Why is that ?
- very short learning curve
- no need for a specific data service language
- can be used to both execute/configure machines
- very simple to write your own modules
- can be used into a push or pull model
- ... ansible.cc ... for more info
This is how you can use it within aws(ec2) to manage services.
# Install ansible via git
$ cd /tmp
$ git clone https://github.com/ansible/ansible.git
$ cd ansible
$ python setup.py install
$ pip install boto # used for the ec2 inventory
# setup aws variables
$ export ANSIBLE_HOSTS=/tmp/ansible/plugins/inventory/ec2.py # ec2 inventory
$ export AWS_ACCESS_KEY_ID='YOUR_AWS_API_KEY'
$ export AWS_SECRET_ACCESS_KEY='YOUR_AWS_API_SECRET_KEY'
# setup ssh access
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-dFUXvhH31724/agent.31724; export SSH_AUTH_SOCK;
SSH_AGENT_PID=31725; export SSH_AGENT_PID;
echo Agent pid 31725;
$ ssh-add /PATH_TO/YOUR_SSH_KEY_OR_PEM
# I use ec2-user onto a amazon linux
ansible -m ping all -u ec2-user
ec2-54-242-33-49.compute-1.amazonaws.com | success >> {
"changed": false,
"ping": "pong"
}
The ec2.py inventory has connected to the aws api and obtained all the instances running within the account that has the exported credentials AWS SECRET/KEY. Then ansible used the ping module -m ping to ping the host(s). The ping module just connects via ssh to a host and reports pong with changed: false.
Now that we can connect let's see if we can leverage some of the metadata offered by AWS. My server runs into the security group ssh-web and to access this information from within ansible all you have to do is to use security_group_ssh-web. Where this come from is the ec2.py inventory script, if you run the script directly you will see something like this.
$ /tmp/ansible/plugins/inventory/ec2.py
{
"i-e4c9ca9c": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
],
"key_mykey": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
],
"security_group_ssh-web": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
],
"tag_Name_srv01": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
],
"type_t1_micro": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
],
"us-east-1": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
],
"us-east-1b": [
"ec2-54-242-33-49.compute-1.amazonaws.com"
]
}
In order to start the apache web server on all instances belonging to the ssh-web group is as simple as:
ansible -m service -a "name=httpd state=started" security_group_ssh-web -u ec2-user -s
ec2-54-242-33-49.compute-1.amazonaws.com | success >> {
"changed": true,
"name": "httpd",
"state": "started"
}
# notice -s which stands for use sudo without password
From here on sky is the limit, you can take a look at the docs site http://ansible.cc/docs/ for more complex examples.
3 comments:
Thanks for the tutorial!
I am new to Ansible. I have followed your steps and tried to run the test on localhost, but got this message. I am not sure where to look.
Thank you again!
Dat
ubuntu@ip-10-0-7-94:~/$ ansible local -m ping -u ubuntu
localhost | FAILED => could not create temporary directory, SSH (mkdir -p $HOME/.ansible/tmp/ansible-1376664989.79-34332246769975 && chmod a+rx $HOME/.ansible/tmp/ansible-1376664989.79-34332246769975 && echo $HOME/.ansible/tmp/ansible-1376664989.79-34332246769975) exited with result 255
Excellent tutorial. Only thing I had to do to get this to work was add my AWS credentials to ~/.boto. Thanks for this.
Thanks for providing this informative information. it is very useful you may also refer- http://www.s4techno.com/blog/category/unix/aws-script/
Post a Comment