Autoscaling with AWS instances using Ansible-Pull

1 Comment Posted by on May 15, 2016

Ansible has an excellent feature called ansible-pull, which many people don’t know or don’t use. This feature works best for self healing infrastructure, best example is AWS Autoscaling in which new ec2 instance is created from vanilla ami, then pull the code from somewhere (version control system) and configure itself before announcing that it is ready to serve (mean add to the serving ELB).

The steps for ansible-pull are:

1. Pull the git repo containing your playbooks.
2. That repo is cloned to the mentioned directory.
3. ansible-pull starts executing the local.yml found in your cloned repo directory.

Let’s assume that you want to pull the code from the private git repo and for this you need the ssh private key but you have taken the updated vanilla ubuntu ami from the Marketplace, then how you will clone this private repo? For this we’ll use the Bootstrap Pattern:

– Put the private part of ssh key for the git repository on S3.
– Getting ssh key from s3 bucket using IAM role credentials

For this, create a S3 bucket(in my case it is named “tendo-github-key-s3“):

s3-1

Upload the desired ssh key to this bucket:s3-2

bitbucket is custom ssh client config file which tells the OS to use the Custom identity file in order to connect to bitbucket to fetch the private repo. Content of this file is:

Host bitbucket.org
   IdentityFile /root/.ssh/bitbucket_secret_key
   TCPKeepAlive yes
   IdentitiesOnly yes

Next we need to create the IAM policy and role for EC2 instance to give the access on those files from S3 bucket:

Create policy to access S3 bucket. Select “Create Your Own Policy“:

role-1Enter Policy Name and the Policy Document as given below(adjust as per your requirement):

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::tendo-github-key-s3"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::tendo-github-key-s3/*"
]
}
]
}
view raw s3-policy.json hosted with ❤ by GitHub

role-2

Create Role by giving the name:

role-3

Select Role Type as “Amazon EC2“:

role-4

Then attach a policy – “tendo-github-key-s3:

role-5

Now IAM Role and Policy is ready. Let’s Launch the instance with this IAM Role.

Here I am creating single instance for demonstration because the purpose of this tutorial is to show you the ansible-pull feature not the AWS autoscaling but you can use the exact same procedure while launching the instance inside the Autoscaling group (manually or automated way):

Launch the Ubuntu instance here, select the IAM role which was created above and enter the User data:

ec2-1

Used the following user data, which will install the mentioned packages, fetch the desired files from S3 bucket and run the ansible in pull mode:

#!/bin/bash
apt-get update
apt-get install -y libffi-dev g++ libssl-dev python-pip python-dev git
pip install -U awscli ansible setuptools
aws s3 cp s3://tendo-github-key-s3/git-private-key /root/.ssh/bitbucket_secret_key
chmod 400 /root/.ssh/bitbucket_secret_key
aws s3 cp s3://tendo-github-key-s3/bitbucket /root/.ssh/config
chmod 600 /root/.ssh/config
ansible-pull -d /root/playbooks -i 'localhost,' -U git@bitbucket.org:arbabnazar/pull-test.git --accept-host-key
view raw user-data.sh hosted with ❤ by GitHub

We invoke ansible-pull with the following options, there are many more than these:

 1. --accept-host-key: adds the hostkey for the repo url if not already added
 2. -U: URL of the playbook repository
 3. -d: directory to checkout repository to
 4. –i localhost,: This option indicates the inventory that needs to be considered. 
                   Since we're only concerned about one host, we use -i localhost,.

Once the server is Up and Running, you can log in and review the /var/log/cloud-init-output.log for more information:

sudo vi /var/log/cloud-init-output.log

There are tons of logs but these are of our interest:

download: s3://tendo-github-key-s3/git-private-key to root/.ssh/bitbucket_secret_key
download: s3://tendo-github-key-s3/bitbucket to root/.ssh/config
Starting Ansible Pull at 2016-05-15 13:41:28
/usr/local/bin/ansible-pull -d /root/playbooks -i localhost, -U git@bitbucket.org:arbabnazar/pull-test.git --accept-host-key
localhost | SUCCESS => {
 "after": "ce0a3743f7de573cb3cbd219e39e026d665aa62b",
 "before": null,
 "changed": true
}

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

Enjoy :-)

Hope this will help you!

Please Remember me in your prayers!

 

Amazon EC2, Ansible, AWS, DevOps , , ,

One response to “Autoscaling with AWS instances using Ansible-Pull

  1. Pingback: Autoscaling with AWS instances using Ansible-Pull – Site Title

Leave a comment