com/redhat-cop/cloud.aws_ops/blob/main/LICENSE) file for details. diff --git a/extensions/patterns/configure_ec2/exec_env/execution-environment.yml b/extensions/patterns/configure_ec2/exec_env/execution-environment.yml new file mode 100644 index 00000000..0fbc807b --- /dev/null +++ b/extensions/patterns/configure_ec2/exec_env/execution-environment.yml @@ -0,0 +1,29 @@ +--- +version: 3 + +dependencies: + ansible_core: + package_pip: ansible-core + ansible_runner: + package_pip: ansible-runner + galaxy: + collections: + - name: cloud.aws_ops + source: https://github.com/redhat-cop/cloud.aws_ops.git + type: git + version: main + - name: amazon.aws + source: https://github.com/ansible-collections/amazon.aws.git + type: git + version: main + python: + - boto3 + - botocore + +images: + base_image: + name: docker.io/redhat/ubi9:latest + +additional_build_steps: + append_base: | + RUN yum install -y git diff --git a/extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml b/extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml new file mode 100644 index 00000000..0f9f1020 --- /dev/null +++ b/extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml @@ -0,0 +1,58 @@ +--- +- name: Create EC2 instance + hosts: localhost + gather_facts: false + module_defaults: + group/aws: + aws_region: "{{ aws_region }}" + tasks: + - name: Get security group rules list from string input + ansible.builtin.set_fact: + sg_rules_list: "{{ sg_rules | from_yaml }}" + + - name: Add external access rules to security group rules if needed + ansible.builtin.set_fact: + final_sg_rules: "{{ create_external_access_resources | ternary(sg_rules_list + allow_external_access_sg_rules, sg_rules_list) }}" + + - name: Get RHEL 9 AMI ID if needed + when: ami_id | default("", true) == "" + block: + - name: Get RHEL-9 images + amazon.aws.ec2_ami_info: + filters: + architecture: x86_64 + name: "RHEL-9*" + owner: + - amazon + register: images + - name: Update ami_id variable + ansible.builtin.set_fact: + ami_id: "{{ (images.images | sort(attribute='name') | last).image_id }}" + + - name: Create networking resources + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_networking_resources + vars: + ec2_networking_resources_operation: create + ec2_networking_resources_vpc_name: "{{ vpc_name }}" + ec2_networking_resources_vpc_cidr_block: "{{ vpc_cidr }}" + ec2_networking_resources_subnet_cidr_block: "{{ subnet_cidr }}" + ec2_networking_resources_sg_name: "{{ sg_name }}" + ec2_networking_resources_sg_description: "{{ sg_description }}" + ec2_networking_resources_sg_rules: "{{ final_sg_rules }}" + ec2_networking_resources_create_igw: "{{ create_external_access_resources }}" + + - name: Create EC2 instance + ansible.builtin.include_role: + name: cloud.aws_ops.manage_ec2_instance + vars: + manage_ec2_instance_operation: create + manage_ec2_instance_instance_name: "{{ instance_name }}" + manage_ec2_instance_instance_type: "{{ instance_type }}" + manage_ec2_instance_ami_id: "{{ ami_id }}" + manage_ec2_instance_key_name: "{{ key_name }}" + manage_ec2_instance_vpc_subnet_id: "{{ ec2_networking_resources_subnet_result.subnet.id }}" + manage_ec2_instance_wait_for_state: "{{ wait_for_state | bool }}" + manage_ec2_instance_associate_security_groups: "{{ [sg_name] }}" + manage_ec2_instance_associate_eip: "{{ create_external_access_resources }}" + manage_ec2_instance_instance_tags: "{{ instance_tags | default('{}', true) | from_json }}" diff --git a/extensions/patterns/configure_ec2/playbooks/group_vars/all.yml b/extensions/patterns/configure_ec2/playbooks/group_vars/all.yml new file mode 100644 index 00000000..14360fcc --- /dev/null +++ b/extensions/patterns/configure_ec2/playbooks/group_vars/all.yml @@ -0,0 +1,20 @@ +key_name: "{{ instance_name }}-key" +wait_for_state: true +vpc_name: "{{ instance_name }}-vpc" +vpc_cidr: 10.0.0.0/24 +subnet_cidr: 10.0.0.0/25 +sg_name: "{{ instance_name }}-sg" +sg_description: "Security group for EC2 instance {{ instance_name }}" +sg_rules: + - proto: tcp + ports: 22 + cidr_ip: "{{ vpc_cidr }}" +external_access: true +create_external_access_resources: "{{ external_access | bool }}" +allow_external_access_sg_rules: + - proto: tcp + ports: 80 + cidr_ip: 0.0.0.0/0 + - proto: tcp + ports: 443 + cidr_ip: 0.0.0.0/0 diff --git a/extensions/patterns/configure_ec2/playbooks/terminate_ec2_instance.yml