AWS VPN is not taking IP address as defined in ansible VPN module

10 views
Skip to first unread message

maulik patel

unread,
Jul 25, 2022, 1:04:02 AM7/25/22
to Ansible Project
i'm looking for assistance for Tunnel IP address assignment defined by my own in aws for 'ec2_vpc_vpn' but somehow aws is taking its own address ( 169.254.87.200/30 & 169.254.164.108/30 ) rather than i have returned facts for tunnel ip.. how can i override with custom returned value ?

ansible_module: https://docs.ansible.com/ansible/latest/collections/community/aws/ec2_vpc_vpn_module.html


- name: Create prefix within NetBox with only required information
    netbox_prefix:
           netbox_url: "{{ netbox_url }}"
           netbox_token: "{{ netbox_token }}"
           data:
              parent: 169.254.0.0/16
              prefix_length: 30
              site: DC
              tenant: 'network'
              status: Reserved
              #state: present
              custom_fields:
                prefix_ticket_number: "{{ ticket }}"
                prefix_account_id: "{{ account_no }}"
              prefix_role: ipsec-p2p
              description: "aws-{{ region }}-{{ account_no }}-{{ application }}"
           state: present
           first_available: "{{ item }}"
           validate_certs: no
    register: prefixs
    with_items:
            - yes
            - yes

  - name: tunnel_1_cidr
    set_fact:
            tunnel_1_cidr_30: '{{ prefixs.results[0].prefix.prefix | ipmath(1) }}/30'

  - name: debug tunnel1
    debug:
            msg: "{{ tunnel_1_cidr_30 }}"        
 
  - name: tunnel_2_cidr
    set_fact:
            tunnel_2_cidr_30: '{{ prefixs.results[1].prefix.prefix | ipmath(1) }}/30'

  - name: debug tunnel2
    debug:
            msg: "{{ tunnel_2_cidr_30 }}"

  - name: create a VPN connection
    ec2_vpc_vpn:
           state: present
           vpn_gateway_id: "vgw-xxxxxxxx"
           customer_gateway_id: 'cgw-xxxxxxxx'
           static_only: true
           region: '{{ region }}'
           routes:
               - 10.0.0.0/8
           aws_access_key: "{{ aws_access_key }}"
           aws_secret_key: "{{ aws_secret_key }}"
           tunnel_options:
            -
               PreSharedKey: '{{ pre_shared_key }}'
            -
               TunnelInsideCidr: "{{ tunnel_1_cidr_30 }}" ## tunnel address
            -
               TunnelInsideCidr: "{{ tunnel_2_cidr_30 }}". ## tunnel 2 address
           tags:
              name: '{{ vpn_tag }}'


return value:

TASK [tunnel_1_cidr] **************************************************************************************************************************************************************** ok: [localhost] TASK [debug tunnel1] **************************************************************************************************************************************************************** ok: [localhost] => { "msg": "169.254.0.45/30" } TASK [tunnel_2_cidr] **************************************************************************************************************************************************************** ok: [localhost] TASK [debug tunnel2] **************************************************************************************************************************************************************** ok: [localhost] => { "msg": "169.254.0.49/30" TASK [create a VPN connection] ****************************************************************************************************************************************************** ok: [localhost] PLAY RECAP ************************************************************************************************************************************************************************** localhost : ok=8 changed=1 unreachable=0 failed=0 skip

Reply all
Reply to author
Forward
0 new messages