fix: playbook webapp - delete resources

Author: abikouo

playbooks/webapp/tasks/create.yaml

@@ -218,15 +218,6 @@
         mode: 0400
       when: rsa_key is changed
 
-    - name: Check if the vm exists
-      amazon.aws.ec2_instance_info:
-        filters:
-          instance-type: "{{ bastion_host_type }}"
-          key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
-          vpc-id: "{{ vpc.vpc.id }}"
-          instance-state-name: running
-      register: vm_result
-
     - name: Ensure IAM instance role exists
       amazon.aws.iam_role:
         name: "{{ ec2_iam_role_name }}"
@@ -237,7 +228,6 @@
       register: role_output
 
     - name: Create a virtual machine
-      when: vm_result.instances | length == 0
       amazon.aws.ec2_instance:
         name: "{{ deploy_flask_app_bastion_host_name }}"
         instance_type: "{{ bastion_host_type }}"
@@ -254,7 +244,7 @@
           - "{{ secgroup.group_id }}"
         user_data: |
           #!/bin/bash
-          yum install -y python3 python-virtualenv sshpass netcat
+          yum install -y python3 python-virtualenv sshpass netcat ansible
         wait: true
         state: started
       register: vm_result

playbooks/webapp/tasks/delete.yaml

@@ -22,54 +22,33 @@
           ansible.builtin.set_fact:
             vpc_id: "{{ vpc.vpcs.0.vpc_id }}"
 
-        - name: Get bastion instance info
+        # Delete Load balancer
+        - name: List Load balancer(s) from VPC
+          community.aws.elb_classic_lb_info:
+          register: load_balancers
+
+        - name: Delete load balancer(s)
+          amazon.aws.elb_classic_lb:
+            name: "{{ item }}"
+            wait: true
+            state: absent
+          with_items: "{{ load_balancers.elbs | selectattr('vpc_id', 'equalto', vpc_id) | map(attribute='load_balancer_name') | list }}"
+
+        # Delete EC2 instances
+        - name: Get EC2 instance info
           amazon.aws.ec2_instance_info:
             filters:
-              instance-type: "{{ bastion_host_type }}"
-              key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
               vpc-id: "{{ vpc_id }}"
-              instance-state-name: running
-          register: bastion
-
-        - name: Delete EC2 instances with dependant Resources
-          when: bastion.instances | length == 1
-          block:
-            - name: Set 'instance_host_name' variable
-              ansible.builtin.set_fact:
-                instance_host_name: "{{ bastion.instances.0.public_dns_name | split('.') | first }}"
-
-            - name: Delete workers key pair
-              amazon.aws.ec2_key:
-                name: "{{ instance_host_name }}-key"
-                state: absent
-
-            - name: Delete load balancer
-              amazon.aws.elb_classic_lb:
-                name: "{{ instance_host_name }}-lb"
-                wait: true
-                state: absent
-
-            - name: List workers
-              amazon.aws.ec2_instance_info:
-                filters:
-                  tag:Name: "{{ instance_host_name }}-workers"
-                  instance-state-name: running
-              register: running
-
-            - name: Delete workers
-              when: running.instances | length != 0
-              amazon.aws.ec2_instance:
-                instance_ids: "{{ running.instances | map(attribute='instance_id') | list }}"
-                wait: true
-                state: terminated
-
-            - name: Delete bastion host
-              amazon.aws.ec2_instance:
-                instance_ids:
-                  - "{{ bastion.instances.0.instance_id }}"
-                wait: true
-                state: terminated
+          register: ec2_instances
+
+        - name: Delete ec2 instances from VPC
+          amazon.aws.ec2_instance:
+            instance_ids: "{{ ec2_instances.instances | map(attribute='instance_id') | list }}"
+            wait: true
+            state: terminated
+          when: ec2_instances.instances | length > 0
 
+        # Delete RDS instance
         - name: Delete RDS instance
           amazon.aws.rds_instance:
             state: absent
@@ -87,19 +66,7 @@
             name: "{{ rds_subnet_group_name }}"
             state: absent
 
-        - name: List Security group from VPC
-          amazon.aws.ec2_security_group_info:
-            filters:
-              vpc-id: "{{ vpc_id }}"
-              tag:prefix: "{{ resource_prefix }}"
-          register: secgroups
-
-        - name: Delete security groups
-          amazon.aws.ec2_security_group:
-            state: absent
-            group_id: "{{ item }}"
-          with_items: "{{ secgroups.security_groups | map(attribute='group_id') | list }}"
-
+        # Delete VPC route table
         - name: List routes table from VPC
           amazon.aws.ec2_vpc_route_table_info:
             filters:
@@ -115,6 +82,7 @@
             state: absent
           with_items: "{{ route_table.route_tables | map(attribute='id') | list }}"
 
+        # Delete NAT Gateway
         - name: Get NAT gateway
           amazon.aws.ec2_vpc_nat_gateway_info:
             filters:
@@ -128,20 +96,39 @@
             wait: true
           with_items: "{{ nat_gw.result | map(attribute='nat_gateway_id') | list }}"
 
+        # Delete Internet gateway
         - name: Delete internet gateway
           amazon.aws.ec2_vpc_igw:
             vpc_id: "{{ vpc_id }}"
             state: absent
 
+        # Delete Subnets
+        - name: List Subnets from VPC
+          amazon.aws.ec2_vpc_subnet_info:
+            filters:
+              vpc-id: "{{ vpc_id }}"
+          register: vpc_subnets
+
         - name: Delete subnets
           amazon.aws.ec2_vpc_subnet:
             cidr: "{{ item }}"
             state: absent
             vpc_id: "{{ vpc_id }}"
-          with_items: "{{ subnet_cidr }}"
+          with_items: "{{ vpc_subnets.subnets | map(attribute='cidr_block') | list }}"
+
+        # Delete Security groups
+        - name: List Security group from VPC
+          amazon.aws.ec2_security_group_info:
+            filters:
+              vpc-id: "{{ vpc_id }}"
+          register: secgroups
+
+        - name: Delete security groups
+          amazon.aws.ec2_security_group:
+            state: absent
+            group_id: "{{ item }}"
+          with_items: "{{ secgroups.security_groups | rejectattr('group_name', 'equalto', 'default') | map(attribute='group_id') | list }}"
 
-        # As ec2_vpc_route_table can't delete route table, the vpc still has dependencies and cannot be deleted.
-        # You need to do it delete it manually using either the console or the cli.
         - name: Delete VPC
           amazon.aws.ec2_vpc_net:
             name: "{{ vpc_name }}"

playbooks/webapp/vars/main.yaml

@@ -12,7 +12,7 @@ resource_tags:
   prefix: "{{ resource_prefix }}"
 operation: create
 
-image_filter: Fedora-Cloud-Base-35-*gp2-0
+image_filter: Fedora-Cloud-Base-38-*
 public_secgroup_name: "{{ resource_prefix }}-sg"
 ec2_iam_role_name: "{{ resource_prefix }}-role"
 rds_subnet_group_name: "{{ resource_prefix }}-rds-sg"
@@ -23,15 +23,15 @@ rds_instance_class: db.m6g.large
 rds_instance_name: mysampledb123
 rds_engine: postgres
 rds_engine_version: "14.8"
-bastion_host_type: t2.xlarge
+bastion_host_type: t3.micro
 bastion_host_venv_path: ~/env
 rds_listening_port: 5432
 
 # Variables for the deploy_flask_app role
 deploy_flask_app_sshkey_pair_name: "{{ resource_prefix }}-key"
 deploy_flask_app_bastion_host_name: "{{ resource_prefix }}-bastion"
 deploy_flask_app_bastion_host_username: fedora
-deploy_flask_app_workers_instance_type: t2.xlarge
+deploy_flask_app_workers_instance_type: t3.micro
 deploy_flask_app_workers_user_name: fedora
 deploy_flask_app_number_of_workers: 2
 deploy_flask_app_listening_port: 5000

roles/deploy_flask_app/tasks/main.yaml

@@ -18,3 +18,7 @@
 
     - name: Start application container into workers
       ansible.builtin.include_tasks: start_containers.yaml
+
+    - name: Display application URL
+      ansible.builtin.debug:
+        msg: "Application accessible at http://{{ deploy_flask_app_lb_result.elb.dns_name }}:{{ deploy_flask_app_listening_port }}"

tests/integration/targets/setup_rsa_keys/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
-- name: Delete temporary RSA key directory
+- name: Delete RSA key directory
   ansible.builtin.file:
     state: absent
-    path: "{{ setup_rsa_keys__tmpdir }}"
+    path: "{{ setup_rsa_keys__path }}"
   ignore_errors: true

tests/integration/targets/setup_rsa_keys/tasks/main.yml

@@ -19,6 +19,7 @@
       ansible.builtin.file:
         path: "{{ setup_rsa_keys__path }}"
         state: directory
+      notify: 'Delete RSA key directory'
 
     - name: Generate RSA keys
       community.crypto.openssh_keypair:

tests/integration/targets/test_deploy_flask_app/aliases

@@ -1,3 +1,4 @@
 cloud/aws
 role/deploy_flask_app
 time=35m
+unstable

tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml

@@ -76,7 +76,7 @@
             state: absent
           with_items: "{{ route_table.route_tables | map(attribute='id') | list }}"
 
-        # Delete VPC route table
+        # Delete NAT Gateway
         - name: Get NAT gateway
           amazon.aws.ec2_vpc_nat_gateway_info:
             filters:

tests/integration/targets/test_playbook_webapp/aliases

@@ -0,0 +1,2 @@
+time=35m
+cloud/aws

tests/integration/targets/test_playbook_webapp/create_aws_credentials.yml

@@ -0,0 +1,13 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Write access key to file we can source
+      ansible.builtin.copy:
+        dest: access_key.sh
+        content: |
+          export AWS_ACCESS_KEY_ID="{{ aws_access_key }}"
+          export AWS_SECRET_ACCESS_KEY="{{ aws_secret_key }}"
+          export AWS_REGION="{{ aws_region }}"
+          export AWS_SECURITY_TOKEN="{{ aws_security_token }}"

tests/integration/targets/test_playbook_webapp/runme.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# generate inventory with access_key provided through a templated variable
+ansible-playbook create_aws_credentials.yml "$@"
+source access_key.sh
+
+set -eux
+
+function cleanup() {
+    set +x
+    source access_key.sh
+    set -x
+    ansible-playbook webapp.yaml -e "operation=delete" "$@"
+    exit 1
+}
+
+trap 'cleanup "${@}"'  ERR
+
+# Create web application
+ansible-playbook webapp.yaml "$@"
+
+# Delete web application
+ansible-playbook webapp.yaml -e "operation=delete" "$@"

tests/integration/targets/test_playbook_webapp/test_webapp.yaml

@@ -0,0 +1 @@
+- import_playbook: cloud.aws_ops.webapp.webapp