【问题标题】:Creating VPC in AWS using Ansible使用 Ansible 在 AWS 中创建 VPC
【发布时间】:2019-06-14 01:15:44
【问题描述】:

以下显示了我在 AWS 中创建 VPC 的 Ansible 剧本。

Playbook 将执行:

  1. 使用 CIDR 创建 VPC
  2. 然后创建路由表
  3. 然后标记路由表
  4. 最后创建路由表。

代码如下:

---
- name: To set up internet gateway
  hosts: all
  tasks:
    - name: creating vpc
      ec2_vpc:
        region: ap-northeast-1
        state: present
        cidr_block: 20.0.0.0/16
        resource_tags: { "Name":"Test" }
      register: vpc
    - name: Creating internet gateway for the vpc created
      ec2_vpc_igw:
        region: ap-northeast-1
        state: present
        vpc_id: "{{ vpc.vpc_id }}"
      register: igw
    - name: Tagging the gateway we just created
      ec2_tag:
        resource: "{{ igw.gateway_id }}"
        #with_items: igw.gateway_id
        state: present
        region: ap-northeast-1
        tags:
          Name: test-test
    - name: Creating route table
      ec2_vpc_route_table:
        region: ap-northeast-1
        propagating_vgw_ids: yes
        vpc_id: "{{ vpc.vpc_id }}"
         subnets:
          - '20.0.0.0/16'
        routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ igw.gateway_id }}"

但是当我执行我的剧本时,我收到如下错误

failed: [172.30.1.237] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 2411, in <module>
    main()
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 588, in main
    result = ensure_route_table_present(connection, module)
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 519, in ensur                                                     e_route_table_present
check_mode=check_mode)
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 398, in ensure_propagation
    dry_run=check_mode)
  File "/usr/local/lib/python2.7/dist-packages/boto/vpc/__init__.py", line 1492, in enable_vgw_route_propagation
return self.get_status('EnableVgwRoutePropagation', params)
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1227, in get_status
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>Gateway.NotAttached</Code><Message>resource     True</Message></Error></Errors><RequestI                                                    D>4f34cefd-08c2-4180-b532-dd6e9e74f7e7</RequestID></Response>

除了缩进的错误之外,我在哪里犯了错误。 它创建了 VPC 以及互联网网关。但是在使用路由表模块时。我收到错误消息。

【问题讨论】:

    标签: amazon-ec2 ansible ansible-playbook vpc


    【解决方案1】:

    我建议通过创建 VPC 来创建 Internet 网关,如下所示:

    - name: To set up internet gateway
       hosts: all
       tasks:
         - name: Create VPC and Subnet
           ec2_vpc:
             state: present
             region: ap-northeast-1
             cidr_block: 20.0.0.0/16
             subnets:
               - cidr: 20.0.0.0/16
                 resource_tags: {"Name":"Test Subnet"}
             route_tables:
               - subnets:
                 - 20.0.0.0/16
                 routes:
                   - dest: 0.0.0.0/0
                     gw: igw
             wait: yes
             internet_gateway: yes
             resource_tags:
               Name: "Test VPC"
           register: vpc
    
         - name: get igw
            ec2_vpc_igw:
              vpc_id: "{{ vpc.vpc_id }}"
              region: ap-northeast-1
              state: present
            register: igw
    
          - name: Tagging the new internet gateway created
            ec2_tag:
              resource: "{{ igw.gateway_id }}"
              state: present
              region: ap-northeast-1
              tags:
                Name: test-gateway
    

    “gw”选项可以接受“igw”并自动创建一个互联网网关,您可以在创建 VPC 后使用注册变量“vpc”标记互联网网关。

    编辑: 我更新了剧本并对其进行了测试,它确实有效。
    像这样使用它。

    【讨论】:

    • 我通过添加以下几行尝试了你的剧本,几乎没有修改,但它说 igw 没有定义。
    • - 名称:标记新的 Internet 网关已创建 ec2_tag:资源:“{{ igw.gateway_id }}” 状态:当前区域:ap-northeast-1 标签:名称:test-gateway
    • 您只能在创建 vpc 时使用 igw 变量。要标记 igw,您可以使用 vpc 注册变量。在 vpc 变量中,您将拥有 igw id
    • 编辑:您无法从 vpc 变量中获取 igw id,但您可以使用模块 ec2_vpc_igw 并提供 vpc id 并像这样注册结果: ec2_vpc_igw: vpc_id: "{{ vpc. vpc_id }}”状态:当前寄存器:igw - 名称:标记新的 Internet 网关创建 ec2_tag:资源:“{{ igw.gateway_id }}”状态:当前区域:ap-northeast-1 标签:名称:test-gateway
    • 这里是 ansible 模块的链接供参考:docs.ansible.com/ansible/ec2_vpc_igw_module.html#examples
    【解决方案2】:

    完整而紧凑的 ansible 角色可能会对您有所帮助。

    roles/vpc/defaults/main.yml 文件如下所示:

    ---
    # Variables that can provide as extra vars
    VPC_NAME: test
    VPC_REGION: us-east-1 # N.Virginia
    VPC_CIDR: "172.25.0.0/16"
    VPC_CLASS_DEFAULT: "172.25"
    
    # Variables for VPC
    vpc_name: "{{ VPC_NAME }}"
    vpc_region: "{{ VPC_REGION }}"
    vpc_cidr_block: "{{ VPC_CIDR }}"
    public_cidr_1: "{{ VPC_CLASS_DEFAULT }}.10.0/24"
    public_az_1: "{{ vpc_region }}a"
    public_cidr_2: "{{ VPC_CLASS_DEFAULT }}.20.0/24"
    public_az_2: "{{ vpc_region }}b"
    private_cidr_1: "{{ VPC_CLASS_DEFAULT }}.30.0/24"
    private_az_1: "{{ vpc_region }}a"
    private_cidr_2: "{{ VPC_CLASS_DEFAULT }}.40.0/24"
    private_az_2: "{{ vpc_region }}b"
    
    # Please don't change the variables below, until you know what you are doing
    #
    # Subnets Defination for VPC
    vpc_subnets:
      - cidr: "{{ public_cidr_1 }}" # Public Subnet-1
        az: "{{ public_az_1 }}"
        resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_1 }}-public_subnet-1", "Type":"Public", "Alias":"Public_Subnet_1" }
      - cidr: "{{ public_cidr_2 }}" # Public Subnet-2
        az: "{{ public_az_2 }}"
        resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_2 }}-public-subnet-2", "Type":"Public", "Alias":"Public_Subnet_2" }
      - cidr: "{{ private_cidr_1 }}" # Private Subnet-1
        az: "{{ private_az_1 }}"
        resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_1 }}-private-subnet-1", "Type":"Private", "Alias":"Private_Subnet_1" }
      - cidr: "{{ private_cidr_2 }}" # Private Subnet-2
        az: "{{ private_az_2 }}"
        resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_2 }}-private-subnet-2", "Type":"Private", "Alias":"Private_Subnet_2" }
    

    那么roles/vpc/tasks/main.yml文件会是这样的:

    ---
    - name: Creating an AWS VPC inside mentioned Region
      ec2_vpc:
        region: "{{ vpc_region }}"
        state:  present
        cidr_block: "{{ vpc_cidr_block }}"
        resource_tags: { "Name":"{{ vpc_name }}-vpc", "Environment":"{{ ENVIRONMENT }}" }
        subnets: "{{ vpc_subnets }}" 
        internet_gateway: yes
      register: vpc
    
    - name: Tag the Internet Gateway
      ec2_tag:
        resource: "{{ vpc.igw_id }}"
        region: "{{ vpc_region }}"
        state: present
        tags:
          Name: "{{ vpc_name }}-igw"
      register: igw
    
    - name: Set up Public Subnets Route Table
      ec2_vpc_route_table:
        vpc_id: "{{ vpc.vpc_id }}"
        region: "{{ vpc_region }}"
        state: present
        tags:
          Name: "Public-RT-for-{{ vpc_name }}-vpc"
        subnets:
          "{{ vpc.subnets | get_public_subnets_ids('Type','Public') }}"
        routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ vpc.igw_id }}"
      register: public_rt
    

    如需完整参考,请查看此github repo

    希望它对您或其他人有所帮助。

    【讨论】:

    • 不错的一个。请注意,不是实现自己的过滤器,而是可以将其重写如下:“{{ vpc.subnets | map(attribute('cidr') | list }}
    • 我使用过滤器是因为我想区分私有子网id和公有子网id,你提到的方法是不可能的。
    • 完全同意 :-) 但最初的问题没有提到私有子网,也值得一提 map 方法。另一种方法是为子网创建两个变量:vpc_public_subnet 和 vpc_private_subnet。在这种情况下,可以在每个上使用 map 方法。此外,如果确实需要,可以将这两个变量合并到一个新列表中
    • 没有得到这个“如果真的需要,两个变量可以合并到一个新列表中”?
    • - 名称:all_subnets set_fact:vpc_all_subnets:“{{ vpc_public_subnets }} + {{vpc_private_subnets}}” - 名称:all_subnets_debug 调试:msg="{{ vpc_all_subnets }}"
    【解决方案3】:

    删除此条目...

    propagating_vgw_ids: yes
    

    ...来自您的路由表定义。它应该可以工作。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2015-11-28
      • 2021-03-08
      • 2013-03-21
      • 2012-04-23
      • 1970-01-01
      • 2019-06-10
      • 2017-03-18
      • 2018-02-08
      相关资源
      最近更新 更多