- ansible >= 2.3
- AWS Account w/ IAM access
# 2017-04
brew install python
sudo -H pip install --upgrade ansible
sudo -H pip install --ignore-installed six # fix bug with boto
sudo -H pip install --ignore-installed python-dateutil # fix bug with botocore
sudo -H pip install --upgrade botocore boto boto3 passlib
sudo -H pip install --upgrade --user awscli
# bashrc
export PYTHONPATH=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
export PATH=~/Library/Python/2.7/bin:$PATH
# Other deps
# mysql_*
sudo -H pip install --upgrade MySQL-python
Keep it lowercase.
./run
./playbook.yml
These step will allow you to create the necessary policies for all required ansible commands.
Repeat each for all files in docs/aws_policies
.
- Click Policies
- Click
Create Policy
- Find
Create Your Own Policy
- Click
Select
. - Field
Policy Name
: Enter something likeansible_{{file_name}}
. - Field
Policy Document
: Paste contents of{{file_name}}
into field. - Click
Create Policy
.
- Click Groups
- Click
Create New Group
. - Enter
ansible
. - Click
Next Step
. - Select all
ansible_*
policies (created above). - Click
Next Step
. - Click
Create Group
.
Also attach AdministratorAccess
.
- Click Users
- Click
Add user
. - Field
User name
: Enteransible
. - Check
Programmatic access
. - Click
Next: Permissions
. - Select group
ansible
(created above). - Click
Next: Review
. - Click
Create user
. - Save
Access key ID
andSecret access key
to localhost. - Click
Close
.
-
Create
~/.vault_password_{{ org_id }}
with the contents being a long random password. -
Create
group_vars/all/secrets.yml
.
---
## AWS ##
# IAM Access key
aws_access_key: ''
aws_secret_key: ''
# RDS
db_password: ''
- Encrypt secrets.
ansible-vault encrypt group_vars/all/secrets.yml --vault-password-file ~/.vault_password
./run
- Setup localhost AWS profile
- Scaffold VPC networking
- Setup AWS private ssh key
- Enable IPv6
- BUG NAT deploys failed
- Double check route table has working nat and matches
- BUG DNS 8.8.8.8 not reachable from private subnet
- Add
delete on termination
to ec2 volumes - Encrypted RDS not supported in ansible + boto - boto/boto#3027
- update access policy (ansible user) https://awspolicygen.s3.amazonaws.com/policygen.html
- docker swarm
- elastic-cloud ansible
- jenkins ansible