Ansible has an excellent feature called ansible-pull, which many people don’t know or don’t use. This feature works best for self healing infrastructure, best example is AWS Autoscaling in which new ec2 instance is created from vanilla ami, then pull the code from somewhere (version control system) and configure itself before announcing that it is ready to serve (mean add to the serving ELB).
The steps for ansible-pull are:
1. Pull the git repo containing your playbooks.
2. That repo is cloned to the mentioned directory.
3. ansible-pull starts executing the local.yml found in your cloned repo directory.
Let’s assume that you want to pull the code from the private git repo and for this you need the ssh private key but you have taken the updated vanilla ubuntu ami from the Marketplace, then how you will clone this private repo? For this we’ll use the Bootstrap Pattern:
– Put the private part of ssh key for the git repository on S3.
– Getting ssh key from s3 bucket using IAM role credentials
For this, create a S3 bucket(in my case it is named “tendo-github-key-s3“):
Upload the desired ssh key to this bucket:
bitbucket is custom ssh client config file which tells the OS to use the Custom identity file in order to connect to bitbucket to fetch the private repo. Content of this file is:
Next we need to create the IAM policy and role for EC2 instance to give the access on those files from S3 bucket:
Create policy to access S3 bucket. Select “Create Your Own Policy“:
Enter Policy Name and the Policy Document as given below(adjust as per your requirement):
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now IAM Role and Policy is ready. Let’s Launch the instance with this IAM Role.
Here I am creating single instance for demonstration because the purpose of this tutorial is to show you the ansible-pull feature not the AWS autoscaling but you can use the exact same procedure while launching the instance inside the Autoscaling group (manually or automated way):
Launch the Ubuntu instance here, select the IAM role which was created above and enter the User data:
Used the following user data, which will install the mentioned packages, fetch the desired files from S3 bucket and run the ansible in pull mode:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We invoke ansible-pull with the following options, there are many more than these:
1. --accept-host-key: adds the hostkey for the repo url if not already added
2. -U: URL of the playbook repository
3. -d: directory to checkout repository to
4. –i localhost,: This option indicates the inventory that needs to be considered.
Since we're only concerned about one host, we use -i localhost,.
Once the server is Up and Running, you can log in and review the /var/log/cloud-init-output.log for more information:
sudo vi /var/log/cloud-init-output.log
There are tons of logs but these are of our interest:
Pingback: Autoscaling with AWS instances using Ansible-Pull – Site Title