{"id":856,"date":"2021-07-12T01:21:00","date_gmt":"2021-07-12T01:21:00","guid":{"rendered":"https:\/\/blog.ngocha.biz\/?p=856"},"modified":"2021-07-12T01:21:00","modified_gmt":"2021-07-12T01:21:00","slug":"setup-ansible-aws-dynamic-inventory","status":"publish","type":"post","link":"https:\/\/blog.ngocha.biz\/?p=856","title":{"rendered":"How to Setup Ansible AWS Dynamic Inventory"},"content":{"rendered":"

When you are using Ansible with AWS, maintaining the inventory file will be a hectic task as AWS has frequently changed IPs, autoscaling instances, and much more.<\/p>\n

However, there is an easy solution called ansible dynamic inventory. Dynamic inventory is an ansible plugin that makes an API call to AWS to get the instance information in the run time. It gives you the ec2 instance details dynamically to manage the AWS infrastructure.<\/p>\n

\"AWS
Click to view in HD<\/span><\/figcaption><\/figure>\n

When I started using the Dynamic inventory, it was just a Python file. Later it became an Ansible plugin.<\/p>\n

I will talk more about how to manage the AWS dynamic inventory later in this article.<\/p>\n

Dynamic inventory is not limited to just AWS. It supports most of the public and private cloud platforms. Here is the article on managing GCP resources using Ansible Dynamic inventory.<\/a><\/p>\n

Setup Ansible AWS Dynamic Inventory<\/h2>\n

In this tutorial, you will learn how to set up a dynamic inventory on AWS using boto and the AWS ec2 Ansible plugin.<\/p>\n

Follow the steps carefully for the setup.<\/p>\n

Step 1:<\/strong> Ensure you have python3 <\/code>& pip3<\/code> installed in your Ansible server<\/a>.<\/p>\n

Most Linux operating system comes with phyton3. You can validate it using the following command.<\/p>\n

