main.yml.md

The source files for this tutorial can be downloaded from its GitHub repository, or cloned into your current working directory using the command git clone https://github.com/ionos-cloud/module-ansible.git before changing into the module-ansible/docs/tutorials/03__jumpbox_with_internal_server sub-directory.

01__create_jumpbox_and_nlb.yml
---
# The following host and connection specs are mandatory as the IONOS Cloud
# Ansible module is 'proxied' via localhost
- hosts: localhost
  connection: local
  gather_facts: false

  vars_files:
    - ../vars.yml

  vars:
    - datacenter_name: Ansible Tutorials - Jumpbox with Internal Server
    - jumpbox_name:    Jumpbox
    - cube_size:       CUBES XS
    - int_server_name: Example internal server




  tasks:
    # =======================================================================
    - name: Display EULA
      ansible.builtin.pause:
        prompt: "{{ IONOS_UNSUPPORTED_EULA }}"
      register: INTERACTIVE_EULA_ACCEPTED
      when: IONOS_UNSUPPORTED_EULA_ACCEPTED != "yes"


    - name: Confirm acceptance of EULA
      ansible.builtin.assert:
        that:
          - IONOS_UNSUPPORTED_EULA_ACCEPTED == "yes" or INTERACTIVE_EULA_ACCEPTED.user_input == "yes"  




    # =======================================================================
    - name: Create the datacenter '{{ datacenter_name }}' in {{ location }}
      ionoscloudsdk.ionoscloud.datacenter:
        name: "{{ datacenter_name }}"
        location: "{{ location }}"
        state: present
      register: datacenter_response




    - name: Create a temporary ssh-key-pair so we can connect to the 'internal server' via the jumpbox
      ansible.builtin.shell:
        cmd: ssh-keygen -t rsa -b 4096 -f temporary_id_rsa -N "" || true




    # =======================================================================
    # See https://docs.ionos.com/ansible/api/compute-engine/cube_template
    - name: Retrieve Cube templates
      ionoscloudsdk.ionoscloud.cube_template_info:
        filters: "{ 'properties.name': '{{ cube_size }}' }"
      register: template_list


    # See https://docs.ionos.com/ansible/api/compute-engine/cube_server
    - name: Provision a minimal Cube Jumpbox
      ionoscloudsdk.ionoscloud.cube_server:
        datacenter: "{{ datacenter_name }}"
        name: "{{ jumpbox_name }}"
        template_uuid: "{{ template_list.cube_templates[0].id }}"
        disk_type: DAS
        image: "{{ image_alias }}"
        image_password: "{{ default_password }}"
        ssh_keys:
          - "{{ ssh_public_key }}"
        assign_public_ip: true

        state: present
        wait: true
        wait_timeout: "{{ wait_timeout }}"
      register: create_cube_response


    - name: Create a second, internal LAN within '{{ datacenter_name }}'
      ionoscloudsdk.ionoscloud.lan:
        datacenter: "{{ datacenter_response.datacenter.properties.name }}"
        name: "internal"
        public: false
      register: create_second_lan_response


    - name: Create a second NIC for the Jumpbox
      ionoscloudsdk.ionoscloud.nic:
        datacenter: "{{ datacenter_name }}"
        name: "{{ jumpbox_name }}.eth1"
        server: "{{ jumpbox_name }}"
        lan: "{{ create_second_lan_response.lan.id }}"
        ips:
          - 192.168.16.16
        dhcp: true

        state: present
        wait: true
        wait_timeout: "{{ wait_timeout }}"




    - name: Create the server '{{ int_server_name }}'
      ionoscloudsdk.ionoscloud.server:
        datacenter: "{{ datacenter_name }}"
        name: "{{ int_server_name }}"
        cores: "1"
        ram: "1024"
        cpu_family: "{{ datacenter_response.datacenter.properties.cpu_architecture[0].cpu_family }}"
        disk_type: HDD
        volume_size: "5"
        image: "{{ image_alias }}"
        image_password: "{{ default_password }}"
        ssh_keys:
          - "{{ ssh_public_key }}"
          - "{{ lookup('file', 'temporary_id_rsa.pub') }}"
        lan: "{{ create_second_lan_response.lan.id }}"
        nic_ips:
          - 192.168.16.17
        user_data: "{{ lookup('file', 'cloud-init.txt') | string | b64encode }}"

        state: present
        wait: true
        wait_timeout: "{{ wait_timeout }}"
      register: create_server_response




    # Create a 'local' ssh_config' file for the hosts in this example using the
    # ansible.builtin.template module and a very simple Jinja template file
    - name: Create a local ssh_config file
      ansible.builtin.template:
        src: templates/ssh_config.j2
        dest: ssh_config


    # There are several ways we could 'create' this file (including by using
    # the ansible.builtin.blockinfile or .copy modules, or just by creating a
    # simple, static .yml file), but we've opted for the following to show
    # how one can use HEREDOCs with the ansible.builtin.shell module
    - name: Create a local / 'nested' Ansible inventory.yml file
      ansible.builtin.shell:
        cmd: |
          (cat <<EOF
          ---
          gateways:
            hosts:
              jumpbox:


          internal_hosts:
            hosts:
              internal:


          all:
            vars:
              ansible_ssh_common_args: "-F ssh_config"
          EOF
          ) > inventory.yml


    - name: Delete any pre-existing ssh_known_hosts_tmp file
      ansible.builtin.shell: rm -f ssh_known_hosts_tmp


    # While one would, ordinarily, use, e.g., ansible.builtin.copy, in _this_ case
    # --- i.e. because we're using 'hosts: localhost, connection: local' rather
    # than connecting to the remote hosts --- it's arguably simpler to just scp
    # the file in question over to the jumpbox
    - name: Copy temporary ssh private key to the jumpbox
      ansible.builtin.shell: scp -F ssh_config temporary_id_rsa jumpbox:/root/.ssh/id_rsa




    # =======================================================================
    - name: Provisioning done, print next steps
      ansible.builtin.debug:
        msg:
          - "Both servers successfully provisioned. To connect to the jumpbox, run:"
          - "    ssh -F ssh_config jumpbox"
          - "To connect to the internal server _via_ the jumpbox, use the command:"
          - "    ssh -F ssh_config internal"
          - "And to run the configure-internal-server.yml on the _internal_ server, run:"
          - "    ansible-playbook -i inventory.yml configure-internal-server.yml"




    # =======================================================================
    - name: Wait for user confirmation
      ansible.builtin.pause:
        prompt: "End of example. Press <Enter> when you are ready for the contents of {{ datacenter_name }} to be deleted..."


    - name: Delete the datacenter '{{ datacenter_name }}' and everything contained therein
      ionoscloudsdk.ionoscloud.datacenter:
        datacenter: "{{ datacenter_response.datacenter.id }}"
        state: absent


    - name: And delete any 'temporary' or run-time files that might cause problems between iterations
      ansible.builtin.file:
        path: "{{ item }}"
        state: absent
      with_items:
        - inventory.yml
        - ssh_config
        - ssh_known_hosts_tmp
        - temporary_id_rsa
        - temporary_id_rsa.pub

Last updated