Monday, February 18, 2013

Ansible within AWS (ec2)

Ansible is a new configuration/orchestration management framework and is just awesome!

Why is that ?

  • very short learning curve
  • no need for a specific data service language
  • can be used to both execute/configure machines
  • very simple to write your own modules
  • can be used into a push or pull model
  • ... ... for more info

This is how you can use it within aws(ec2) to manage services.

# Install ansible via git
$ cd /tmp
$ git clone
$ cd ansible
$ python install
$ pip install boto # used for the ec2 inventory

# setup aws variables
$ export ANSIBLE_HOSTS=/tmp/ansible/plugins/inventory/ # ec2 inventory

# setup ssh access
$ ssh-agent 
SSH_AUTH_SOCK=/tmp/ssh-dFUXvhH31724/agent.31724; export SSH_AUTH_SOCK;
echo Agent pid 31725;

# I use ec2-user onto a amazon linux
ansible -m ping all -u ec2-user | success >> {
    "changed": false, 
    "ping": "pong"

The inventory has connected to the aws api and obtained all the instances running within the account that has the exported credentials AWS SECRET/KEY. Then ansible used the ping module -m ping to ping the host(s). The ping module just connects via ssh to a host and reports pong with changed: false.

Now that we can connect let's see if we can leverage some of the metadata offered by AWS. My server runs into the security group ssh-web and to access this information from within ansible all you have to do is to use security_group_ssh-web. Where this come from is the inventory script, if you run the script directly you will see something like this.

$ /tmp/ansible/plugins/inventory/

  "i-e4c9ca9c": [
  "key_mykey": [
  "security_group_ssh-web": [
  "tag_Name_srv01": [
  "type_t1_micro": [
  "us-east-1": [
  "us-east-1b": [

In order to start the apache web server on all instances belonging to the ssh-web group is as simple as:

ansible -m service -a "name=httpd state=started"  security_group_ssh-web  -u ec2-user -s | success >> {
    "changed": true, 
    "name": "httpd", 
    "state": "started"

# notice -s which stands for use sudo without password 
From here on sky is the limit, you can take a look at the docs site for more complex examples.


Anonymous said...

Thanks for the tutorial!

I am new to Ansible. I have followed your steps and tried to run the test on localhost, but got this message. I am not sure where to look.

Thank you again!

ubuntu@ip-10-0-7-94:~/$ ansible local -m ping -u ubuntu
localhost | FAILED => could not create temporary directory, SSH (mkdir -p $HOME/.ansible/tmp/ansible-1376664989.79-34332246769975 && chmod a+rx $HOME/.ansible/tmp/ansible-1376664989.79-34332246769975 && echo $HOME/.ansible/tmp/ansible-1376664989.79-34332246769975) exited with result 255

Anonymous said...

Excellent tutorial. Only thing I had to do to get this to work was add my AWS credentials to ~/.boto. Thanks for this.

Suresh Triapthi said...

Thanks for providing this informative information. it is very useful you may also refer-