python3 --version<\/code><\/pre>\n
If you don’t have python3, you can install it using the following command.<\/p>\n
For centos, Redhat,<\/p>\n
sudo yum install python3 -y\nsudo yum \u2013y install python3-pip<\/code><\/pre>\n
For Debian, Ubuntu,<\/p>\n
sudo apt-get install python3 -y\nsudo apt-get install python3-pip -y<\/code><\/pre>\n
Step 2:<\/strong> Install the boto3 library. Ansible uses the boot core to make API calls to AWS to retrieve ec2 instance details.<\/p>\n
sudo pip3 install boto3<\/code><\/pre>\n
If you have used the Ansible ppa for installation, install pip using the following command.<\/p>\n
sudo apt-get install python-boto3<\/code><\/pre>\n
or else you might see the following error.<\/p>\n
ERROR! The ec2 dynamic inventory plugin requires boto3 and botocore.<\/code><\/pre>\n
Step 3:<\/strong> Create an inventory directory under \/opt<\/code> and cd into the directory.<\/p>\n
sudo mkdir -p \/opt\/ansible\/inventory\ncd \/opt\/ansible\/inventory<\/code><\/pre>\n
Step 4:<\/strong>  Create a  file named aws_ec2.yaml<\/code><\/strong> in the inventory directory.<\/p>\n
sudo vi aws_ec2.yaml<\/code><\/pre>\n
Copy the following configuration to the file. If you are running an ansible server outside the AWS environment, replace add your AWS access key and secret to the config file.<\/p>\n
\n
Important Note:<\/strong><\/b> Never commmit this file to public git repos.<\/div>\n<\/div>\n
---\nplugin: aws_ec2\naws_access_key: <YOUR-AWS-ACCESS-KEY-HERE>\naws_secret_key: <YOUR-AWS-SECRET-KEY-HERE>\nkeyed_groups:\n  - key: tags\n    prefix: tag<\/code><\/pre>\n
If your ansible server is running inside the AWS environment, attach an ec2 instance role<\/strong> with the required AWS ec2 permissions (Mostly describe instances). This way you don’t have to add the access and secret key in the configuration. Ansible will automatically use the attached role to make the AWS API calls.<\/p>\n
Step 5:<\/strong> Open \/etc\/ansible\/ansible.cfg<\/code><\/strong> file.<\/p>\n
sudo vi \/etc\/ansible\/ansible.cfg<\/code><\/pre>\n
Find the [inventory]<\/code> section and add the following line to enable the ec2 plugin.<\/p>\n
enable_plugins = aws_ec2<\/code><\/pre>\n
It should look something like this.<\/p>\n
[inventory]\nenable_plugins = aws_ec2<\/code><\/pre>\n
\"add<\/figure>\n
Step 6: <\/strong>Now let’s test the dynamic inventory configuration by listing the ec2 instances.<\/p>\n
ansible-inventory -i \/opt\/ansible\/inventory\/aws_ec2.yaml --list<\/code><\/pre>\n
The above command returns the list of ec2 instances with all its parameters in JSON format.<\/p>\n
If you want to use the dynamic inventory as a default Ansible inventory, edit the \/etc\/ansible\/ansible.cfg<\/strong><\/code> file and search for inventory parameters under defaults<\/code>. Change the inventory parameter value as shown below.<\/p>\n
inventory      = \/opt\/ansible\/inventory\/aws_ec2.yaml<\/code><\/pre>\n
\"add<\/figure>\n
Now if you run the inventory list command without passing the inventory file, Ansible looks for the default location and picks up the aws_ec2.yaml<\/code> inventory file.<\/p>\n
Step 6:<\/strong> Execute the following command to test if Ansible is able to ping all the machines returned by the dynamic inventory.<\/p>\n
ansible all -m ping<\/code><\/pre>\n
Grouping EC2 Resources With Anisble Dynamic Inventory<\/h2>\n
\n
The primary use case of AWS Ansible dynamic inventory is to execute Ansible playbooks or ad-hoc commands against a single or group of categorized or grouped instances based on tags, regions, or other ec2 parameters.<\/p>\n
You can group instances using tags, instances type, instance names, custom filters, and more. Take a look at all supported filters and keyed groups from here<\/a>.<\/p>\n
Here is a minimal configuration for aws_ec2.yaml<\/code> that uses a few keyed_groups and filters.<\/p>\n
---\nplugin: aws_ec2\n\naws_access_key: <YOUR-AWS-ACCESS-KEY-HERE>\naws_secret_key: <YOUR-AWS-SECRET-KEY-HERE>\n\nregions:\n  - us-west-2\n\nkeyed_groups:\n  - key: tags\n    prefix: tag\n  - prefix: instance_type\n    key: instance_type\n  - key: placement.region\n    prefix: aws_region<\/code><\/pre>\n
Execute the following command to list the dynamic inventory groups.<\/p>\n
ansible-inventory --graph<\/code><\/pre>\n
You will see an output like the following with all instances grouped under tags, zones, and regions with dynamic group names like  aws_region_us_west_2<\/code> , instance_type_t2_micro<\/code>, tag_Name_Ansible<\/code><\/p>\n
\"ansible<\/figure>\n
Now you can execute Ansible ad-hoc commands or playbook against these groups.<\/p>\n
Execute Ansible Commands With ec2 Dynamic Inventory<\/h2>\n
Let’s test the ec2 dynamic inventory by executing few ansible ad-hoc commands.<\/p>\n
\n
Note: <\/strong><\/b>Make sure you have the SSH keys or user\/password setup in your ansible configuration for Ansible to connect to it for executing the commands.<\/div>\n<\/div>\n
Execute Ping<\/h3>\n
I am going to execute the ping command with all instances in the region us_west_2<\/code>. As per my configuration, the dynamic group name is aws_region_us_west_2<\/code>.<\/p>\n
ansible aws_region_us_west_2 -m ping<\/code><\/pre>\n
If you have all the right configurations, you should see an output like the following.<\/p>\n
ec2-54-218-105-53.us-west-2.compute.amazonaws.com | SUCCESS => {\n    \"ansible_facts\": {\n        \"discovered_interpreter_python\": \"\/usr\/bin\/python3\"\n    },\n    \"changed\": false,\n    \"ping\": \"pong\"\n}<\/code><\/pre>\n
Using Dynamic Inventory Inside Playbook<\/h2>\n
If you want to use dynamic inventory inside the playbook, you just need to mention the group name in the hosts variable as shown below.<\/p>\n
---\n- name: Ansible Test Playbook\n  gather_facts: false\n  hosts: aws_region_us_west_2\n  tasks:\n\n    - name: Run Shell Command\n      command: echo \"Hello World\"<\/code><\/pre>\n
You checkout the ansible playbook examples<\/a> if you want to test more playbooks.<\/p>\n
\n
Ngu\u1ed3n:<\/strong> How to Setup Ansible AWS Dynamic Inventory \u2014 DevOpsCube<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Source: https:\/\/devopscube.com\/setup-ansible-aws-dynamic-inventory\/<\/p>\n","protected":false},"author":1,"featured_media":857,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-856","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts\/856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=856"}],"version-history":[{"count":0,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts\/856\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/media\/857"}],"wp:attachment":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}