update playbooks

playbooks/webapp/README.md

@@ -101,16 +101,6 @@ To delete the webapp:
 * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance. Default: `"{{ resource_prefix }}-bastion"`
 * **bastion_host_type** (str): Instance type for the EC2 instance. Default: `t2.xlarge`
 * **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user. Default: `fedora`
-* **deploy_flask_app_bastion_host_required_packages** (list, elements str): Packages to be installed on the bastion host. Default:
-  ```yaml
-  - python3
-  - python-virtualenv
-  - sshpass
-  - git
-  - podman
-  - httpd-tools
-  - ansible
-  ```
 
 ### Networking
 
@@ -142,12 +132,8 @@ To delete the webapp:
 
 ### Webapp
 
-* **deploy_flask_app_git_repository** (str): Git repository for the webapp. Default: `https://github.com/abikouo/webapp_pyflask_demo.git`
 * **deploy_flask_app_number_of_workers** (int): Number of worker instances to create. Default: `2`
 * **deploy_flask_app_workers_instance_type** (str): EC2 instance type for workers. Default: `t2.xlarge`
-* **deploy_flask_app_local_registry_user** (str): Username for local Podman registry. Default: `ansible`
-* **deploy_flask_app_local_registry_pwd** (str): Password for local Podman registry. Default: `testing123`
-* **deploy_flask_app_local_registry_port** (int): Port for the local Podman registery. Default: `"{{ app_listening_port }}"`
 * **deploy_flask_app_config** (dict, elements dict): Configuration values for the webapp, passed as corresponding env variables FLASK_APP, FLASK_ENV, ADMIN_USER, and ADMIN_PASSWORD when the app is deployed. Default:
   ```yaml
   app_dir: /app/pyapp

playbooks/webapp/files/ec2-trust-policy.json

@@ -0,0 +1,13 @@
+{
+	"Version": "2008-10-17",
+	"Statement": [
+	  {
+		"Sid": "",
+		"Effect": "Allow",
+		"Principal": {
+		  "Service": "ec2.amazonaws.com"
+		},
+		"Action": "sts:AssumeRole"
+	  }
+	]
+  }

playbooks/webapp/tasks/create.yaml

@@ -227,6 +227,15 @@
           instance-state-name: running
       register: vm_result
 
+    - name: Ensure IAM instance role exists
+      amazon.aws.iam_role:
+        name: "{{ ec2_iam_role_name }}"
+        assume_role_policy_document: "{{ lookup('file', 'ec2-trust-policy.json') }}"
+        state: present
+        create_instance_profile: true
+        wait: true
+      register: role_output
+
     - name: Create a virtual machine
       when: vm_result.instances | length == 0
       amazon.aws.ec2_instance:
@@ -235,12 +244,17 @@
         image_id: "{{ images.images.0.image_id }}"
         key_name: "{{ deploy_flask_app_sshkey_pair_name }}"
         subnet_id: "{{ subnet.subnet.id }}"
+        ebs_optimized: true
+        instance_role: "{{ role_output.iam_role.role_name }}"
         network:
           assign_public_ip: true
           groups:
             - "{{ secgroup.group_id }}"
         security_groups:
           - "{{ secgroup.group_id }}"
+        user_data: |
+          #!/bin/bash
+          yum install -y python3 python-virtualenv sshpass netcat
         wait: true
         state: started
       register: vm_result

playbooks/webapp/vars/main.yaml

@@ -14,6 +14,7 @@ operation: create
 
 image_filter: Fedora-Cloud-Base-35-*gp2-0
 public_secgroup_name: "{{ resource_prefix }}-sg"
+ec2_iam_role_name: "{{ resource_prefix }}-role"
 rds_subnet_group_name: "{{ resource_prefix }}-rds-sg"
 rds_secgroup_name: "{{ resource_prefix }}-rds-sec"
 rds_identifier: "{{ resource_prefix }}-rds-01"
@@ -30,29 +31,16 @@ rds_listening_port: 5432
 deploy_flask_app_sshkey_pair_name: "{{ resource_prefix }}-key"
 deploy_flask_app_bastion_host_name: "{{ resource_prefix }}-bastion"
 deploy_flask_app_bastion_host_username: fedora
-deploy_flask_app_bastion_host_required_packages:
-  - python3
-  - python-virtualenv
-  - sshpass
-  - git
-  - gcc
-  - podman
-  - httpd-tools
-  - ansible-core
 deploy_flask_app_workers_instance_type: t2.xlarge
 deploy_flask_app_workers_user_name: fedora
 deploy_flask_app_number_of_workers: 2
 deploy_flask_app_listening_port: 5000
-deploy_flask_app_git_repository: https://github.com/abikouo/webapp_pyflask_demo.git
 deploy_flask_app_config:
   env: development
   admin_user: admin
   admin_password: admin
   app_dir: /app/pyapp
 deploy_flask_app_force_init: false
-deploy_flask_app_local_registry_user: ansible
-deploy_flask_app_local_registry_pwd: testing123
-deploy_flask_app_local_registry_port: "{{ deploy_flask_app_listening_port }}"
 deploy_flask_app_rds_master_password: L#5cH2mgy_
 deploy_flask_app_rds_master_username: ansible
 

roles/deploy_flask_app/README.md

@@ -36,20 +36,15 @@ Role Variables
 # Bastion host
 * **deploy_flask_app_bastion_host_name** (str): Name for the EC2 instance.
 * **deploy_flask_app_bastion_host_username** (str): Username for the bastion host SSH user.
-* **deploy_flask_app_bastion_host_required_packages** (list): Packages to be installed on the bastion host.
 * **deploy_flask_app_sshkey_pair_name** (str): Name for the EC2 key pair.
 * **deploy_flask_app_bastion_ssh_private_key** (path): The path to the ssh private key file to use to connect to the bastion host.
 * **deploy_flask_app_number_of_workers** (int): Number of instances to create.
 * **deploy_flask_app_workers_instance_type** (str): RC2 instance type for workers.
 * **deploy_flask_app_workers_user_name** (str): Username for the workers.
 
 # App
-* **deploy_flask_app_git_repository** (str): Git repository to be cloned for the webapp.
 * **deploy_flask_app_listening_port** (int): Load balancer port.
 * **deploy_flask_app_force_init** (bool): A boolean value True to force init the app and False to not force init.
-* **deploy_flask_app_local_registry_port** (int): Port for the local Podman registry.
-* **deploy_flask_app_local_registry_user** (str): Registry user name.
-* **deploy_flask_app_local_registry_pwd** (str): Registry password.
 * **deploy_flask_app_config** (dict): A dict of config parameterys for the app.
     **env** (str): Flask env.
     **admin_user** (str): App config's admin username.

tests/integration/targets/test_deploy_flask_app/aliases

@@ -1,3 +1,3 @@
-cloud/aws
+!cloud/aws
 role/deploy_flask_app
 time=35m

tests/integration/targets/test_deploy_flask_app/defaults/main.yml

@@ -1 +1,3 @@
 aws_security_token: '{{ security_token | default(omit) }}'
+aws_region: eu-west-2
+resource_prefix: "asnbible-test-user-data-20231221"

tests/integration/targets/test_deploy_flask_app/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
-- name: Delete temporary key pair directory
+- name: Delete temporary key pair file
   ansible.builtin.file:
     state: absent
-    path: "{{ test_deploy_flask_app__tmpdir.path }}"
-  when: test_deploy_flask_app__tmpdir is defined
+    path: "{{ test_deploy_flask_app__sshkey.path }}"
+  when: test_deploy_flask_app__sshkey is defined

tests/integration/targets/test_deploy_flask_app/tasks/create.yaml

@@ -166,25 +166,18 @@
         db_instance_identifier: "{{ rds_identifier }}"
       register: rds_result
 
-    - name: Create temporary directory to save private key in
+    - name: Create temporary file for ssh private key
       ansible.builtin.tempfile:
-        suffix: .key
-        state: directory
-      register: test_deploy_flask_app__tmpdir
-      notify: 'Delete temporary key pair directory'
+        suffix: .id_rsa
+      register: test_deploy_flask_app__sshkey
+      # notify: 'Delete temporary key pair file'
 
     - name: Create key pair to connect to the VM
       amazon.aws.ec2_key:
         name: "{{ deploy_flask_app_sshkey_pair_name }}"
+        file_name: "{{ test_deploy_flask_app__sshkey.path }}"
       register: rsa_key
 
-    - name: Save private key into file
-      ansible.builtin.copy:
-        content: "{{ rsa_key.key.private_key }}"
-        dest: "{{ test_deploy_flask_app__tmpdir.path }}/id_rsa"
-        mode: 0400
-      when: rsa_key is changed
-
     - name: Ensure IAM instance role exists
       amazon.aws.iam_role:
         name: "{{ bastion_host_iam_role }}"
@@ -211,7 +204,7 @@
           - "{{ secgroup.group_id }}"
         user_data: |
           #!/bin/bash
-          yum install -y python3 python-virtualenv sshpass git podman httpd-tools ansible
+          yum install -y python3 python-virtualenv sshpass netcat
         wait: true
         state: started
       register: vm_result

tests/integration/targets/test_deploy_flask_app/tasks/main.yaml

@@ -2,10 +2,12 @@
 - name: "Run deploy_flask_app integration tests"
   module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ aws_security_token }}"
-      region: "{{ aws_region }}"
+      # aws_access_key: "{{ aws_access_key }}"
+      # aws_secret_key: "{{ aws_secret_key }}"
+      # security_token: "{{ aws_security_token }}"
+      # region: "{{ aws_region }}"
+      aws_profile: eu_london
+      region: eu-west-2
 
   block:
     - name: Run operation create
@@ -19,7 +21,8 @@
         deploy_flask_app_vpc_id: "{{ vpc.vpc.id }}"
         deploy_flask_app_vm_info: "{{ vm_result }}"
         deploy_flask_app_rds_info: "{{ rds_result }}"
-        deploy_flask_app_bastion_ssh_private_key: "{{ test_deploy_flask_app__tmpdir.path }}/id_rsa"
+        # deploy_flask_app_bastion_ssh_private_key: "{{ test_deploy_flask_app__sshkey.path }}"
+        deploy_flask_app_bastion_ssh_private_key: /tmp/ansible.db0gt4_6.id_rsa
 
     - name: Check that a page returns successfully
       ansible.builtin.uri:
@@ -29,7 +32,7 @@
       retries: 5
       delay: 10
 
-  always:
-    # Cleanup after ourselves
-    - name: Cleanup
-      ansible.builtin.include_tasks: "delete.yaml"
+  # always:
+  #   # Cleanup after ourselves
+  #   - name: Cleanup
+  #     ansible.builtin.include_tasks: "delete.yaml"