--- # This condition cannot be set outside of the role # If set in the 'when' of the loop, it's not evaluated between calls # and this role will run everytime. - when: stack_deployed is not defined or stack_deployed == false block: - set_fact: cloud_tags_final: "{{ cloud_tags | from_json }}" when: cloud_tags is string - set_fact: cloud_tags_final: "{{ cloud_tags | d({}) }}" when: cloud_tags is not string - name: Wait a bit for the previous stack and child resources to be deleted pause: minutes: "{{ cloudformation_pause | d(0)}}" when: - cloudformation_pause is defined - cloudformation_out is defined - cloudformation_out is failed - name: Launch CloudFormation template (local) # environment: # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" # AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" cloudformation: aws_access_key: "{{ aws_access_key_id }}" aws_secret_key: "{{ aws_secret_access_key }}" stack_name: "{{ project_tag }}" state: "present" region: "{{ aws_region_loop | d(aws_region) | d(region) | d('us-east-1')}}" # rollback is unreliable, it can make this task hang forever. disable_rollback: true template: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" tags: "{{ cf_tags | combine(cloud_tags_final)}}" tags: - aws_infrastructure_deployment - provision_cf_template register: cloudformation_out until: >- cloudformation_out is succeeded and ( 'output' in cloudformation_out and cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."] ) retries: "{{ cloudformation_retries | default(3) }}" delay: "{{ cloudformation_retry_delay | default(30) }}" when: stat_template.stat.size <= 51200 ignore_errors: yes - name: Launch CloudFormation template (from S3) # environment: # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" # AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" cloudformation: aws_access_key: "{{ aws_access_key_id }}" aws_secret_key: "{{ aws_secret_access_key }}" stack_name: "{{ project_tag }}" state: "present" region: "{{ aws_region_loop | d(aws_region) | d(region) | d('us-east-1')}}" # rollback is unreliable, it can make this task hang forever. disable_rollback: true template_url: "https://s3.amazonaws.com/{{bucket_templates}}/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template" tags: "{{ cf_tags | combine(cloud_tags_final)}}" tags: - aws_infrastructure_deployment - provision_cf_template register: cloudformation_out_s3 until: >- cloudformation_out_s3 is succeeded and ( 'output' in cloudformation_out_s3 and cloudformation_out_s3.output in ["Stack CREATE complete", "Stack is already up-to-date."] ) retries: "{{ cloudformation_retries | default(3) }}" delay: "{{ cloudformation_retry_delay | default(30) }}" when: stat_template.stat.size > 51200 ignore_errors: yes # We cannot have the same name for the register because the skipped task is always succeeded. # We write back to cloudformation_out if it used the s3 method: - name: Set fact cloudformation_out set_fact: cloudformation_out: "{{ cloudformation_out_s3 }}" when: - stat_template.stat.size > 51200 - name: debug cloudformation debug: var: cloudformation_out tags: provision_cf_template when: not cloudformation_out is succeeded - name: debug cloudformation debug: var: cloudformation_out verbosity: 2 tags: provision_cf_template - when: cloudformation_out is failed block: # TODO: move this into destroy_tasks.yml - name: Delete S3 bucket if it exists environment: AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" s3_bucket: name: "{{ env_type }}-{{ guid }}" state: absent force: yes region: "{{ aws_region_loop|d(aws_region) }}" tags: - remove_s3 register: s3_result until: s3_result is succeeded retries: 5 delay: "{{ cloudformation_retry_delay | default(60) }}" ignore_errors: yes - name: report s3 error fail: msg: "FAIL {{ project_tag }} delete s3" when: - s3_result is not succeeded - name: Destroy cloudformation template cloudformation: aws_access_key: "{{ aws_access_key_id }}" aws_secret_key: "{{ aws_secret_access_key }}" stack_name: "{{project_tag}}" state: "absent" region: "{{aws_region_loop|d(aws_region)}}" disable_rollback: true tags: Stack: "project {{env_type}}-{{ guid }}" tags: - destroying - destroy_cf_deployment - destroy_cloud_deployment register: cloudformation_destroy_result until: cloudformation_destroy_result is succeeded retries: 5 delay: "{{ cloudformation_retry_delay | default(60) }}" ignore_errors: true - name: report Cloudformation error fail: msg: "FAIL {{ project_tag }} Destroy Cloudformation" when: cloudformation_destroy_result is failed tags: - destroying - destroy_cf_deployment - destroy_cloud_deployment - name: Save aws_region_loop into aws_region_final set_fact: aws_region_final: "{{aws_region_loop}}" # keep cloudformation_out elsewhere because it's overriden by later runs of this # role even if task is skipped (it's a register) cloudformation_out_final: "{{cloudformation_out}}" when: cloudformation_out is succeeded - name: Output region debug: var: cloudformation_out_final verbosity: 2 - name: Output region debug: msg: "FALLBACK REGION = {{aws_region_final}}" when: - cloudformation_out is succeeded - aws_region != aws_region_final - set_fact: stack_deployed: true when: cloudformation_out is succeeded - set_fact: stack_deployed: false when: cloudformation_out is failed