Posted at

【メモ】ansibleでAWSのEC2インスタンスの基本設定をするplaybook

More than 3 years have passed since last update.


EC2インスタンス設定用


雑だけど、とりあえず作ったやつ


コード


ansible/roles/aws/amazon-linux-init/tasks/main.yml

- name: check initialize process is completed.

stat: path=/root/.init.lock
register: is_init_lock

- name: check env
shell: echo {{host_name}} | cut -d "-" -f1
register: env

- name: debug env
debug: var=env

- name: check apps_dir
shell: lsblk | grep {{apps_dir}}
register: is_mount
ignore_errors: True

- name: debug is_mount
debug: var=is_mount

- name: create apps directory
file: path={{apps_dir}} state=directory owner={{main_user}} group={{main_user}} mode=0755

- name: disk format
shell: mkfs -t ext4 {{mount_device}}
when: is_mount|failed
ignore_errors: True

- name: check fstab is backuped.
stat: path=/etc/fstab.org
register: is_backup_fstab

- name: fstab backup
shell: cp -p /etc/fstab /etc/fstab.orig
when: is_backup_fstab.stat.md5 is not defined

- name: check registed app directory mount on fstab
shell: grep {{apps_dir}} /etc/fstab
register: is_regist_app_directory_mount
ignore_errors: True

- name: debug is_regist_app_directory_mount
debug: var=is_regist_app_directory_mount

- name: regist app directory mount to fstab
shell: echo "{{mount_device}} {{apps_dir}} ext4 defaults,nofail 0 2" >> /etc/fstab
when: is_regist_app_directory_mount|failed
ignore_errors: True

- name: mount all
shell: mount -a
when: is_regist_app_directory_mount|failed
ignore_errors: True

- name: add PS1 to bash_profile
shell: |
echo 'export PS1="[{{env.stdout}}][\u@\h \W]\\$ "' >> /home/ec2-user/.bash_profile
when: is_init_lock.stat.md5 is not defined

- name: change host name in network config
shell: sed -i -e "s/localhost\.localdomain/{{host_name}}/g" /etc/sysconfig/network

- name: Set JST
shell: cp -p /usr/share/zoneinfo/Japan /etc/localtime
when: is_init_lock.stat.md5 is not defined

- name: set hosts from template
template: src=../templates/hosts.tpl dest=/etc/hosts owner=root group=root mode=0644

- name: network restart
service: name=network state=restarted
when: is_init_lock.stat.md5 is not defined

- name: create initialize lock file
shell: touch /root/.init.lock
when: is_init_lock.stat.md5 is not defined

- name: chown apps directory
shell: chown {{main_user}}:{{main_user}} {{apps_dir}}



ansible/roles/aws/amazon-linux-init/templates/hosts.tpl

127.0.0.1   localhost localhost.localdomain {{host_name}}



ansible/roles/aws/amazon-linux-init/vars/main.yml

mount_device: /dev/xvdb



ansible/roles/aws/common/vars/main.yml

main_user: ec2-user



ansible/roles/common/tasks/main.yml

- name: resolve env

shell: hostname | cut -d "-" -f1
register: env

- name: debug env.stdout
debug: var=env.stdout

- name: read vars file
include_vars: ../vars/dev.yml
when: env.stdout == "local"

- name: read vars file
include_vars: ../vars/dev.yml
when: env.stdout == "dev"

- name: include prod vars file
include_vars: ../vars/prd.yml
when: env.stdout == "prd"

- name: create logs directory
file: path={{app_log_dir}} state=directory owner={{main_user}} group={{main_user}} mode=0755



ansible/roles/common/vars/dev.yml

# githubに置いているので本来はここの内容はansible-vault encryptで暗号化されている

# AWSでAPI使う用 (今回のとこでは使ってないけど一応)
access_key_id: ABCDEFGHIJPLMN
secret_access_key: asdfghjfdssa++dfgdfg



ansible/aws-init-setting.yml

- hosts: '{{host_name}}'

sudo: yes
roles:
- common
- aws/common
- aws/amazon-linux-init


ansible/inventories/dev/hosts

# ローカルに実行するためにansible_connectionを設定

local-common-hoge01 ansible_connection=local
local-common-hoge02 ansible_connection=ssh


実行コマンド

ansible-playbook ansible/aws-init-setting.yml -i ansible/inventories/dev/hosts --extra-vars "host_name=dev-common-hoge01" --vault-pass ~/.ansible_dev_vault_pass


やってること


  • bashのプロンプトが [環境名][ユーザ名@ホスト名]$ ってなるように設定

  • ホスト名の設定

  • JSTに設定

  • あらかじめ作成しておいたEBSをext4にフォーマットして/var/appsにマウント