consolewitch · June 1, 2017 01:36
diff --git a/bake_ami.yml b/bake_ami.yml
 ---
 # This is a stripped version of some code I wrote to bake windows AMIs with ansible through a bastion.
 # It works but may need some coaxing if you are going to use it.  It was a work-in-progress when we
 # realized that we didn't need to do this for unrelated reasons. YMMV ~Alex

 - name: "Start base image"
  hosts: localhost
  gather_facts: False
  connection: local
  vars:
    bastion_ssh_user: 
    bastion_host:
    base_ami:
    region: us-east-1
    subnet_id:
    rdp_sg:
    ssh_sg:
    internet_access_sg:
    winrm_sg:
  tasks:
  - name: "Bring up base ami"
    ec2:
      instance_type: m3.medium
      region: "{{ region }}"
      image: "{{ base_ami }}"
      wait: True
      vpc_subnet_id: {{ subnet_id }} 
      instance_tags:
          class: oven
      count_tag: 
        class: oven
      exact_count: 1
      group:
        - "{{ rdp_sg }}"
        - "{{ internet_access_sg }}"
        - "{{ winrm_sg }}"
    register: instance_status

  - name: "wait for ami to become available"
    delegate_to: "{{ bastion_host }}"
    wait_for:
      port: 3389
      connect_timeout: 90
      host: "{{ instance_status.tagged_instances[0].private_ip }}"
      state: started

  - name: "save the new instances IP and ID for later"
    set_fact:
      oven_ip: "{{ instance_status.tagged_instances[0].private_ip }}"
      instance_id: "{{ instance_status.tagged_instances[0].id }}"

 - name: "Tunnel winrm port through bastion to new instance"
  hosts: localhost
  gather_facts: False
  vars:
    bastion_ssh_user:
    bastion_host:
  tasks:
    - name: "Establish connection to oven"
      local_action: command ssh -Nf -o StrictHostKeyChecking=no -o UserKnownHostsFile="/dev/null" {{ bastion_ssh_user }}@{{ bastion_host }} -L 5986:{{ oven_ip }}:5986
 #    - local_action: command ssh -Nf -4 -o ControlPersist=1m -o ControlMaster=auto -o ControlPath="~/.ssh/mux2win-%r@%h:%p" -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o UserKnownHostsFile="/dev/null" -i {{ ansible_ssh_private_key_file }} {{ ansible_ssh_user }}@{{ ansible_host }} -L {{ ansible_port }}:{{ actual_host }}:{{ ansible_port }}

    - name: "ensure connection to oven is available"
      local_action: wait_for host=127.0.0.1 port=5986 timeout=30

 - name: "provision ami"
  hosts: localhost
  vars:
    image_name:
    ansible_port: 5986
    windows_admin_account:
    windows_admin_pw:
    ansible_connection: winrm
    ansible_winrm_server_cert_validation: ignore
    ansible_user: {{ windows_admin_account }}
    ansible_password: {{ windows_admin_pw }}
  gather_facts: True
  roles:
    - role: provision_role_1
      tags:
        - role1
    - role: provision_role_2
      tags:
        - role2

 - name: "bake ami"
  ec2_ami:
    instance_id: {{ instance_id }}
    wait: yes
    name: "{{ image_name }}"
    tags:
      Name: "{{ image_name }}"

 #todo: create handler to tear down ssh tunnel after everything is done
 #todo: create handler to clean up oven
	---
	# This is a stripped version of some code I wrote to bake windows AMIs with ansible through a bastion.
	# It works but may need some coaxing if you are going to use it. It was a work-in-progress when we
	# realized that we didn't need to do this for unrelated reasons. YMMV ~Alex

	- name: "Start base image"
	hosts: localhost
	gather_facts: False
	connection: local
	vars:
	bastion_ssh_user:
	bastion_host:
	base_ami:
	region: us-east-1
	subnet_id:
	rdp_sg:
	ssh_sg:
	internet_access_sg:
	winrm_sg:
	tasks:
	- name: "Bring up base ami"
	ec2:
	instance_type: m3.medium
	region: "{{ region }}"
	image: "{{ base_ami }}"
	wait: True
	vpc_subnet_id: {{ subnet_id }}
	instance_tags:
	class: oven
	count_tag:
	class: oven
	exact_count: 1
	group:
	- "{{ rdp_sg }}"
	- "{{ internet_access_sg }}"
	- "{{ winrm_sg }}"
	register: instance_status

	- name: "wait for ami to become available"
	delegate_to: "{{ bastion_host }}"
	wait_for:
	port: 3389
	connect_timeout: 90
	host: "{{ instance_status.tagged_instances[0].private_ip }}"
	state: started

	- name: "save the new instances IP and ID for later"
	set_fact:
	oven_ip: "{{ instance_status.tagged_instances[0].private_ip }}"
	instance_id: "{{ instance_status.tagged_instances[0].id }}"

	- name: "Tunnel winrm port through bastion to new instance"
	hosts: localhost
	gather_facts: False
	vars:
	bastion_ssh_user:
	bastion_host:
	tasks:
	- name: "Establish connection to oven"
	local_action: command ssh -Nf -o StrictHostKeyChecking=no -o UserKnownHostsFile="/dev/null" {{ bastion_ssh_user }}@{{ bastion_host }} -L 5986:{{ oven_ip }}:5986
	# - local_action: command ssh -Nf -4 -o ControlPersist=1m -o ControlMaster=auto -o ControlPath="~/.ssh/mux2win-%r@%h:%p" -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o UserKnownHostsFile="/dev/null" -i {{ ansible_ssh_private_key_file }} {{ ansible_ssh_user }}@{{ ansible_host }} -L {{ ansible_port }}:{{ actual_host }}:{{ ansible_port }}

	- name: "ensure connection to oven is available"
	local_action: wait_for host=127.0.0.1 port=5986 timeout=30

	- name: "provision ami"
	hosts: localhost
	vars:
	image_name:
	ansible_port: 5986
	windows_admin_account:
	windows_admin_pw:
	ansible_connection: winrm
	ansible_winrm_server_cert_validation: ignore
	ansible_user: {{ windows_admin_account }}
	ansible_password: {{ windows_admin_pw }}
	gather_facts: True
	roles:
	- role: provision_role_1
	tags:
	- role1
	- role: provision_role_2
	tags:
	- role2

	- name: "bake ami"
	ec2_ami:
	instance_id: {{ instance_id }}
	wait: yes
	name: "{{ image_name }}"
	tags:
	Name: "{{ image_name }}"

	#todo: create handler to tear down ssh tunnel after everything is done
	#todo: create handler to clean up oven