Google Git
Sign in
edge/private-cloud-ansible-playbooks/apigee-opdk-playbook-samples/3b2b7eb3650504f5ea111319b9fbf8a4bb6e2316^!/.
commit
3b2b7eb3650504f5ea111319b9fbf8a4bb6e2316
[log] [tgz]
author
carlosfrias <cfrias@apigee.com>
Sun Oct 30 14:00:17 2016 -0400
committer
carlosfrias <cfrias@apigee.com>
Sun Oct 30 14:00:17 2016 -0400
tree
3839e04533957f5bb50c8669b99bfe7f124d5a3e
parent
4ad481389e2b2d96ae8ace3daa495aaafce73ce7 [diff]
updated security group management

diff --git a/environments/aws/aws_create.yml b/environments/aws/aws_create.yml
index f2500e0..778e697 100644
--- a/environments/aws/aws_create.yml
+++ b/environments/aws/aws_create.yml

@@ -16,6 +16,9 @@
   - name: "Load operating system"
     include_vars: "os/{{ os_selection }}.yml"
 
+  - name: "Load security group settings"
+    include_vars: "security/{{ security_group }}.yml"
+
   roles:
   - apigee-opdk-aws-security-group
   - apigee-opdk-aws-create

diff --git a/environments/aws/profiles/edge-1601.yml b/environments/aws/profiles/edge-1601.yml
index ccdb1c0..ad32ce3 100644
--- a/environments/aws/profiles/edge-1601.yml
+++ b/environments/aws/profiles/edge-1601.yml

@@ -5,34 +5,3 @@
 session_name: edge-1601-dc
 application: edge
 pod: NA
-security_group: OPDK
-rules:
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 80
-    to_port: 80
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 9000
-    to_port: 9010
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 8080
-    to_port: 8080
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 22
-    to_port: 22
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 443
-    to_port: 443
-rules_egress:
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 80
-    to_port: 80
-  - proto: tcp
-    cidr_ip: 172.16.0.0/12
-    from_port: 0
-    to_port: 65535

diff --git a/environments/aws/profiles/edgemicro-1601.yml b/environments/aws/profiles/edgemicro-1601.yml
index 1bd9daa..f17fa83 100644
--- a/environments/aws/profiles/edgemicro-1601.yml
+++ b/environments/aws/profiles/edgemicro-1601.yml

@@ -6,46 +6,3 @@
 application: edgemicro
 pod: NA
 env: edgemicro
-security_group: EDGEMICRO
-rules:
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 80
-    to_port: 80
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 9000
-    to_port: 9010
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 8080
-    to_port: 8080
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 22
-    to_port: 22
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 443
-    to_port: 443
-  - proto: tcp
-    cidr_ip: 172.16.0.0/12
-    from_port: 0
-    to_port: 65535
-rules_egress:
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 80
-    to_port: 80
-  - proto: all
-    cidr_ip: 172.16.0.0/12
-    from_port: 0
-    to_port: 65535
-  - proto: tcp
-    cidr_ip: 0.0.0.0/0
-    from_port: 443
-    to_port: 443
-  - proto: udp
-    cidr_ip: 0.0.0.0/0
-    from_port: 123
-    to_port: 123

diff --git a/environments/aws/remove-security-group.yml b/environments/aws/remove-security-group.yml
index fb524c0..528b747 100644
--- a/environments/aws/remove-security-group.yml
+++ b/environments/aws/remove-security-group.yml

@@ -5,6 +5,11 @@
   - ~/.apigee/credentials.yml
 
   pre_tasks:
+  - name: Refresh setup
+    setup:
+
+  - name: Refresh EC2_facts
+    ec2_facts:
 
   roles:
-  - { role: apigee-opdk-aws-security-group, ec2_group_state: absent }
+  - { role: apigee-opdk-aws-security-group, ec2_group_state: absent, security_group: '{{ security_group }}' }

diff --git a/environments/aws/security/EDGEMICRO.yml b/environments/aws/security/EDGEMICRO.yml
new file mode 100644
index 0000000..943e56a
--- /dev/null
+++ b/environments/aws/security/EDGEMICRO.yml

@@ -0,0 +1,49 @@
+---
+security_group: EDGEMICRO
+security_group_description: Security group for Edgemicro
+rules:
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 80
+    to_port: 80
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 9000
+    to_port: 9010
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 8080
+    to_port: 8080
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 22
+    to_port: 22
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 443
+    to_port: 443
+  - proto: tcp
+    cidr_ip: 172.16.0.0/12
+    from_port: 0
+    to_port: 65535
+rules_egress:
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 80
+    to_port: 80
+  - proto: all
+    cidr_ip: 172.16.0.0/12
+    from_port: 0
+    to_port: 65535
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 443
+    to_port: 443
+  - proto: tcp
+    cidr_ip: 172.16.0.0/12
+    from_port: 22
+    to_port: 22
+  - proto: udp
+    cidr_ip: 0.0.0.0/0
+    from_port: 123
+    to_port: 123

diff --git a/environments/aws/security/OPDK.yml b/environments/aws/security/OPDK.yml
new file mode 100644
index 0000000..f984c03
--- /dev/null
+++ b/environments/aws/security/OPDK.yml

@@ -0,0 +1,45 @@
+---
+security_group: OPDK
+security_group_description: Default OPDK ports
+rules:
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 80
+    to_port: 80
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 9000
+    to_port: 9010
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 8080
+    to_port: 8080
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 22
+    to_port: 22
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 443
+    to_port: 443
+rules_egress:
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 80
+    to_port: 80
+  - proto: tcp
+    cidr_ip: 172.16.0.0/12
+    from_port: 0
+    to_port: 65535
+  - proto: tcp
+    cidr_ip: 0.0.0.0/0
+    from_port: 443
+    to_port: 443
+  - proto: tcp
+    cidr_ip: 172.16.0.0/12
+    from_port: 22
+    to_port: 22
+  - proto: udp
+    cidr_ip: 0.0.0.0/0
+    from_port: 123
+    to_port: 123

diff --git a/environments/aws/security/OPDK_WITH_MIRROR.yml b/environments/aws/security/OPDK_WITH_MIRROR.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/environments/aws/security/OPDK_WITH_MIRROR.yml

@@ -0,0 +1 @@
+---