ansible/test/integration/targets/ecs_cluster/tasks/full_test.yml

1170 lines
41 KiB
YAML
Raw Normal View History

---
# tasks file for ecs_cluster
- block:
# ============================================================
- name: set up aws connection info
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: yes
- name: ensure IAM instance role exists
iam_role:
name: ecsInstanceRole
assume_role_policy_document: "{{ lookup('file','ec2-trust-policy.json') }}"
state: present
create_instance_profile: yes
managed_policy:
- AmazonEC2ContainerServiceforEC2Role
<<: *aws_connection_info
- name: ensure IAM service role exists
iam_role:
name: ecsServiceRole
assume_role_policy_document: "{{ lookup('file','ecs-trust-policy.json') }}"
state: present
create_instance_profile: no
managed_policy:
- AmazonEC2ContainerServiceRole
<<: *aws_connection_info
- name: ensure AWSServiceRoleForECS role exists
iam_role_info:
name: AWSServiceRoleForECS
<<: *aws_connection_info
register: iam_role_result
# FIXME: come up with a way to automate this
- name: fail if AWSServiceRoleForECS role does not exist
fail:
msg: >
Run `aws iam create-service-linked-role --aws-service-name=ecs.amazonaws.com ` to create
a linked role for AWS VPC load balancer management
when: not iam_role_result.iam_roles
- name: create an ECS cluster
ecs_cluster:
name: "{{ ecs_cluster_name }}"
state: present
<<: *aws_connection_info
register: ecs_cluster
- name: check that ecs_cluster changed
assert:
that:
- ecs_cluster.changed
- name: create same ECS cluster (should do nothing)
ecs_cluster:
name: "{{ ecs_cluster_name }}"
state: present
<<: *aws_connection_info
register: ecs_cluster_again
- name: check that ecs_cluster did not change
assert:
that:
- not ecs_cluster_again.changed
- name: create a VPC to work in
ec2_vpc_net:
cidr_block: 10.0.0.0/16
state: present
name: '{{ resource_prefix }}_ecs_cluster'
resource_tags:
Name: '{{ resource_prefix }}_ecs_cluster'
<<: *aws_connection_info
register: setup_vpc
- name: create a key pair to use for creating an ec2 instance
ec2_key:
name: '{{ resource_prefix }}_ecs_cluster'
state: present
<<: *aws_connection_info
when: ec2_keypair is not defined # allow override in cloud-config-aws.ini
register: setup_key
- name: create subnets
ec2_vpc_subnet:
az: '{{ ec2_region }}{{ item.zone }}'
tags:
Name: '{{ resource_prefix }}_ecs_cluster-subnet-{{ item.zone }}'
vpc_id: '{{ setup_vpc.vpc.id }}'
cidr: "{{ item.cidr }}"
state: present
<<: *aws_connection_info
register: setup_subnet
with_items:
- zone: a
cidr: 10.0.1.0/24
- zone: b
cidr: 10.0.2.0/24
- name: create an internet gateway so that ECS agents can talk to ECS
ec2_vpc_igw:
vpc_id: '{{ setup_vpc.vpc.id }}'
state: present
<<: *aws_connection_info
register: igw
- name: create a security group to use for creating an ec2 instance
ec2_group:
name: '{{ resource_prefix }}_ecs_cluster-sg'
description: 'created by Ansible integration tests'
state: present
vpc_id: '{{ setup_vpc.vpc.id }}'
rules: # allow all ssh traffic but nothing else
- ports: 22
cidr: 0.0.0.0/0
<<: *aws_connection_info
register: setup_sg
- name: find a suitable AMI
ec2_ami_info:
owner: amazon
filters:
description: "Amazon Linux AMI* ECS *"
<<: *aws_connection_info
register: ec2_ami_info
- name: set image id fact
set_fact:
ecs_image_id: "{{ (ec2_ami_info.images|first).image_id }}"
- name: provision ec2 instance to create an image
ec2_instance:
key_name: '{{ ec2_keypair|default(setup_key.key.name) }}'
instance_type: t2.micro
state: present
image_id: '{{ ecs_image_id }}'
wait: yes
user_data: "{{ user_data }}"
instance_role: ecsInstanceRole
tags:
Name: '{{ resource_prefix }}_ecs_agent'
security_group: '{{ setup_sg.group_id }}'
vpc_subnet_id: '{{ setup_subnet.results[0].subnet.id }}'
<<: *aws_connection_info
register: setup_instance
- name: create target group
elb_target_group:
name: "{{ ecs_target_group_name }}1"
state: present
protocol: HTTP
port: 8080
modify_targets: no
vpc_id: '{{ setup_vpc.vpc.id }}'
target_type: instance
<<: *aws_connection_info
register: elb_target_group_instance
- name: create second target group to use ip target_type
elb_target_group:
name: "{{ ecs_target_group_name }}2"
state: present
protocol: HTTP
port: 8080
modify_targets: no
vpc_id: '{{ setup_vpc.vpc.id }}'
target_type: ip
<<: *aws_connection_info
register: elb_target_group_ip
- name: create load balancer
elb_application_lb:
name: "{{ ecs_load_balancer_name }}"
state: present
scheme: internal
security_groups: '{{ setup_sg.group_id }}'
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
listeners:
- Protocol: HTTP
Port: 80
DefaultActions:
- Type: forward
TargetGroupName: "{{ ecs_target_group_name }}1"
- Protocol: HTTP
Port: 81
DefaultActions:
- Type: forward
TargetGroupName: "{{ ecs_target_group_name }}2"
<<: *aws_connection_info
- name: create task definition
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}"
state: present
<<: *aws_connection_info
register: ecs_task_definition
- name: recreate task definition
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}"
state: present
<<: *aws_connection_info
register: ecs_task_definition_again
- name: check that task definition does not change
assert:
that:
- not ecs_task_definition_again.changed
# FIXME: task definition should not change, will need #26752 or equivalent
ignore_errors: yes
- name: obtain ECS task definition facts
ecs_taskdefinition_info:
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
<<: *aws_connection_info
- name: create ECS service definition
ecs_service:
state: present
name: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
health_check_grace_period_seconds: "{{ ecs_service_health_check_grace_period }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
role: "ecsServiceRole"
<<: *aws_connection_info
register: ecs_service
- name: check that ECS service creation changed
assert:
that:
- ecs_service.changed
- name: create same ECS service definition (should not change)
ecs_service:
state: present
name: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
health_check_grace_period_seconds: "{{ ecs_service_health_check_grace_period }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
role: "ecsServiceRole"
<<: *aws_connection_info
register: ecs_service_again
- name: check that ECS service recreation changed nothing
assert:
that:
- not ecs_service_again.changed
# FIXME: service should not change, needs fixing
ignore_errors: yes
# FIXME: attempt to update service load balancer
- name: update ECS service definition (expected to fail)
ecs_service:
state: present
name: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
health_check_grace_period_seconds: "{{ ecs_service_health_check_grace_period }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port|int + 1 }}"
role: "ecsServiceRole"
<<: *aws_connection_info
register: update_ecs_service
ignore_errors: yes
- name: assert that updating ECS load balancer failed with helpful message
assert:
that:
- update_ecs_service is failed
- "'error' not in update_ecs_service"
- "'msg' in update_ecs_service"
- name: attempt to use ECS network configuration on task definition without awsvpc network_mode
ecs_service:
state: present
name: "{{ ecs_service_name }}3"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
<<: *aws_connection_info
register: ecs_service_network_without_awsvpc_task
ignore_errors: yes
- name: assert that using ECS network configuration with non AWSVPC task definition fails
assert:
that:
- ecs_service_network_without_awsvpc_task is failed
- name: scale down ECS service
ecs_service:
state: present
name: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 0
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
role: "ecsServiceRole"
<<: *aws_connection_info
register: ecs_service_scale_down
- name: pause to allow service to scale down
pause:
seconds: 60
- name: delete ECS service definition
ecs_service:
state: absent
name: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
<<: *aws_connection_info
register: delete_ecs_service
- name: assert that deleting ECS service worked
assert:
that:
- delete_ecs_service.changed
- name: assert that deleting ECS service worked
assert:
that:
- delete_ecs_service.changed
- name: create VPC-networked task definition with host port set to 0 (expected to fail)
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
state: present
network_mode: awsvpc
<<: *aws_connection_info
register: ecs_task_definition_vpc_no_host_port
ignore_errors: yes
- name: check that awsvpc task definition with host port 0 fails gracefully
assert:
that:
- ecs_task_definition_vpc_no_host_port is failed
- "'error' not in ecs_task_definition_vpc_no_host_port"
- name: create VPC-networked task definition with host port set to 8080
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
network_mode: awsvpc
state: present
<<: *aws_connection_info
vars:
ecs_task_host_port: 8080
register: ecs_task_definition_vpc_with_host_port
- name: obtain ECS task definition facts
ecs_taskdefinition_info:
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}"
<<: *aws_connection_info
register: ecs_taskdefinition_info
- name: assert that network mode is awsvpc
assert:
that:
- "ecs_taskdefinition_info.network_mode == 'awsvpc'"
- name: pause to allow service to scale down
pause:
seconds: 60
- name: delete ECS service definition
ecs_service:
state: absent
name: "{{ ecs_service_name }}4"
cluster: "{{ ecs_cluster_name }}"
<<: *aws_connection_info
register: delete_ecs_service
- name: create ECS service definition with network configuration
ecs_service:
state: present
name: "{{ ecs_service_name }}2"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_ip.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
<<: *aws_connection_info
register: create_ecs_service_with_vpc
- name: assert that network configuration is correct
assert:
that:
- "'networkConfiguration' in create_ecs_service_with_vpc.service"
- "'awsvpcConfiguration' in create_ecs_service_with_vpc.service.networkConfiguration"
- "create_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.subnets|length == 2"
- "create_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.securityGroups|length == 1"
- name: create dummy group to update ECS service with
ec2_group:
name: "{{ resource_prefix }}-ecs-vpc-test-sg"
description: "Test security group for ECS with VPC"
vpc_id: '{{ setup_vpc.vpc.id }}'
state: present
<<: *aws_connection_info
- name: update ECS service definition with new network configuration
ecs_service:
state: present
name: "{{ ecs_service_name }}2"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_ip.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- "{{ resource_prefix }}-ecs-vpc-test-sg"
<<: *aws_connection_info
register: update_ecs_service_with_vpc
- name: check that ECS service changed
assert:
that:
- update_ecs_service_with_vpc.changed
- "'networkConfiguration' in update_ecs_service_with_vpc.service"
- "'awsvpcConfiguration' in update_ecs_service_with_vpc.service.networkConfiguration"
- "update_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.subnets|length == 2"
- "update_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.securityGroups|length == 1"
- name: create ecs_service using health_check_grace_period_seconds
ecs_service:
name: "{{ ecs_service_name }}-mft"
cluster: "{{ ecs_cluster_name }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
scheduling_strategy: "REPLICA"
health_check_grace_period_seconds: 10
desired_count: 1
state: present
<<: *aws_connection_info
register: ecs_service_creation_hcgp
- name: health_check_grace_period_seconds sets HealthChecGracePeriodSeconds
assert:
that:
- ecs_service_creation_hcgp.changed
- "{{ecs_service_creation_hcgp.service.healthCheckGracePeriodSeconds}} == 10"
- name: update ecs_service using health_check_grace_period_seconds
ecs_service:
name: "{{ ecs_service_name }}-mft"
cluster: "{{ ecs_cluster_name }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 1
health_check_grace_period_seconds: 30
state: present
<<: *aws_connection_info
register: ecs_service_creation_hcgp2
ignore_errors: no
- name: check that module returns success
assert:
that:
- ecs_service_creation_hcgp2.changed
- "{{ecs_service_creation_hcgp2.service.healthCheckGracePeriodSeconds}} == 30"
