-
Notifications
You must be signed in to change notification settings - Fork 0
/
launchGateway.yml
81 lines (73 loc) · 2.58 KB
/
launchGateway.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
---
- hosts: localhost # put localhost. We are processing against aws
connection: local # put local. We are processing against aws
gather_facts: False # don't gather facts against localhost
tasks:
- name: Get AMI Image ID for Gateway
ec2_ami_info:
region: "{{ region }}"
filters:
name: "Check Point*IaaS GW BYOL*{{ cp_version }}*"
register: amis
- name: print Gateway ami id
vars:
gateway_ami: >
{{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }}
debug:
msg: "{{gateway_ami.image_id}}"
register: gateway_ami
- name: Create new ENI Interface for Gateway External Network
ec2_eni:
region: "{{ region }}"
security_groups: "{{ security_group_default.group_id }}"
private_ip_address: "{{ gateway_net1_ip }}"
subnet_id: "{{ subnet1.subnet.id }}"
source_dest_check: no
register: External_ENI
- name: Create new ENI Interface for Gateway Internal Network
ec2_eni:
region: "{{ region }}"
security_groups: "{{ security_group_default.group_id }}"
private_ip_address: "{{ gateway_net2_ip }}"
subnet_id: "{{ subnet2.subnet.id }}"
source_dest_check: no
register: Internal_ENI
- name: launche Gateway
ec2:
region: "{{ region }}"
image: "{{ gateway_ami.msg }}"
instance_type: "{{ gateway_hw }}"
network_interfaces: [ "{{ External_ENI.interface.id }}", "{{ Internal_ENI.interface.id }}" ]
wait: yes
key_name: "{{ keypairName }}"
instance_tags:
Name: CP_Gateway{{ cp_version }}
user_data: "{{gateway_user_data}}"
register: GatewayInstance
- name: associate a new elastic IP to external Gateway Interface
ec2_eip:
region: "{{ region }}"
in_vpc: yes
release_on_disassociation: true
reuse_existing_ip_allowed: true
device_id: "{{ External_ENI.interface.id }}"
register: eip
- name: edit ENI Interface for Gateway External Network
ec2_eni:
region: "{{ region }}"
eni_id: "{{External_ENI.interface.id}}"
delete_on_termination: yes
- name: edit ENI Interface for Gateway Internal Network
ec2_eni:
region: "{{ region }}"
eni_id: "{{Internal_ENI.interface.id}}"
delete_on_termination: yes
- name: set default Route of HP Network to internal Gateway Interface
ec2_vpc_route_table:
region: "{{ region }}"
vpc_id: "{{ vpc_id }}"
subnets:
- "{{ subnet2.subnet.id }}"
routes:
- dest: 0.0.0.0/0
network_interface_id: "{{Internal_ENI.interface.id}}"