Allocating a private IP for an EC2 instance fails

[Dan Vaida]

Hello all,

I am creating a VPC with two subnets, a security group and trying to use those for launching an EC2 with a private IP address from one of the freshly created subnets.

The problem seems to be that there is no ordering done by the VPC module in regards to the CIDRs. If that would be happening, it would enable a more predictable access of the subnet by using "{{ vpc.subnets[0].id }}"

Right now, this makes the new EC2 instance randomly use one of the created subnets.

Another solution could be for the ec2 module to accept the subnet's CIDR... but then again, what if you have the same CIDR but in another AZ, that wouldn't work...

I'm sure the must be a way around this :)

vpc.yml

---

- name: VPC, SG, EC

  hosts: localhost

  connection: local

  gather_facts: False

  tasks:

  - name: create the VPC

    local_action:

      module: ec2_vpc

      cidr_block: 10.0.0.0/16

      dns_hostnames: yes

      dns_support: yes

      instance_tenancy: default

      internet_gateway: yes

      region: "{{ region }}"

      resource_tags: { "Environment": "test" }

      route_tables:

        - subnets:

            - 10.0.0.0/24

          routes:

            - dest: 0.0.0.0/0

              gw: igw

      state: present

      subnets:

        - cidr: 10.0.0.0/24

          az: "{{ zone }}"

          resource_tags: { "Environment":"test", "Name" : "Public subnet" }

        - cidr: 10.0.1.0/24

          az: "{{ zone }}"

          resource_tags: { "Environment":"test", "Name" : "Private subnet" }

      wait: yes

    register: vpc

  - debug: var=vpc

- include: secgroup.yml

secgroup.yml

---

- name: VPC, SG, EC2 

  hosts: localhost

  connection: local

  gather_facts: False

  tasks:

  - name: create the security group 

    local_action:

      module: ec2_group

      name: "{{ security_group }}"

      description: a test EC2 group

      vpc_id: "{{ vpc.vpc_id }}"

      region: "{{ region }}"

      rules:

        - proto: all

          from_port: 0

          to_port: 65535

          cidr_ip: "{{ myip }}"/32

      rules_egress: 

        - proto: all

          from_port: 0

          to_port: 65535

          cidr_ip: 0.0.0.0/0

    register: secgroup

  - debug: var=secgroup 

- include: ec2prov.yml

ec2prov.yml

---

- name: VPC, SG, EC2 

  hosts: localhost

  connection: local

  gather_facts: False

  tasks:

    

  - name: spin up the instance

    local_action:

      module: ec2 

      count: 1

      region: "{{ region }}"

      zone: "{{ zone }}"

      instance_type: "{{ instance_type }}"

      image: "{{ ami }}"

      ebs_optimized: yes

      state: present

      group_id: "{{ secgroup.group_id }}"

      vpc_subnet_id: "{{ vpc.subnets[0].id }}"

      key_name: "{{ keypair }}"

      monitoring: yes

      assign_public_ip: yes

      private_ip: 10.0.0.10

      wait: yes

      wait_timeout: 300

      volumes:

      - device_name: /dev/xvda

        volume_size: 50

        device_type: gp2

      - device_name: /dev/xvdb

        volume_size: 80

        device_type: gp2

        ephemeral: ephemeral0

      - device_name: /dev/xvdc

        volume_size: 80

        device_type: gp2

        ephemeral: ephemeral1

    register: ec2

    tags: ec2

  

  - debug: var=ec2

 

  - name: add EIP to the instance

    local_action: ec2_eip in_vpc=yes instance_id={{ item.id }} region={{ region }}

    with_items: ec2.instances

    register: eip

  - name: add instance to host group

    local_action: add_host hostname={{ item.public_ip }} groupname={{ security_group }}

    with_items: eip.results 

  - name: tag instance

    local_action: ec2_tag resource={{ item.id }} region={{ region }} state=present

    with_items: ec2.instances

    args:

      tags:

        Name: "{{ instance_name }}"

  - name: add instance to local host group

    local_action: lineinfile dest=hosts regexp="{{ item.public_ip }}" insertafter="[launched]" line={{ item.public_ip }}

    with_items: eip.results

  - name: wait for the instance to start

    local_action: wait_for state=started host={{ item.public_ip }} port=22

    with_items: eip.results

    ignore_errors: yes

[Dan Vaida]

ansible --version

ansible 1.8 (devel e564a8ca3f) last updated 2014/11/13 12:08:11 (GMT +200)

  lib/ansible/modules/core: (detached HEAD 63e81cfc2e) last updated 2014/10/30 15:43:29 (GMT +200)

  lib/ansible/modules/extras: (detached HEAD a0df36c6ab) last updated 2014/10/30 15:43:35 (GMT +200)

  v2/ansible/modules/core: (detached HEAD cb69744bce) last updated 2014/10/30 15:43:42 (GMT +200)

  v2/ansible/modules/extras: (detached HEAD 8a4f07eecd) last updated 2014/10/30 15:43:54 (GMT +200)

  configured module search path = None

I tried doing the VPC creation with only the Subnet that is meant for a batch of EC2 instances. This worked nicely for the "{{ vpc.subnets[0].id }}"

Then I called the same VPC playbook but this time also with the second Subnet that is meant for another batch of EC2 instances. This way I managed to achieve predictability.

This of course is just a dirty workaround as it will work only once because of the subsequent runs (lack of a Subnet in the VPC module deletes the Subnet if it exists and not used).

[Michael DeHaan]

Can you please share what version of Ansible, the output of your ansible playbook, and how it fails?

Thanks!

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/52a5b293-be6f-44dd-939c-f89d2122d38c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dan Vaida]

Hi Michael,

Sorry for my late reply. See the Ansible version in my previous comment.

I don't have the playbook at hand while writing this comment but it fails like so:
- vpc module successfully creates private and public subnets
- vpc module, as shown by using register and debug, returns the created subnets in random order. "{{ vpc.subnets[0].id }}" would match the private subnet right now but could match the public subnet 2 minutes later.

- my playbook fails at the task that's waiting for the SSH to come up as the playbook might launch the instances in the private subnet

Hope that makes sense and you see the issue here. If not, I will fetch the playbook and pass you the entire output.