1--- 2# tasks file for ecs_cluster 3 4- block: 5 # ============================================================ 6 - name: set up aws connection info 7 set_fact: 8 aws_connection_info: &aws_connection_info 9 aws_access_key: "{{ aws_access_key }}" 10 aws_secret_key: "{{ aws_secret_key }}" 11 security_token: "{{ security_token }}" 12 region: "{{ aws_region }}" 13 no_log: yes 14 15 - name: ensure IAM instance role exists 16 iam_role: 17 name: ecsInstanceRole 18 assume_role_policy_document: "{{ lookup('file','ec2-trust-policy.json') }}" 19 state: present 20 create_instance_profile: yes 21 managed_policy: 22 - AmazonEC2ContainerServiceforEC2Role 23 <<: *aws_connection_info 24 25 - name: ensure IAM service role exists 26 iam_role: 27 name: ecsServiceRole 28 assume_role_policy_document: "{{ lookup('file','ecs-trust-policy.json') }}" 29 state: present 30 create_instance_profile: no 31 managed_policy: 32 - AmazonEC2ContainerServiceRole 33 <<: *aws_connection_info 34 35 - name: ensure AWSServiceRoleForECS role exists 36 iam_role_info: 37 name: AWSServiceRoleForECS 38 <<: *aws_connection_info 39 register: iam_role_result 40 41 # FIXME: come up with a way to automate this 42 - name: fail if AWSServiceRoleForECS role does not exist 43 fail: 44 msg: > 45 Run `aws iam create-service-linked-role --aws-service-name=ecs.amazonaws.com ` to create 46 a linked role for AWS VPC load balancer management 47 when: not iam_role_result.iam_roles 48 49 - name: create an ECS cluster 50 ecs_cluster: 51 name: "{{ ecs_cluster_name }}" 52 state: present 53 <<: *aws_connection_info 54 register: ecs_cluster 55 56 - name: check that ecs_cluster changed 57 assert: 58 that: 59 - ecs_cluster.changed 60 61 - name: create same ECS cluster (should do nothing) 62 ecs_cluster: 63 name: "{{ ecs_cluster_name }}" 64 state: present 65 <<: *aws_connection_info 66 register: ecs_cluster_again 67 68 - name: check that ecs_cluster did not change 69 assert: 70 that: 71 - not ecs_cluster_again.changed 72 73 - name: create a VPC to work in 74 ec2_vpc_net: 75 cidr_block: 10.0.0.0/16 76 state: present 77 name: '{{ resource_prefix }}_ecs_cluster' 78 resource_tags: 79 Name: '{{ resource_prefix }}_ecs_cluster' 80 <<: *aws_connection_info 81 register: setup_vpc 82 83 - name: create a key pair to use for creating an ec2 instance 84 ec2_key: 85 name: '{{ resource_prefix }}_ecs_cluster' 86 state: present 87 <<: *aws_connection_info 88 when: ec2_keypair is not defined # allow override in cloud-config-aws.ini 89 register: setup_key 90 91 - name: create subnets 92 ec2_vpc_subnet: 93 az: '{{ ec2_region }}{{ item.zone }}' 94 tags: 95 Name: '{{ resource_prefix }}_ecs_cluster-subnet-{{ item.zone }}' 96 vpc_id: '{{ setup_vpc.vpc.id }}' 97 cidr: "{{ item.cidr }}" 98 state: present 99 <<: *aws_connection_info 100 register: setup_subnet 101 with_items: 102 - zone: a 103 cidr: 10.0.1.0/24 104 - zone: b 105 cidr: 10.0.2.0/24 106 107 - name: create an internet gateway so that ECS agents can talk to ECS 108 ec2_vpc_igw: 109 vpc_id: '{{ setup_vpc.vpc.id }}' 110 state: present 111 <<: *aws_connection_info 112 register: igw 113 114 - name: create a security group to use for creating an ec2 instance 115 ec2_group: 116 name: '{{ resource_prefix }}_ecs_cluster-sg' 117 description: 'created by Ansible integration tests' 118 state: present 119 vpc_id: '{{ setup_vpc.vpc.id }}' 120 rules: # allow all ssh traffic but nothing else 121 - ports: 22 122 cidr: 0.0.0.0/0 123 <<: *aws_connection_info 124 register: setup_sg 125 126 - name: find a suitable AMI 127 ec2_ami_info: 128 owner: amazon 129 filters: 130 description: "Amazon Linux AMI* ECS *" 131 <<: *aws_connection_info 132 register: ec2_ami_info 133 134 - name: set image id fact 135 set_fact: 136 ecs_image_id: "{{ (ec2_ami_info.images|first).image_id }}" 137 138 - name: provision ec2 instance to create an image 139 ec2_instance: 140 key_name: '{{ ec2_keypair|default(setup_key.key.name) }}' 141 instance_type: t2.micro 142 state: present 143 image_id: '{{ ecs_image_id }}' 144 wait: yes 145 user_data: "{{ user_data }}" 146 instance_role: ecsInstanceRole 147 tags: 148 Name: '{{ resource_prefix }}_ecs_agent' 149 security_group: '{{ setup_sg.group_id }}' 150 vpc_subnet_id: '{{ setup_subnet.results[0].subnet.id }}' 151 <<: *aws_connection_info 152 register: setup_instance 153 154 - name: create target group 155 elb_target_group: 156 name: "{{ ecs_target_group_name }}1" 157 state: present 158 protocol: HTTP 159 port: 8080 160 modify_targets: no 161 vpc_id: '{{ setup_vpc.vpc.id }}' 162 target_type: instance 163 <<: *aws_connection_info 164 register: elb_target_group_instance 165 166 - name: create second target group to use ip target_type 167 elb_target_group: 168 name: "{{ ecs_target_group_name }}2" 169 state: present 170 protocol: HTTP 171 port: 8080 172 modify_targets: no 173 vpc_id: '{{ setup_vpc.vpc.id }}' 174 target_type: ip 175 <<: *aws_connection_info 176 register: elb_target_group_ip 177 178 - name: create load balancer 179 elb_application_lb: 180 name: "{{ ecs_load_balancer_name }}" 181 state: present 182 scheme: internal 183 security_groups: '{{ setup_sg.group_id }}' 184 subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}" 185 listeners: 186 - Protocol: HTTP 187 Port: 80 188 DefaultActions: 189 - Type: forward 190 TargetGroupName: "{{ ecs_target_group_name }}1" 191 - Protocol: HTTP 192 Port: 81 193 DefaultActions: 194 - Type: forward 195 TargetGroupName: "{{ ecs_target_group_name }}2" 196 <<: *aws_connection_info 197 198 - name: create task definition 199 ecs_taskdefinition: 200 containers: "{{ ecs_task_containers }}" 201 family: "{{ ecs_task_name }}" 202 state: present 203 <<: *aws_connection_info 204 register: ecs_task_definition 205 206 - name: recreate task definition 207 ecs_taskdefinition: 208 containers: "{{ ecs_task_containers }}" 209 family: "{{ ecs_task_name }}" 210 state: present 211 <<: *aws_connection_info 212 register: ecs_task_definition_again 213 214 - name: check that task definition does not change 215 assert: 216 that: 217 - not ecs_task_definition_again.changed 218 # FIXME: task definition should not change, will need #26752 or equivalent 219 ignore_errors: yes 220 221 - name: obtain ECS task definition facts 222 ecs_taskdefinition_info: 223 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 224 <<: *aws_connection_info 225 226 - name: create ECS service definition 227 ecs_service: 228 state: present 229 name: "{{ ecs_service_name }}" 230 cluster: "{{ ecs_cluster_name }}" 231 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 232 desired_count: 1 233 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 234 placement_strategy: "{{ ecs_service_placement_strategy }}" 235 health_check_grace_period_seconds: "{{ ecs_service_health_check_grace_period }}" 236 load_balancers: 237 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 238 containerName: "{{ ecs_task_name }}" 239 containerPort: "{{ ecs_task_container_port }}" 240 role: "ecsServiceRole" 241 <<: *aws_connection_info 242 register: ecs_service 243 244 - name: check that ECS service creation changed 245 assert: 246 that: 247 - ecs_service.changed 248 249 - name: create same ECS service definition (should not change) 250 ecs_service: 251 state: present 252 name: "{{ ecs_service_name }}" 253 cluster: "{{ ecs_cluster_name }}" 254 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 255 desired_count: 1 256 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 257 placement_strategy: "{{ ecs_service_placement_strategy }}" 258 health_check_grace_period_seconds: "{{ ecs_service_health_check_grace_period }}" 259 load_balancers: 260 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 261 containerName: "{{ ecs_task_name }}" 262 containerPort: "{{ ecs_task_container_port }}" 263 role: "ecsServiceRole" 264 <<: *aws_connection_info 265 register: ecs_service_again 266 267 - name: check that ECS service recreation changed nothing 268 assert: 269 that: 270 - not ecs_service_again.changed 271 # FIXME: service should not change, needs fixing 272 ignore_errors: yes 273 274 # FIXME: attempt to update service load balancer 275 - name: update ECS service definition (expected to fail) 276 ecs_service: 277 state: present 278 name: "{{ ecs_service_name }}" 279 cluster: "{{ ecs_cluster_name }}" 280 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 281 desired_count: 1 282 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 283 placement_strategy: "{{ ecs_service_placement_strategy }}" 284 health_check_grace_period_seconds: "{{ ecs_service_health_check_grace_period }}" 285 load_balancers: 286 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 287 containerName: "{{ ecs_task_name }}" 288 containerPort: "{{ ecs_task_container_port|int + 1 }}" 289 role: "ecsServiceRole" 290 <<: *aws_connection_info 291 register: update_ecs_service 292 ignore_errors: yes 293 294 - name: assert that updating ECS load balancer failed with helpful message 295 assert: 296 that: 297 - update_ecs_service is failed 298 - "'error' not in update_ecs_service" 299 - "'msg' in update_ecs_service" 300 301 302 - name: attempt to use ECS network configuration on task definition without awsvpc network_mode 303 ecs_service: 304 state: present 305 name: "{{ ecs_service_name }}3" 306 cluster: "{{ ecs_cluster_name }}" 307 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 308 desired_count: 1 309 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 310 placement_strategy: "{{ ecs_service_placement_strategy }}" 311 load_balancers: 312 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 313 containerName: "{{ ecs_task_name }}" 314 containerPort: "{{ ecs_task_container_port }}" 315 network_configuration: 316 subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}" 317 security_groups: 318 - '{{ setup_sg.group_id }}' 319 <<: *aws_connection_info 320 register: ecs_service_network_without_awsvpc_task 321 ignore_errors: yes 322 323 - name: assert that using ECS network configuration with non AWSVPC task definition fails 324 assert: 325 that: 326 - ecs_service_network_without_awsvpc_task is failed 327 328 - name: scale down ECS service 329 ecs_service: 330 state: present 331 name: "{{ ecs_service_name }}" 332 cluster: "{{ ecs_cluster_name }}" 333 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 334 desired_count: 0 335 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 336 placement_strategy: "{{ ecs_service_placement_strategy }}" 337 load_balancers: 338 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 339 containerName: "{{ ecs_task_name }}" 340 containerPort: "{{ ecs_task_container_port }}" 341 role: "ecsServiceRole" 342 <<: *aws_connection_info 343 register: ecs_service_scale_down 344 345 - name: pause to allow service to scale down 346 pause: 347 seconds: 60 348 349 - name: delete ECS service definition 350 ecs_service: 351 state: absent 352 name: "{{ ecs_service_name }}" 353 cluster: "{{ ecs_cluster_name }}" 354 <<: *aws_connection_info 355 register: delete_ecs_service 356 357 - name: assert that deleting ECS service worked 358 assert: 359 that: 360 - delete_ecs_service.changed 361 362 - name: assert that deleting ECS service worked 363 assert: 364 that: 365 - delete_ecs_service.changed 366 367 - name: create VPC-networked task definition with host port set to 0 (expected to fail) 368 ecs_taskdefinition: 369 containers: "{{ ecs_task_containers }}" 370 family: "{{ ecs_task_name }}-vpc" 371 state: present 372 network_mode: awsvpc 373 <<: *aws_connection_info 374 register: ecs_task_definition_vpc_no_host_port 375 ignore_errors: yes 376 377 - name: check that awsvpc task definition with host port 0 fails gracefully 378 assert: 379 that: 380 - ecs_task_definition_vpc_no_host_port is failed 381 - "'error' not in ecs_task_definition_vpc_no_host_port" 382 383 - name: create VPC-networked task definition with host port set to 8080 384 ecs_taskdefinition: 385 containers: "{{ ecs_task_containers }}" 386 family: "{{ ecs_task_name }}-vpc" 387 network_mode: awsvpc 388 state: present 389 <<: *aws_connection_info 390 vars: 391 ecs_task_host_port: 8080 392 register: ecs_task_definition_vpc_with_host_port 393 394 - name: obtain ECS task definition facts 395 ecs_taskdefinition_info: 396 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}" 397 <<: *aws_connection_info 398 register: ecs_taskdefinition_info 399 400 - name: assert that network mode is awsvpc 401 assert: 402 that: 403 - "ecs_taskdefinition_info.network_mode == 'awsvpc'" 404 405 - name: pause to allow service to scale down 406 pause: 407 seconds: 60 408 409 - name: delete ECS service definition 410 ecs_service: 411 state: absent 412 name: "{{ ecs_service_name }}4" 413 cluster: "{{ ecs_cluster_name }}" 414 <<: *aws_connection_info 415 register: delete_ecs_service 416 417 - name: create ECS service definition with network configuration 418 ecs_service: 419 state: present 420 name: "{{ ecs_service_name }}2" 421 cluster: "{{ ecs_cluster_name }}" 422 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}" 423 desired_count: 1 424 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 425 placement_strategy: "{{ ecs_service_placement_strategy }}" 426 load_balancers: 427 - targetGroupArn: "{{ elb_target_group_ip.target_group_arn }}" 428 containerName: "{{ ecs_task_name }}" 429 containerPort: "{{ ecs_task_container_port }}" 430 network_configuration: 431 subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}" 432 security_groups: 433 - '{{ setup_sg.group_id }}' 434 <<: *aws_connection_info 435 register: create_ecs_service_with_vpc 436 437 - name: assert that network configuration is correct 438 assert: 439 that: 440 - "'networkConfiguration' in create_ecs_service_with_vpc.service" 441 - "'awsvpcConfiguration' in create_ecs_service_with_vpc.service.networkConfiguration" 442 - "create_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.subnets|length == 2" 443 - "create_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.securityGroups|length == 1" 444 445 - name: create dummy group to update ECS service with 446 ec2_group: 447 name: "{{ resource_prefix }}-ecs-vpc-test-sg" 448 description: "Test security group for ECS with VPC" 449 vpc_id: '{{ setup_vpc.vpc.id }}' 450 state: present 451 <<: *aws_connection_info 452 453 - name: update ECS service definition with new network configuration 454 ecs_service: 455 state: present 456 name: "{{ ecs_service_name }}2" 457 cluster: "{{ ecs_cluster_name }}" 458 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}" 459 desired_count: 1 460 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 461 placement_strategy: "{{ ecs_service_placement_strategy }}" 462 load_balancers: 463 - targetGroupArn: "{{ elb_target_group_ip.target_group_arn }}" 464 containerName: "{{ ecs_task_name }}" 465 containerPort: "{{ ecs_task_container_port }}" 466 network_configuration: 467 subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}" 468 security_groups: 469 - "{{ resource_prefix }}-ecs-vpc-test-sg" 470 <<: *aws_connection_info 471 register: update_ecs_service_with_vpc 472 473 - name: check that ECS service changed 474 assert: 475 that: 476 - update_ecs_service_with_vpc.changed 477 - "'networkConfiguration' in update_ecs_service_with_vpc.service" 478 - "'awsvpcConfiguration' in update_ecs_service_with_vpc.service.networkConfiguration" 479 - "update_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.subnets|length == 2" 480 - "update_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.securityGroups|length == 1" 481 482 - name: create ecs_service using health_check_grace_period_seconds 483 ecs_service: 484 name: "{{ ecs_service_name }}-mft" 485 cluster: "{{ ecs_cluster_name }}" 486 load_balancers: 487 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 488 containerName: "{{ ecs_task_name }}" 489 containerPort: "{{ ecs_task_container_port }}" 490 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 491 scheduling_strategy: "REPLICA" 492 health_check_grace_period_seconds: 10 493 desired_count: 1 494 state: present 495 <<: *aws_connection_info 496 register: ecs_service_creation_hcgp 497 498 499 - name: health_check_grace_period_seconds sets HealthChecGracePeriodSeconds 500 assert: 501 that: 502 - ecs_service_creation_hcgp.changed 503 - "{{ecs_service_creation_hcgp.service.healthCheckGracePeriodSeconds}} == 10" 504 505 - name: update ecs_service using health_check_grace_period_seconds 506 ecs_service: 507 name: "{{ ecs_service_name }}-mft" 508 cluster: "{{ ecs_cluster_name }}" 509 load_balancers: 510 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 511 containerName: "{{ ecs_task_name }}" 512 containerPort: "{{ ecs_task_container_port }}" 513 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 514 desired_count: 1 515 health_check_grace_period_seconds: 30 516 state: present 517 <<: *aws_connection_info 518 register: ecs_service_creation_hcgp2 519 ignore_errors: no 520 521 - name: check that module returns success 522 assert: 523 that: 524 - ecs_service_creation_hcgp2.changed 525 - "{{ecs_service_creation_hcgp2.service.healthCheckGracePeriodSeconds}} == 30" 526 527# until ansible supports service registries, this test can't run. 528# - name: update ecs_service using service_registries 529# ecs_service: 530# name: "{{ ecs_service_name }}-service-registries" 531# cluster: "{{ ecs_cluster_name }}" 532# load_balancers: 533# - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 534# containerName: "{{ ecs_task_name }}" 535# containerPort: "{{ ecs_task_container_port }}" 536# service_registries: 537# - containerName: "{{ ecs_task_name }}" 538# containerPort: "{{ ecs_task_container_port }}" 539# ### TODO: Figure out how to get a service registry ARN without a service registry module. 540# registryArn: "{{ ecs_task_service_registry_arn }}" 541# task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 542# desired_count: 1 543# state: present 544# <<: *aws_connection_info 545# register: ecs_service_creation_sr 546# ignore_errors: yes 547 548# - name: dump sr output 549# debug: var=ecs_service_creation_sr 550 551# - name: check that module returns success 552# assert: 553# that: 554# - ecs_service_creation_sr.changed 555 556 - name: update ecs_service using REPLICA scheduling_strategy 557 ecs_service: 558 name: "{{ ecs_service_name }}-replica" 559 cluster: "{{ ecs_cluster_name }}" 560 load_balancers: 561 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 562 containerName: "{{ ecs_task_name }}" 563 containerPort: "{{ ecs_task_container_port }}" 564 scheduling_strategy: "REPLICA" 565 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 566 desired_count: 1 567 state: present 568 <<: *aws_connection_info 569 register: ecs_service_creation_replica 570 571 - name: obtain facts for all ECS services in the cluster 572 ecs_service_info: 573 cluster: "{{ ecs_cluster_name }}" 574 details: yes 575 events: no 576 <<: *aws_connection_info 577 register: ecs_service_info 578 579 - name: assert that facts are useful 580 assert: 581 that: 582 - "'services' in ecs_service_info" 583 - ecs_service_info.services | length > 0 584 - "'events' not in ecs_service_info.services[0]" 585 586 - name: obtain facts for existing service in the cluster 587 ecs_service_info: 588 cluster: "{{ ecs_cluster_name }}" 589 service: "{{ ecs_service_name }}" 590 details: yes 591 events: no 592 <<: *aws_connection_info 593 register: ecs_service_info 594 595 - name: assert that existing service is available and running 596 assert: 597 that: 598 - "ecs_service_info.services|length == 1" 599 - "ecs_service_info.services_not_running|length == 0" 600 601 - name: obtain facts for non-existent service in the cluster 602 ecs_service_info: 603 cluster: "{{ ecs_cluster_name }}" 604 service: madeup 605 details: yes 606 events: no 607 <<: *aws_connection_info 608 register: ecs_service_info 609 610 - name: assert that non-existent service is missing 611 assert: 612 that: 613 - "ecs_service_info.services_not_running[0].reason == 'MISSING'" 614 615 - name: obtain specific ECS service facts 616 ecs_service_info: 617 service: "{{ ecs_service_name }}2" 618 cluster: "{{ ecs_cluster_name }}" 619 details: yes 620 <<: *aws_connection_info 621 register: ecs_service_info 622 623 - name: check that facts contain network configuration 624 assert: 625 that: 626 - "'networkConfiguration' in ecs_service_info.ansible_facts.services[0]" 627 628 - name: attempt to get facts from missing task definition 629 ecs_taskdefinition_info: 630 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition.taskdefinition.revision + 1}}" 631 <<: *aws_connection_info 632 633 # ============================================================ 634 # Begin tests for Fargate 635 636 - name: ensure AmazonECSTaskExecutionRolePolicy exists 637 iam_role: 638 name: ecsTaskExecutionRole 639 assume_role_policy_document: "{{ lookup('file','ecs-trust-policy.json') }}" 640 description: "Allows ECS containers to make calls to ECR" 641 state: present 642 create_instance_profile: no 643 managed_policy: 644 - AmazonEC2ContainerServiceRole 645 <<: *aws_connection_info 646 register: iam_execution_role 647 648 - name: create Fargate VPC-networked task definition with host port set to 8080 and unsupported network mode (expected to fail) 649 ecs_taskdefinition: 650 containers: "{{ ecs_fargate_task_containers }}" 651 family: "{{ ecs_task_name }}-vpc" 652 network_mode: bridge 653 launch_type: FARGATE 654 cpu: 512 655 memory: 1024 656 state: present 657 <<: *aws_connection_info 658 vars: 659 ecs_task_host_port: 8080 660 ignore_errors: yes 661 register: ecs_fargate_task_definition_bridged_with_host_port 662 663 - name: check that fargate task definition with bridged networking fails gracefully 664 assert: 665 that: 666 - ecs_fargate_task_definition_bridged_with_host_port is failed 667 - 'ecs_fargate_task_definition_bridged_with_host_port.msg == "To use FARGATE launch type, network_mode must be awsvpc"' 668 669 - name: create Fargate VPC-networked task definition without CPU or Memory (expected to Fail) 670 ecs_taskdefinition: 671 containers: "{{ ecs_fargate_task_containers }}" 672 family: "{{ ecs_task_name }}-vpc" 673 network_mode: awsvpc 674 launch_type: FARGATE 675 state: present 676 <<: *aws_connection_info 677 ignore_errors: yes 678 register: ecs_fargate_task_definition_vpc_no_mem 679 680 - name: check that fargate task definition without memory or cpu fails gracefully 681 assert: 682 that: 683 - ecs_fargate_task_definition_vpc_no_mem is failed 684 - 'ecs_fargate_task_definition_vpc_no_mem.msg == "launch_type is FARGATE but all of the following are missing: cpu, memory"' 685 686 - name: create Fargate VPC-networked task definition with CPU or Memory and execution role 687 ecs_taskdefinition: 688 containers: "{{ ecs_fargate_task_containers }}" 689 family: "{{ ecs_task_name }}-vpc" 690 network_mode: awsvpc 691 launch_type: FARGATE 692 cpu: 512 693 memory: 1024 694 execution_role_arn: "{{ iam_execution_role.arn }}" 695 state: present 696 <<: *aws_connection_info 697 vars: 698 ecs_task_host_port: 8080 699 register: ecs_fargate_task_definition 700 701 - name: obtain ECS task definition facts 702 ecs_taskdefinition_info: 703 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}" 704 <<: *aws_connection_info 705 706 - name: create fargate ECS service without network config (expected to fail) 707 ecs_service: 708 state: present 709 name: "{{ ecs_service_name }}4" 710 cluster: "{{ ecs_cluster_name }}" 711 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}" 712 desired_count: 1 713 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 714 launch_type: FARGATE 715 <<: *aws_connection_info 716 register: ecs_fargate_service_network_without_awsvpc 717 ignore_errors: yes 718 719 - name: assert that using Fargate ECS service fails 720 assert: 721 that: 722 - ecs_fargate_service_network_without_awsvpc is failed 723 724 - name: create fargate ECS service with network config 725 ecs_service: 726 state: present 727 name: "{{ ecs_service_name }}4" 728 cluster: "{{ ecs_cluster_name }}" 729 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}" 730 desired_count: 1 731 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 732 launch_type: FARGATE 733 network_configuration: 734 subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}" 735 security_groups: 736 - '{{ setup_sg.group_id }}' 737 assign_public_ip: true 738 <<: *aws_connection_info 739 register: ecs_fargate_service_network_with_awsvpc 740 741 - name: create fargate ECS task with run task 742 ecs_task: 743 operation: run 744 cluster: "{{ ecs_cluster_name }}" 745 task_definition: "{{ ecs_task_name }}-vpc" 746 launch_type: FARGATE 747 count: 1 748 network_configuration: 749 subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}" 750 security_groups: 751 - '{{ setup_sg.group_id }}' 752 assign_public_ip: true 753 started_by: ansible_user 754 <<: *aws_connection_info 755 register: fargate_run_task_output 756 757 - name: assert that public IP assignment is enabled 758 assert: 759 that: 760 - 'ecs_fargate_service_network_with_awsvpc.service.networkConfiguration.awsvpcConfiguration.assignPublicIp == "ENABLED"' 761 762 # ============================================================ 763 # End tests for Fargate 764 765 - name: create task definition for absent with arn regression test 766 ecs_taskdefinition: 767 containers: "{{ ecs_task_containers }}" 768 family: "{{ ecs_task_name }}-absent" 769 state: present 770 <<: *aws_connection_info 771 register: ecs_task_definition_absent_with_arn 772 773 - name: absent task definition by arn 774 ecs_taskdefinition: 775 arn: "{{ ecs_task_definition_absent_with_arn.taskdefinition.taskDefinitionArn }}" 776 state: absent 777 <<: *aws_connection_info 778 779 always: 780 # TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc 781 - name: Announce teardown start 782 debug: 783 msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****" 784 785 - name: obtain ECS service facts 786 ecs_service_info: 787 service: "{{ ecs_service_name }}" 788 cluster: "{{ ecs_cluster_name }}" 789 details: yes 790 <<: *aws_connection_info 791 register: ecs_service_info 792 793 - name: scale down ECS service 794 ecs_service: 795 state: present 796 name: "{{ ecs_service_name }}" 797 cluster: "{{ ecs_cluster_name }}" 798 task_definition: "{{ ecs_service_info.ansible_facts.services[0].taskDefinition }}" 799 desired_count: 0 800 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 801 placement_strategy: "{{ ecs_service_placement_strategy }}" 802 load_balancers: 803 - targetGroupArn: "{{ ecs_service_info.ansible_facts.services[0].loadBalancers[0].targetGroupArn }}" 804 containerName: "{{ ecs_task_name }}" 805 containerPort: "{{ ecs_task_container_port }}" 806 <<: *aws_connection_info 807 ignore_errors: yes 808 register: ecs_service_scale_down 809 810 - name: obtain second ECS service facts 811 ecs_service_info: 812 service: "{{ ecs_service_name }}2" 813 cluster: "{{ ecs_cluster_name }}" 814 details: yes 815 <<: *aws_connection_info 816 ignore_errors: yes 817 register: ecs_service_info 818 819 - name: scale down second ECS service 820 ecs_service: 821 state: present 822 name: "{{ ecs_service_name }}2" 823 cluster: "{{ ecs_cluster_name }}" 824 task_definition: "{{ ecs_service_info.ansible_facts.services[0].taskDefinition }}" 825 desired_count: 0 826 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 827 placement_strategy: "{{ ecs_service_placement_strategy }}" 828 load_balancers: 829 - targetGroupArn: "{{ ecs_service_info.ansible_facts.services[0].loadBalancers[0].targetGroupArn }}" 830 containerName: "{{ ecs_task_name }}" 831 containerPort: "{{ ecs_task_container_port }}" 832 <<: *aws_connection_info 833 ignore_errors: yes 834 register: ecs_service_scale_down 835 836 - name: scale down multifunction-test service 837 ecs_service: 838 name: "{{ ecs_service_name }}-mft" 839 cluster: "{{ ecs_cluster_name }}" 840 state: present 841 load_balancers: 842 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 843 containerName: "{{ ecs_task_name }}" 844 containerPort: "{{ ecs_task_container_port }}" 845 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 846 desired_count: 0 847 <<: *aws_connection_info 848 ignore_errors: yes 849 register: ecs_service_scale_down 850 851 852 853 - name: scale down scheduling_strategy service 854 ecs_service: 855 name: "{{ ecs_service_name }}-replica" 856 cluster: "{{ ecs_cluster_name }}" 857 state: present 858 load_balancers: 859 - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 860 containerName: "{{ ecs_task_name }}" 861 containerPort: "{{ ecs_task_container_port }}" 862 task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 863 desired_count: 0 864 <<: *aws_connection_info 865 ignore_errors: yes 866 register: ecs_service_scale_down 867 868 869# until ansible supports service registries, the test for it can't run and this 870# scale down is not needed 871# - name: scale down service_registries service 872# ecs_service: 873# name: "{{ ecs_service_name }}-service-registries" 874# cluster: "{{ ecs_cluster_name }}" 875# state: present 876# load_balancers: 877# - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}" 878# containerName: "{{ ecs_task_name }}" 879# containerPort: "{{ ecs_task_container_port }}" 880# task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}" 881# desired_count: 0 882# <<: *aws_connection_info 883# ignore_errors: yes 884# register: ecs_service_scale_down 885 886 - name: scale down Fargate ECS service 887 ecs_service: 888 state: present 889 name: "{{ ecs_service_name }}4" 890 cluster: "{{ ecs_cluster_name }}" 891 task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}" 892 desired_count: 0 893 deployment_configuration: "{{ ecs_service_deployment_configuration }}" 894 <<: *aws_connection_info 895 ignore_errors: yes 896 register: ecs_service_scale_down 897 898 - name: stop Fargate ECS task 899 ecs_task: 900 task: "{{ fargate_run_task_output.task[0].taskArn }}" 901 task_definition: "{{ ecs_task_name }}-vpc" 902 operation: stop 903 cluster: "{{ ecs_cluster_name }}" 904 <<: *aws_connection_info 905 ignore_errors: yes 906 907 - name: pause to allow services to scale down 908 pause: 909 seconds: 60 910 when: ecs_service_scale_down is not failed 911 912 - name: remove ecs service 913 ecs_service: 914 state: absent 915 cluster: "{{ ecs_cluster_name }}" 916 name: "{{ ecs_service_name }}" 917 <<: *aws_connection_info 918 ignore_errors: yes 919 920 - name: remove second ecs service 921 ecs_service: 922 state: absent 923 cluster: "{{ ecs_cluster_name }}" 924 name: "{{ ecs_service_name }}2" 925 <<: *aws_connection_info 926 ignore_errors: yes 927 928 - name: remove mft ecs service 929 ecs_service: 930 state: absent 931 cluster: "{{ ecs_cluster_name }}" 932 name: "{{ ecs_service_name }}-mft" 933 <<: *aws_connection_info 934 ignore_errors: yes 935 936 - name: remove scheduling_strategy ecs service 937 ecs_service: 938 state: absent 939 cluster: "{{ ecs_cluster_name }}" 940 name: "{{ ecs_service_name }}-replica" 941 <<: *aws_connection_info 942 ignore_errors: yes 943 944# until ansible supports service registries, the test for it can't run and this 945# removal is not needed 946# - name: remove service_registries ecs service 947# ecs_service: 948# state: absent 949# cluster: "{{ ecs_cluster_name }}" 950# name: "{{ ecs_service_name }}-service-registries" 951# <<: *aws_connection_info 952# ignore_errors: yes 953 954 - name: remove fargate ECS service 955 ecs_service: 956 state: absent 957 name: "{{ ecs_service_name }}4" 958 cluster: "{{ ecs_cluster_name }}" 959 <<: *aws_connection_info 960 ignore_errors: yes 961 register: ecs_fargate_service_network_with_awsvpc 962 963 - name: remove ecs task definition 964 ecs_taskdefinition: 965 containers: "{{ ecs_task_containers }}" 966 family: "{{ ecs_task_name }}" 967 revision: "{{ ecs_task_definition.taskdefinition.revision }}" 968 state: absent 969 <<: *aws_connection_info 970 vars: 971 ecs_task_host_port: 8080 972 ignore_errors: yes 973 974 - name: remove ecs task definition again 975 ecs_taskdefinition: 976 containers: "{{ ecs_task_containers }}" 977 family: "{{ ecs_task_name }}" 978 revision: "{{ ecs_task_definition_again.taskdefinition.revision }}" 979 state: absent 980 <<: *aws_connection_info 981 vars: 982 ecs_task_host_port: 8080 983 ignore_errors: yes 984 985 - name: remove second ecs task definition 986 ecs_taskdefinition: 987 containers: "{{ ecs_task_containers }}" 988 family: "{{ ecs_task_name }}-vpc" 989 revision: "{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}" 990 state: absent 991 <<: *aws_connection_info 992 vars: 993 ecs_task_host_port: 8080 994 ignore_errors: yes 995 996 - name: remove fargate ecs task definition 997 ecs_taskdefinition: 998 containers: "{{ ecs_fargate_task_containers }}" 999 family: "{{ ecs_task_name }}-vpc" 1000 revision: "{{ ecs_fargate_task_definition.taskdefinition.revision }}" 1001 state: absent 1002 <<: *aws_connection_info 1003 ignore_errors: yes 1004 1005 - name: remove ecs task definition for absent with arn 1006 ecs_taskdefinition: 1007 containers: "{{ ecs_task_containers }}" 1008 family: "{{ ecs_task_name }}-absent" 1009 revision: "{{ ecs_task_definition_absent_with_arn.taskdefinition.revision }}" 1010 state: absent 1011 <<: *aws_connection_info 1012 ignore_errors: yes 1013 1014 - name: remove load balancer 1015 elb_application_lb: 1016 name: "{{ ecs_load_balancer_name }}" 1017 state: absent 1018 wait: yes 1019 <<: *aws_connection_info 1020 ignore_errors: yes 1021 register: elb_application_lb_remove 1022 1023 - name: pause to allow target group to be disassociated 1024 pause: 1025 seconds: 30 1026 when: not elb_application_lb_remove is failed 1027 1028 - name: remove target groups 1029 elb_target_group: 1030 name: "{{ item }}" 1031 state: absent 1032 <<: *aws_connection_info 1033 with_items: 1034 - "{{ ecs_target_group_name }}1" 1035 - "{{ ecs_target_group_name }}2" 1036 ignore_errors: yes 1037 1038 - name: remove setup ec2 instance 1039 ec2_instance: 1040 instance_ids: '{{ setup_instance.instance_ids }}' 1041 state: absent 1042 wait: yes 1043 <<: *aws_connection_info 1044 ignore_errors: yes 1045 1046 - name: remove setup keypair 1047 ec2_key: 1048 name: '{{ resource_prefix }}_ecs_cluster' 1049 state: absent 1050 <<: *aws_connection_info 1051 ignore_errors: yes 1052 1053 - name: remove security groups 1054 ec2_group: 1055 name: '{{ item }}' 1056 description: 'created by Ansible integration tests' 1057 state: absent 1058 vpc_id: '{{ setup_vpc.vpc.id }}' 1059 <<: *aws_connection_info 1060 with_items: 1061 - "{{ resource_prefix }}-ecs-vpc-test-sg" 1062 - '{{ resource_prefix }}_ecs_cluster-sg' 1063 ignore_errors: yes 1064 1065 - name: remove IGW 1066 ec2_vpc_igw: 1067 state: absent 1068 vpc_id: '{{ setup_vpc.vpc.id }}' 1069 <<: *aws_connection_info 1070 ignore_errors: yes 1071 1072 - name: remove setup subnet 1073 ec2_vpc_subnet: 1074 az: '{{ aws_region }}{{ item.zone }}' 1075 vpc_id: '{{ setup_vpc.vpc.id }}' 1076 cidr: "{{ item.cidr}}" 1077 state: absent 1078 <<: *aws_connection_info 1079 with_items: 1080 - zone: a 1081 cidr: 10.0.1.0/24 1082 - zone: b 1083 cidr: 10.0.2.0/24 1084 ignore_errors: yes 1085 1086 - name: remove setup VPC 1087 ec2_vpc_net: 1088 cidr_block: 10.0.0.0/16 1089 state: absent 1090 name: '{{ resource_prefix }}_ecs_cluster' 1091 <<: *aws_connection_info 1092 ignore_errors: yes 1093 1094 - name: remove ECS cluster 1095 ecs_cluster: 1096 name: "{{ ecs_cluster_name }}" 1097 state: absent 1098 <<: *aws_connection_info 1099 ignore_errors: yes 1100