Created
February 6, 2025 01:40
-
-
Save waynedovey/bc24a96da3c2a6c94c2e7ed5010fbdd9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: Provision Secondary ENIs for OpenShift Nodes (one-step create+attach) | |
| hosts: localhost | |
| connection: local | |
| gather_facts: no | |
| collections: | |
| - amazon.aws | |
| vars: | |
| region: "ap-southeast-2" | |
| vpc_id: "vpc-01987c90efbde5cca" | |
| # Security group for secondary ENIs | |
| secondary_sg_name: "high-roller-4c5lw-secondary-eni-sg" | |
| secondary_sg_description: "Security group for secondary ENIs on OpenShift nodes" | |
| # Define secondary subnet settings – one subnet per AZ | |
| secondary_subnet_configs: | |
| - { az: "ap-southeast-2a", cidr: "10.0.128.0/20" } | |
| - { az: "ap-southeast-2b", cidr: "10.0.144.0/20" } | |
| - { az: "ap-southeast-2c", cidr: "10.0.160.0/20" } | |
| # Route table for the secondary subnets | |
| secondary_rt_name: "high-roller-4c5lw-secondary-rt" | |
| # Tags to apply to each secondary ENI | |
| eni_tags: | |
| Name: "high-roller-4c5lw-secondary-eni" | |
| Cluster: "high-roller-4c5lw" | |
| tasks: | |
| ###################################################################### | |
| # 1) Security Group creation | |
| ###################################################################### | |
| - name: Create the security group for secondary ENIs | |
| amazon.aws.ec2_group: | |
| name: "{{ secondary_sg_name }}" | |
| description: "{{ secondary_sg_description }}" | |
| vpc_id: "{{ vpc_id }}" | |
| region: "{{ region }}" | |
| rules: | |
| - proto: tcp | |
| from_port: 0 | |
| to_port: 65535 | |
| cidr_ip: "0.0.0.0/0" | |
| rules_egress: | |
| - proto: -1 | |
| cidr_ip: "0.0.0.0/0" | |
| register: sec_sg | |
| ###################################################################### | |
| # 2) Create Subnets for Secondary ENIs | |
| ###################################################################### | |
| - name: Create secondary subnets in each AZ | |
| amazon.aws.ec2_vpc_subnet: | |
| vpc_id: "{{ vpc_id }}" | |
| cidr: "{{ item.cidr }}" | |
| az: "{{ item.az }}" | |
| state: present | |
| region: "{{ region }}" | |
| tags: | |
| Name: "high-roller-4c5lw-secondary-{{ item.az }}" | |
| Role: "secondary-network" | |
| loop: "{{ secondary_subnet_configs }}" | |
| register: secondary_subnets_result | |
| # Build a dictionary: { "az": "subnet-id", ... } | |
| - name: Build mapping of AZ to secondary subnet ID | |
| set_fact: | |
| secondary_subnets: "{{ secondary_subnets | default({}) | combine({ item.subnet.availability_zone: item.subnet.id }) }}" | |
| loop: "{{ secondary_subnets_result.results }}" | |
| - name: Debug secondary subnets mapping | |
| debug: | |
| msg: "Secondary subnets mapping: {{ secondary_subnets }}" | |
| ###################################################################### | |
| # 3) Create & associate Route Table | |
| ###################################################################### | |
| - name: Create a new route table for the secondary subnets | |
| amazon.aws.ec2_vpc_route_table: | |
| vpc_id: "{{ vpc_id }}" | |
| region: "{{ region }}" | |
| tags: | |
| Name: "{{ secondary_rt_name }}" | |
| register: sec_rt | |
| - name: Associate the secondary route table with the new secondary subnets | |
| amazon.aws.ec2_vpc_route_table: | |
| vpc_id: "{{ vpc_id }}" | |
| route_table_id: "{{ sec_rt.route_table.id }}" | |
| subnets: "{{ secondary_subnets | dict2items | map(attribute='value') | list }}" | |
| state: present | |
| region: "{{ region }}" | |
| ###################################################################### | |
| # 4) Gather OpenShift Instances | |
| ###################################################################### | |
| - name: Gather information on all OpenShift nodes (masters and workers) | |
| amazon.aws.ec2_instance_info: | |
| filters: | |
| "vpc-id": "{{ vpc_id }}" | |
| "tag:Name": "high-roller-4c5lw-*" | |
| region: "{{ region }}" | |
| register: openshift_nodes | |
| ###################################################################### | |
| # 5) Create & Attach ENIs in one step | |
| ###################################################################### | |
| - name: Create & attach the secondary ENI in one go | |
| amazon.aws.ec2_eni: | |
| state: present | |
| region: "{{ region }}" | |
| subnet_id: "{{ secondary_subnets[item.placement.availability_zone] }}" | |
| security_groups: | |
| - "{{ sec_sg.group_id }}" | |
| description: "Secondary ENI for instance {{ item.instance_id }}" | |
| tags: "{{ eni_tags }}" | |
| instance_id: "{{ item.instance_id }}" | |
| device_index: 1 | |
| attached: yes # <-- Forces the module to attach if possible | |
| loop: "{{ openshift_nodes.instances }}" | |
| loop_control: | |
| label: "{{ item.instance_id }}" | |
| register: eni_results | |
| ###################################################################### | |
| # 6) Wait for ENI to show up on each instance | |
| ###################################################################### | |
| # This step queries the instance’s network interfaces and looks for | |
| # the newly attached ENI ID. If it never appears, we fail. | |
| ###################################################################### | |
| - name: Wait for secondary ENI to be attached to the instance | |
| shell: > | |
| aws ec2 describe-instances --instance-ids {{ item.item.instance_id }} | |
| --region {{ region }} | |
| --query "Reservations[].Instances[].NetworkInterfaces[].NetworkInterfaceId" | |
| --output text | |
| register: instance_interfaces | |
| until: instance_interfaces.stdout.find(item.interface.id | default(item.id)) != -1 | |
| retries: 12 | |
| delay: 10 | |
| loop: "{{ eni_results.results }}" | |
| loop_control: | |
| label: "{{ item.item.instance_id }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment