업데이트:

Ansible aws_ec2 plugin 활용, AWS EC2 동적 Inventory 구성

Ansible plugin : aws_ec2

Requirements

  • python package : boto3, botocore
  • YAML 설정 파일 이름이 aws_ec2.(yml|yaml) 로 끝나야 함
$ ansible --version
ansible 2.9.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/cdecl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.10 (default, Jun  2 2021, 10:49:15) [GCC 9.4.0]


# install boto3, botocore
$ pip3 install boto3

기본설정

aws_ec2.yaml
  • plugin : 프러그인 이름, 필수
  • regions : 지정하면 더 빠른 조회
plugin: aws_ec2
regions:
  - ap-northeast-2

# .aws/credendial 파일이 없으면 
aws_access_key_id: AKIA3**************
aws_secret_access_key: 1oxRajyBX**********************
~/.aws/credentials
[default]
aws_access_key_id = AKIA3**************
aws_secret_access_key = 1oxRajyBX**********************

Inventory 확인

  • 기본 aws_ec2 그룹으로 생성
# json 형태로 ec2 node 정보 및 group 정보 리스트 
$ ansible-inventory -i aws_ec2.yaml --list
...
    "all": {
        "children": [
            "aws_ec2",
            "ungrouped"
        ]
    },
    "aws_ec2": {
        "hosts": [
            "ip-10-211-20-159.ap-northeast-2.compute.internal",
            "ip-10-211-20-229.ap-northeast-2.compute.internal",
            "ip-10-211-20-45.ap-northeast-2.compute.internal"
        ]
    }
}

# inventory 정보를 그래프 형태로 표시
$ ansible-inventory -i aws_ec2.yaml --graph
@all:
  |--@aws_ec2:
  |  |--ip-10-211-20-159.ap-northeast-2.compute.internal
  |  |--ip-10-211-20-229.ap-northeast-2.compute.internal
  |  |--ip-10-211-20-45.ap-northeast-2.compute.inte

# ansible 명령으로 확인
$ ansible -i aws_ec2.yaml --list-hosts all
  hosts (3):
    ip-10-211-20-229.ap-northeast-2.compute.internal
    ip-10-211-20-159.ap-northeast-2.compute.internal
    ip-10-211-20-45.ap-northeast-2.compute.internal

필터 및 그룹화

plugin: aws_ec2
regions:
  - ap-northeast-2

filters:
  # tag 정보가 AutoDelete:False 인 인스턴스 
  tag:AutoDelete: "False"
  # running 상태 인스턴스
  instance-state-name: 'running'

keyed_groups:
  # tag 를 기준으로 그룹화, "prefix_key_value" 형식의 그룹이름 
  - prefix: tag
    key: tags
# tag 로 그룹화 
$ ansible-inventory -i aws_ec2.yaml --graph
@all:
  |--@aws_ec2:
  |  |--ip-10-211-20-159.ap-northeast-2.compute.internal
  |  |--ip-10-211-20-229.ap-northeast-2.compute.internal
  |  |--ip-10-211-20-45.ap-northeast-2.compute.internal
  |--@tag_AutoDelete_False:
  |  |--ip-10-211-20-159.ap-northeast-2.compute.internal
  |  |--ip-10-211-20-229.ap-northeast-2.compute.internal
  |  |--ip-10-211-20-45.ap-northeast-2.compute.internal
...
  |--@tag_Name_kube01:
  |  |--ip-10-211-20-45.ap-northeast-2.compute.internal
  |--@tag_Name_kube02:
  |  |--ip-10-211-20-159.ap-northeast-2.compute.internal
  |--@tag_Name_kube03:
  |  |--ip-10-211-20-229.ap-northeast-2.compute.internal
  |--@ungrouped:


# ansible 명령으로 확인
$ ansible -i aws_ec2.yaml tag_AutoDelete_False --list-hosts
  hosts (3):
    ip-10-211-20-229.ap-northeast-2.compute.internal
    ip-10-211-20-159.ap-northeast-2.compute.internal
    ip-10-211-20-45.ap-northeast-2.compute.internal

$ ansible -i aws_ec2.yaml tag_Name_kube01 --list-hosts
  hosts (1):
    ip-10-211-20-45.ap-northeast-2.compute.internal

Host 연결을 위한 inventory parameters 추가

# aws.host
[win:children]
tag_AutoDelete_False

[win:vars]
ansible_user=rundeck
ansible_password=<passowrd>
ansible_connection=winrm
ansible_port=5985
$ ansible-inventory -i aws_ec2.yaml -i aws.host --vars --list
{
    "_meta": {
        "hostvars": {
            "ip-10-211-20-159.ap-northeast-2.compute.internal": {
                "ami_launch_index": 1,
                "ansible_connection": "winrm",
                "ansible_password": "<passowrd>",
                "ansible_port": 5985,
                "ansible_user": "ansible",
                "architecture": "x86_64",
...

ansible-inventory --list 옵션으로 hosts 파일 형식 구성

$ ansible-inventory -i aws_ec2.yaml --list | jq -r '._meta.hostvars[] | "\(.private_ip_address) \(.tags.Name) "'
10.211.20.159 kube02
10.211.20.229 kube03
10.211.20.45 kube01

Ansible EC2 Dynamic inventory minimum IAM policies

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Demo201505282045",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "route53:ListHostedZones",
                "route53:ListResourceRecordSets"
            ],
            "Resource": "*"
        }
    ]
}

댓글남기기