Added Automation Mesh Demo Role (#19)

* Added mesh demo role * Added changelog fragment * Remove default AMI * README updates * Merge changelog
ansible-content-lab · Feb 16, 2024 · e5f32f8 · e5f32f8
1 parent 5453e29
commit e5f32f8
Show file tree

Hide file tree

Showing 11 changed files with 313 additions and 10 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -6,6 +6,19 @@ lab.azure.azure_infrastructure_config_demos Release Notes
 
 This changelog describes changes after version 2.0.0.
 
+v3.1.0
+======
+
+Release Summary
+---------------
+
+Added a role that deploys AWS infrastructure for quick automation mesh demos.
+
+Major Changes
+-------------
+
+- New automation mesh role.
+
 v3.0.0
 ======
 

diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ Click on the role name to be directed to the README specifically for that role.
 
 | Name                                                                                                                                                                                                  | Description                                                                                                                               |
 | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| [aws.infrastructure_config_demos.mesh_demo](https://github.com/ansible-content-lab/lab.aws_infrastructure_config_demos/blob/main/roles/mesh_demo/README.md)                                           | Creates infrastructure for with a VM setup for a hop and execution node.                                                                  |
 | [lab.aws_infrastructure_config_demos.create_vm](https://github.com/ansible-content-lab/aws.infrastructure_config_demos/blob/main/roles/create_vm/README.md)                                           | A role to create AWS virtual machines.                                                                                                    |
 | [lab.aws_infrastructure_config_demos.manage_transit_peered_networks](https://github.com/ansible-content-lab/aws.infrastructure_config_demos/blob/main/roles/manage_transit_peered_networks/README.md) | A role to create a hub-and-spoke VPC networking architecture that includes DMZ and private networks.                                      |
 | [aws.infrastructure_config_demos.peer_existing_networks](https://github.com/ansible-content-lab/lab.aws_infrastructure_config_demos/blob/main/roles/peer_existing_networks/README.md)                 | A role to automate the peering of two or more VPCs through direct peering model.                                                          |
@@ -25,6 +26,7 @@ Click on the role name to be directed to the README specifically for that role.
 
 | Name                          | Role(s) Used                                                         | Description                                                                                                                 |
 | ----------------------------- | -------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
+| `create_mesh_demo_infra.yml`  | `lab.aws_infrastructure_config_demos.mesh_demo`                      | A playbook to call the automation mesh demo role.                                                                           |
 | `create_peer_network.yml`     | `lab.aws_infrastructure_config_demos.manage_direct_peered_networks`  | A playbook to create a multi-VPC peer network configuration with DMZ and private networks.                                  |
 | `delete_peer_network.yml`     | `lab.aws_infrastructure_config_demos.manage_direct_peered_networks`  | Deletes AWS resources created in the `create_peer_network` playbook.                                                        |
 | `peer_networks.yml`           | `lab.aws_infrastructure_config_demos.peer_networks`                  | Peer two or more VPCs with VPC peering.                                                                                     |

diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml
@@ -16,4 +16,4 @@ plugins:
   strategy: {}
   test: {}
   vars: {}
-version: 3.0.0
+version: 3.1.0
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
@@ -3,14 +3,23 @@ releases:
   3.0.0:
     changes:
       breaking_changes:
-        - Playbook names have changed.
-        - Playbook paths have changed.
-        - Playbooks now reference role by FQRN.
+      - Playbook names have changed.
+      - Playbook paths have changed.
+      - Playbooks now reference role by FQRN.
       major_changes:
-        - Moved playbooks into playbooks folder so that playbooks may be called from
-          `namespace.collection.playbook` syntax.
-        - Updated Ansible Lint config.
+      - Moved playbooks into playbooks folder so that playbooks may be called from
+        `namespace.collection.playbook` syntax.
+      - Updated Ansible Lint config.
       release_summary: Updated the collection to match validated patterns.
     fragments:
-      - version-3.yml
-    release_date: "2023-11-06"
+    - version-3.yml
+    release_date: '2023-11-06'
+  3.1.0:
+    changes:
+      major_changes:
+      - New automation mesh role.
+      release_summary: Added a role that deploys AWS infrastructure for quick automation
+        mesh demos.
+    fragments:
+    - 10-mesh-demo.yml
+    release_date: '2024-02-16'
diff --git a/galaxy.yml b/galaxy.yml
@@ -1,7 +1,7 @@
 ---
 namespace: lab
 name: aws_infrastructure_config_demos
-version: 3.0.0
+version: 3.1.0
 readme: README.md
 authors:
   - Scott Harwell <sharwell@redhat.com>

