Role to Create/Tear Down EC2 Instances

14 views
Skip to first unread message

Justin Seiser

unread,
Feb 1, 2018, 2:58:34 PM2/1/18
to Ansible Project
I have a few questions on handling the creation/tear down of an ec2 instance. 

I have a role ( its a task atm, but Ill be migrating it over')

    - name: dallascowboys | Deployments
      include_tasks
:
        tasks
/customer-instance.yml
      vars
:
        customer_name
: dallascowboys
        customer_ip
: '10.99.100.10'
        customer_instance_count
: 1
        customer_eip_state
: present
        customer_eni_state
: present
      tags
:
       
- dallascowboys

- name: Customer | Configure ENI
  ec2_eni
:
    state
: "{{ customer_eni_state }}"
    description
: '{{ customer_name }} ENI'
    private_ip_address
: '{{ customer_ip }}'
    region
: "{{ vpc_region }}"
    security_groups
: "{{ secgrp_appliance_id }}"
    subnet_id
: "{{ public_subnet_id }}"
 
register: customer_eni


- name: Customer | Configure EIP
  ec2_eip
:
    state
: "{{ customer_eip_state }}"
    region
: "{{ vpc_region }}"
    in_vpc
: true
    device_id
: "{{ customer_eni.interface.id }}"


- name: Customer | Configure EC2 Instance
  ec2
:
    key_name
: "{{ aws_mfacloud_key }}"
    instance_type
: t2.medium
    image
: "{{ mfa_ami }}"
    region
: "{{ vpc_region }}"
    instance_profile_name
: '{{ role_appliance_name }}'
    network_interfaces
: "{{ customer_eni.interface.id }}"
    user_data
: "{{ lookup('file','windows-remoting') }}"
    instance_tags
:
     
Name: ec2-cloudmfa-{{ customer_name }}-prd
     
Customer: "{{ customer_name }}"
     
Environment: prd
     
Patch Group: cloudmfa
     
Ansible: true
      AMI
: True
    count_tag
:
     
Name: ec2-cloudmfa-{{ customer_name }}-prd
    exact_count
: "{{ customer_instance_count }}"
 
register: instance


- name: debug instance
  debug
:
   
var: instance


- name: Customer | Grab Password
  ec2_win_password
:
    instance_id
: "{{ instance.tagged_instances[0].id }}"
    region
: "{{ vpc_region }}"
    key_file
: "~/.ssh/{{ aws_mfacloud_key }}.pem"
    wait
: yes
    wait_timeout
: 300
 
register: winpass


This works OK to spin an instance up, my issue is when I want to destroy the instance for some reason.  I first set count to 0, which causes the job to fail because the ec2_win_password module.  So I run it again, with eip absent and this works, but again fails on the ec2_win_password.  I then run it a third time with eni absent, and it fails with the following error.

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "state is absent but all of the following are missing: eni_id"}


My issues are.  Is there a better way to create these instances?  Its going to be ~20 or so instances, that are configured the same, but will end up with different software on them.  So I cant just say "spin up 20 instances".  Is there a better way to have ec2_win_password only execute when I have created, or started an instance?  As opposed to turned off/terminated an instance?  I assume im missing something obvious about the tear down of the EIP and ENI as well.

Sorry for the vagueness here, I know im probably missing some info that would be helpful so please just ask.
Reply all
Reply to author
Forward
0 new messages