This role assign an existing DigitalOcean Floating IP to an existing droplet making use of the DigitalOcean API.
It also sets up iptables
to:
- route all traffic through Digital Ocean Anchor IP
- route all SMTP traffic through the Droplet static IP
The iptables
will be by default set up via the geerlingguy.firewall
Galaxy role.
You will need to add such firewall
role to your playbook, which will grant that the iptables
rules will be persistent through the lifecycle of your droplet.
In case you do not want to make use of the geerlingguy.firewall
Galaxy role you can disable it setting to false:
digital_ocean_use_firewall: false
With that the iptables
will be set as raw iptables
via Ansible's core iptables
module, but they won't be persistent
through the Droplet lifecycle (i.e. if the Droplet is restarted you will lose the iptables
rules)
Default: 'https://api.digitalocean.com/v2/floating_ips/'
Default:'http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address'
Default: [enc_do_v2_api_key]
The API key as shown in the DigitalOcean's API Settings. To be retrieved from DigitalOcean portal.
To be stored in an Ansible Vault. It's very high-sensitivity Information.
Default: {{ do.droplet.id }}
Default: none
This is a mandatory variable and is supposed to be set in the host_vars file for the specific host you want to assign the Floating IP to (because a Floating IP can be associated to only one host at time), in this way you can associate multiple Floating IP to distinct Droplets.
Default: ["25","465","587","2525","2526"]
This parameter is necessary and mandatory to be able to set up the proper iptables
post-routing statements to SMTP traffic
Default: "/tmp/iptables.save"
This parameter is necessary and mandatory in the process to temporarily disable the iptables
to obtain the DO Anchor IP and also during the testing process
Default: true
This parameter is necessary and mandatory to define how the iptables
will be used: via a firewall role or via raw iptables
Default: false
This parameter is necessary and mandatory to define if the become
parameter as to be used when managing firewall or iptables. not necessary if setting ansible_user: root
---
- hosts: production
roles:
- { role: inviqa.digitalocean-floating-ip, digital_ocean_api_token: 'abcdef012234343' }
- hosts: specific_host_name
vars:
digital_ocean_floating_ip: "123.456.678.90"
...
Author Marco Massari Calderone at Inviqa UK Ltd