Reputation: 5311
Ansible : Execute commands on newly created EC2 instance
I have an Ansible configuration where I am creating an EC2 instance. After the instance is ready, I want to disable periodic apt updates and wait for current update process to finish. Whenever I add the config in yml file, it executes the command on my local system. What am I doing wrong?
yml file:
---
- name: Provision an EC2 Instance
hosts: localhost
connection: local
gather_facts: False
tags: provisioning
tasks:
- name: Create New security group with below given name
local_action:
module: ec2_group
name: "{{ security_group }}"
description: Security Group for Newly Created EC2 Instance
region: "{{ region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
- name: Launch the new t2 micro EC2 Instance
local_action: ec2
group={{ security_group }}
instance_type={{ instance_type}}
image={{ image }}
wait=true
region={{ region }}
keypair={{ keypair }}
count={{count}}
register: ec2
Now, after this, I wait for ssh to finish and want to pass the following commands on the newly created Ec2 instance :
- name: Disable timers for unattended upgrade, so that none will be triggered by the `date -s` call.
raw: systemctl disable --now {{item}}
with_items:
- 'apt-daily.timer'
- 'apt-daily-upgrade.timer'
- name: Reload systemctl daemon to apply the new changes
raw: systemctl daemon-reload
- name: Purge autoupdate
raw: apt -y purge unattended-upgrades
- name: Update apt cache
raw: apt -y update
But adding them as raw is not working, or even adding them as command.
Upvotes: 2
Views: 2980
Answers (1)
Reputation: 34416
The first section of code you posted is provisioning a new EC2 instance by making calls to the AWS API from your local system:
- name: Provision an EC2 Instance
hosts: localhost
connection: local
gather_facts: False
...
- name: Create New security group with below given name
local_action:
module: ec2_group
Note the local_action section that specifies running an action locally. Also, your target is localhost.
If you then want to then configure the new system, you can add it to a host group and run some configuration steps. For example, add this following the Provision an EC2 Instance step to add the new instance's public IP to a hostgroup called ec2hosts:
- name: Add instance public IP to host group
add_host: hostname={{ item.public_ip }} groups=ec2hosts
loop: "{{ ec2.instances }}"
Now you can configure the host by targeting the host group:
- hosts: ec2hosts
name: configuration play
user: ec2-user
gather_facts: true
tasks:
- name: Disable timers for unattended upgrade, so that none will be triggered by the `date -s` call.
raw: systemctl disable --now {{item}}
with_items:
- 'apt-daily.timer'
- 'apt-daily-upgrade.timer'
- name: Reload systemctl daemon to apply the new changes
raw: systemctl daemon-reload
- name: Purge autoupdate
raw: apt -y purge unattended-upgrades
- name: Update apt cache
raw: apt -y update
To summarize, you first create the instance from your local system, wait for it to boot, add its IP address to a host group, then run additional configuration steps by running ansible against that host group. For this to work, make sure to use an SSH key pair for which the private key has been added to the SSH agent. Also, make sure to launch the EC2 instance in to a public subnet.
Refer to the Ansible Amazon Web Service Guide.
Upvotes: 5
Related Questions
- Ansible AWS create and manipulate EC2
- Best way to launch aws ec2 instances with ansible
- Create EC2 instance by Ansible with aws credentials
- Creating AMI using ec2_ami with Ansible
- Ansible: provision newly allocated ec2 instance
- AWS provision with ansible
- How to run playbook after creating ec2 with ansible
- How can I start all AWS EC2 instances in Ansible
- Ansible EC2 - Perform operation on set of instances
- How to run tasks with sudo from ansible in EC2 instance