Last active
November 23, 2018 18:34
-
-
Save enriquemanuel/d878a7fe3eeb2629f0e5b3331623b339 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## FIND LATEST AMI | |
| - name: Find the latest Base AMI | |
| vars_files: | |
| - vars/faster-certification.yml | |
| ec2_ami_find: | |
| ami_tags: | |
| app_project: "dsva-appeals" | |
| application: "certification-base-ami" | |
| latest: "true" | |
| sort: name | |
| sort_order: descending | |
| sort_end: 1 | |
| region: "us-gov-west-1" | |
| register: ami_find | |
| - set_fact: | |
| base_ami_id: "{{ ami_find.results[0].ami_id }}" | |
| - debug: msg="latest AMI = {{ base_ami_id }}" | |
| - name: Launch EC2 Instance | |
| hosts: localhost | |
| connection: local | |
| vars_files: | |
| - vars/aws-config.yml | |
| - vars/faster-certification.yml | |
| roles: | |
| - role: add-asg-hosts | |
| playbook_group: "existing_asg_group" | |
| asg_name: "{{ app_config[app_name][deploy_env].auto_scaling_group_name }}" | |
| - role: dsva-user-config | |
| - role: aws-launch-user | |
| keys_contents: "{{ dsva_authorized_keys | join('\n') }}" | |
| when: launch_user is defined | |
| - role: aws-launch | |
| ami_id: "{{ base_ami_id }}" | |
| subnet_id: "{{ aws_config[deploy_env].public_subnet }}" | |
| region: "{{ aws_config[deploy_env].region }}" | |
| keypair: "{{ aws_config[deploy_env].keypair }}" | |
| security_groups: "{{ [aws_config[deploy_env].ssh_security_group] | union(app_config[app_name][deploy_env].security_groups) }}" | |
| playbook_group: "tmp_ami_group" | |
| user_data: "{{ launch_user_init_script | default(None) or omit }}" | |
| ami_user: "{{ launch_user | default(None) or omit }}" | |
| instance_name: "{{ app_group }}-{{ app_project }}-{{ app_name }}-{{ deploy_env }}_ami-{{ timestamp }}" | |
| instance_role: "{{ aws_config[deploy_env].ami_instance_role | default('dsva-appeals-bake-ami') or omit }}" | |
| ## DIFF BUNDLE | |
| - name: Diff Gemfile and Gemfile.lock | |
| vars_files: | |
| - vars/faster-certification.yml | |
| shell: git diff --quiet master:Gemfile Gemfile | |
| args: | |
| chdir: "{{app_src}}" | |
| register: gemfile_exit_code | |
| shell: git diff --quiet master:Gemfile.lock Gemfile.lock | |
| register: gemfilelock_exit_code | |
| ## DIFF ASSETS | |
| ## GIT PULL | |
| - name: Bring the new Git Deployments to AMI | |
| vars_files: | |
| - vars/faster-certification.yml | |
| git: | |
| repo: "{{ git.url }}" | |
| dest: "{{ dest }}" | |
| update: yes | |
| ## DO CREDENTIALS AND ENV FILES | |
| - name: Update ENV Files | |
| vars_files: | |
| - vars/faster-certification.yml | |
| roles: | |
| - role: roadrunner | |
| become: true | |
| become_user: root | |
| app_environment: "{{ http_environment }}" | |
| - name: Update CERTS and Credentials | |
| vars_files: | |
| - vars/faster-certification.yml | |
| roles: | |
| - role: creds | |
| creds_dest: "{{ app_home }}/creds/vbms/{{ vbms_environment }}" | |
| creds: | |
| - { key: "vbms.{{deploy_env}}.saml_token", file: "samltoken.xml" } | |
| - { key: "vbms.{{deploy_env}}.ca_cert", file: "ca_cert.pem" } | |
| keystores: | |
| - { key: "vbms.{{deploy_env}}.client_key", file: "client.p12" } | |
| - { key: "vbms.{{deploy_env}}.server_cert", file: "server.crt" } | |
| # SSOI and BGS creds | |
| - role: creds | |
| creds_dest: "{{ app_home }}/creds" | |
| creds: | |
| - { key: "css.{{deploy_env}}.ssoi_metadata", file: "ssoi_metadata.xml" } | |
| - { key: "bgs.{{deploy_env}}.ca_cert", file: "bgs_ca.crt" } | |
| - { key: "caseflow.{{deploy_env}}.tls_key", file: "app-tls.key" } | |
| - { key: "", file: "app-tls.crt" } | |
| - name: Run Bundler if there is a difference in Gemfiles | |
| vars_files: | |
| - vars/faster-certification.yml | |
| shell: "bundle install --retry 5 --deployment --without={{ bundle_excluded_envs | join(' ') }}" | |
| args: | |
| chdir: "{{app_src}}" | |
| environment: "{{ default_bundle_environment | combine( bundle_environment | default({}) )}}" | |
| when: (gemfile_exit_code != "0" or gemfilelock_exit_code != "0") | |
| - name: write build_version.yml | |
| template: src=templates/build_version.yml dest={{app_src}}/config/build_version.yml mode="ug=rw,o=r" | |
| ## CREATE NEW AMI & TAG WITH LATEST | |
| - name: bake AMI | |
| hosts: localhost | |
| connection: local | |
| vars_files: | |
| - vars/aws-config.yml | |
| - vars/faster-certification.yml | |
| roles: | |
| - role: aws-bake | |
| ec2_instance: "{{ launched_instance }}" | |
| ami_tags: | |
| app_project: "dsva-appeals" | |
| application: "certification-base-ami" | |
| environment: "all" | |
| type: "base-ami" | |
| Name: "certification-base-ami" | |
| latest: "true" | |
| ## REMOVE TAG LATEST FROM PREVIOUS AMI | |
| - name: Remove TAG from Previous AMI | |
| ec2_tag: | |
| region: us-gov-west-1 | |
| resource: {{ base_ami_id }} | |
| state: absent | |
| tags: | |
| latest: "true" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app_project: "dsva-appeals" | |
| application: "certification-base-ami" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment