Skip to content

inviqa/ansible-digitalocean-floating-ip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
defaults
defaults
 
 
meta
meta
 
 
tasks
tasks
 
 
tests
tests
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 
travis_rsa.enc
travis_rsa.enc
 
 

Repository files navigation

DigitalOcean Role for Ansible to assign Floating IP to droplets

This role assign an existing DigitalOcean Floating IP to an existing droplet making use of the DigitalOcean API.

It also sets up iptables to:

  • route all traffic through Digital Ocean Anchor IP
  • route all SMTP traffic through the Droplet static IP

The iptables will be by default set up via the geerlingguy.firewall Galaxy role. You will need to add such firewall role to your playbook, which will grant that the iptables rules will be persistent through the lifecycle of your droplet.

In case you do not want to make use of the geerlingguy.firewall Galaxy role you can disable it setting to false:

digital_ocean_use_firewall: false

With that the iptables will be set as raw iptables via Ansible's core iptables module, but they won't be persistent through the Droplet lifecycle (i.e. if the Droplet is restarted you will lose the iptables rules)

Role Variables

digital_ocean_api_base_url

Default: 'https://api.digitalocean.com/v2/floating_ips/'

digital_ocean_metadata_anchor_ipv4_url

Default:'http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address'

digital_ocean_api_token

Default: [enc_do_v2_api_key]

The API key as shown in the DigitalOcean's API Settings. To be retrieved from DigitalOcean portal.

To be stored in an Ansible Vault. It's very high-sensitivity Information.

digital_ocean_droplet_id

Default: {{ do.droplet.id }}

digital_ocean_floating_ip

Default: none This is a mandatory variable and is supposed to be set in the host_vars file for the specific host you want to assign the Floating IP to (because a Floating IP can be associated to only one host at time), in this way you can associate multiple Floating IP to distinct Droplets.

digital_ocean_smtp_ports

Default: ["25","465","587","2525","2526"] This parameter is necessary and mandatory to be able to set up the proper iptables post-routing statements to SMTP traffic

digital_ocean_iptables_temp_file

Default: "/tmp/iptables.save" This parameter is necessary and mandatory in the process to temporarily disable the iptables to obtain the DO Anchor IP and also during the testing process

digital_ocean_use_firewall

Default: true This parameter is necessary and mandatory to define how the iptables will be used: via a firewall role or via raw iptables

digital_ocean_use_sudo

Default: false This parameter is necessary and mandatory to define if the become parameter as to be used when managing firewall or iptables. not necessary if setting ansible_user: root

Example Playbook

---
- hosts: production
  roles:
     - { role: inviqa.digitalocean-floating-ip, digital_ocean_api_token: 'abcdef012234343' }

- hosts: specific_host_name
  vars:
    digital_ocean_floating_ip: "123.456.678.90"
...

TODO

License

MIT

Author Information

Author Marco Massari Calderone at Inviqa UK Ltd

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

18 watching

Forks

0 forks
Report repository

Releases 3

introduce use of `become` Latest
Sep 6, 2018
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •