| commit | author | age | ||
| a4fa8d | 1 | --- |
| 93e8aa | 2 | # This condition cannot be set outside of the role |
| GC | 3 | # If set in the 'when' of the loop, it's not evaluated between calls |
| 4 | # and this role will run everytime. | |
| 5 | - when: stack_deployed is not defined or stack_deployed == false | |
| 6 | block: | |
| 7 | - set_fact: | |
| 8 | cloud_tags_final: "{{ cloud_tags | from_json }}" | |
| 9 | when: cloud_tags is string | |
| 2a18ae | 10 | |
| 93e8aa | 11 | - set_fact: |
| GC | 12 | cloud_tags_final: "{{ cloud_tags | d({}) }}" |
| 13 | when: cloud_tags is not string | |
| 2a18ae | 14 | |
| S | 15 | |
| 93e8aa | 16 | - name: Wait a bit for the previous stack and child resources to be deleted |
| GC | 17 | pause: |
| 18 | minutes: "{{ cloudformation_pause | d(0)}}" | |
| 19 | when: | |
| 20 | - cloudformation_pause is defined | |
| 21 | - cloudformation_out is defined | |
| 22 | - cloudformation_out is failed | |
| 2a18ae | 23 | |
| 3e2a8d | 24 | - name: Launch CloudFormation template (local) |
| 93e8aa | 25 | # environment: |
| GC | 26 | # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| 27 | # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" | |
| 28 | # AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" | |
| 29 | cloudformation: | |
| 30 | aws_access_key: "{{ aws_access_key_id }}" | |
| 31 | aws_secret_key: "{{ aws_secret_access_key }}" | |
| 32 | stack_name: "{{ project_tag }}" | |
| 33 | state: "present" | |
| 34 | region: "{{ aws_region_loop | d(aws_region) | d(region) | d('us-east-1')}}" | |
| 35 | # rollback is unreliable, it can make this task hang forever. | |
| 36 | disable_rollback: true | |
| 37 | template: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" | |
| 38 | tags: "{{ cf_tags | combine(cloud_tags_final)}}" | |
| 39 | tags: | |
| 40 | - aws_infrastructure_deployment | |
| 41 | - provision_cf_template | |
| 42 | register: cloudformation_out | |
| 43 | until: >- | |
| 44 | cloudformation_out is succeeded | |
| 9d5fdb | 45 | or ( |
| GC | 46 | 'output' in cloudformation_out |
| 47 | and cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."] | |
| 48 | ) | |
| 93e8aa | 49 | retries: "{{ cloudformation_retries | default(3) }}" |
| GC | 50 | delay: "{{ cloudformation_retry_delay | default(30) }}" |
| 3e2a8d | 51 | when: stat_template.stat.size <= 51200 |
| GC | 52 | ignore_errors: yes |
| 53 | ||
| 54 | - name: Launch CloudFormation template (from S3) | |
| 55 | # environment: | |
| 56 | # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" | |
| 57 | # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" | |
| 58 | # AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" | |
| 59 | cloudformation: | |
| 60 | aws_access_key: "{{ aws_access_key_id }}" | |
| 61 | aws_secret_key: "{{ aws_secret_access_key }}" | |
| 62 | stack_name: "{{ project_tag }}" | |
| 63 | state: "present" | |
| 64 | region: "{{ aws_region_loop | d(aws_region) | d(region) | d('us-east-1')}}" | |
| 65 | # rollback is unreliable, it can make this task hang forever. | |
| 66 | disable_rollback: true | |
| b5c784 | 67 | template_url: "https://s3.amazonaws.com/{{bucket_templates}}/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template" |
| 3e2a8d | 68 | tags: "{{ cf_tags | combine(cloud_tags_final)}}" |
| GC | 69 | tags: |
| 70 | - aws_infrastructure_deployment | |
| 71 | - provision_cf_template | |
| cffbc6 | 72 | register: cloudformation_out_s3 |
| 3e2a8d | 73 | until: >- |
| GC | 74 | cloudformation_out is succeeded |
| 75 | or ( | |
| 76 | 'output' in cloudformation_out | |
| 77 | and cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."] | |
| 78 | ) | |
| 79 | retries: "{{ cloudformation_retries | default(3) }}" | |
| 80 | delay: "{{ cloudformation_retry_delay | default(30) }}" | |
| 81 | when: stat_template.stat.size > 51200 | |
| 93e8aa | 82 | ignore_errors: yes |