# until ansible supports service registries, this test can't run.
# - name: update ecs_service using service_registries
# ecs_service:
# name: "{{ ecs_service_name }}-service-registries"
# cluster: "{{ ecs_cluster_name }}"
# load_balancers:
# - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
# containerName: "{{ ecs_task_name }}"
# containerPort: "{{ ecs_task_container_port }}"
# service_registries:
# - containerName: "{{ ecs_task_name }}"
# containerPort: "{{ ecs_task_container_port }}"
# ### TODO: Figure out how to get a service registry ARN without a service registry module.
# registryArn: "{{ ecs_task_service_registry_arn }}"
# task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
# desired_count: 1
# state: present
# <<: *aws_connection_info
# register: ecs_service_creation_sr
# ignore_errors: yes
# - name: dump sr output
# debug: var=ecs_service_creation_sr
# - name: check that module returns success
# assert:
# that:
# - ecs_service_creation_sr.changed
- name: update ecs_service using REPLICA scheduling_strategy
ecs_service:
name: "{{ ecs_service_name }}-replica"
cluster: "{{ ecs_cluster_name }}"
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
scheduling_strategy: "REPLICA"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 1
state: present
<<: *aws_connection_info
register: ecs_service_creation_replica
- name: obtain facts for all ECS services in the cluster
ecs_service_info:
cluster: "{{ ecs_cluster_name }}"
details: yes
events: no
<<: *aws_connection_info
register: ecs_service_info
- name: assert that facts are useful
assert:
that:
- "'services' in ecs_service_info"
- ecs_service_info.services | length > 0
- "'events' not in ecs_service_info.services[0]"
- name: obtain facts for existing service in the cluster
ecs_service_info:
cluster: "{{ ecs_cluster_name }}"
service: "{{ ecs_service_name }}"
details: yes
events: no
<<: *aws_connection_info
register: ecs_service_info
- name: assert that existing service is available and running
assert:
that:
- "ecs_service_info.services|length == 1"
- "ecs_service_info.services_not_running|length == 0"
- name: obtain facts for non-existent service in the cluster
ecs_service_info:
cluster: "{{ ecs_cluster_name }}"
service: madeup
details: yes
events: no
<<: *aws_connection_info
register: ecs_service_info
- name: assert that non-existent service is missing
assert:
that:
- "ecs_service_info.services_not_running[0].reason == 'MISSING'"
- name: obtain specific ECS service facts
ecs_service_info:
service: "{{ ecs_service_name }}2"
cluster: "{{ ecs_cluster_name }}"
details: yes
<<: *aws_connection_info
register: ecs_service_info
- name: check that facts contain network configuration
assert:
that:
- "'networkConfiguration' in ecs_service_info.services[0]"
- name: attempt to get facts from missing task definition
ecs_taskdefinition_info:
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_task_definition.taskdefinition.revision + 1}}"
<<: *aws_connection_info
# ============================================================
# Begin tests for Fargate
- name: ensure AmazonECSTaskExecutionRolePolicy exists
iam_role:
name: ecsTaskExecutionRole
assume_role_policy_document: "{{ lookup('file','ecs-trust-policy.json') }}"
description: "Allows ECS containers to make calls to ECR"
state: present
create_instance_profile: no
managed_policy:
- AmazonEC2ContainerServiceRole
<<: *aws_connection_info
register: iam_execution_role
- name: create Fargate VPC-networked task definition with host port set to 8080 and unsupported network mode (expected to fail)
ecs_taskdefinition:
containers: "{{ ecs_fargate_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
network_mode: bridge
launch_type: FARGATE
cpu: 512
memory: 1024
state: present
<<: *aws_connection_info
vars:
ecs_task_host_port: 8080
ignore_errors: yes
register: ecs_fargate_task_definition_bridged_with_host_port
- name: check that fargate task definition with bridged networking fails gracefully
assert:
that:
- ecs_fargate_task_definition_bridged_with_host_port is failed
- 'ecs_fargate_task_definition_bridged_with_host_port.msg == "To use FARGATE launch type, network_mode must be awsvpc"'
- name: create Fargate VPC-networked task definition without CPU or Memory (expected to Fail)
ecs_taskdefinition:
containers: "{{ ecs_fargate_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
network_mode: awsvpc
launch_type: FARGATE
state: present
<<: *aws_connection_info
ignore_errors: yes
register: ecs_fargate_task_definition_vpc_no_mem
- name: check that fargate task definition without memory or cpu fails gracefully
assert:
that:
- ecs_fargate_task_definition_vpc_no_mem is failed
- 'ecs_fargate_task_definition_vpc_no_mem.msg == "launch_type is FARGATE but all of the following are missing: cpu, memory"'
- name: create Fargate VPC-networked task definition with CPU or Memory and execution role
ecs_taskdefinition:
containers: "{{ ecs_fargate_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
network_mode: awsvpc
launch_type: FARGATE
cpu: 512
memory: 1024
execution_role_arn: "{{ iam_execution_role.arn }}"
state: present
<<: *aws_connection_info
vars:
ecs_task_host_port: 8080
register: ecs_fargate_task_definition
- name: obtain ECS task definition facts
ecs_taskdefinition_info:
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}"
<<: *aws_connection_info
- name: create fargate ECS service without network config (expected to fail)
ecs_service:
state: present
name: "{{ ecs_service_name }}4"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
launch_type: FARGATE
<<: *aws_connection_info
register: ecs_fargate_service_network_without_awsvpc
ignore_errors: yes
- name: assert that using Fargate ECS service fails
assert:
that:
- ecs_fargate_service_network_without_awsvpc is failed
- name: create fargate ECS service with network config
ecs_service:
state: present
name: "{{ ecs_service_name }}4"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}"
desired_count: 1
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
launch_type: FARGATE
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
assign_public_ip: true
<<: *aws_connection_info
register: ecs_fargate_service_network_with_awsvpc
- name: assert that public IP assignment is enabled
assert:
that:
- 'ecs_fargate_service_network_with_awsvpc.service.networkConfiguration.awsvpcConfiguration.assignPublicIp == "ENABLED"'
- name: create fargate ECS task with run task
ecs_task:
operation: run
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc"
launch_type: FARGATE
count: 1
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
assign_public_ip: true
started_by: ansible_user
<<: *aws_connection_info
register: fargate_run_task_output
# aws cli not installed in docker container; make sure it's installed.
- name: install awscli
pip:
state: present
name: awscli
- name: disable taskLongArnFormat
command: aws ecs put-account-setting --name taskLongArnFormat --value disabled
environment:
AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
AWS_SESSION_TOKEN: "{{ security_token | default('') }}"
AWS_DEFAULT_REGION: "{{ aws_region }}"
- name: create fargate ECS task with run task and tags (LF disabled) (should fail)
ecs_task:
operation: run
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc"
launch_type: FARGATE
count: 1
tags:
tag_key: tag_value
tag_key2: tag_value2
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
assign_public_ip: true
started_by: ansible_user
<<: *aws_connection_info
register: fargate_run_task_output_with_tags_fail
ignore_errors: yes
- name: enable taskLongArnFormat
command: aws ecs put-account-setting --name taskLongArnFormat --value enabled
environment:
AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
AWS_SESSION_TOKEN: "{{ security_token | default('') }}"
AWS_DEFAULT_REGION: "{{ aws_region }}"
- name: create fargate ECS task with run task and tags
ecs_task:
operation: run
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc"
launch_type: FARGATE
count: 1
tags:
tag_key: tag_value
tag_key2: tag_value2
network_configuration:
subnets: "{{ setup_subnet.results | json_query('[].subnet.id') }}"
security_groups:
- '{{ setup_sg.group_id }}'
assign_public_ip: true
started_by: ansible_user
<<: *aws_connection_info
register: fargate_run_task_output_with_tags
# ============================================================
# End tests for Fargate
- name: create task definition for absent with arn regression test
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}-absent"
state: present
<<: *aws_connection_info
register: ecs_task_definition_absent_with_arn
- name: absent task definition by arn
ecs_taskdefinition:
arn: "{{ ecs_task_definition_absent_with_arn.taskdefinition.taskDefinitionArn }}"
state: absent
<<: *aws_connection_info
always:
# TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc
- name: Announce teardown start
debug:
msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****"
- name: obtain ECS service facts
ecs_service_info:
service: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
details: yes
<<: *aws_connection_info
register: ecs_service_info
- name: scale down ECS service
ecs_service:
state: present
name: "{{ ecs_service_name }}"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_service_info.services[0].taskDefinition }}"
desired_count: 0
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
load_balancers:
- targetGroupArn: "{{ ecs_service_info.services[0].loadBalancers[0].targetGroupArn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
<<: *aws_connection_info
ignore_errors: yes
register: ecs_service_scale_down
- name: obtain second ECS service facts
ecs_service_info:
service: "{{ ecs_service_name }}2"
cluster: "{{ ecs_cluster_name }}"
details: yes
<<: *aws_connection_info
ignore_errors: yes
register: ecs_service_info
- name: scale down second ECS service
ecs_service:
state: present
name: "{{ ecs_service_name }}2"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_service_info.services[0].taskDefinition }}"
desired_count: 0
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
placement_strategy: "{{ ecs_service_placement_strategy }}"
load_balancers:
- targetGroupArn: "{{ ecs_service_info.services[0].loadBalancers[0].targetGroupArn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
<<: *aws_connection_info
ignore_errors: yes
register: ecs_service_scale_down
- name: scale down multifunction-test service
ecs_service:
name: "{{ ecs_service_name }}-mft"
cluster: "{{ ecs_cluster_name }}"
state: present
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 0
<<: *aws_connection_info
ignore_errors: yes
register: ecs_service_scale_down
- name: scale down scheduling_strategy service
ecs_service:
name: "{{ ecs_service_name }}-replica"
cluster: "{{ ecs_cluster_name }}"
state: present
load_balancers:
- targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
containerName: "{{ ecs_task_name }}"
containerPort: "{{ ecs_task_container_port }}"
task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
desired_count: 0
<<: *aws_connection_info
ignore_errors: yes
register: ecs_service_scale_down
# until ansible supports service registries, the test for it can't run and this
# scale down is not needed
# - name: scale down service_registries service
# ecs_service:
# name: "{{ ecs_service_name }}-service-registries"
# cluster: "{{ ecs_cluster_name }}"
# state: present
# load_balancers:
# - targetGroupArn: "{{ elb_target_group_instance.target_group_arn }}"
# containerName: "{{ ecs_task_name }}"
# containerPort: "{{ ecs_task_container_port }}"
# task_definition: "{{ ecs_task_name }}:{{ ecs_task_definition.taskdefinition.revision }}"
# desired_count: 0
# <<: *aws_connection_info
# ignore_errors: yes
# register: ecs_service_scale_down
- name: scale down Fargate ECS service
ecs_service:
state: present
name: "{{ ecs_service_name }}4"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ ecs_task_name }}-vpc:{{ ecs_fargate_task_definition.taskdefinition.revision }}"
desired_count: 0
deployment_configuration: "{{ ecs_service_deployment_configuration }}"
<<: *aws_connection_info
ignore_errors: yes
register: ecs_service_scale_down
- name: stop Fargate ECS task
ecs_task:
task: "{{ fargate_run_task_output.task[0].taskArn }}"
task_definition: "{{ ecs_task_name }}-vpc"
operation: stop
cluster: "{{ ecs_cluster_name }}"
<<: *aws_connection_info
ignore_errors: yes
- name: stop Fargate ECS task
ecs_task:
task: "{{ fargate_run_task_output_with_tags.task[0].taskArn }}"
task_definition: "{{ ecs_task_name }}-vpc"
operation: stop
cluster: "{{ ecs_cluster_name }}"
<<: *aws_connection_info
ignore_errors: yes
- name: pause to allow services to scale down
pause:
seconds: 60
when: ecs_service_scale_down is not failed
- name: remove ecs service
ecs_service:
state: absent
cluster: "{{ ecs_cluster_name }}"
