-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathSOLUTION.yml
197 lines (181 loc) · 6.94 KB
/
SOLUTION.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# Ansible Playbook for deploying WordPress on an AWS EC2 instance
---
# MODULE 1
# Deploy a new instance (VPC) of EC2 on AWS and prepare for installation of WordPress
- name: Deploy AWS EC2 instance and WordPress
hosts: localhost
# DEFINE variables associated with your personal AWS account and planned EC2 instance.
# Replace variables indicated by <PLACEHOLDER> with AWS account details.
# Do not include < > braces and do not enclose within parenthesis ('',"",etc.)
module_defaults:
group/aws:
aws_access_key: <PLACEHOLDER>
aws_secret_key: <PLACEHOLDER>
region: us-east-1 # adjust to your specific AWS region
tasks:
# TASK 1
# Creation of a virtual private cloud (VPC) named 'wordpress'.
# Should have value 10.0.0.0/16 associated with cidr_block.
- name: Create VPC named wordpress
amazon.aws.ec2_vpc_net:
name: wordpress
cidr_block: 10.0.0.0/16
state: present
register: wordpress_vpc
# TASK 2
# Creation of the security group which allows traffic over SSH and HTTP/s
# TCP ports 80-80, 443-443, 22-22
- name: Create and register wordpress_vpc VPC security group allow SSH and HTTP
amazon.aws.ec2_security_group:
name: wordpress
description: Allow SSH and HTTP/HTTPS
vpc_id: "{{ wordpress_vpc.vpc.id }}"
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 443
to_port: 443
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
register: wordpress_sg
# TASK 3
# Creation of an internet gateway for the wordpress VPC
- name: Create internet gateway for VPC wordpress_vpc
amazon.aws.ec2_vpc_igw:
vpc_id: "{{ wordpress_vpc.vpc.id }}"
state: present
register: wordpress_igw
# TASK 4
# Creation of a network subnet for the wordpress VPC
- name: Create subnet in wordpress_vpc
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ wordpress_vpc.vpc.id }}"
cidr: 10.0.0.0/16
register: wordpress_subnet
# TASK 5
# Creation of a routing table associated with wordpress VPC's subnet and internet gateway
- name: Create route table for subnet and gateway wordpress_igw
amazon.aws.ec2_vpc_route_table:
state: present
vpc_id: "{{ wordpress_vpc.vpc.id }}"
tags:
Name: sg_public
Project: phoenix
subnets:
- "{{ wordpress_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ wordpress_igw.gateway_id }}"
register: wordpress_route_table
# TASK 6
# Creation of an EC2 t2.small instance with attributes defined in Tasks 1-5
# Amazon Machine Image (ami) image_id: ami-026ebd4cfe2c043b2
# Registered to Red Hat Enterprise Linux 9 (HVM, 64-bit x86) image
# Replace `key_name:` value with your EC2 .pem keypair - DO NOT include .pem as part of filename
# Use 'chmod 400' to change file permissions of .pem file before executing Playbook
- name: Create t2.small instance named wordpress in wordpress_subnet assign public ip
amazon.aws.ec2_instance:
name: wordpress
image_id: "ami-026ebd4cfe2c043b2"
instance_type: t2.small
vpc_subnet_id: "{{ wordpress_subnet.subnet.id }}"
security_groups: "{{ wordpress_sg.group_id }}"
network:
assign_public_ip: true
key_name: "bienko-key"
state: running
register: wordpress_server
# TASK 7
# This section has been hard-coded ahead of time.
# DO NOT regenerate using AI-suggested code.
# Replace `ansible_ssh_private_key_file` value with path on local machine to SSH key — INCLUDE .pem as part of filename
# Use 'chmod 400' to change file permissions of .pem file before executing Playbook
- name: Add host to inventory using tunnel using wordpress_instance public ip and ansible user ec2-user
ansible.builtin.add_host:
name: wordpress
ansible_host: "{{ wordpress_server.instances[0].public_ip_address }}"
ansible_user: ec2-user
ansible_ssh_private_key_file: "bienko-key.pem"
# MODULE B
# Install and configure WordPress on the newly-provisioned AWS EC2 (VPC) instance.
- name: Install and configure WordPress
hosts: wordpress
become: true
gather_facts: false
tasks:
# TASK 8
# Wait for a connection to be established to the EC2 instance.
- name: Wait for connection
ansible.builtin.wait_for_connection:
delay: 10
timeout: 30
# TASK 9
# After connecting, begin installation of necessary drivers and services.
- name: Install httpd, php, php-mysqli, and mariadb-server
ansible.builtin.package:
name:
- httpd
- php
- php-mysqlnd
- mariadb-server
state: present
# TASK 10
# Download and decompress (unarchive) WordPress contents on EC2 instance.
- name: Download and unarchive wordpress
ansible.builtin.unarchive:
src: https://wordpress.org/latest.tar.gz
dest: /var/www/html
remote_src: true
creates: /var/www/html/wordpress
# TASK 11
# Set owner attributes for WordPress environment.
- name: Change owner of /var/www/html/wordpress to apache:apache
ansible.builtin.file:
path: /var/www/html
owner: apache
group: apache
recurse: true
# TASK 12
# Deploy services installed in Task 9.
- name: Start and enable httpd, php-fpm and mariadb services
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: true
loop:
- httpd
- php-fpm
- mariadb
# MODULE C
# Deploy WordPress on the newly-provisioned AWS EC2 (VPC) instance and host web page.
- name: Gather ec2 host name
hosts: localhost
# DEFINE variables associated with your personal AWS account and planned EC2 instance.
# Replace variables indicated by <PLACEHOLDER> with AWS account details.
# Do not include < > braces and do not enclose within parenthesis ('',"",etc.)
module_defaults:
group/aws:
aws_access_key: <PLACEHOLDER>
aws_secret_key: <PLACEHOLDER>
region: us-east-1 # adjust to your specific AWS region
tasks:
# TASK 13
# Gather facts about AWS EC2 (VPC) instance and deployed WordPress application.
- name: Gather ec2 instance info for tag name wordpress
amazon.aws.ec2_instance_info:
filters:
tag:Name: wordpress
instance-state-name: running
register: ec2_facts
# TASK 14
# Host the WordPress web application and make accessible to user.
- name: Debug ec2_facts public dns name
ansible.builtin.debug:
msg: "{{ ec2_facts.instances[0].public_dns_name }}/wordpress/readme.html"