使用Ansible在AWS中创建VPC

Question

以下显示了我在AWS中创建VPC的Ansible手册。

PLaybook将只执行：

1. 使用CIDR
创建VPC
2. 然后创建路线表
3. 然后标记路线表
4. 最后创建路由表。

以下是代码：

---
- name: To set up internet gateway
  hosts: all
  tasks:
    - name: creating vpc
      ec2_vpc:
        region: ap-northeast-1
        state: present
        cidr_block: 20.0.0.0/16
        resource_tags: { "Name":"Test" }
      register: vpc
    - name: Creating internet gateway for the vpc created
      ec2_vpc_igw:
        region: ap-northeast-1
        state: present
        vpc_id: "{{ vpc.vpc_id }}"
      register: igw
    - name: Tagging the gateway we just created
      ec2_tag:
        resource: "{{ igw.gateway_id }}"
        #with_items: igw.gateway_id
        state: present
        region: ap-northeast-1
        tags:
          Name: test-test
    - name: Creating route table
      ec2_vpc_route_table:
        region: ap-northeast-1
        propagating_vgw_ids: yes
        vpc_id: "{{ vpc.vpc_id }}"
         subnets:
          - '20.0.0.0/16'
        routes:
          - dest: 0.0.0.0/0
            gateway_id: "{{ igw.gateway_id }}"

但是当我执行我的剧本时，我收到的错误如下

failed: [172.30.1.237] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 2411, in <module>
    main()
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 588, in main
    result = ensure_route_table_present(connection, module)
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 519, in ensur                                                     e_route_table_present
check_mode=check_mode)
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1450103975.3-140284971977416/ec2_vpc_route_table", line 398, in ensure_propagation
    dry_run=check_mode)
  File "/usr/local/lib/python2.7/dist-packages/boto/vpc/__init__.py", line 1492, in enable_vgw_route_propagation
return self.get_status('EnableVgwRoutePropagation', params)
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1227, in get_status
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>Gateway.NotAttached</Code><Message>resource     True</Message></Error></Errors><RequestI                                                    D>4f34cefd-08c2-4180-b532-dd6e9e74f7e7</RequestID></Response>

除了缩进的错误，我在哪里犯错误。 它创建了VPC，以及互联网网关。但是在使用路由表模块时。我收到了错误。

Answer 1

我建议通过创建VPC这样创建互联网网关：

- name: To set up internet gateway
   hosts: all
   tasks:
     - name: Create VPC and Subnet
       ec2_vpc:
         state: present
         region: ap-northeast-1
         cidr_block: 20.0.0.0/16
         subnets:
           - cidr: 20.0.0.0/16
             resource_tags: {"Name":"Test Subnet"}
         route_tables:
           - subnets:
             - 20.0.0.0/16
             routes:
               - dest: 0.0.0.0/0
                 gw: igw
         wait: yes
         internet_gateway: yes
         resource_tags:
           Name: "Test VPC"
       register: vpc

     - name: get igw
        ec2_vpc_igw:
          vpc_id: "{{ vpc.vpc_id }}"
          region: ap-northeast-1
          state: present
        register: igw

      - name: Tagging the new internet gateway created
        ec2_tag:
          resource: "{{ igw.gateway_id }}"
          state: present
          region: ap-northeast-1
          tags:
            Name: test-gateway

＆＃39; gw＆＃39;选项可以接受＆＃39; igw＆＃39;并将自动创建一个互联网网关，您可以在创建VPC后使用注册变量＆＃39; vpc＆＃39;标记互联网网关。

编辑： 我更新了剧本并对其进行了测试，但它确实有效 像这样使用它。

Answer 2

完整而紧凑的ansible角色可能对您有所帮助。

roles/vpc/defaults/main.yml文件如下所示：

---
# Variables that can provide as extra vars
VPC_NAME: test
VPC_REGION: us-east-1 # N.Virginia
VPC_CIDR: "172.25.0.0/16"
VPC_CLASS_DEFAULT: "172.25"

# Variables for VPC
vpc_name: "{{ VPC_NAME }}"
vpc_region: "{{ VPC_REGION }}"
vpc_cidr_block: "{{ VPC_CIDR }}"
public_cidr_1: "{{ VPC_CLASS_DEFAULT }}.10.0/24"
public_az_1: "{{ vpc_region }}a"
public_cidr_2: "{{ VPC_CLASS_DEFAULT }}.20.0/24"
public_az_2: "{{ vpc_region }}b"
private_cidr_1: "{{ VPC_CLASS_DEFAULT }}.30.0/24"
private_az_1: "{{ vpc_region }}a"
private_cidr_2: "{{ VPC_CLASS_DEFAULT }}.40.0/24"
private_az_2: "{{ vpc_region }}b"

# Please don't change the variables below, until you know what you are doing
#
# Subnets Defination for VPC
vpc_subnets:
  - cidr: "{{ public_cidr_1 }}" # Public Subnet-1
    az: "{{ public_az_1 }}"
    resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_1 }}-public_subnet-1", "Type":"Public", "Alias":"Public_Subnet_1" }
  - cidr: "{{ public_cidr_2 }}" # Public Subnet-2
    az: "{{ public_az_2 }}"
    resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_2 }}-public-subnet-2", "Type":"Public", "Alias":"Public_Subnet_2" }
  - cidr: "{{ private_cidr_1 }}" # Private Subnet-1
    az: "{{ private_az_1 }}"
    resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_1 }}-private-subnet-1", "Type":"Private", "Alias":"Private_Subnet_1" }
  - cidr: "{{ private_cidr_2 }}" # Private Subnet-2
    az: "{{ private_az_2 }}"
    resource_tags: { "Name":"{{ vpc_name }}-{{ private_az_2 }}-private-subnet-2", "Type":"Private", "Alias":"Private_Subnet_2" }

然后roles/vpc/tasks/main.yml文件将是这样的：

---
- name: Creating an AWS VPC inside mentioned Region
  ec2_vpc:
    region: "{{ vpc_region }}"
    state:  present
    cidr_block: "{{ vpc_cidr_block }}"
    resource_tags: { "Name":"{{ vpc_name }}-vpc", "Environment":"{{ ENVIRONMENT }}" }
    subnets: "{{ vpc_subnets }}" 
    internet_gateway: yes
  register: vpc

- name: Tag the Internet Gateway
  ec2_tag:
    resource: "{{ vpc.igw_id }}"
    region: "{{ vpc_region }}"
    state: present
    tags:
      Name: "{{ vpc_name }}-igw"
  register: igw

- name: Set up Public Subnets Route Table
  ec2_vpc_route_table:
    vpc_id: "{{ vpc.vpc_id }}"
    region: "{{ vpc_region }}"
    state: present
    tags:
      Name: "Public-RT-for-{{ vpc_name }}-vpc"
    subnets:
      "{{ vpc.subnets | get_public_subnets_ids('Type','Public') }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ vpc.igw_id }}"
  register: public_rt

如需完整参考，请查看此github repo。

希望它可以帮助你或其他人。

Answer 3

删除此条目......

propagating_vgw_ids: yes

...来自您的路线表定义。它应该工作。