diff --git a/playbooks/create_mesh_demo_infra.yml b/playbooks/create_mesh_demo_infra.yml
@@ -0,0 +1,9 @@
+---
+- name: Deploy automation mesh demo
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Create automation mesh demo
+      ansible.builtin.include_role:
+        name: lab.aws_infrastructure_config_demos.mesh_demo
diff --git a/roles/mesh_demo/README.md b/roles/mesh_demo/README.md
@@ -0,0 +1,46 @@
+# lab.aws_infrastructure_config_demos.mesh_demo
+
+This role configures AWS infrastructure with a network and VM configuration that can be used for automation mesh demos including a public subnet, private subnet, hop node, and execution node; along with the dependent resources to allow networking traffic.
+
+## Role Variables
+
+```yaml
+mesh_demo_aws_region: us-east-1
+mesh_demo_tenancy: default
+mesh_demo_vpc_priv_net_cidr: 10.0.0.0/20
+mesh_demo_priv_subnet_cidr: 10.0.0.0/24
+mesh_demo_pub_subnet_cidr: 10.0.1.0/24
+mesh_demo_ssh_key_name: default_keypair
+mesh_demo_hop_node_instance_type: t2.small
+mesh_demo_hop_node_instance_name: hop_node
+mesh_demo_execution_node_instance_type: t2.small
+mesh_demo_execution_node_instance_name: execution_node
+```
+
+## Dependencies
+
+### Collections
+
+* `amazon.aws`
+
+## Example Playbook
+
+```yaml
+---
+- name: Deploy automation mesh demo
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Create automation mesh demo
+      ansible.builtin.include_role:
+        name: lab.aws_infrastructure_config_demos.mesh_demo
+```
+
+## License
+
+GPLv3
+
+## Author Information
+
+Scott Harwell <sharwell@redhat.com>
diff --git a/roles/mesh_demo/defaults/main.yml b/roles/mesh_demo/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+mesh_demo_aws_region: us-east-1
+mesh_demo_tenancy: default
+mesh_demo_vpc_priv_net_cidr: 10.0.0.0/20
+mesh_demo_priv_subnet_cidr: 10.0.0.0/24
+mesh_demo_pub_subnet_cidr: 10.0.1.0/24
+mesh_demo_ssh_key_name: default_keypair
+mesh_demo_hop_node_instance_type: t2.small
+mesh_demo_hop_node_instance_name: hop_node
+mesh_demo_execution_node_instance_type: t2.small
+mesh_demo_execution_node_instance_name: execution_node
diff --git a/roles/mesh_demo/tasks/main.yml b/roles/mesh_demo/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Include VNET Tasks
+  ansible.builtin.include_tasks: vnet.yml
+
+- name: Import VM Tasks
+  ansible.builtin.include_tasks: vms.yml
diff --git a/roles/mesh_demo/tasks/vms.yml b/roles/mesh_demo/tasks/vms.yml
@@ -0,0 +1,48 @@
+---
+- name: Provision hop node VM
+  amazon.aws.ec2_instance:
+    count: 1
+    image:
+      id: "{{ mesh_demo_ami | trim }}"
+    instance_type: "{{ mesh_demo_hop_node_instance_type }}"
+    key_name: "{{ mesh_demo_ssh_key_name }}"
+    name: "{{ mesh_demo_hop_node_instance_name }}"
+    network:
+      assign_public_ip: true
+      delete_on_termination: true
+    region: "{{ mesh_demo_aws_region }}"
+    security_groups:
+      - "{{ dmz_sg.group_id }}"
+    state: running
+    tags:
+      deployment: ansible
+      purpose: hop-node
+      ansible-role: mesh_demo
+    tenancy: "{{ mesh_demo_tenancy }}"
+    vpc_subnet_id: "{{ mesh_demo_pub_subnet.subnet.id }}"
+    wait: true
+  register: hop_node
+
+- name: Provision execution node VM
+  amazon.aws.ec2_instance:
+    count: 1
+    image:
+      id: "{{ mesh_demo_ami | trim }}"
+    instance_type: "{{ mesh_demo_execution_node_instance_type }}"
+    key_name: "{{ mesh_demo_ssh_key_name }}"
+    name: "{{ mesh_demo_execution_node_instance_name }}"
+    network:
+      assign_public_ip: false
+      delete_on_termination: true
+    region: "{{ mesh_demo_aws_region }}"
+    security_groups:
+      - "{{ priv_network_sg.group_id }}"
+    state: running
+    tags:
+      deployment: ansible
+      purpose: execution-node
+      ansible-role: mesh_demo
+    tenancy: "{{ mesh_demo_tenancy }}"
+    vpc_subnet_id: "{{ mesh_demo_priv_subnet.subnet.id }}"
+    wait: true
+  register: hop_node
diff --git a/roles/mesh_demo/tasks/vnet.yml b/roles/mesh_demo/tasks/vnet.yml
@@ -0,0 +1,159 @@
+---
+- name: Create VPC
+  amazon.aws.ec2_vpc_net:
+    name: automation-mesh-demo-vpc
+    cidr_block: "{{ mesh_demo_vpc_priv_net_cidr }}"
+    purge_tags: false
+    region: "{{ mesh_demo_aws_region }}"
+    tenancy: "{{ mesh_demo_tenancy }}"
+    state: present
+    tags:
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: mesh_demo_vpc
+
+- name: Create private subnet
+  amazon.aws.ec2_vpc_subnet:
+    state: present
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+    cidr: "{{ mesh_demo_priv_subnet_cidr }}"
+    region: "{{ mesh_demo_aws_region }}"
+    tags:
+      Name: private-subnet
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: mesh_demo_priv_subnet
+
+- name: Create public subnet
+  amazon.aws.ec2_vpc_subnet:
+    state: present
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+    cidr: "{{ mesh_demo_pub_subnet_cidr }}"
+    region: "{{ mesh_demo_aws_region }}"
+    tags:
+      Name: public-subnet
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: mesh_demo_pub_subnet
+
+- name: Create Internet Gateway
+  amazon.aws.ec2_vpc_igw:
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+    region: "{{ mesh_demo_aws_region }}"
+    state: present
+    tags:
+      Name: priv-network-ig
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: mesh_demo_igw
+
+- name: Create NAT gateway and allocate EIP if a nat gateway does not yet exist in the subnet
+  amazon.aws.ec2_vpc_nat_gateway:
+    state: present
+    subnet_id: "{{ mesh_demo_pub_subnet.subnet.id }}"
+    wait: true
+    region: "{{ mesh_demo_aws_region }}"
+    if_exist_do_not_create: true
+    tags:
+      Name: priv-network-nat-gw
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: mesh_demo_nat_gateway
+
+- name: Create pub network security group
+  amazon.aws.ec2_security_group:
+    name: mesh-demo-dmz-sg
+    description: DMZ security group
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+    region: "{{ mesh_demo_aws_region }}"
+    rules:
+      - proto: tcp
+        ports:
+          - 22
+        cidr_ip: 0.0.0.0/0
+        rule_desc: allow all on port 22
+      - proto: tcp
+        cidr_ip: 0.0.0.0/0
+        from_port: 0
+        to_port: 27199
+        rule_desc: allow on port 27199 for automation mesh
+      - proto: icmp
+        cidr_ip: 10.0.0.0/8
+        from_port: -1
+        to_port: -1
+        rule_desc: allow all local network icmp traffic
+    rules_egress:
+      - proto: all
+        cidr_ip: 0.0.0.0/0
+        rule_desc: allow all outbound traffic
+    tags:
+      Name: mesh_demo-dmz-sg
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: dmz_sg
+
+- name: Create priv network security group
+  amazon.aws.ec2_security_group:
+    name: mesh-demo-private-network-sg
+    description: Private network security group
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+    region: "{{ mesh_demo_aws_region }}"
+    rules:
+      - proto: tcp
+        from_port: 0
+        to_port: 22
+        cidr_ip: 10.0.0.0/8
+        rule_desc: allow all ssh traffic in private networks
+      - proto: tcp
+        from_port: 0
+        to_port: 27199
+        cidr_ip: 10.0.0.0/8
+        rule_desc: allow all automation mesh traffic in private networks
+      - proto: icmp
+        from_port: -1
+        to_port: -1
+        cidr_ip: 10.0.0.0/8
+        rule_desc: allow all icmp traffic in private networks
+    rules_egress:
+      - proto: all
+        cidr_ip: 0.0.0.0/0
+        rule_desc: allow all outbound traffic
+    tags:
+      Name: mesh-demo-private-network-sg
+      deployment: ansible
+      ansible-role: mesh_demo
+  register: priv_network_sg
+
+- name: Setup public subnet route table
+  amazon.aws.ec2_vpc_route_table:
+    purge_tags: false
+    region: "{{ mesh_demo_aws_region }}"
+    routes:
+      - dest: 0.0.0.0/0
+        gateway_id: "{{ mesh_demo_igw.gateway_id }}"
+    subnets:
+      - "{{ mesh_demo_pub_subnet.subnet.id }}"
+    state: present
+    tags:
+      Name: mesh-demo-pub-subnet-rt
+      deployment: ansible
+      ansible-role: mesh_demo
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+  register: pub_subnet_rt
+
+- name: Setup private subnet route table
+  amazon.aws.ec2_vpc_route_table:
+    purge_tags: false
+    region: "{{ mesh_demo_aws_region }}"
+    routes:
+      - dest: 0.0.0.0/0
+        gateway_id: "{{ mesh_demo_nat_gateway.nat_gateway_id }}"
+    subnets:
+      - "{{ mesh_demo_priv_subnet.subnet.id }}"
+    state: present
+    tags:
+      Name: mesh-demo-priv-subnet-rt
+      deployment: ansible
+      ansible-role: mesh_demo
+    vpc_id: "{{ mesh_demo_vpc.vpc.id }}"
+  register: priv_subnet_rt