diff --git a/changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml b/changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml new file mode 100644 index 00000000..b3e0bc34 --- /dev/null +++ b/changelogs/fragments/20231219-deploy_flask_app-update-arguments-spec.yml @@ -0,0 +1,6 @@ +--- +breaking_changes: + - >- + roles/deploy_flask_app - Remove parameter ``deploy_flask_app_sshkey_pair_name`` that was previously required to create + ssh connection to the bastion host in favor of the new parameter ``deploy_flask_app_bastion_ssh_private_key`` defining + the path to the ssh private key file to use instead (). diff --git a/playbooks/webapp/migrate_webapp.yaml b/playbooks/webapp/migrate_webapp.yaml index 83886ad1..4aad09f8 100644 --- a/playbooks/webapp/migrate_webapp.yaml +++ b/playbooks/webapp/migrate_webapp.yaml @@ -58,6 +58,7 @@ ansible.builtin.import_role: name: cloud.aws_ops.deploy_flask_app vars: + deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}" deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}" deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}" deploy_flask_app_vm_info: "{{ vm_result }}" diff --git a/playbooks/webapp/webapp.yaml b/playbooks/webapp/webapp.yaml index 0f169154..d27348f5 100644 --- a/playbooks/webapp/webapp.yaml +++ b/playbooks/webapp/webapp.yaml @@ -26,6 +26,7 @@ ansible.builtin.include_role: name: cloud.aws_ops.deploy_flask_app vars: + deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}" deploy_flask_app_private_subnet_id: "{{ private_subnet.subnet.id }}" deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}" deploy_flask_app_vm_info: "{{ vm_result }}" diff --git a/playbooks/webapp/webapp_ha_aurora.yaml b/playbooks/webapp/webapp_ha_aurora.yaml index a16a1ccd..fb5c6170 100644 --- a/playbooks/webapp/webapp_ha_aurora.yaml +++ b/playbooks/webapp/webapp_ha_aurora.yaml @@ -57,6 +57,7 @@ ansible.builtin.include_role: name: cloud.aws_ops.deploy_flask_app vars: + deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}" deploy_flask_app_private_subnet_id: "{{ primary_private_subnet.subnets[0].id }}" deploy_flask_app_vpc_id: "{{ primary_vpc.vpcs[0].id }}" deploy_flask_app_vm_info: "{{ primary_vm_result }}" @@ -96,6 +97,7 @@ ansible.builtin.include_role: name: cloud.aws_ops.deploy_flask_app vars: + deploy_flask_app_bastion_ssh_private_key: "{{ sshkey_file }}" deploy_flask_app_private_subnet_id: "{{ replica_private_subnet.subnets[0].id }}" deploy_flask_app_vpc_id: "{{ replica_vpc.vpcs[0].id }}" deploy_flask_app_vm_info: "{{ replica_vm_result }}" diff --git a/roles/deploy_flask_app/README.md b/roles/deploy_flask_app/README.md index 690013b9..d69edb33 100644 --- a/roles/deploy_flask_app/README.md +++ b/roles/deploy_flask_app/README.md @@ -24,20 +24,20 @@ Role Variables ## variables to create new hosts and groups in inventory of in memory playbook. * **deploy_flask_app_region** (str): Region where the app is to be deployed. -* **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user. * **deploy_flask_app_private_subnet_id** (str): Private subnet id of the bastion host * **deploy_flask_app_vpc_id** (str): vpc id for the host. * **deploy_flask_app_rds_info** (dict): A dict of information for the backend RDS. This dict has the output of amazon.aws.rds_instance_info mode. * **deploy_flask_app_rds_master_username** (str): Username for the RDS instance. * **deploy_flask_app_rds_master_password** (str): password for the RDS instance. * **deploy_flask_app_vm_info** (dict): A dict of information for the vm to use. This dict has the output of amazon.aws.ec2_instance_info module. -* **deploy_flask_app_sshkey_pair_name** (str): Name for the EC2 key pair. ## variables needed for the deployment # Bastion host * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance. +* **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user. * **deploy_flask_app_bastion_host_required_packages** (list): Packages to be installed on the bastion host. +* **deploy_flask_app_bastion_ssh_private_key** (path): The path to the ssh private key file to use to connect to the bastion host. * **deploy_flask_app_number_of_workers** (int): Number of instances to create. * **deploy_flask_app_workers_instance_type** (str): RC2 instance type for workers. * **deploy_flask_app_workers_user_name** (str): Username for the workers. diff --git a/roles/deploy_flask_app/meta/argument_specs.yml