Creating a AWS VPC with IPv6 addresses

[Ralf Weber]

Moin!

I wanted to use ansible to create a VPC with Amazon supplied IPv6
addresses. In the Console this is an option, when I create and VPC, but
I could not find anything in ec2_vpc_net for that.

When I use ec2_vpc_net_info I see the IPv6 association of the other VPCs
I created manually, and I see that ec2_vpc_subnet has the ability to let
instances get and IPv6 address, but that needs to be specified out of
the /56 that normally is assigned from Amazon per VPC.

What is missing is the initial option to create the /56 for the VPC or
am I missing something?

TIA and so long
-Ralf
——-
Ralf Weber

[Karl Auer]

I haven't tried this myself, but what happens if you just provide iPv6 addresses to the ec2_vpc_net module?

The "initial /56" is just the CIDR block, I'd have thought, same as with IPv4. But as I say I have not tried this.

Regards, K.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/E71C3D85-C61C-4AE6-B4A7-C92403B5D57F%40fl1ger.de.

--

Karl Auer { manager, systems support }
P: 1300 759 975
E: ka...@2pisoftware.com
2pisoftware.com

GPG/PGP : 301B 1F4E 624D AD99 242C 7A68 EC24 7113 E854 4A4E
Previous: 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816

[Dick Visser]

Hi

This is indeed not supporting by the ec2_vpc_net module.
I am using an aws cli helper task, which needs to be conditional to
prevent adding the prefix when it's already there:

- name: Ensure VPC is available
ec2_vpc_net:
name: my_vpc
cidr_block: 10.0.0.0/24
register: realized_vpc

# Workaround because ec2_vpc_net doesn't have IPv6 functionality, see
# https://github.com/ansible/ansible/issues/27800 for the list of open
IPv6 issues.
- name: Ensure VPC has IPv6 prefix
command: aws ec2 associate-vpc-cidr-block
--amazon-provided-ipv6-cidr-block --vpc-id "{{ realized_vpc.vpc.id }}"
when: realized_vpc.vpc.ipv6_cidr_block_association_set is not defined


This works and is idempotent as well.




--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[Ralf Weber]

Moin!

On 14 Mar 2020, at 9:07, Dick Visser wrote:
> This is indeed not supporting by the ec2_vpc_net module.
> I am using an aws cli helper task, which needs to be conditional to
> prevent adding the prefix when it's already there:
>
> - name: Ensure VPC is available
> ec2_vpc_net:
> name: my_vpc
> cidr_block: 10.0.0.0/24
> register: realized_vpc
>
> # Workaround because ec2_vpc_net doesn't have IPv6 functionality, see
> # https://github.com/ansible/ansible/issues/27800 for the list of open
> IPv6 issues.
> - name: Ensure VPC has IPv6 prefix
> command: aws ec2 associate-vpc-cidr-block
> --amazon-provided-ipv6-cidr-block --vpc-id "{{ realized_vpc.vpc.id }}"
> when: realized_vpc.vpc.ipv6_cidr_block_association_set is not defined

Thanks a lot that worked fine for me also. Now given the issue list I may
run into other problems with getting IPv6 deployed, but I’ll try anyway.

So long
-Ralf
——-
Ralf Weber

[Dick Visser]

On Mon, 16 Mar 2020 at 15:21, Ralf Weber <ans...@fl1ger.de> wrote:
> Thanks a lot that worked fine for me also. Now given the issue list I may
> run into other problems with getting IPv6 deployed, but I’ll try anyway.

Good to hear.
We are running many dual stack environments that are deployed with ansible.
They do require a little bit of tinkering because of said limitations
but overall we are very happy with the set-up.
Don't hesitate to ask questions about it.


thx