Quick Guide to Setup Ansible AWS Dynamic Inventory
Introduction:
Maintaining the inventory file while using Ansible with AWS will be a time-consuming operation since, AWS often changes IP addresses, auto-scales instances, and more.
However, ansible dynamic inventory is a simple fix. Dynamic inventory is an Ansible plugin that makes a run-time API call to Amazon Web Services to retrieve instance information. To manage the AWS infrastructure, it dynamically provides ec2 instance details.
Earlier dynamic inventory was a Python file. Now it was eventually changed to Ansible plugin.
AWS isn’t the only provider of dynamic inventories. It is compatible with the majority of public and private cloud platforms.
Prerequisites
- Install Ansible, using the following command
sudo apt-get install ansible
- Ensure you have python3 and pip3 in your ansible server. If not install it with the following command
sudo apt-get install python3 –y
sudo apt-get install python3-pip –y
- Install boto3 library. Ansible uses boto core to make the API calls to AWS to get the ec2 instance details.
sudo pip3 install boto3
Dynamic Inventory Setup:
Step 1: Open the ansible configuration file to enable the aws_ec2 plugin
sudo vi /etc/ansible/ansible.cfg
Find the [inventory] section to add the following line to enable the ec2 plugin
[inventory]
Enable_plugins = aws_ec2
Step 2: Create the programmatic user in AWS with minimal permission for ec2-read-only-access. Because the ansible gets the instance details by API call using boto3 with the given access or else give the role for that ansible server.
Step 3: Create the inventory directory
sudo mkdir –p /opt/ansible/inventory
cd /opt/ansible/inventory
Step 4: Create the inventory file named aws_ec2.yaml in the inventory directory
sudo vi aws_ec2.yml
Copy the following configuration to the file. If you are running an ansible server outside the AWS environment, replace and add your AWS access key and secret to the config file.
— — plugin: aws_ec2
aws_access_key: <YOUR-AWS-ACCESS-KEY-HERE>
aws_secret_key: <YOUR-AWS-SECRET-KEY-HERE>
keyed_groups:
- key: tags
prefix: tag
If your ansible server is running inside the AWS environment, attach an ec2 instance role with minimal permission(read-only). This way you don’t have to add the access and secret key in the configuration. Ansible will automatically use the attached role to make the API calls
Step 5: Now let’s test the dynamic inventory configuration by listing the ec2 instances.
ansible-inventory –i /opt/ansible/inventory/aws_ec2.yaml –list
or
ansible-inventory –i /opt/ansible/inventory/aws_ec2.yaml — graph
The above command returns the list ec2 instance with all its parameters in JSON format.
If you want to use the dynamic inventory as a default Ansible inventory, edit the /etc/ansible/ansible.cfg file and search for inventory parameters under defaults. Change the inventory parameter value as shown below.
[defaults]
Inventory = /opt/ansible/inventory.aws_ec2.yaml
Now if you run the inventory list or graph command without passing the inventory file, Ansible looks for the default location and picks up the aws_ec2.yaml inventory file.
Step 5: Execute the following command to test if Ansible is able to ping all the machines return by the dynamic inventory.
ansible all –m ping –ptivate-key=<key path>
or else if you want to partical tag group
ansible <group name> -m ping –private-key=<key path>
If don’t want to give a private key in the command line.
- Give the variable inside the ansible-playbook
vars:
Ansibl_private_key_file: <key path>
- Else create a config file in that user’s .ssh directory
Add the following content in the config file
StrictHostKeyChecking no
IdentityFile ~/<private key path>
IdentityFile ~/<private key path 2>
IdentitiesOnly yes
Finally, create the playbook test.yaml and add the following content
— -
- name: Ansible Test Playbook
gather_facts: false
hosts: <hostname that listen by inventory>
tasks:
- name: Run Shell Command command: echo “Hello World”
Run the playbook with the following command
sudo ansible-playbook test.yaml
Conclusion
With the help of Ansible, we can use AWS services more consistently and help define configurations and deploy these configurations across environments automatically. It also ensures safe automation by making sure that only permitted configurations are deployed. With the help of Ansible, all cloud deployments are automated using automation playbooks. This blog takes you through a quick walk around how to setup Ansible AWS Dynamic Inventory.
For more information on similar projects, contact us at info@ankercloud.com