minor updates

roles/deploy_flask_app/defaults/main.yml

@@ -1,3 +1,5 @@
 ---
 deploy_flask_app_workers_ssh_private_key: /tmp/id_rsa
+deploy_flask_app_workers_inventory_file: /tmp/workers_inventory.yaml
+deploy_flask_app_workers_playbook_file: /tmp/deploy_app.yaml
 deploy_flask_app_container_image: docker.io/aubinredhat/webapp:1.0.0

roles/deploy_flask_app/meta/main.yaml

@@ -1,4 +1,4 @@
 ---
-dependencies:
-  - role: cloud.aws_ops.aws_setup_credentials
-allow_duplicates: true
+# dependencies:
+#   - role: cloud.aws_ops.aws_setup_credentials
+# allow_duplicates: true

roles/deploy_flask_app/tasks/main.yaml

@@ -16,11 +16,5 @@
     - name: Create infrastructure - workers and load balancer
       ansible.builtin.include_tasks: setup_infra.yaml
 
-    - name: Add bastion host to inventory
-      ansible.builtin.include_tasks: update_inventory.yaml
-
-    - name: Deploy application into workers
-      ansible.builtin.include_tasks: deploy_app.yaml
-      with_items: "{{ deploy_flask_app_vms.instances | map(attribute='instance_id') | list }}"
-      loop_control:
-        loop_var: worker_id
+    - name: Start application container into workers
+      ansible.builtin.include_tasks: start_containers.yaml

roles/deploy_flask_app/tasks/setup_infra.yaml

@@ -1,12 +1,5 @@
 ---
 - name: Create Cloud Resources (workers, load balancer, etc)
-  module_defaults:
-    group/aws:
-      aws_access_key: "{{ aws_access_key | default(omit) }}"
-      aws_secret_key: "{{ aws_secret_key | default(omit) }}"
-      security_token: "{{ security_token | default(omit) }}"
-      region: "{{ deploy_flask_app_region | default(aws_region) }}"
-
   block:
     - name: Set variables
       ansible.builtin.set_fact:
@@ -15,7 +8,9 @@
     - name: List running instances
       amazon.aws.ec2_instance_info:
         filters:
-          tag:Name: "{{ deploy_flask_app_instance_name }}"
+          network-interface.subnet-id: "{{ deploy_flask_app_private_subnet_id }}"
+          key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
+          image-id: "{{ deploy_flask_app__vm_image_id }}"
           instance-state-name: running
       register: deploy_flask_app_vms
 
@@ -46,7 +41,9 @@
     - name: List running instances (once again)
       amazon.aws.ec2_instance_info:
         filters:
-          tag:Name: "{{ deploy_flask_app_instance_name }}"
+          network-interface.subnet-id: "{{ deploy_flask_app_private_subnet_id }}"
+          key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
+          image-id: "{{ deploy_flask_app__vm_image_id }}"
           instance-state-name: running
       register: deploy_flask_app_vms
 

roles/deploy_flask_app/tasks/start_containers.yaml

@@ -0,0 +1,83 @@
+---
+# Configure local ssh config
+- name: Create ssh configuration files
+  ansible.builtin.file:
+    state: "{{ item.state }}"
+    path: "{{ item.path }}"
+    mode: '0755'
+  with_items:
+    - state: directory
+      path: "~/.ssh"
+    - state: touch
+      path: "~/.ssh/config"
+
+- name: Update local .ssh/config
+  ansible.builtin.blockinfile:
+    state: present
+    insertafter: EOF
+    dest: "~/.ssh/config"
+    content: "{{ lookup('template', 'local_ssh_config.j2') }}"
+
+- name: Add bastion host into inventory
+  ansible.builtin.add_host:
+    hostname: bastion
+    ansible_python_interpreter: auto
+    ansible_host_name: bastion
+
+- name: Update local .ssh/config
+  ansible.builtin.blockinfile:
+    state: present
+    insertafter: EOF
+    dest: "~/.ssh/config"
+    content: "{{ lookup('template', 'local_ssh_config.j2') }}"
+
+- name: Configure bastion
+  delegate_to: bastion
+  block:
+    - name: Create ssh configuration files
+      ansible.builtin.file:
+        state: "{{ item.state }}"
+        path: "{{ item.path }}"
+        mode: '0755'
+      with_items:
+        - state: directory
+          path: "~/.ssh"
+        - state: touch
+          path: "~/.ssh/config"
+
+    - name: Update local .ssh/config
+      ansible.builtin.blockinfile:
+        state: present
+        insertafter: EOF
+        dest: "~/.ssh/config"
+        content: "{{ lookup('template', 'bastion_ssh_config.j2') }}"
+
+    - name: Copy remote ssh private key file into bastion
+      ansible.builtin.copy:
+        src: "{{ deploy_flask_app_bastion_ssh_private_key }}"
+        dest: "{{ deploy_flask_app_workers_ssh_private_key }}"
+        mode: 0400
+
+    - name: Generate workers inventory file
+      ansible.builtin.copy:
+        content: "{{ lookup('template', 'workers_inventory.yaml.j2') }}"
+        dest: "{{ deploy_flask_app_workers_inventory_file }}"
+        mode: 0755
+
+    - name: Generate playbook to deploy application
+      ansible.builtin.copy:
+        content: "{{ lookup('template', 'deploy_app.yaml.j2') }}"
+        dest: "{{ deploy_flask_app_workers_playbook_file }}"
+        mode: 0755
+      vars:
+        deploy_flask_app_instances_list: "{{ deploy_flask_app_instances | join(',') }}"
+        deploy_flask_app_worker_hostname: "{{ '{{' }} inventory_hostname {{ '}}' }}"
+
+    - name: Deploy application into workers
+      ansible.builtin.shell:
+        cmd: >-
+          ansible-playbook
+          -i {{ deploy_flask_app_workers_inventory_file }}
+          {{ deploy_flask_app_workers_playbook_file }}
+          -v
+      changed_when: false

