使用Ansible在AWS中創建VPC

下圖顯示了我在AWS中創建VPC的Ansible手冊。使用Ansible在AWS中創建VPC

在PlayBook將只執行：

與CIDR
創建VPC然後創建路由表
然後標記路由表
最後創建路由表。

下面是代碼：

--- 
- name: To set up internet gateway 
    hosts: all 
    tasks: 
    - name: creating vpc 
     ec2_vpc: 
     region: ap-northeast-1 
     state: present 
     cidr_block: 20.0.0.0/16 
     resource_tags: { "Name":"Test" } 
     register: vpc 
    - name: Creating internet gateway for the vpc created 
     ec2_vpc_igw: 
     region: ap-northeast-1 
     state: present 
     vpc_id: "{{ vpc.vpc_id }}" 
     register: igw 
    - name: Tagging the gateway we just created 
     ec2_tag: 
     resource: "{{ igw.gateway_id }}" 
     #with_items: igw.gateway_id 
     state: present 
     region: ap-northeast-1 
     tags: 
      Name: test-test 
    - name: Creating route table 
     ec2_vpc_route_table: 
     region: ap-northeast-1 
     propagating_vgw_ids: yes 
     vpc_id: "{{ vpc.vpc_id }}" 
     subnets: 
      - '20.0.0.0/16' 
     routes: 
      - dest: 0.0.0.0/0 
      gateway_id: "{{ igw.gateway_id }}"

但是，當我執行我的劇本，我得到的錯誤如下

failed: [172.30.1.237] => {"failed": true, "parsed": false} 
Traceback (most recent call last): 
    File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 2411, in <module> 
    main() 
    File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 588, in main 
    result = ensure_route_table_present(connection, module) 
    File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 519, in ensur              e_route_table_present 
check_mode=check_mode) 
    File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 398, in ensure_propagation 
    dry_run=check_mode) 
    File "/usr/local/lib/python2.7/dist-packages/boto/vpc/__init__.py", line 1492, in enable_vgw_route_propagation 
return self.get_status('EnableVgwRoutePropagation', params) 
    File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1227, in get_status 
    raise self.ResponseError(response.status, response.reason, body) 
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request 
<?xml version="1.0" encoding="UTF-8"?> 
<Response><Errors><Error><Code>Gateway.NotAttached</Code><Message>resource  True</Message></Error></Errors><RequestI             D>4f34cefd-08c2-4180-b532-dd6e9e74f7e7</RequestID></Response>

除了與壓痕，我在哪裏製造的錯誤錯誤。它創建VPC，以及互聯網網關。但在使用路由表模塊時。我收到錯誤。

來源

2015-12-14 Bidyut

我會建議創建與創建VPClike的互聯網網關這樣的：

- name: To set up internet gateway 
    hosts: all 
    tasks: 
    - name: Create VPC and Subnet 
     ec2_vpc: 
     state: present 
     region: ap-northeast-1 
     cidr_block: 20.0.0.0/16 
     subnets: 
      - cidr: 20.0.0.0/16 
      resource_tags: {"Name":"Test Subnet"} 
     route_tables: 
      - subnets: 
      - 20.0.0.0/16 
      routes: 
       - dest: 0.0.0.0/0 
       gw: igw 
     wait: yes 
     internet_gateway: yes 
     resource_tags: 
      Name: "Test VPC" 
     register: vpc 

    - name: get igw 
     ec2_vpc_igw: 
      vpc_id: "{{ vpc.vpc_id }}" 
      region: ap-northeast-1 
      state: present 
     register: igw 

     - name: Tagging the new internet gateway created 
     ec2_tag: 
      resource: "{{ igw.gateway_id }}" 
      state: present 
      region: ap-northeast-1 
      tags: 
      Name: test-gateway

的「GW」選項可以接受「IGW」，並會自動創建一個互聯網網關，你可以標記的互聯網網關在創建具有註冊變量'vpc'的VPC之後。

編輯：我更新了劇本並對其進行了測試。
就像那樣使用它。

來源

2015-12-14 15:58:22

我試着通過添加下面的幾行來修改你的playbook，但它是說沒有定義igw。 – Bidyut

- 名稱：標記新的互聯網網關創建 ec2_tag：資源：「{{igw.gateway_id}}」狀態：目前區域：AP-東北-1 標籤：名稱：測試網關 – Bidyut

可以使用igw變量只能在vpc創建中使用。要標記igw你可以使用vpc註冊變量。在vpc變量中，您將擁有igw編號 –

刪除此條目...

