HMI/人机接口>> ansible-role-aws_nat>> 返回
项目作者: mediafellows

项目描述 :
Ansible Role - AWS NAT role to create a NAT instance for an Amazon VPC
高级语言: Shell
项目地址: git://github.com/mediafellows/ansible-role-aws_nat.git
创建时间: 2020-04-03T10:19:54Z
项目社区:https://github.com/mediafellows/ansible-role-aws_nat
开源协议:
下载


Build Status

Ansible AWS NAT role

An ansible role thar configures an Ubuntu based AMI to be a used for a
NAT instance to route traffic from a private VPC subnet.
The resulting AMI can be used to launch an instance into a scaling group to have a failover
when the instance goes down. It’s for this reason reusing an unattached ENI so routing
proceeds to work without updating VPC routing tables or IP/DNS records for things pointing to the NAT instance.

Read this blog article for the idea behind this concept:
http://www.cakesolutions.net/teamblogs/making-aws-nat-instances-highly-available-without-the-compromises

Setting up the ENI and VPC is not part of this role!

For hotplugging the ENI into Ubuntu this role uses ubuntu-ec2net utils. See here https://github.com/ademaria/ubuntu-ec2net
They are derived from the utils AWS provides for their own Linux flavour http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#ec2-net-utils

Requirements

  • AWS account with VPC prepared
  • AWS Ubuntu base image
  • Unattached ENI interface with source/dest check disabled

Role Variables

  • nat_eni_id: eni-abc123 - The id of the ENI to be attached, create it before and add it to your VPC routing table
  • aws_region: us-east-1 - AWS region your VPC is in
  • vpc_private_subnets - this should contain a list of subnet dictioanaries (like the ones returned by ec2 modules), this role looks for the cidr_block dict value.

Dependencies

Depends on no other ansible roles.

Example Playbook

Just include the role in your play after you created VPC and ENI. See role example at the end:

  1. # Example on how to meet the preconditions for this role:
  2. - name: Create ENI and add it to the VPC routing
  3.   hosts: localhost
  4.   tasks:
  5.     # Create VPC and subnets first and save the private subnets in the variable vpc_private_subnets
  7.     - name: Create ENI
  8.       ec2_eni:
  9.         # some setup stuff
  10.       register: nat_eni
  12.     - name: Disable source/dest check
  13.       ec2_eni:
  14.         eni_id: "{{nat_eni.interface.id}}"
  15.         source_dest_check: false
  16.       register: nat_eni
  18.     - name: Allocating EIP
  19.       ec2_eip:
  20.         in_vpc: true
  21.         # some other params
  22.       register: nat_eip
  24.     - name: Attaching EIP to ENI
  25.       ec2_eip:
  26.         device_id: "{{nat_eni.interface.id}}"
  27.         ip: "{{nat_eip.public_ip}}"
  28.         region: "{{ my_region }}"
  30.     - name: Add ENI to VPC routing
  31.       ec2_vpc_route_table:
  32.         # some other params
  33.         subnets: "{{ vpc_private_subnets|list|map(attribute='id')|list }}"
  34.         routes:
  35.           - dest: 0.0.0.0/0
  36.             interface_id: "{{ nat_eni.interface.id }}"
  37.         region: "{{ my_region }}"
  39. # Startup ec2 instance...
  41. # Role usage example:
  42. - name: Configure NAT instance for AMI
  43.   hosts: ami_baking_instance
  44.   remote_user: ubuntu
  45.   vars:
  46.     nat_eni: "{{ hostvars['localhost']['nat_eni'] }}"
  47.     subnets: "{{ hostvars['localhost']['vpc_private_subnets'] }}"
  48.   roles:
  49.     - { role: mediafellows.aws_nat, nat_eni_id: "{{nat_eni.interface.id}}", vpc_private_subnets: "{{subnets}}", aws_region: "{{ my_region }}" }
  50.   tasks:
  51.     # ...
  53. # Create AMI for autoscaling...

The resulting AMI will auto attach to the ENI (which can be reused for new instances).

You can find the ec2_eni module here: https://github.com/ansible/ansible-modules-extras/blob/devel/cloud/amazon/ec2_eni.py

License

BSD

Author Information

Stefan Horning stefan.horning@mediafellows.com

Also includes work from https://github.com/ademaria