【メモ】ansibleでAWSのEC2インスタンスの基本設定をするplaybook

  • 2
    Like
  • 0
    Comment
More than 1 year has passed since last update.

EC2インスタンス設定用

雑だけど、とりあえず作ったやつ

コード

ansible/roles/aws/amazon-linux-init/tasks/main.yml
- name: check initialize process is completed.
  stat: path=/root/.init.lock
  register: is_init_lock

- name: check env
  shell: echo {{host_name}} | cut -d "-" -f1
  register: env

- name: debug env
  debug: var=env

- name: check apps_dir
  shell: lsblk | grep {{apps_dir}}
  register: is_mount
  ignore_errors: True

- name: debug is_mount
  debug: var=is_mount

- name: create apps directory
  file: path={{apps_dir}} state=directory owner={{main_user}} group={{main_user}} mode=0755

- name: disk format
  shell: mkfs -t ext4 {{mount_device}}
  when: is_mount|failed
  ignore_errors: True

- name: check fstab is backuped.
  stat: path=/etc/fstab.org
  register: is_backup_fstab

- name: fstab backup
  shell: cp -p /etc/fstab /etc/fstab.orig
  when: is_backup_fstab.stat.md5 is not defined

- name: check registed app directory mount on fstab
  shell: grep {{apps_dir}} /etc/fstab
  register: is_regist_app_directory_mount
  ignore_errors: True

- name: debug is_regist_app_directory_mount
  debug: var=is_regist_app_directory_mount

- name: regist app directory mount to fstab
  shell: echo "{{mount_device}}   {{apps_dir}}   ext4  defaults,nofail 0   2" >> /etc/fstab
  when: is_regist_app_directory_mount|failed
  ignore_errors: True

- name: mount all
  shell: mount -a
  when: is_regist_app_directory_mount|failed
  ignore_errors: True

- name: add PS1 to bash_profile
  shell: |
    echo 'export PS1="[{{env.stdout}}][\u@\h \W]\\$ "' >> /home/ec2-user/.bash_profile
  when: is_init_lock.stat.md5 is not defined

- name: change host name in network config
  shell: sed -i -e "s/localhost\.localdomain/{{host_name}}/g" /etc/sysconfig/network

- name: Set JST
  shell: cp -p /usr/share/zoneinfo/Japan /etc/localtime
  when: is_init_lock.stat.md5 is not defined

- name: set hosts from template
  template: src=../templates/hosts.tpl dest=/etc/hosts owner=root group=root mode=0644

- name: network restart
  service: name=network state=restarted
  when: is_init_lock.stat.md5 is not defined

- name: create initialize lock file
  shell: touch /root/.init.lock
  when: is_init_lock.stat.md5 is not defined

- name: chown apps directory
  shell: chown {{main_user}}:{{main_user}} {{apps_dir}}
ansible/roles/aws/amazon-linux-init/templates/hosts.tpl
127.0.0.1   localhost localhost.localdomain {{host_name}}
ansible/roles/aws/amazon-linux-init/vars/main.yml
mount_device: /dev/xvdb
ansible/roles/aws/common/vars/main.yml
main_user: ec2-user
ansible/roles/common/tasks/main.yml
- name: resolve env
  shell: hostname | cut -d "-" -f1
  register: env

- name: debug env.stdout
  debug: var=env.stdout

- name: read vars file
  include_vars: ../vars/dev.yml
  when: env.stdout == "local"

- name: read vars file
  include_vars: ../vars/dev.yml
  when: env.stdout == "dev"

- name: include prod vars file
  include_vars: ../vars/prd.yml
  when: env.stdout == "prd"

- name: create logs directory
  file: path={{app_log_dir}} state=directory owner={{main_user}} group={{main_user}} mode=0755

ansible/roles/common/vars/dev.yml
# githubに置いているので本来はここの内容はansible-vault encryptで暗号化されている

# AWSでAPI使う用 (今回のとこでは使ってないけど一応)
access_key_id: ABCDEFGHIJPLMN
secret_access_key: asdfghjfdssa++dfgdfg

ansible/aws-init-setting.yml
- hosts: '{{host_name}}'
  sudo: yes
  roles:
    - common
    - aws/common
    - aws/amazon-linux-init
ansible/inventories/dev/hosts
# ローカルに実行するためにansible_connectionを設定
local-common-hoge01 ansible_connection=local
local-common-hoge02 ansible_connection=ssh

実行コマンド

ansible-playbook ansible/aws-init-setting.yml -i ansible/inventories/dev/hosts --extra-vars "host_name=dev-common-hoge01" --vault-pass ~/.ansible_dev_vault_pass

やってること

  • bashのプロンプトが [環境名][ユーザ名@ホスト名]$ ってなるように設定
  • ホスト名の設定
  • JSTに設定
  • あらかじめ作成しておいたEBSをext4にフォーマットして/var/appsにマウント