b/roles/deploy_flask_app/meta/argument_specs.yml index 6c63ba4f..bb10c342 100644 --- a/roles/deploy_flask_app/meta/argument_specs.yml +++ b/roles/deploy_flask_app/meta/argument_specs.yml @@ -16,6 +16,11 @@ argument_specs: description: Name for the EC2 instance. type: str required: True + deploy_flask_app_bastion_ssh_private_key: + description: The path to ssh private key file to use to connect to the bastion host. + type: path + required: True + version_added: 2.1.0 deploy_flask_app_bastion_host_required_packages: description: Packages to be installed on the bastion host. type: list @@ -29,10 +34,6 @@ argument_specs: description: vpc id for the host. type: str required: True - deploy_flask_app_sshkey_pair_name: - description: Name for the EC2 key pair. - type: str - required: True deploy_flask_app_rds_info: description: A dict of information for the backend RDS. This dict has the output of amazon.aws.rds_instance_info module. type: dict diff --git a/roles/deploy_flask_app/tasks/setup.yaml b/roles/deploy_flask_app/tasks/setup.yaml index 55b68b47..7fc72188 100644 --- a/roles/deploy_flask_app/tasks/setup.yaml +++ b/roles/deploy_flask_app/tasks/setup.yaml @@ -5,16 +5,12 @@ - name: Create resources playbook block: - - name: Set 'sshkey_file' variable - ansible.builtin.set_fact: - deploy_flask_app_sshkey_file: ~/private-key-{{ deploy_flask_app_sshkey_pair_name }}-{{ deploy_flask_app_region | default(aws_region) }} - - name: Add host to inventory ansible.builtin.add_host: hostname: bastion ansible_ssh_user: "{{ deploy_flask_app_bastion_host_username }}" ansible_host: "{{ deploy_flask_app_vm_info.instances.0.public_ip_address }}" - ansible_ssh_common_args: -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -i {{ deploy_flask_app_sshkey_file }} + ansible_ssh_common_args: -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -i {{ deploy_flask_app_bastion_ssh_private_key }} ansible_python_interpreter: auto ansible_host_name: "{{ deploy_flask_app_vm_info.instances.0.public_dns_name | split('.') | first }}" host_config: @@ -26,7 +22,7 @@ vpc_id: "{{ deploy_flask_app_vpc_id }}" rds_info: host: "{{ deploy_flask_app_rds_info.instances.0.endpoint.address }}" - name: "{{ deploy_flask_app_rds_info.instances.0.db_name | default('mysampledb123') }}" - master_user_password: "{{ deploy_flask_app_rds_master_password | default('L#5cH2mgy_') }}" - master_username: "{{ deploy_flask_app_rds_master_username | default('ansible') }}" + name: "{{ deploy_flask_app_rds_info.instances.0.db_name }}" + master_user_password: "{{ deploy_flask_app_rds_master_password }}" + master_username: "{{ deploy_flask_app_rds_master_username }}" register: deploy_flask_app_setup diff --git a/tests/integration/targets/test_deploy_flask_app/aliases b/tests/integration/targets/test_deploy_flask_app/aliases index 931f237c..66d29cec 100644 --- a/tests/integration/targets/test_deploy_flask_app/aliases +++ b/tests/integration/targets/test_deploy_flask_app/aliases @@ -1,7 +1,3 @@ cloud/aws role/deploy_flask_app -time=35m - -# Integration tests are broken -# fatal: [testhost -> bastion]: UNREACHABLE! -disabled \ No newline at end of file +time=35m \ No newline at end of file diff --git a/tests/integration/targets/test_deploy_flask_app/handlers/main.yml b/tests/integration/targets/test_deploy_flask_app/handlers/main.yml new file mode 100644 index 00000000..2e32ab7d --- /dev/null +++ b/tests/integration/targets/test_deploy_flask_app/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Delete temporary key pair directory + ansible.builtin.file: + state: absent + path: "{{ test_deploy_flask_app__tmpdir.path }}" + when: test_deploy_flask_app__tmpdir is defined diff --git a/tests/integration/targets/test_deploy_flask_app/tasks/create.yaml b/tests/integration/targets/test_deploy_flask_app/tasks/create.yaml index 87ed7431..90ffe0cb 100644 --- a/tests/integration/targets/test_deploy_flask_app/tasks/create.yaml +++ b/tests/integration/targets/test_deploy_flask_app/tasks/create.yaml @@ -70,7 +70,7 @@ state: present register: internet_gw - - name: Create NAT gateway (allow access to internet for instances in private subnet) + - name: Create NAT gateway attached to the public subnet (allow access to internet for instances in private subnet) amazon.aws.ec2_vpc_nat_gateway: subnet_id: "{{ subnet.subnet.id }}" if_exist_do_not_create: true @@ -141,65 +141,33 @@ state: present register: rds_sg - - name: Get RDS instance info - amazon.aws.rds_instance_info: - db_instance_identifier: "{{ rds_identifier }}" - register: rds_result - - - name: Create RDS instance - when: rds_result.instances | length == 0 - block: - - name: Create RDS instance (PostGreSQL Database) - amazon.aws.rds_instance: - force_update_password: true - wait: true - allocated_storage: "{{ rds_allocated_storage_gb }}" - backup_retention_period: 0 - db_instance_class: "{{ rds_instance_class }}" - db_instance_identifier: "{{ rds_identifier }}" - db_name: "{{ rds_instance_name }}" - engine: "{{ rds_engine }}" - engine_version: "{{ rds_engine_version }}" - master_user_password: "{{ deploy_flask_app_rds_master_password }}" - master_username: "{{ deploy_flask_app_rds_master_username }}" - monitoring_interval: 0 - storage_type: standard - skip_final_snapshot: true - db_subnet_group_name: "{{ rds_subnet_group_name }}" - vpc_security_group_ids: - - "{{ rds_sg.group_id }}" - when: rds_snapshot_arn is not defined - - - name: Create RDS instance from snapshot (PostGreSQL Database) - amazon.aws.rds_instance: - force_update_password: true - wait: true - allocated_storage: "{{ rds_allocated_storage_gb }}" - backup_retention_period: 0 - db_instance_class: "{{ rds_instance_class }}" - db_instance_identifier: "{{ rds_identifier }}" - engine: "{{ rds_engine }}" - engine_version: "{{ rds_engine_version }}" - master_user_password: "{{ deploy_flask_app_rds_master_password }}" - master_username: "{{ deploy_flask_app_rds_master_user }}" - monitoring_interval: 0 - storage_type: standard - skip_final_snapshot: true - db_subnet_group_name: "{{ rds_subnet_group_name }}" - vpc_security_group_ids: - - "{{ rds_sg.group_id }}" - creation_source: snapshot - db_snapshot_identifier: "{{ rds_snapshot_arn }}" - when: rds_snapshot_arn is defined - - - name: Get RDS instance info - amazon.aws.rds_instance_info: + - name: Create RDS instance (PostGreSQL Database) + amazon.aws.rds_instance: + force_update_password: true + wait: true + allocated_storage: "{{ rds_allocated_storage_gb }}" + backup_retention_period: 0 + db_instance_class: "{{ rds_instance_class }}" db_instance_identifier: "{{ rds_identifier }}" + db_name: "{{ rds_instance_name }}" + engine: "{{ rds_engine }}" + engine_version: "{{ rds_engine_version }}" + master_user_password: "{{ deploy_flask_app_rds_master_password }}" + master_username: "{{ deploy_flask_app_rds_master_username }}" + monitoring_interval: 0 + storage_type: standard + skip_final_snapshot: true + db_subnet_group_name: "{{ rds_subnet_group_name }}" + vpc_security_group_ids: + - "{{ rds_sg.group_id }}" register: rds_result - - name: Set 'sshkey_file' variable - ansible.builtin.set_fact: - sshkey_file: ~/private-key-{{ deploy_flask_app_sshkey_pair_name }}-{{ region | default(aws_region) }} + - name: Create temporary directory to save private key in + ansible.builtin.tempfile: + suffix: .key + state: directory + register: test_deploy_flask_app__tmpdir + notify: 'Delete temporary key pair directory' - name: Create key pair to connect to the VM amazon.aws.ec2_key: @@ -209,9 +177,8 @@ - name: Save private key into file ansible.builtin.copy: content: "{{ rsa_key.key.private_key }}" - dest: "{{ sshkey_file }}" + dest: "{{ test_deploy_flask_app__tmpdir.path }}/id_rsa" mode: 0400 - when: rsa_key is changed - name: Create a virtual machine amazon.aws.ec2_instance: diff --git a/tests/integration/targets/test_deploy_flask_app/tasks/main.yaml b/tests/integration/targets/test_deploy_flask_app/tasks/main.yaml index 0b013d3d..cb841a8b 100644 --- a/tests/integration/targets/test_deploy_flask_app/tasks/main.yaml +++ b/tests/integration/targets/test_deploy_flask_app/tasks/main.yaml @@ -8,11 +8,6 @@ region: "{{ aws_region }}" block: - - name: Fail when 'resource_prefix' is not defined - ansible.builtin.fail: - msg: resource prefix should be defined as resource_prefix - when: resource_prefix is not defined - - name: Run operation create ansible.builtin.include_tasks: "create.yaml" @@ -24,6 +19,7 @@ deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}" deploy_flask_app_vm_info: "{{ vm_result }}" deploy_flask_app_rds_info: "{{ rds_result }}" + deploy_flask_app_bastion_ssh_private_key: "{{ test_deploy_flask_app__tmpdir.path }}/id_rsa" - name: Check that a page returns successfully ansible.builtin.uri: