ansible/oe-stack.yaml from emory-libraries/dlp-selfdeposit

ansible/oe-stack.yaml
Summary

Maintainability

Test Coverage

Issues
---
- name: create cloudformation resources
  hosts: localhost
  tasks:
  - name: Create the Open Emory ec2s
    cloudformation: 
      stack_name: "ansible-OE-cloudformation-{{ ENV }}"
      disable_rollback: true
      state: "{{ STATE }}"
      region: "us-east-1"
      template: "files/fedora-depo-ec2.yaml"
      template_parameters:
        EnvironmentParameter: "{{ ENV }}"  
    register: ec2
  - name: create correct target group for fedora instance
    elb_target_group:
      name: "oe24-fedora-{{ ENV }}-instances"
      protocol: http
      port: 8080
      vpc_id: vpc-08bd68a1c66222de4
      state: "{{ STATE }}"
    when: STATE != 'absent'
  - name: create correct target group for hyrax instance
    elb_target_group:
      name: "oe24-hyrax-{{ ENV }}-instances"
      protocol: http
      port: 80
      vpc_id: vpc-08bd68a1c66222de4
      state: "{{ STATE }}"
    when: STATE != 'absent'
  - name: add to correct target group
    community.aws.elb_target:
      target_group_name: "oe24-fedora-{{ ENV }}-instances"
      target_id: "{{ ec2.stack_resources[1].physical_resource_id }}"
      state: "{{ STATE }}"
      target_port: 8080
    when: STATE != 'absent'
  - name: add hyrax to correct target group
    community.aws.elb_target:
      target_group_name: "oe24-hyrax-{{ ENV }}-instances"
      target_id: "{{ ec2.stack_resources[2].physical_resource_id }}"
      state: "{{ STATE }}"
      target_port: 80
    when: STATE != 'absent'
  - name: empty buckets if necessary
    s3_bucket:
      name: "fedora-depo-{{ ENV }}-binaries"
      state: absent
      force: true 
    when: STATE != 'present'
  - name: empty backup buckets if necessary
    s3_bucket:
      name: "backup-fedora-depo-{{ ENV }}-binaries"
      state: absent
      force: true
    when: STATE != 'present'
  - name: create s3 backup
    cloudformation:
      stack_name: "ansible-OE-cloudformation-{{ENV}}-s3"
      disable_rollback: true
      state: "{{ STATE }}"
      region: "us-west-2"
      template: "files/fedora-depo-s3.yaml"
      template_parameters:
        EnvironmentParameter: "{{ ENV }}"
        BackupParameter: 'true' 
  - name: create main s3 bucket with replication
    cloudformation:
      stack_name: "ansible-OE-cloudformation-{{ ENV }}-s3"
      disable_rollback: true
      state: "{{ STATE }}"
      region: "us-east-1"  
      template: "files/fedora-depo-s3.yaml"
      template_parameters:
        EnvironmentParameter: "{{ ENV }}"
        BackupParameter: 'false'
  - name: create s3 policy 
    template: 
      src: files/bucketpolicy.json.j2
      dest: "files/bucketpolicy.json" 
  - name: assign policy because cloudformation breaks
    s3_bucket:
      name: "fedora-depo-{{ ENV }}-binaries" 
      policy: "{{ lookup('file','files/bucketpolicy.json') }}"   
    when: STATE != 'absent'
  - name: clean up policy file
    file:
      path: files/bucketpolicy.json
      state: absent
  - name: create rds
    cloudformation:
      stack_name: "ansible-OE-cloudformation-{{ ENV }}-rds"
      disable_rollback: true
      state: "{{ STATE }}"
      region: "us-east-1"
      template: "files/fedora-depo-rds.yaml"
      template_parameters:
        EnvironmentParameter: "{{ ENV }}"
        MasterPassParameter: "{{ lookup('amazon.aws.aws_secret','postgres-for-self-deposit-{{ ENV }}.postgres', nested=true) }}"
    timeout: 900 
  - name: Get RDS info
    rds_instance_info:
      db_instance_identifier: "fedora-depo-{{ ENV  }}"
    register: db_info
    when: STATE != 'absent'
  - name: create User for DB
    community.postgresql.postgresql_user:
      db: "oe24{{ ENV }}"
      name: "oe24{{ ENV }}"
      password: "{{ lookup('amazon.aws.aws_secret','oe24-{{ ENV }}-dbuser-password.password',nested=true) }}"
      login_user: postgres
      login_password: "{{ lookup('amazon.aws.aws_secret','postgres-for-self-deposit-{{ ENV }}.postgres', nested=true) }}"
      login_host: "{{ db_info.instances[0].endpoint.address }}"
      #ssl_mode: require
    when: STATE != 'absent'
  - name: grant privs
    community.postgresql.postgresql_privs:
      login_user: postgres
      login_password: "{{ lookup('amazon.aws.aws_secret','postgres-for-self-deposit-{{ ENV }}.postgres', nested=true) }}"
      login_host: "{{ db_info.instances[0].endpoint.address }}"
      db: "oe24{{ ENV }}"
      role: "oe24{{ ENV }}"
      objs: ALL_IN_SCHEMA
      privs: CREATE
      type: database
      objs: "oe24{{ ENV }}"
    when: STATE != 'absent'
  - name: grant schema privs
    community.postgresql.postgresql_privs:
      login_user: postgres
      login_password: "{{ lookup('amazon.aws.aws_secret','postgres-for-self-deposit-{{ ENV }}.postgres', nested=true) }}"
      login_host: "{{ db_info.instances[0].endpoint.address }}"
      db: "oe24{{ ENV }}"
      role: "oe24{{ ENV }}"
      privs: all
      objs: ALL_IN_SCHEMA
      schema: public
    when: STATE != 'absent'
  - name: create Redis node
    cloudformation:
      stack_name: "ansible-OE-cloudformation-redis-{{ ENV }}"
      disable_rollback: true
      state: "{{ STATE }}"
      region: "us-east-1"
      template: "files/fedora-depo-redis.yaml"
      template_parameters:
        EnvironmentParameter: "{{ ENV }}"