propagating_vgw_ids: yes

...從路由表中定義。它應該工作。

來源

2016-03-03 19:17:01

完整而緊湊的角色可能會幫助你。

roles/vpc/defaults/main.yml文件是這樣的：

--- 
# Variables that can provide as extra vars 
VPC_NAME: test 
VPC_REGION: us-east-1 # N.Virginia 
VPC_CIDR: "172.25.0.0/16" 
VPC_CLASS_DEFAULT: "172.25" 

# Variables for VPC 
vpc_name: "{{ VPC_NAME }}" 
vpc_region: "{{ VPC_REGION }}" 
vpc_cidr_block: "{{ VPC_CIDR }}" 
public_cidr_1: "{{ VPC_CLASS_DEFAULT }}.10.0/24" 
public_az_1: "{{ vpc_region }}a" 
public_cidr_2: "{{ VPC_CLASS_DEFAULT }}.20.0/24" 
public_az_2: "{{ vpc_region }}b" 
private_cidr_1: "{{ VPC_CLASS_DEFAULT }}.30.0/24" 
private_az_1: "{{ vpc_region }}a" 
private_cidr_2: "{{ VPC_CLASS_DEFAULT }}.40.0/24" 
private_az_2: "{{ vpc_region }}b" 

# Please don't change the variables below, until you know what you are doing 
# 
# Subnets Defination for VPC 
vpc_subnets: 
    - cidr: "{{ public_cidr_1 }}" # Public Subnet-1 
    az: "{{ public_az_1 }}" 
    resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_1 }}-public_subnet-1", "Type":"Public", "Alias":"Public_Subnet_1" } 
    - cidr: "{{ public_cidr_2 }}" # Public Subnet-2 
    az: "{{ public_az_2 }}" 
    resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_2 }}-public-subnet-2", "Type":"Public", "Alias":"Public_Subnet_2" } 
    - cidr: "{{ private_cidr_1 }}" # Private Subnet-1 
    az: "{{ private_az_1 }}" 
    resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_1 }}-private-subnet-1", "Type":"Private", "Alias":"Private_Subnet_1" } 
    - cidr: "{{ private_cidr_2 }}" # Private Subnet-2 
    az: "{{ private_az_2 }}" 
    resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_2 }}-private-subnet-2", "Type":"Private", "Alias":"Private_Subnet_2" }

然後roles/vpc/tasks/main.yml文件將是這樣的：

--- 
- name: Creating an AWS VPC inside mentioned Region 
    ec2_vpc: 
    region: "{{ vpc_region }}" 
    state: present 
    cidr_block: "{{ vpc_cidr_block }}" 
    resource_tags: { "Name":"{{ vpc_name }}-vpc", "Environment":"{{ ENVIRONMENT }}" } 
    subnets: "{{ vpc_subnets }}" 
    internet_gateway: yes 
    register: vpc 

- name: Tag the Internet Gateway 
    ec2_tag: 
    resource: "{{ vpc.igw_id }}" 
    region: "{{ vpc_region }}" 
    state: present 
    tags: 
     Name: "{{ vpc_name }}-igw" 
    register: igw 

- name: Set up Public Subnets Route Table 
    ec2_vpc_route_table: 
    vpc_id: "{{ vpc.vpc_id }}" 
    region: "{{ vpc_region }}" 
    state: present 
    tags: 
     Name: "Public-RT-for-{{ vpc_name }}-vpc" 
    subnets: 
     "{{ vpc.subnets | get_public_subnets_ids('Type','Public') }}" 
    routes: 
     - dest: 0.0.0.0/0 
     gateway_id: "{{ vpc.igw_id }}" 
    register: public_rt

有關完整的參考，看看這個github repo。

希望它可以幫助你或他人。

來源

2016-05-13 13:50:33

不錯的一個。請注意，不是實現自己的過濾器，而是可以將其重寫爲：「{{vpc.subnets | map（attribute（'cidr'）| list}} –

我使用過濾器，因爲我想區分私有子網ID和公共子網ID，這是你提到的方法不可能的。 –

完全同意:-)但最初的問題是沒有提及私有子網，它也值得一提的是地圖方法，另一種方法是爲子網創建兩個變量：vpc_public_subnet和vpc_private_subnet。在這種情況下，可以在每個變量上使用映射方法。此外，如果真的需要這兩個變量可以合併到一個新列表中 –

使用Ansible在AWS中創建VPC

回答

相關問題