On Apr 25, 2014, at 2:31 PM, ghex...@gmail.com wrote:
> So, I'm curious, for the case where you want to start "stopped" EC2
> instances, what's the current recommended approach?
>
> I've kind of ignored this task for now, managing that by hand (it's just
> our dev env, but it's still a couple of dozen instances at least). I'm
> almost about to pull Scott's branch in locally since it looks so much better
> than manual management.
Here's an example in case you do use ec2_instance_facts. This example creates
maintenance instances for updating AMIs.
Notes:
* This is part of a set of scripts that will create an entire load balanced
application environment (including DNS, VPC, centralized logging, and RDS) in a
bare AWS account in about 20-30 minutes.
* app_environment is dev, test, stage, or prod. The scripts will create the
same setup in each environment with some differences such as RDS size, domain
name, and so forth.
* I use a naming convention for AWS resources of
'<product>-<environment>-<AWS type>-<purpose>', eg. foo-stage-ec2-logging or
foo-prod-ami-web.
# The base image is created from a standard Ubuntu LTS instance. Then, packages
common to all
# of the images (eg. security, ansible, boto, etc.) are installed and
configured.
# There's a separate pull request (also rejected, hi Michael... ;-) for the
ec2_ami_facts module.
- name: Obtain list of existing AMIs
local_action:
module: ec2_ami_facts
description: "{{ ami_image_name }}"
tags:
environment: "{{ app_environment }}"
region: "{{ vpc_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: ami_facts
ignore_errors: yes
# If a version of the AMI exists, record this. Otherwise use the base Ubuntu
image.
- set_fact:
environment_base_image_id: "{{ ami_facts.images[0].id }}"
when: ami_facts.images|count > 0
- set_fact:
environment_base_image_id: "{{ ami_base_image_id }}"
when: ami_facts.images|count == 0
# See if the maintenance image for this image type for this environment is
running.
- name: Obtain list of existing instances
local_action:
module: ec2_instance_facts
name: "{{ ami_maint_instance_name }}"
# Everything but terminated
states:
- pending
- running
- shutting-down
- stopped
- stopping
tags:
environment: "{{ app_environment }}"
region: "{{ vpc_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: instance_facts
ignore_errors: yes
- set_fact:
environment_maint_instance: "{{
instance_facts.instances_by_name.get(ami_maint_instance_name) }}"
when: instance_facts.instances|count > 0
# If there is no such instance, create one.
- name: Create an instance for managing the AMI creation
local_action:
module: ec2
state: present
image: "{{ environment_base_image_id }}"
instance_type: t1.micro
group: "{{ environment_public_ssh_security_group }}"
instance_tags:
Name: "{{ ami_maint_instance_name }}"
environment: "{{ app_environment }}"
key_name: "{{ environment_public_ssh_key_name }}"
vpc_subnet_id: "{{ environment_vpc_public_subnet_az1_id }}"
assign_public_ip: yes
wait: yes
wait_timeout: 600
region: "{{ vpc_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: maint_instance
when: environment_maint_instance is not defined
- set_fact:
environment_maint_instance: "{{ maint_instance.instances[0] }}"
when: maint_instance is defined and maint_instance.instances|count > 0
- name: Ensure instance is running
local_action:
module: ec2
state: running
instance_ids: "{{ environment_maint_instance.id }}"
wait: yes
wait_timeout: 600
region: "{{ vpc_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: maint_instance
when: environment_maint_instance is defined
# If we had to start the instance then the public IP will not have been defined
when
# we gathered facts above, so get it again.
- name: Obtain public IP of newly running instance
local_action:
module: ec2_instance_facts
name: "{{ ami_maint_instance_name }}"
states:
- running
tags:
environment: "{{ app_environment }}"
region: "{{ vpc_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: instance_facts
when: maint_instance|changed
- set_fact:
environment_maint_instance: "{{
instance_facts.instances_by_name.get(ami_maint_instance_name) }}"
when: maint_instance|changed
# Pass the collected facts on the new maintenance image host for configuration
by role.
- name: Add new maintentance instance to host group
local_action:
module: add_host
hostname: "{{ environment_maint_instance.public_ip }}"
groupname: maint_instance
app_environment: "{{ app_environment }}"
# This passes the new/existing private key file to ansible for use in
contacting the hosts. Better way to do this?
ansible_ssh_private_key_file: "{{ environment_public_ssh_private_key_file
}}"
environment_maint_instance: "{{ environment_maint_instance }}"
- name: Wait for SSH on maintenance host
local_action:
module: wait_for
host: "{{ environment_maint_instance.public_ip }}"
port: 22
# This is annoying as Hades. Sometimes the delay works, sometimes it's not
enough.
# The check fails if the port is open but the ssh daemon isn't yet ready to
accept
# actual traffic, right after the maintenance instance is started.
#delay: 10
timeout: 320
state: started
# TODO fix the hardcoded user too
- name: Really wait for SSH on maintenance host
local_action: command ssh -o StrictHostKeyChecking=no -i {{
environment_public_ssh_private_key_file }} ubuntu@{{
environment_maint_instance.public_ip }} echo Rhubarb
register: result
until: result.rc == 0
retries: 20
delay: 10
Regards,
-scott
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0D6BADC5-829C-4EE9-A6FA-7B672330B5E7%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
