From c19d75b5300facc868ead748ce3e4078aa6515f2 Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Tue, 20 Oct 2020 07:01:49 +0200 Subject: [PATCH 1/4] aws inventory --- README.md | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++ aws_ec2.yml | 20 ++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 aws_ec2.yml diff --git a/README.md b/README.md index 0a7c86b..e87ad85 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,96 @@ # ansible-target-practice +## EC2 credentials +Make sure you have a profile that can access the necessary AWS resources. +Configure your AWS cli as described here +[](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) + +You can use Environment Variables to specify configuration options of the AWS cli. +More info here: [](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) + +Minimal example: + +`~/.aws/credentials` + +``` +[zoolite/vincent] +aws_access_key_id=AKIAWNB2RT65DGTW +aws_secret_access_key=Yhdg280zGg3U7CQVcyLAqLEs9/Wv6cYb7UYB6L0 +``` + + + +`~/.aws/config` + +``` +[profile zoolite/vincent] +region=eu-west-1 +output=text +``` + +You can use this profile by setting the `AWS_PROFILE` environment variable + +``` +export AWS_PROFILE=zoolite/vincent +``` + +Run `aws sts get-caller-identity` to test authentication + + +## Ansible EC2 inventory plugin +The Ansible EC2 inventory plugin allows you to create groups based on tags +defined on resources. The configuration of this inventory plugin can be done +through a configuration file. + +In this example we wan to create a group `dev` and should contain all +instance that have a tag `env=dev`. We also create a group `tag_dev_env` which +contains the same hosts. + +Create a file `aws_ec2.yml` with the following content + +``` +plugin: aws_ec2 +regions: + - eu-west-1 +filters: + tag:env: + - dev + - prod +hostnames: + - private-dns-name + - ip-address + - network-interface.addresses.private-ip-address +keyed_groups: + - key: tags.env + separator: "" + - prefix: tag + key: tags +``` + +### Filters +In the example we apply a filter so we only end up with resources who have a tag +`env` with a value of either `dev` or `prod` + + +### Hostnames +In this example we only want to use the private ip addresses, private dns record +or the public ip address in our inventory. This can be defined in the `hostnames` section. + +This list uses the order as preference. Example: If you prefer to use the prive +dns records you need to put the `private-dns-name` option above all alse in the +list. + +You can use the options defined in the AWS CLI `--filter` section. +[](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options) + + + +## Run Ansible +Testing the inventory can be done using `ansible-inventory` + +``` +ansible-inventory -i aws_ec2.yml --list +``` + + + diff --git a/aws_ec2.yml b/aws_ec2.yml new file mode 100644 index 0000000..dd90357 --- /dev/null +++ b/aws_ec2.yml @@ -0,0 +1,20 @@ +plugin: aws_ec2 +regions: + - eu-west-1 +filters: + tag:env: + - dev + - prod +hostnames: + - ip-address + - network-interface.addresses.private-ip-address + - private-dns-name +keyed_groups: + - key: tags.env + separator: "" + #prefix: MyGroupPrefix + - prefix: tag + key: tags + +fact_caching_timeout: 10 +caching_timeout: 10 From b295ca88d1d524fd124054cfa06bad34cac62821 Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Sat, 24 Oct 2020 13:14:47 +0200 Subject: [PATCH 2/4] add ansible playbook example --- README.md | 22 ++++++++++++++++++++-- ansible.cfg | 2 ++ aws_ec2.yml | 4 +++- site.yml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 ansible.cfg create mode 100644 site.yml diff --git a/README.md b/README.md index e87ad85..adbddd1 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,18 @@ # ansible-target-practice +This repository is an example that accomplishes the following: + +- stop/start based on a variable (`targetpractice`) +- If instances need to be started they are registered in a targetgroup when they become + reachable +- If instances need to be stopped the are first removed from the targetgroup + + +## Dependencies +``` +ansible-galaxy collection install amazon.aws +ansible-galaxy collection install community.aws +``` + ## EC2 credentials Make sure you have a profile that can access the necessary AWS resources. @@ -84,13 +98,17 @@ You can use the options defined in the AWS CLI `--filter` section. [](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options) - -## Run Ansible +## Test the inventory Testing the inventory can be done using `ansible-inventory` ``` ansible-inventory -i aws_ec2.yml --list ``` +## Testing + +``` +ansible-playbook -i aws_ec2.yml site.yml --extra-vars '{"targetpractice": "false"}' +``` diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..b7f2c56 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +deprecation_warnings=False diff --git a/aws_ec2.yml b/aws_ec2.yml index dd90357..7f9df00 100644 --- a/aws_ec2.yml +++ b/aws_ec2.yml @@ -3,12 +3,14 @@ regions: - eu-west-1 filters: tag:env: - - dev - prod hostnames: + - network-interface.association.public-ip + - network-interface.addresses.private-ip-address - ip-address - network-interface.addresses.private-ip-address - private-dns-name + - instance-id keyed_groups: - key: tags.env separator: "" diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..d12bea0 --- /dev/null +++ b/site.yml @@ -0,0 +1,49 @@ +- hosts: tag_env_prod + remote_user: ec2-user + gather_facts: false # of no use + connection: local # prevent from trying to ssh into instance + + vars: + target_group_arn: "arn:aws:elasticloadbalancing:eu-west-1:440357826049:targetgroup/TestAnsible/c2afd83500139d9a" + + tasks: + - name: DEBUG + debug: + msg: "{{ hostvars[inventory_hostname].instance_id }}" + + - name: Start instances + amazon.aws.ec2: + instance_ids: "{{ hostvars[inventory_hostname].instance_id }}" + state: running + when: targetpractice == "true" + + - name: Wait for instances to be reachable + wait_for: + host: "{{ inventory_hostname }}" + port: 22 + when: targetpractice == "true" + + - name: Register targets in TargetGroup + community.aws.elb_target: + target_group_arn: "{{ target_group_arn }}" + state: present + target_id: "{{ hostvars[inventory_hostname].instance_id }}" + target_status: "unused" + when: targetpractice == "true" + + - name: Deregister targets in TargetGroup + community.aws.elb_target: + target_group_arn: "{{ target_group_arn }}" + state: absent + target_id: "i-0c6411e58bbaccfad" + target_status: "unused" + deregister_unused: yes + when: targetpractice == "false" + + - name: Stop instances + amazon.aws.ec2: + instance_ids: "{{ hostvars[inventory_hostname].instance_id }}" + #instance_ids: "{{ play_hosts }}" + state: running + when: targetpractice == "false" + From fb662f2ecf6af5625362ede9294f6499300fad78 Mon Sep 17 00:00:00 2001 From: Bryan Black <2366082-reel@users.noreply.gitlab.com> Date: Fri, 30 Oct 2020 01:55:25 +0000 Subject: [PATCH 3/4] fix tag group typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index adbddd1..3faad85 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ defined on resources. The configuration of this inventory plugin can be done through a configuration file. In this example we wan to create a group `dev` and should contain all -instance that have a tag `env=dev`. We also create a group `tag_dev_env` which +instance that have a tag `env=dev`. We also create a group `tag_env_dev` which contains the same hosts. Create a file `aws_ec2.yml` with the following content From 8f2d4df322e53065363fc06b3d6f760accebb925 Mon Sep 17 00:00:00 2001 From: Bryan Black <2366082-reel@users.noreply.gitlab.com> Date: Fri, 30 Oct 2020 01:56:42 +0000 Subject: [PATCH 4/4] fix target_id parameter and state --- site.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site.yml b/site.yml index d12bea0..fa05482 100644 --- a/site.yml +++ b/site.yml @@ -35,7 +35,7 @@ community.aws.elb_target: target_group_arn: "{{ target_group_arn }}" state: absent - target_id: "i-0c6411e58bbaccfad" + target_id: "{{ hostvars[inventory_hostname].instance_id }}" target_status: "unused" deregister_unused: yes when: targetpractice == "false" @@ -44,6 +44,6 @@ amazon.aws.ec2: instance_ids: "{{ hostvars[inventory_hostname].instance_id }}" #instance_ids: "{{ play_hosts }}" - state: running + state: stopped when: targetpractice == "false"