--- - hosts: localhost connection: local gather_facts: no tasks: - name: get the necessary vars for ami building include_vars: vars.yml - name: create a vpc with the name include_role: name: openshift_aws_vpc vars: r_openshift_aws_vpc_clusterid: "{{ provision.clusterid }}" r_openshift_aws_vpc_cidr: "{{ provision.vpc.cidr }}" r_openshift_aws_vpc_subnets: "{{ provision.vpc.subnets }}" r_openshift_aws_vpc_region: "{{ provision.region }}" r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}" r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}" - name: create aws ssh keypair include_role: name: openshift_aws_ssh_keys vars: r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}" r_openshift_aws_ssh_keys_region: "{{ provision.region }}" - name: fetch the default subnet id ec2_vpc_subnet_facts: region: "{{ provision.region }}" filters: "tag:Name": "{{ provision.vpc.subnets[provision.region][0].az }}" register: subnetout - name: create instance for ami creation ec2: assign_public_ip: yes region: "{{ provision.region }}" key_name: "{{ provision.node_group_config.ssh_key_name }}" group: "{{ provision.clusterid }}" instance_type: m4.xlarge vpc_subnet_id: "{{ subnetout.subnets[0].id }}" image: "{{ provision.build.base_image }}" volumes: - device_name: /dev/sdb volume_type: gp2 volume_size: 100 delete_on_termination: true wait: yes exact_count: 1 count_tag: Name: ami_base instance_tags: Name: ami_base register: amibase - name: wait for ssh to become available wait_for: port: 22 host: "{{ amibase.tagged_instances.0.public_ip }}" timeout: 300 search_regex: OpenSSH - name: add host to group add_host: name: "{{ amibase.tagged_instances.0.public_dns_name }}" groups: amibase - hosts: amibase remote_user: root tasks: - name: included required variables include_vars: vars.yml - name: run openshift image preparation include_role: name: openshift_ami_prep vars: r_openshift_ami_prep_yum_repositories: "{{ provision.build.yum_repositories }}" r_openshift_ami_prep_node: atomic-openshift-node r_openshift_ami_prep_master: atomic-openshift-master - hosts: localhost connection: local become: no tasks: - name: bundle ami ec2_ami: instance_id: "{{ amibase.tagged_instances.0.id }}" region: "{{ provision.region }}" state: present description: "This was provisioned {{ ansible_date_time.iso8601 }}" name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}" wait: yes register: amioutput - debug: var=amioutput - when: provision.build.use_encryption | default(False) block: - name: setup kms key for encryption include_role: name: openshift_aws_iam_kms vars: r_openshift_aws_iam_kms_region: "{{ provision.region }}" r_openshift_aws_iam_kms_alias: "alias/{{ provision.clusterid }}_kms" - name: augment the encrypted ami tags with source-ami set_fact: source_tag: source-ami: "{{ amioutput.image_id }}" - name: copy the ami for encrypted disks include_role: name: openshift_aws_ami_copy vars: r_openshift_aws_ami_copy_region: "{{ provision.region }}" r_openshift_aws_ami_copy_name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}-encrypted" r_openshift_aws_ami_copy_src_ami: "{{ amioutput.image_id }}" r_openshift_aws_ami_copy_kms_alias: "alias/{{ provision.clusterid }}_kms" r_openshift_aws_ami_copy_tags: "{{ source_tag | combine(provision.build.openshift_ami_tags) }}" r_openshift_aws_ami_copy_encrypt: "{{ provision.build.use_encryption }}" # this option currently fails due to boto waiters # when supported this need to be reapplied #r_openshift_aws_ami_copy_wait: True - name: Display newly created encrypted ami id debug: msg: "{{ r_openshift_aws_ami_copy_retval_custom_ami }}" - name: terminate temporary instance ec2: state: absent region: "{{ provision.region }}" instance_ids: "{{ amibase.tagged_instances.0.id }}"