Merge pull request #1 from dmc5179/main

Updates to support migrating EC2 instances from RHEL 6 AMIs to RHEL 6 ELS AMI

.gitignore

@@ -11,4 +11,5 @@ vault.yml
 artifacts/
 __pycache__/
 *~
-.pytest_cache/
+.pytest_cache/
+ansible.log

defaults/main.yml

@@ -1,2 +1,8 @@
 ---
-# defaults file for rhel-6-els
+# defaults file for rhel-6-els
+
+instance_tag: 'rhel-6-els'
+#key_pair_name: ''
+#aws_region:
+aws_ssl_enabled: true
+#aws_ec2_url: 'https://ec2.{{ aws_region }}.amazonaws.com'

handlers/main.yml

@@ -62,5 +62,3 @@
   delegate_facts: true
   run_once: true
   register: tmp_private_key_md5
-
-

tasks/get_instance_information.yml

@@ -21,21 +21,30 @@
   community.aws.ec2_instance_info:
     aws_access_key: "{{ inject.aws_access_key | default(omit) }}"
     aws_secret_key: "{{ inject.aws_secret_key | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
     profile: "{{ inject.profile | default(omit) }}"
     region: "{{ inject.region | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
     filters:
-      "tag:task": rhel-6-els
+      "tag:task": '{{ instance_tag }}'
   register: donor_instances_info
   delegate_to: 127.0.0.1
   delegate_facts: true
 
-- name: donor | Gather the detaijls related to the instance
+#- name: show instances
+#  debug:
+#    var: donor_instances_info
+
+- name: donor | Gather the details related to the instance
   ansible.builtin.set_fact:
     donor_conf_dict: {
     'az': "{{ item.1.placement.availability_zone }}",
     'key': "{{ item.1.key_name }}",
     'ip_address': "{{ item.1.private_ip_address }}",
     'subnet_id': "{{ item.1.subnet_id }}",
+    'instance_id': "{{ item.1.instance_id }}",
+    'root_volume_device_name': "{{ item.1.root_device_name }}",
     # 'security_groups': "{{ item.1.security_groups }}",
     # 'tags': "{{ item.1.tags }}",
     # 'id': "{{ item.1.instance_id }}",
@@ -49,12 +58,16 @@
   delegate_to: 127.0.0.1
   with_indexed_items: "{{ donor_instances_info.instances }}"
 
-- name: Convert instance config dictionary to list
-  ansible.builtin.set_fact:
-    donor_instance_conf: "{{ donor_config_dict.results }}"
-  delegate_to: 127.0.0.1
+#- name: Show donor config
+#  debug:
+#    var: donor_conf_dict
 
-- name: Convert instance config dictionary to list
-  ansible.builtin.set_fact:
-    donor_instance_conf: "{{ donor_config_dict.results | map(attributes='ansible_facts.instance_config_dict') | list }}"
-  delegate_to: 127.0.0.1
+#- name: Convert donor config dictionary to list
+#  ansible.builtin.set_fact:
+#    donor_instance_conf: "{{ donor_config_dict.results }}"
+#  delegate_to: 127.0.0.1
+
+#- name: Convert instance config dictionary to list
+#  ansible.builtin.set_fact:
+#    donor_instance_conf: "{{ donor_config_dict.results | map(attributes='ansible_facts.instance_config_dict') | list }}"
+#  delegate_to: 127.0.0.1

tasks/main.yml

@@ -15,84 +15,48 @@
    # limitations under the License.                                           #
    # ######################################################################## #
 
-# tasks file for rhel-6-els
+#- name: Refetch replacement instance info
+#  delegate_to: localhost
+#  community.aws.ec2_instance_info:
+#    instance_ids:
+#      - 'i-0dd82eff8d609390e'
+#  register: replacement_instance
+#
+#- name: Show replacement instance info again
+#  debug:
+#    var: replacement_instance
+#
+#- fail:
+#    msg: "stop here"
+
+# Find the RHEL 6 ELS AMI and register variables for it
 - include_tasks: rhel_6_els_ami.yml
   # provides var:rhel_6_els_ami
 
 - name: Gather the instance information for use in the instance swap
   include_tasks: get_instance_information.yml
   # provides rhel6_instance_... for details related to the donor
 
-- name: create an isolated vpc for the instance cloning
-  include_tasks: build_isolated_vpc.yml
+#- name: create an isolated vpc for the instance cloning
+#  include_tasks: build_isolated_vpc.yml
   # provides donor_instance_info
 
-- name: Create snapshot 1 of the donor instance
-  include_tasks: snapshot_one.yml
-  # creates and provides the snapshot id.
+# We cannot loop over a block so we have to loop over a single include
+- name: Migrate an instance
+  include_tasks: migrate_instance.yml
+  vars:
+    donor_instance: '{{ instance_index }}'
+  loop: '{{ donor_instances_info.instances }}'
+  loop_control:
+    loop_var: instance_index
 
-- name: Create a rhel-6-els target instance
-  include_tasks: launch_rhel_6_els_instance.yml
+#- name: Create a rhel-6-els target instance
+#  include_tasks: launch_rhel_6_els_instance.yml
 
-- name: Create a surrogate instance
-  include_tasks: initalize_surrogate_instance.yml
+#- name: Create a surrogate instance
+#  include_tasks: initalize_surrogate_instance.yml
 
 #   notify: set the instance id as a fact
 #     # (needed for stop/start action)
 #   notify: set the root_volume as a fact
 #     # (needed for snapshot actions)
-
-- name: enumerate the extra volumes attached to the instance
-  debug:
-    msg: "-*- TODO -*- enumerate the extra volumes attached to the instance"
-
-#   name: Stop the rhel-6-els target instance
-#   debug:
-#     msg: "-*- TODO -*- Stop the rhel-6-els target instance"
-# - name: Detach the target instance root volume
-#   debug:
-#     msg: "-*- TODO -*-  Detach the target instance root volume"
-#   notify: Attach target vol to surrogate
-# - name: Create donor volume 1 from snapshot 1
-#   debug:
-#     msg: "-*- TODO -*-  Create donor volume 1 from snapshot 1"
-# - name: Attach donor volume to surrogate instance
-#   debug:
-#     msg: "-*- TODO -*-  Attach donor volume to surrogate instance"
-# - name: Copy content from donor volume to target instance.
-#   debug:
-#     msg: "-*- TODO -*-  Copy content from donor volume to target instance."
-# - name: Destroy donor volume 1 from donor instance
-#   debug:
-#     msg: "-*- TODO -*-  Destroy donor volume 1 from donor instance"
-# - name: Stop donor instance for final snapshot
-#   debug:
-#     msg: "-*- TODO -*-  Stop donor instance for final snapshot"
-#   # notify: -*- TODO -*- create snapshot 2 from donor root volume
-#   # (set timeout based on the maintenance window)
-#   # notify: -*- TODO -*- Start instance to continue providing service
-# - name: Create donor volume 2 from snapshot 2
-#   debug:
-#     msg: "-*- TODO -*-  Create donor volume 2 from snapshot 2"
-# - name: Attach the donor volume 2 to the surrogate instance
-#   debug:
-#     msg: "-*- TODO -*-  Attach the donor volume 2 to the surrogate instance"
-# - name: dd the content from donor volume 2 to target vol
-#   debug:
-#     msg: "-*- TODO -*-  dd the content from donor volume 2 to target vol"
-#   # (set timeout based on the maintenance window)
-#   # notify: detach the volumes from the surrogate
-# - name: terminate the surrogate instance
-#   debug:
-#     msg: "-*- TODO -*-  terminate the surrogate instance"
-# - name: attach the target volume to the target instance (rhel-6-els)
-#   debug:
-#     msg: "-*- TODO -*-  attach the target volume to the target instance (rhel-6-els)"
-#   # notify: -*- TODO -*- register an image from the target instance
-# - name: Attach any additional volumes to the target instance
-#   debug:
-#     msg: "-*- TODO -*-  Attach any additional volumes to the target instance"
-#   # notify: -*- TODO -*- Create Image from donor instance (no waiting)
-# - name: Start the target instance
-#   debug:
-#     msg: "-*- TODO -*-  Start the target instance

