탐색 도움말
가입하기 로그인
shixiong
/
okd
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 5cfc401b6b
브랜치 태그
okd
/
roles
/
openshift_aws
/
tasks
/
seal_ami.yml

seal_ami.yml 2.0 KB
히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. ---
    2. 

  2. - name: fetch newly created instances
    3. 

  3.   ec2_instance_facts:
    4. 

  4.     region: "{{ openshift_aws_region }}"
    5. 

  5.     filters:
    6. 

  6.       "tag:Name": "{{ openshift_aws_base_ami_name }}"
    7. 

  7.       instance-state-name: running
    8. 

  8.   register: instancesout
    9. 

  9.   retries: 20
    10. 

  10.   delay: 3
    11. 

  11.   until: instancesout.instances|length > 0
    12. 

  12. 

  13. - name: fetch the ami used to create the instance
    14. 

  14.   ec2_ami_find:
    15. 

  15.     region: "{{ openshift_aws_region }}"
    16. 

  16.     ami_id: "{{ instancesout.instances[0]['image_id'] }}"
    17. 

  17.   register: original_ami_out
    18. 

  18.   retries: 20
    19. 

  19.   delay: 3
    20. 

  20.   until: original_ami_out.results|length > 0
    21. 

  21. 

  22. - name: combine the tags of the original ami with newly created ami
    23. 

  23.   set_fact:
    24. 

  24.     l_openshift_aws_ami_tags: "{{ original_ami_out.results[0]['tags'] | combine(openshift_aws_ami_tags) }}"
    25. 

  25. 

  26. - name: bundle ami
    27. 

  27.   ec2_ami:
    28. 

  28.     instance_id: "{{ instancesout.instances.0.instance_id }}"
    29. 

  29.     region: "{{ openshift_aws_region }}"
    30. 

  30.     state: present
    31. 

  31.     description: "This was provisioned {{ ansible_date_time.iso8601 }}"
    32. 

  32.     name: "{{ openshift_aws_ami_name }}"
    33. 

  33.     tags: "{{ l_openshift_aws_ami_tags }}"
    34. 

  34.     wait: yes
    35. 

  35.   register: amioutput
    36. 

  36. 

  37. - debug: var=amioutput
    38. 

  38. 

  39. - when: openshift_aws_ami_encrypt | bool
    40. 

  40.   block:
    41. 

  41.   - name: augment the encrypted ami tags with source-ami
    42. 

  42.     set_fact:
    43. 

  43.       source_tag:
    44. 

  44.         source-ami: "{{ amioutput.image_id }}"
    45. 

  45. 

  46.   - name: copy the ami for encrypted disks
    47. 

  47.     include_tasks: ami_copy.yml
    48. 

  48.     vars:
    49. 

  49.       openshift_aws_ami_copy_name: "{{ openshift_aws_ami_name }}-encrypted"
    50. 

  50.       openshift_aws_ami_copy_src_ami: "{{ amioutput.image_id }}"
    51. 

  51.       # TODO: How does the kms alias get passed to ec2_ami_copy
    52. 

  52.       openshift_aws_ami_copy_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms"
    53. 

  53.       openshift_aws_ami_copy_tags: "{{ source_tag | combine(openshift_aws_ami_tags) }}"
    54. 

  54.       # this option currently fails due to boto waiters
    55. 

  55.       # when supported this need to be reapplied
    56. 

  56.       #openshift_aws_ami_copy_wait: True
    57. 

  57. 

  58. - name: terminate temporary instance
    59. 

  59.   ec2:
    60. 

  60.     state: absent
    61. 

  61.     region: "{{ openshift_aws_region }}"
    62. 

  62.     instance_ids: "{{ instancesout.instances.0.instance_id }}"
    63.