I have a few questions on handling the creation/tear down of an ec2 instance.
I have a role ( its a task atm, but Ill be migrating it over’)
`
- name: dallascowboys | Deployments
include_tasks:
tasks/customer-instance.yml
vars:
customer_name: dallascowboys
customer_ip: ‘10.99.100.10’
customer_instance_count: 1
customer_eip_state: present
customer_eni_state: present
tags: - dallascowboys
`
`
-
name: Customer | Configure ENI
ec2_eni:
state: “{{ customer_eni_state }}”
description: ‘{{ customer_name }} ENI’
private_ip_address: ‘{{ customer_ip }}’
region: “{{ vpc_region }}”
security_groups: “{{ secgrp_appliance_id }}”
subnet_id: “{{ public_subnet_id }}”
register: customer_eni -
name: Customer | Configure EIP
ec2_eip:
state: “{{ customer_eip_state }}”
region: “{{ vpc_region }}”
in_vpc: true
device_id: “{{ customer_eni.interface.id }}” -
name: Customer | Configure EC2 Instance
ec2:
key_name: “{{ aws_mfacloud_key }}”
instance_type: t2.medium
image: “{{ mfa_ami }}”
region: “{{ vpc_region }}”
instance_profile_name: ‘{{ role_appliance_name }}’
network_interfaces: “{{ customer_eni.interface.id }}”
user_data: “{{ lookup(‘file’,‘windows-remoting’) }}”
instance_tags:
Name: ec2-cloudmfa-{{ customer_name }}-prd
Customer: “{{ customer_name }}”
Environment: prd
Patch Group: cloudmfa
Ansible: true
AMI: True
count_tag:
Name: ec2-cloudmfa-{{ customer_name }}-prd
exact_count: “{{ customer_instance_count }}”
register: instance -
name: debug instance
debug:
var: instance -
name: Customer | Grab Password
ec2_win_password:
instance_id: “{{ instance.tagged_instances[0].id }}”
region: “{{ vpc_region }}”
key_file: “~/.ssh/{{ aws_mfacloud_key }}.pem”
wait: yes
wait_timeout: 300
register: winpass
`
This works OK to spin an instance up, my issue is when I want to destroy the instance for some reason. I first set count to 0, which causes the job to fail because the ec2_win_password module. So I run it again, with eip absent and this works, but again fails on the ec2_win_password. I then run it a third time with eni absent, and it fails with the following error.
fatal: [localhost]: FAILED! => {“changed”: false, “failed”: true, “msg”: “state is absent but all of the following are missing: eni_id”}
My issues are. Is there a better way to create these instances? Its going to be ~20 or so instances, that are configured the same, but will end up with different software on them. So I cant just say “spin up 20 instances”. Is there a better way to have ec2_win_password only execute when I have created, or started an instance? As opposed to turned off/terminated an instance? I assume im missing something obvious about the tear down of the EIP and ENI as well.
Sorry for the vagueness here, I know im probably missing some info that would be helpful so please just ask.