roles/deploy_flask_app/templates/bastion_ssh_config.j2

@@ -0,0 +1,8 @@
+{% for item in deploy_flask_app_vms.instances %}
+Host {{ item.instance_id }}
+  User {{ deploy_flask_app_workers_user_name }}
+  HostName {{ item.private_ip_address }}
+  IdentityFile {{ deploy_flask_app_workers_ssh_private_key }}
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+{% endfor %}

roles/deploy_flask_app/templates/deploy_app.yaml.j2

@@ -0,0 +1,49 @@
+---
+- name: Run app
+  hosts: all
+  gather_facts: false
+  strategy: free
+  become: true
+
+  tasks:
+    - name: Update ssh_config to increase ssh session lifetime
+      ansible.builtin.blockinfile:
+        path: /etc/ssh/sshd_config
+        block: |
+          ClientAliveInterval  1200
+          ClientAliveCountMax 3
+
+    - name: Install Podman
+      ansible.builtin.yum:
+        name:
+          - podman
+        update_cache: True
+        state: present
+
+    - name: Check running container
+      ansible.builtin.shell:
+        cmd: "podman container ps -a -f name=webapp-container-1 --format=.Names"
+      register: container
+      changed_when: false
+
+    - name: Run application instance
+      ansible.builtin.shell:
+        cmd: >-
+          podman run
+          --rm
+          -e FLASK_APP="{{ deploy_flask_app_config.app_dir }}"
+          -e FLASK_ENV="{{ deploy_flask_app_config.env }}"
+          -e DATABASE_HOST="{{ deploy_flask_app__rds_host }}"
+          -e DATABASE_INSTANCE="{{ deploy_flask_app__rds_dbname }}"
+          -e DATABASE_USER="{{ deploy_flask_app_rds_master_username }}"
+          -e DATABASE_PASSWORD="{{ deploy_flask_app_rds_master_password }}"
+          -e ADMIN_USER="{{ deploy_flask_app_config.admin_user }}"
+          -e ADMIN_PASSWORD="{{ deploy_flask_app_config.admin_password }}"
+          -e WORKER_HOSTNAME='{{ deploy_flask_app_worker_hostname }}'
+          -e WORKERS_HOSTS="{{ deploy_flask_app_instances_list }}"
+          -p 5000:5000
+          --name webapp-container-1
+          -d {{ deploy_flask_app_container_image }}
+      when:
+        - container.stdout == ""
+      changed_when: true

roles/deploy_flask_app/templates/local_ssh_config.j2

@@ -0,0 +1,6 @@
+Host bastion
+  HostName {{ deploy_flask_app__bastion_public_ip }}
+  User {{ deploy_flask_app_bastion_host_username }}
+  IdentityFile {{ deploy_flask_app_bastion_ssh_private_key }}
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null

roles/deploy_flask_app/templates/workers_inventory.yaml.j2

@@ -0,0 +1,6 @@
+all:
+  hosts:
+{% for item in deploy_flask_app_vms.instances %}
+    {{ item.instance_id }}:
+      ansible_python_interpreter: auto
+{% endfor %}

tests/integration/targets/setup_rsa_keys/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+setup_rsa_keys__path: "~/.ssh-{{ resource_prefix }}"

tests/integration/targets/setup_rsa_keys/tasks/main.yml

@@ -1,16 +1,25 @@
 ---
-- name: Create temporary directory to generate keys
-  ansible.builtin.tempfile:
-    state: directory
-    suffix: ssh
-  register: setup_rsa_keys__tmpdir
-  notify: 'Delete temporary RSA key directory'
-
-- name: Generate RSA keys
-  community.crypto.openssh_keypair:
-    path: "{{ setup_rsa_keys__tmpdir.path }}/id_rsa"
-
 - name: Define path to private and public keys
   ansible.builtin.set_fact:
-    setup_rsa_keys__public_key_file: "{{ setup_rsa_keys__tmpdir.path }}/id_rsa.pub"
-    setup_rsa_keys__private_key_file: "{{ setup_rsa_keys__tmpdir.path }}/id_rsa"
+    setup_rsa_keys__public_key_file: "{{ setup_rsa_keys__path }}/id_rsa.pub"
+    setup_rsa_keys__private_key_file: "{{ setup_rsa_keys__path }}/id_rsa"
+
+- name: Check if ssh directory exists
+  ansible.builtin.stat:
+    path: "{{ item }}"
+  register: stats
+  with_items:
+    - "{{ setup_rsa_keys__public_key_file }}"
+    - "{{ setup_rsa_keys__private_key_file }}"
+
+- name: Generate RSA keys file
+  when: stats.results | selectattr('stat.exists', 'equalto', false) | list | length > 0
+  block:
+    - name: Create directory to generate keys in
+      ansible.builtin.file:
+        path: "{{ setup_rsa_keys__path }}"
+        state: directory
+
+    - name: Generate RSA keys
+      community.crypto.openssh_keypair:
+        path: "{{ setup_rsa_keys__path }}/id_rsa"

tests/integration/targets/test_deploy_flask_app/aliases

@@ -1,3 +1,3 @@
-!cloud/aws
+cloud/aws
 role/deploy_flask_app
 time=35m

tests/integration/targets/test_deploy_flask_app/defaults/main.yml

@@ -1,3 +1 @@
 aws_security_token: '{{ security_token | default(omit) }}'
-aws_region: eu-west-2
-resource_prefix: "asnbible-test-user-data-20231221"

tests/integration/targets/test_deploy_flask_app/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: setup_rsa_keys