b/extensions/patterns/configure_ec2/playbooks/terminate_ec2_instance.yml new file mode 100644 index 00000000..13e23293 --- /dev/null +++ b/extensions/patterns/configure_ec2/playbooks/terminate_ec2_instance.yml @@ -0,0 +1,24 @@ +--- +- name: Terminate EC2 instance + hosts: localhost + gather_facts: false + module_defaults: + group/aws: + aws_region: "{{ aws_region }}" + tasks: + - name: Set manage_ec2_instance role vars + ansible.builtin.set_fact: + manage_ec2_instance_operation: delete + manage_ec2_instance_instance_name: "{{ instance_name }}" + manage_ec2_instance_key_name: "{{ key_name | default(omit, true) }}" + + - name: Delete EC2 instance + ansible.builtin.include_role: + name: cloud.aws_ops.manage_ec2_instance + + - name: Delete networking resources + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_networking_resources + vars: + ec2_networking_resources_operation: delete + ec2_networking_resources_vpc_name: "{{ vpc_name }}" diff --git a/extensions/patterns/configure_ec2/setup.yml b/extensions/patterns/configure_ec2/setup.yml new file mode 100644 index 00000000..c0d5484b --- /dev/null +++ b/extensions/patterns/configure_ec2/setup.yml @@ -0,0 +1,61 @@ +--- +controller_labels: + - name: cloud.aws_ops + organization: "{{ organization | default('Default') }}" + - name: configure_ec2_pattern + organization: "{{ organization | default('Default') }}" + - name: create_ec2_instance + organization: "{{ organization | default('Default') }}" + - name: terminate_ec2_instance + organization: "{{ organization | default('Default') }}" + +controller_projects: + - name: AWS Operations / Configure EC2 Instance Pattern Project + organization: "{{ organization | default('Default') }}" + scm_branch: main + scm_clean: false + scm_delete_on_update: false + scm_type: git + scm_update_on_launch: true + scm_url: https://github.com/redhat-cop/cloud.aws_ops.git + +controller_templates: + - name: AWS Operations / Create EC2 Instance + description: This job template creates an EC2 instance and associated networking resources. + ask_inventory_on_launch: true + ask_credential_on_launch: true + ask_verbosity_on_launch: true + execution_environment: AWS Operations / Configure EC2 Instance Pattern Execution Environment + project: AWS Operations / Configure EC2 Instance Pattern Project + playbook: extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml + job_type: run + organization: "{{ organization | default('Default') }}" + labels: + - cloud.aws_ops + - configure_ec2_pattern + - create_ec2_instance + survey_enabled: true + survey_spec: "{{ lookup('file', pattern.path.replace('setup.yml', '') + 'template_surveys/create_ec2_instance.yml') | from_yaml }}" + + - name: AWS Operations / Terminate EC2 Instance + description: This job template terminates an EC2 instance and its associated networking resources. + ask_inventory_on_launch: true + ask_credential_on_launch: true + ask_verbosity_on_launch: true + execution_environment: AWS Operations / Configure EC2 Instance Pattern Execution Environment + project: AWS Operations / Configure EC2 Instance Pattern Project + playbook: extensions/patterns/configure_ec2/playbooks/terminate_ec2_instance.yml + job_type: run + organization: "{{ organization | default('Default') }}" + labels: + - cloud.aws_ops + - configure_ec2_pattern + - terminate_ec2_instance + survey_enabled: true + survey_spec: "{{ lookup('file', pattern.path.replace('setup.yml', '') + 'template_surveys/terminate_ec2_instance.yml') | from_yaml }}" + +controller_execution_environments: + - name: AWS Operations / Configure EC2 Instance Pattern Execution Environment + description: Execution environment for the Configure EC2 Instance Pattern + image: docker.io/hakbailey/aws_ops-ee:latest + pull: always diff --git a/extensions/patterns/configure_ec2/template_rhdh/configure_ec2.yml b/extensions/patterns/configure_ec2/template_rhdh/configure_ec2.yml new file mode 100644 index 00000000..e69de29b diff --git a/extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml b/extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml new file mode 100644 index 00000000..65f336ca --- /dev/null +++ b/extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml @@ -0,0 +1,97 @@ +--- +name: Create EC2 Instance Survey +description: Survey to configure the EC2 instance creation pattern +spec: + - type: text + question_name: AWS Region + question_description: AWS region where resources should be created + variable: aws_region + required: true + + - type: text + question_name: Instance Name + question_description: Name of EC2 instance to create + variable: instance_name + required: true + + - type: text + question_name: Instance Type + question_description: Type of EC2 instance to create (e.g., t2.micro, m5.large) + variable: instance_type + required: true + + - type: text + question_name: AMI ID + question_description: Amazon Machine Image (AMI) ID to use for the instance, if not provided will default to the RHEL 9 AMI for the provided region and instance type + variable: ami_id + required: false + + - type: text + question_name: Key Pair Name + question_description: Name of key pair to use or create for SSH access to the EC2 instance. Defaults to '{{ instance_name }}-key' + variable: key_name + required: false + + - type: multiplechoice + question_name: Wait for State + question_description: Whether to wait for the EC2 instance to be in the running state before continuing. Defaults to true + variable: wait_for_state + required: false + choices: + - "true" + - "false" + + - type: text + question_name: Instance Tags + question_description: 'A dict of tags for the instance, e.g. {"environment: test", "owner": "team foobar"}' + variable: instance_tags + required: false + + - type: text + question_name: VPC Name + question_description: Name of the VPC to create. Defaults to '{{instance_name}}-vpc' + variable: vpc_name + required: false + + - type: text + question_name: VPC CIDR Block + question_description: CIDR block to use for the VPC being created. Defaults to 10.0.0.0/24 + variable: vpc_cidr + required: false + + - type: text + question_name: Subnet CIDR block + question_description: CIDR block to use for the subnet being created. 10.0.0.0/25 + variable: subnet_cidr + required: false + + - type: text + question_name: Security Group Name + question_description: Name of the security group to create for securing traffic to the instance. Defaults to '{{ instance_name }}-sg' + variable: sg_name + required: false + + - type: text + question_name: Security Group Description + question_description: Description for the security group. Defaults to 'Security group for EC2 instance {{ instance_name }}' + variable: sg_description + required: false + + - type: textarea + question_name: Security Group Rules + question_description: "A list of security group rules in yaml format, e.g.: + - proto: tcp + ports: 80 + cidr_ip: 0.0.0.0/0 + Defaults to allowing SSH access from within the VPC" + variable: sg_rules + required: false + + - type: multiplechoice + question_name: Create External Access Resources + question_description: Whether to create resources for external access to the EC2 instance. Defaults to true. When true, adds security groups rules allowing inbound HTTP and HTTPS traffic, creates an internet gateway, creates a custom route table routing all internet traffic to the gateway, and allocates an elastic IP address for the instance. + variable: external_access + required: false + choices: + - "true" + - "false" diff --git a/extensions/patterns/configure_ec2/template_surveys/terminate_ec2_instance.yml b/extensions/patterns/configure_ec2/template_surveys/terminate_ec2_instance.yml new file mode 100644 index 00000000..0678b4ee --- /dev/null +++ b/extensions/patterns/configure_ec2/template_surveys/terminate_ec2_instance.yml @@ -0,0 +1,27 @@ +--- +name: Terminate EC2 Instance Survey +description: Survey to configure the EC2 instance termination pattern +spec: + - type: text + question_name: AWS Region + question_description: Name of AWS region to create instance in + variable: aws_region + required: true + + - type: text + question_name: Instance Name + question_description: Name of EC2 instance + variable: instance_name + required: true + + - type: text + question_name: Key Pair Name + question_description: Name of key pair for instance, include to delete key pair created with other instance resources. Defaults to '{{ instance_name }}-key' + variable: key_name + required: false + + - type: text + question_name: VPC Name + question_description: Name of the VPC to delete, include to delete VPC and associated networking resources created for instance. Defaults to '{{instance_name}}-vpc' + variable: vpc_name + required: false