| 5c7a03 | 83 | |
| cffbc6 | 84 | # We cannot have the same name for the register because the skipped task is always succeeded. |
| GC | 85 | # We write back to cloudformation_out if it used the s3 method: |
| 86 | - name: Set fact cloudformation_out | |
| 87 | set_fact: | |
| 88 | cloudformation_out: "{{ cloudformation_out_s3 }}" | |
| 89 | when: | |
| 90 | - stat_template.stat.size > 51200 | |
| 91 | ||
| 93e8aa | 92 | - name: debug cloudformation |
| GC | 93 | debug: |
| 94 | var: cloudformation_out | |
| 95 | tags: provision_cf_template | |
| 96 | when: not cloudformation_out is succeeded | |
| 5c7a03 | 97 | |
| 93e8aa | 98 | - name: debug cloudformation |
| GC | 99 | debug: |
| 100 | var: cloudformation_out | |
| 101 | verbosity: 2 | |
| 102 | tags: provision_cf_template | |
| 5c7a03 | 103 | |
| 93e8aa | 104 | - when: cloudformation_out is failed |
| GC | 105 | block: |
| 106 | # TODO: move this into destroy_tasks.yml | |
| 107 | - name: Delete S3 bucket if it exists | |
| 108 | environment: | |
| 109 | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" | |
| 110 | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" | |
| 111 | AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" | |
| 112 | s3_bucket: | |
| 113 | name: "{{ env_type }}-{{ guid }}" | |
| 114 | state: absent | |
| 115 | force: yes | |
| 116 | region: "{{ aws_region_loop|d(aws_region) }}" | |
| 117 | tags: | |
| 118 | - remove_s3 | |
| 119 | register: s3_result | |
| 120 | until: s3_result is succeeded | |
| 121 | retries: 5 | |
| 122 | delay: 60 | |
| 123 | ignore_errors: yes | |
| 124 | ||
| 125 | - name: report s3 error | |
| 126 | fail: | |
| 127 | msg: "FAIL {{ project_tag }} delete s3" | |
| 128 | when: | |
| 129 | - s3_result is not succeeded | |
| 130 | ||
| 131 | - name: Destroy cloudformation template | |
| 132 | cloudformation: | |
| 133 | aws_access_key: "{{ aws_access_key_id }}" | |
| 134 | aws_secret_key: "{{ aws_secret_access_key }}" | |
| 135 | stack_name: "{{project_tag}}" | |
| 136 | state: "absent" | |
| 137 | region: "{{aws_region_loop|d(aws_region)}}" | |
| 138 | disable_rollback: true | |
| 139 | tags: | |
| 140 | Stack: "project {{env_type}}-{{ guid }}" | |
| 141 | tags: | |
| 142 | - destroying | |
| 143 | - destroy_cf_deployment | |
| 144 | - destroy_cloud_deployment | |
| 145 | register: cloudformation_destroy_result | |
| 146 | until: cloudformation_destroy_result is succeeded | |
| 147 | retries: 5 | |
| 148 | delay: 10 | |
| 149 | ignore_errors: true | |
| 150 | ||
| 151 | - name: report Cloudformation error | |
| 152 | fail: | |
| 153 | msg: "FAIL {{ project_tag }} Destroy Cloudformation" | |
| 154 | when: cloudformation_destroy_result is failed | |
| 155 | tags: | |
| 156 | - destroying | |
| 157 | - destroy_cf_deployment | |
| 158 | - destroy_cloud_deployment | |
| 159 | ||
| 160 | - name: Save aws_region_loop into aws_region_final | |
| 161 | set_fact: | |
| 162 | aws_region_final: "{{aws_region_loop}}" | |
| 64036a | 163 | # keep cloudformation_out elsewhere because it's overriden by later runs of this |
| GC | 164 | # role even if task is skipped (it's a register) |
| 165 | cloudformation_out_final: "{{cloudformation_out}}" | |
| 93e8aa | 166 | when: cloudformation_out is succeeded |
| GC | 167 | |
| 168 | - name: Output region | |
| 169 | debug: | |
| a55590 | 170 | var: cloudformation_out_final |
| S | 171 | verbosity: 2 |
| 172 | - name: Output region | |
| 173 | debug: | |
| 93e8aa | 174 | msg: "FALLBACK REGION = {{aws_region_final}}" |
| GC | 175 | when: |
| 176 | - cloudformation_out is succeeded | |
| 177 | - aws_region != aws_region_final | |
| 178 | ||
| 179 | - set_fact: | |
| 180 | stack_deployed: true | |
| 181 | when: cloudformation_out is succeeded | |
| 182 | ||
| 183 | - set_fact: | |
| 184 | stack_deployed: false | |
| 185 | when: cloudformation_out is failed | |
