forked from bienko/WCA-Lightspeed-L3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTEMPLATE-1.yml
213 lines (184 loc) · 6.78 KB
/
TEMPLATE-1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
# Ansible Playbook for deploying WordPress on an AWS EC2 instance
---
# MODULE 1
# Deploy a new instance (VPC) of EC2 on AWS and prepare for installation of WordPress
- name: Deploy AWS EC2 instance and WordPress
hosts: localhost
# DEFINE variables associated with your personal AWS account and planned EC2 instance.
# Replace variables indicated by <PLACEHOLDER> with AWS account details.
# Do not include < > braces and do not enclose within parenthesis ('',"",etc.)
module_defaults:
group/aws:
aws_access_key: <PLACEHOLDER>
aws_secret_key: <PLACEHOLDER>
region: us-east-1 # adjust to your specific AWS region
tasks:
# TASK 1
# Creation of a virtual private cloud (VPC) named 'wordpress'.
# Should have value 10.0.0.0/16 associated with cidr_block.
- name: Create VPC named wordpress
amazon.aws.ec2_vpc_net:
name: wordpress
cidr_block: 10.0.0.80/16
tags:
Name: wordpress
Environment: development
tenancy: default
register: vpc
# TASK 2
# Creation of the security group which allows traffic over SSH and HTTP/s
# TCP ports 80-80, 443-443, 22-22
- name: Create and register wordpress_vpc VPC security group allow SSH and HTTP
amazon.aws.ec2_security_group:
name: wordpress_vpc
description: allow ssh and http
vpc_id: "{{ _vpc_id_ }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
register: sg
# TASK 3
# Creation of an internet gateway for the wordpress VPC
- name: Create internet gateway for VPC wordpress_vpc
amazon.aws.ec2_vpc_igw:
vpc_id: "{{ _vpc_id_ }}"
register: igw
# TASK 4
# Creation of a network subnet for the wordpress VPC
- name: Create subnet in wordpress_vpc
amazon.aws.ec2_vpc_subnet:
vpc_id: "{{ _vpc_id_ }}"
cidr: 10.0.0.80/24
az: us-east-1a
resource_tags:
Name: wordpress_subnet
tags:
Name: wordpress_subnet
register: _subnet
# TASK 5
# Creation of a routing table associated with wordpress VPC's subnet and internet gateway
- name: Create route table for subnet and gateway wordpress_igw
amazon.aws.ec2_vpc_route_table:
vpc_id: "{{ _vpc_id_ }}"
tags:
Name: wordpress_route_table
subnets:
- "{{ _subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ igw.gateway_id }}"
register: _route_table
# TASK 6
# Creation of an EC2 t2.small instance with attributes defined in Tasks 1-5
# Amazon Machine Image (ami) image_id: ami-026ebd4cfe2c043b2
# Registered to Red Hat Enterprise Linux 9 (HVM, 64-bit x86) image
# Replace `key_name:` value with your EC2 .pem keypair - DO NOT include .pem as part of filename
# Use 'chmod 400' to change file permissions of .pem file before executing Playbook
- name: Create t2.small instance named wordpress in wordpress_subnet assign public ip
amazon.aws.ec2_instance:
name: wordpress
key_name: "{{ _key_name_ }}"
vpc_subnet_id: "{{ _vpc_subnet_id_ }}"
instance_type: t2.small
security_group: wordpress_vpc
network:
assign_public_ip: true
volumes:
- device_name: /dev/sda1
volume_type: gp2
volume_size: 10
wait: true
wait_timeout: 600
image: "{{ _image_ }}"
tags:
Name: wordpress
register: _instance
# TASK 7
# This section has been hard-coded ahead of time.
# DO NOT regenerate using AI-suggested code.
# Replace `ansible_ssh_private_key_file` value with path on local machine to SSH key — INCLUDE .pem as part of filename
# Use 'chmod 400' to change file permissions of .pem file before executing Playbook
- name: Add host to inventory using tunnel using wordpress_instance public ip and ansible user ec2-user
ansible.builtin.add_host:
hostname: "{{ _hostname_ }}"
groups: wordpress_servers
register: _add_host
# MODULE B
# Install and configure WordPress on the newly-provisioned AWS EC2 (VPC) instance.
- name: Install and configure WordPress
hosts: wordpress
become: true
gather_facts: false
tasks:
# TASK 8
# Wait for a connection to be established to the EC2 instance.
- name: Wait for connection
ansible.builtin.wait_for_connection:
delay: 10
# TASK 9
# After connecting, begin installation of necessary drivers and services.
- name: Install httpd, php, php-mysqli, and mariadb-server
ansible.builtin.package:
name:
- httpd
- php
- php-mysqli
- mariadb-server
state: present
# TASK 10
# Download and decompress (unarchive) WordPress contents on EC2 instance.
- name: Download and unarchive wordpress
ansible.builtin.unarchive:
src: https://wordpress.org/latest.tar.gz
dest: /var/www/html/
remote_src: true
# TASK 11
# Set owner attributes for WordPress environment.
- name: Change owner of /var/www/html/wordpress to apache:apache
ansible.builtin.file:
path: /var/www/html/wordpress
owner: apache
group: apache
recurse: true
# TASK 12
# Deploy services installed in Task 9.
- name: Start and enable httpd, php-fpm and mariadb services
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: true
loop:
- httpd
- php-fpm
- mariadb
# MODULE C
# Deploy WordPress on the newly-provisioned AWS EC2 (VPC) instance and host web page.
- name: Gather ec2 host name
hosts: localhost
# DEFINE variables associated with your personal AWS account and planned EC2 instance.
# Replace variables indicated by <PLACEHOLDER> with AWS account details.
# Do not include < > braces and do not enclose within parenthesis ('',"",etc.)
module_defaults:
group/aws:
aws_access_key: <PLACEHOLDER>
aws_secret_key: <PLACEHOLDER>
region: us-east-1 # adjust to your specific AWS region
tasks:
# TASK 13
# Gather facts about AWS EC2 (VPC) instance and deployed WordPress application.
- name: Gather ec2 instance info for tag name wordpress
amazon.aws.ec2_instance_info:
filters:
tag:Name: wordpress
register: _instance_info
# TASK 14
# Host the WordPress web application and make accessible to user.
- name: Debug ec2_facts public dns name
ansible.builtin.debug:
msg: "{{ _msg_ }}"