tasks/migrate_instance.yml

@@ -0,0 +1,128 @@
+---
+
+- name: Show donor instance info
+  debug:
+    var: donor_instance
+
+- name: Create replacement instance
+  delegate_to: localhost
+  community.aws.ec2_instance:
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
+    ebs_optimized: '{{ donor_instance.ebs_optimized }}'
+    key_name: '{{ donor_instance.key_name }}'
+    instance_type: '{{ donor_instance.instance_type }}'
+    image_id: '{{ rhel_6_els_ami.image_id }}'
+    wait: true
+    name: "ELS replacement {{ donor_instance.instance_id }}"
+    vpc_subnet_id: '{{ donor_instance.subnet_id }}'
+    #group_id: '{{ donor_instance. }}'
+    #instance_profile_name: '{{ donor_instance. }}'
+    #instance_tags: '{{ donor_instance. }}'
+    state: running
+  register: replacement_instance
+
+- name: Wait for replace instance to finish booting
+  wait_for:
+    timeout: 60
+  delegate_to: localhost
+
+- name: Refetch replacement instance info
+  delegate_to: localhost
+  community.aws.ec2_instance_info:
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
+    instance_ids:
+      - '{{ replacement_instance.instances[0].instance_id }}'
+  register: replacement_instance
+
+- name: Show replacement instance info again
+  debug:
+    var: replacement_instance
+
+- name: Stop replacement instance
+  delegate_to: localhost
+  community.aws.ec2_instance:
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
+    state: stopped
+    instance_ids:
+      - '{{ replacement_instance.instances[0].instance_id }}'
+
+- name: Detach root volume from replacement instance
+  delegate_to: localhost
+  amazon.aws.ec2_vol:
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
+    id: '{{ replacement_instance.instances[0].block_device_mappings[0].ebs.volume_id }}'
+    instance: None
+
+- name: Delete root volume from replacement instance
+  delegate_to: localhost
+  amazon.aws.ec2_vol:
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
+    id: '{{ replacement_instance.instances[0].block_device_mappings[0].ebs.volume_id }}'
+    state: absent
+
+- name: Initialize my_snaps
+  delegate_to: localhost
+  set_fact:
+    my_snaps: []
+
+- name: Initialize my_vols
+  delegate_to: localhost
+  set_fact:
+    my_vols: []
+
+- name: Create snapshots of the donor instance volumes
+  include_tasks: snapshot_one.yml
+  vars:
+    block_device: '{{ block_device_index }}'
+  loop: '{{ donor_instance.block_device_mappings }}'
+  loop_control:
+    loop_var: block_device_index
+
+- name: Show my_snaps
+  delegate_to: localhost
+  debug:
+    var: my_snaps
+
+- name: Start replacement instance
+  delegate_to: localhost
+  community.aws.ec2_instance:
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
+    state: running
+    instance_ids:
+      - '{{ replacement_instance.instances[0].instance_id }}'

tasks/rhel_6_els_ami.yml

@@ -1,21 +1,29 @@
 - name: Register the RHEL-6-ELS image ID
   amazon.aws.ec2_ami_info:
-    aws_access_key: "{{ inject.aws_access_key | default(omit) }}"
-    aws_secret_key: "{{ inject.aws_secret_key | default(omit) }}"
-    profile: "{{ inject.profile | default(omit) }}"
-    region: "{{ inject.region | default(omit) }}"
+    aws_access_key: "{{ ansible_env.AWS_ACCESS_KEY_ID | default(omit) }}"
+    aws_secret_key: "{{ ansible_env.AWS_SECRET_ACCESS_KEY | default(omit) }}"
+    security_token: "{{ ansible_env.AWS_SESSION_TOKEN | default(omit) }}"
+    #profile: "{{ inject.profile | default(omit) }}"
+    region: "{{ ansible_env.AWS_DEFAULT_REGION | default(omit) }}"
+    ec2_url: '{{ aws_ec2_url | default(omit) }}'
+    validate_certs: '{{ aws_ssl_enabled }}'
     owners: 679593333241
     filters:
       product-code: 65nbrx0tx3wb0wnchpwz5yvm
       product-code.type: marketplace
       name: RHEL-6.10ELS_HVM*
-  delegate_to: 127.0.0.1
+  delegate_to: localhost
   register: rhel_6_els_amis
 
 - name: Identify the most recently published image
+  delegate_to: localhost
   ansible.builtin.set_fact:
     rhel_6_els_ami: >-
       {{ rhel_6_els_amis.images | selectattr('name', 'defined') | sort(attribute='name') | last }}
 
+- name: Show RHEL 6 ELS AMI
+  debug:
+    var: rhel_6_els_ami
+
 # Build the instance and when you build the instance add it to an inventory group
 #   that doesn't include the rhel6 instance.