- ansible >= 2.3
- AWS Account w/ IAM access
# 2017-04
brew install python
sudo -H pip install --upgrade ansible
sudo -H pip install --ignore-installed six # fix bug with boto
sudo -H pip install --ignore-installed python-dateutil # fix bug with botocore
sudo -H pip install --upgrade botocore boto boto3 passlib
sudo -H pip install --upgrade --user awscli
# bashrc
export PYTHONPATH=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
export PATH=~/Library/Python/2.7/bin:$PATH
# Other deps
# mysql_*
sudo -H pip install --upgrade MySQL-pythonKeep it lowercase.
./run./playbook.yml
These step will allow you to create the necessary policies for all required ansible commands.
Repeat each for all files in docs/aws_policies.
- Click Policies
- Click
Create Policy - Find
Create Your Own Policy - Click
Select. - Field
Policy Name: Enter something likeansible_{{file_name}}. - Field
Policy Document: Paste contents of{{file_name}}into field. - Click
Create Policy.
- Click Groups
- Click
Create New Group. - Enter
ansible. - Click
Next Step. - Select all
ansible_*policies (created above). - Click
Next Step. - Click
Create Group.
Also attach AdministratorAccess.
- Click Users
- Click
Add user. - Field
User name: Enteransible. - Check
Programmatic access. - Click
Next: Permissions. - Select group
ansible(created above). - Click
Next: Review. - Click
Create user. - Save
Access key IDandSecret access keyto localhost. - Click
Close.
-
Create
~/.vault_password_{{ org_id }}with the contents being a long random password. -
Create
group_vars/all/secrets.yml.
---
## AWS ##
# IAM Access key
aws_access_key: ''
aws_secret_key: ''
# RDS
db_password: ''- Encrypt secrets.
ansible-vault encrypt group_vars/all/secrets.yml --vault-password-file ~/.vault_password
./run
- Setup localhost AWS profile
- Scaffold VPC networking
- Setup AWS private ssh key
- Enable IPv6
- BUG NAT deploys failed
- Double check route table has working nat and matches
- BUG DNS 8.8.8.8 not reachable from private subnet
- Add
delete on terminationto ec2 volumes - Encrypted RDS not supported in ansible + boto - boto/boto#3027
- update access policy (ansible user) https://awspolicygen.s3.amazonaws.com/policygen.html
- docker swarm
- elastic-cloud ansible
- jenkins ansible