ansible - a really nasty jinja filter to return a public subnet : route table mapping based on az

get_subnet_route_map.py

from jinja2.utils import soft_unicode

def get_subnet_route_map(value, routes, tag_key='Type', tag_value='public'):
    # given a list of subnet results from the ec2_vpc_subnet task
    # and a list of route results from the ec2_vpc_route_table task
    # return a list of dicts of public subnet_id : route_id mapping
    # where the public subnet is in the same az as the subnet the 
    # route is associated with
    
    # assumes all private subnets in a routing table are in the same az!
    # assumes the public subnets are tagged in some way, e.g. with Type: public

    mapping = []
    subnet_route_map = {}
    no_routes = {}

    for r in routes.iteritems():
        for s in value.iteritems():
            subnet_in_route = False
            # the route table task can take a name, cidr or id
            if 'Name' in s['subnet']['tags']:
                if s['subnet']['tags']['Name'] in r['item']['subnets']:
                    subnet_in_route = True
            elif s['subnet']['cidr'] in r['item']['subnets']:
                subnet_in_route = True
            elif s['subnet_id'] in r['item']['subnets']:
                subnet_in_route = True

            if subnet_in_route: 
                subnet_route_map[s['subnet_id']] = { 'route_table_id':r['route_table_id'], 'az':s['subnet']['az'] }

    # assume a distinguishing tag exists

    # get a mapping of public subnets to az
    subnet_az_map = {}
    for s in value.iteritems():
        if s['subnet']['tags'][tag_key] == tag_value:
            subnet_az_map[s['subnet_id']] = s['subnet']['az']

    # now loop through the route:az's, and find a matching subnet with based on az
    for k,v in subnet_route_map.iteritems():
        for s,a in subnet_az_map.iteritems():
            if a == v['az']:
                mapping.append({'subnet_id':s, 'route_table_id':v['route_table_id'] })

    return mapping

class FilterModule(object):
    ''' Ansible jinja2 filters '''

    def filters(self):
        return {
            'get_subnet_route_map': get_subnet_route_map,
        }

play.yml

to be used in a play, e.g. in an ec2_lc user_data config

  - name: get a mapping of subnet-id to private route-id
    set_fact:
      subnet_route_map: "{{ ec2_vpc_subnet_out.results | get_subnet_route_map(ec2_vpc_route_table_private_out.results) }}"


  - name: create the nat auto scaling group launch configuration
    ec2_lc:
      region: "{{ region }}"
      name: "{{ nat_asg_lc.name }}"
      image_id: "{{ nat_asg_lc.image_id }}"
      security_groups: "{{ ec2_group_out.results | get_security_groups('name', nat_asg_lc.security_group) }}"
      instance_type: "{{ nat_asg_lc.instance_type }}"
      user_data: |
        "{{ lookup('template', './user_data.j2') }}"
      key_name: "{{ nat_asg_lc.key_name }}"
      instance_profile_name: "{{ nat_asg_lc.instance_profile_name }}"
      assign_public_ip: "{{ nat_asg_lc.assign_public_ip }}"
    register: ec2_lc_out

user_data.j2

#!/bin/bash
  
cat > /root/nat_configs.txt <<EOF
{% for item in subnet_route_map %}
{{ item['subnet_id'] }},{{ item['route_table_id'] }}
{% endfor %}
EOF
  
curl -sL https://raw.githubusercontent.com/wrapp/ec2-nat-failover/master/nat_monitor.py > /root/nat_monitor.py
  
python -u /root/nat_monitor.py < /root/nat_configs.txt | logger -t nat_monitor