Run AWS CLI commands in Ansible

What you want to achieve

Perform the following processing in Ansible. Also, Ansible runs on a Docker container. ① Use the AWS CLI to separate the target EC2 from the ELB ② Execute yum update after disconnection is completed ③ Reboot the instance ④ Register with ELB again

1. Docker environment preparation

1-1. Creating a Docker directory and Dockerfile Create a directory and a Dockerfile.

$ sudo mkdir docker-demo
$ cd docker-demo
$ sudo vim Dockerfile

1-2. Editing the Dockerfile Since Ansible requires Python, we will use the lightweight slim-buster in the official Docker Python image. WORKDIR specifies the directory where you will put the Ansible files that you will create later. Install ansible and ssh. (If you want to ssh to the target node with a password, you also need to install sshpass)

Dockerfile


FROM python:3.9.0-slim-buster

WORKDIR /usr/src/app

RUN pip install ansible
RUN apt-get update && apt-get install -y \
vim \
ssh

2. Ansible environment preparation

2-1. File creation Create a file for use with Ansible.

$ cd /usr/src/app
$ sudo touch inventory main.yml ansible.cfg

2-2. Editing the inventory file Specify the IP address of the target node. Also, since the connection is made by SSH, enter the user name and private key path.

inventory


[targets]
10.0.1.100

[targets:vars]
ansible_connection=ssh
ansible_user=ec2-user
ansible_ssh_private_key_file=/usr/src/app/.ssh/Private key file

2-3. Editing main.yml This time, I will describe all the processing in main.yml. (I wrote the aws cli command in the shell and specified arn in main.yml, but I think there is a better way to write it ...) yum, reboot and wait_for_connection use Ansible modules. Allow wait_for_connection to continue processing even after rebooting.

main.yml


- hosts: targets
  become: yes
  gather_facts: no
  tasks:
    ##################################################
    # deregister instances from elb
    ##################################################
    - name: deregistering instances from elb
      become: yes
      shell: >
        aws elbv2 deregister-targets
        --target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:0123456789:targetgroup/target-group-name/abc123456789
        --targets Id=i-0123456789,Port=80
        --region ap-northeast-1
      async: 600
      poll: 300

    ##################################################
    # yum update
    ##################################################
    - name: upgrade all packages
      yum:
        name: "*"
        state: latest
      async: 180
      poll: 60

    ##################################################
    # reboot
    ##################################################
    - reboot:

    ##################################################
    # wait for connection
    ##################################################
    - wait_for_connection:

    ##################################################
    # register instances with elb
    ##################################################
    - name: registering instances with elb
      become: yes
      shell: >
        aws elbv2 register-targets
        --target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:0123456789:targetgroup/target-group-name/abc123456789
        --targets Id=i-0123456789,Port=80
        --region ap-northeast-1
      async: 180
      poll: 60

2-4. Editing ansible.cfg Specify configuration options. Set host_key_checking = False to disable the process of recording fingerprints in known_inventory.

ansible.cfg


[defaults]
host_key_checking=False

3. Create Docker container

3-1. Run docker build Execute the command in the directory containing the Dockerfile. You can see that it was created with docker images.

$ docker build -t ansible-demo .
$ docker images
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
ansible-demo           latest              abc123456789        21 seconds ago      603MB

4. Execution of Ansible command

4-1. Container startup Move to the directory specified by WORKDIR and start the container with docker run. The explanation of the options is as follows. -it: Assign a pseudo terminal on the container and keep the standard input open -v: Mount the host directory on the container -rm: Automatically delete container when exiting container

$ cd /usr/src/app
$ docker run -it --rm -v $(pwd):/usr/src/app ansible-demo /bin/bash

4-2. Ansible command execution Execute the command as follows. You can see from the AWS console that the status of the target group is draining. Eventually, it was registered in ELB again, and it was confirmed that it was healthy.

root@abc012345:/usr/src/app# ansible-playbook -i ./inventory ./main.yml

PLAY [targets] ************************************************************************************

TASK [deregistering instances from elb] ***********************************************************
changed: [10.0.1.100]

TASK [upgrade all packages] ***********************************************************************
ok: [10.0.1.100]

TASK [reboot] *************************************************************************************
changed: [10.0.1.100]

TASK [wait_for_connection] ************************************************************************
ok: [10.0.1.100]

TASK [registering instances with elb]**************************************************************
changed: [10.0.1.100]

PLAY RECAP ****************************************************************************************
10.0.1.100 : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Recommended Posts

Run AWS CLI commands in Ansible
AWS CLI install in Ubuntu 20.04
Run the AWS CLI on Docker
[CentOS7] Install aws cli
Ping commands in Java
Introducing AWS CLI to CentOS 7
How to run a job with docker login in AWS batch