name: "{{ ecs_service_name }}"
<<: *aws_connection_info
ignore_errors: yes
- name: remove second ecs service
ecs_service:
state: absent
cluster: "{{ ecs_cluster_name }}"
name: "{{ ecs_service_name }}2"
<<: *aws_connection_info
ignore_errors: yes
- name: remove mft ecs service
ecs_service:
state: absent
cluster: "{{ ecs_cluster_name }}"
name: "{{ ecs_service_name }}-mft"
<<: *aws_connection_info
ignore_errors: yes
- name: remove scheduling_strategy ecs service
ecs_service:
state: absent
cluster: "{{ ecs_cluster_name }}"
name: "{{ ecs_service_name }}-replica"
<<: *aws_connection_info
ignore_errors: yes
# until ansible supports service registries, the test for it can't run and this
# removal is not needed
# - name: remove service_registries ecs service
# ecs_service:
# state: absent
# cluster: "{{ ecs_cluster_name }}"
# name: "{{ ecs_service_name }}-service-registries"
# <<: *aws_connection_info
# ignore_errors: yes
- name: remove fargate ECS service
ecs_service:
state: absent
name: "{{ ecs_service_name }}4"
cluster: "{{ ecs_cluster_name }}"
<<: *aws_connection_info
ignore_errors: yes
register: ecs_fargate_service_network_with_awsvpc
- name: remove ecs task definition
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}"
revision: "{{ ecs_task_definition.taskdefinition.revision }}"
state: absent
<<: *aws_connection_info
vars:
ecs_task_host_port: 8080
ignore_errors: yes
- name: remove ecs task definition again
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}"
revision: "{{ ecs_task_definition_again.taskdefinition.revision }}"
state: absent
<<: *aws_connection_info
vars:
ecs_task_host_port: 8080
ignore_errors: yes
- name: remove second ecs task definition
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
revision: "{{ ecs_task_definition_vpc_with_host_port.taskdefinition.revision }}"
state: absent
<<: *aws_connection_info
vars:
ecs_task_host_port: 8080
ignore_errors: yes
- name: remove fargate ecs task definition
ecs_taskdefinition:
containers: "{{ ecs_fargate_task_containers }}"
family: "{{ ecs_task_name }}-vpc"
revision: "{{ ecs_fargate_task_definition.taskdefinition.revision }}"
state: absent
<<: *aws_connection_info
ignore_errors: yes
- name: remove ecs task definition for absent with arn
ecs_taskdefinition:
containers: "{{ ecs_task_containers }}"
family: "{{ ecs_task_name }}-absent"
revision: "{{ ecs_task_definition_absent_with_arn.taskdefinition.revision }}"
state: absent
<<: *aws_connection_info
ignore_errors: yes
- name: remove load balancer
elb_application_lb:
name: "{{ ecs_load_balancer_name }}"
state: absent
wait: yes
<<: *aws_connection_info
ignore_errors: yes
register: elb_application_lb_remove
- name: pause to allow target group to be disassociated
pause:
seconds: 30
when: not elb_application_lb_remove is failed
- name: remove target groups
elb_target_group:
name: "{{ item }}"
state: absent
<<: *aws_connection_info
with_items:
- "{{ ecs_target_group_name }}1"
- "{{ ecs_target_group_name }}2"
ignore_errors: yes
- name: remove setup ec2 instance
ec2_instance:
instance_ids: '{{ setup_instance.instance_ids }}'
state: absent
wait: yes
<<: *aws_connection_info
ignore_errors: yes
- name: remove setup keypair
ec2_key:
name: '{{ resource_prefix }}_ecs_cluster'
state: absent
<<: *aws_connection_info
ignore_errors: yes
- name: remove security groups
ec2_group:
name: '{{ item }}'
description: 'created by Ansible integration tests'
state: absent
vpc_id: '{{ setup_vpc.vpc.id }}'
<<: *aws_connection_info
with_items:
- "{{ resource_prefix }}-ecs-vpc-test-sg"
- '{{ resource_prefix }}_ecs_cluster-sg'
ignore_errors: yes
- name: remove IGW
ec2_vpc_igw:
state: absent
vpc_id: '{{ setup_vpc.vpc.id }}'
<<: *aws_connection_info
ignore_errors: yes
- name: remove setup subnet
ec2_vpc_subnet:
az: '{{ aws_region }}{{ item.zone }}'
vpc_id: '{{ setup_vpc.vpc.id }}'
cidr: "{{ item.cidr}}"
state: absent
<<: *aws_connection_info
with_items:
- zone: a
cidr: 10.0.1.0/24
- zone: b
cidr: 10.0.2.0/24
ignore_errors: yes
- name: remove setup VPC
ec2_vpc_net:
cidr_block: 10.0.0.0/16
state: absent
name: '{{ resource_prefix }}_ecs_cluster'
<<: *aws_connection_info
ignore_errors: yes
- name: remove ECS cluster
ecs_cluster:
name: "{{ ecs_cluster_name }}"
state: absent
<<: *aws_connection_info
ignore_errors: yes