Perform the following processing in Ansible. Also, Ansible runs on a Docker container. ① Use the AWS CLI to separate the target EC2 from the ELB ② Execute yum update after disconnection is completed ③ Reboot the instance ④ Register with ELB again
1-1. Creating a Docker directory and Dockerfile Create a directory and a Dockerfile.
$ sudo mkdir docker-demo
$ cd docker-demo
$ sudo vim Dockerfile
1-2. Editing the Dockerfile Since Ansible requires Python, we will use the lightweight slim-buster in the official Docker Python image. WORKDIR specifies the directory where you will put the Ansible files that you will create later. Install ansible and ssh. (If you want to ssh to the target node with a password, you also need to install sshpass)
Dockerfile
FROM python:3.9.0-slim-buster
WORKDIR /usr/src/app
RUN pip install ansible
RUN apt-get update && apt-get install -y \
vim \
ssh
2-1. File creation Create a file for use with Ansible.
$ cd /usr/src/app
$ sudo touch inventory main.yml ansible.cfg
2-2. Editing the inventory file Specify the IP address of the target node. Also, since the connection is made by SSH, enter the user name and private key path.
inventory
[targets]
10.0.1.100
[targets:vars]
ansible_connection=ssh
ansible_user=ec2-user
ansible_ssh_private_key_file=/usr/src/app/.ssh/Private key file
2-3. Editing main.yml This time, I will describe all the processing in main.yml. (I wrote the aws cli command in the shell and specified arn in main.yml, but I think there is a better way to write it ...) yum, reboot and wait_for_connection use Ansible modules. Allow wait_for_connection to continue processing even after rebooting.
main.yml
- hosts: targets
become: yes
gather_facts: no
tasks:
##################################################
# deregister instances from elb
##################################################
- name: deregistering instances from elb
become: yes
shell: >
aws elbv2 deregister-targets
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:0123456789:targetgroup/target-group-name/abc123456789
--targets Id=i-0123456789,Port=80
--region ap-northeast-1
async: 600
poll: 300
##################################################
# yum update
##################################################
- name: upgrade all packages
yum:
name: "*"
state: latest
async: 180
poll: 60
##################################################
# reboot
##################################################
- reboot:
##################################################
# wait for connection
##################################################
- wait_for_connection:
##################################################
# register instances with elb
##################################################
- name: registering instances with elb
become: yes
shell: >
aws elbv2 register-targets
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:0123456789:targetgroup/target-group-name/abc123456789
--targets Id=i-0123456789,Port=80
--region ap-northeast-1
async: 180
poll: 60
2-4. Editing ansible.cfg Specify configuration options. Set host_key_checking = False to disable the process of recording fingerprints in known_inventory.
ansible.cfg
[defaults]
host_key_checking=False
3-1. Run docker build Execute the command in the directory containing the Dockerfile. You can see that it was created with docker images.
$ docker build -t ansible-demo .
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ansible-demo latest abc123456789 21 seconds ago 603MB
4-1. Container startup Move to the directory specified by WORKDIR and start the container with docker run. The explanation of the options is as follows. -it: Assign a pseudo terminal on the container and keep the standard input open -v: Mount the host directory on the container -rm: Automatically delete container when exiting container
$ cd /usr/src/app
$ docker run -it --rm -v $(pwd):/usr/src/app ansible-demo /bin/bash
4-2. Ansible command execution Execute the command as follows. You can see from the AWS console that the status of the target group is draining. Eventually, it was registered in ELB again, and it was confirmed that it was healthy.
root@abc012345:/usr/src/app# ansible-playbook -i ./inventory ./main.yml
PLAY [targets] ************************************************************************************
TASK [deregistering instances from elb] ***********************************************************
changed: [10.0.1.100]
TASK [upgrade all packages] ***********************************************************************
ok: [10.0.1.100]
TASK [reboot] *************************************************************************************
changed: [10.0.1.100]
TASK [wait_for_connection] ************************************************************************
ok: [10.0.1.100]
TASK [registering instances with elb]**************************************************************
changed: [10.0.1.100]
PLAY RECAP ****************************************************************************************
10.0.1.100 : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0