From 510d152582e324e6de78e3fddde47fa045888b03 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Fri, 10 Jan 2020 10:17:40 +1100 Subject: [PATCH 1/9] DCD-890: Ensure the awscli is available. --- roles/aws_common/tasks/amazon.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/aws_common/tasks/amazon.yml b/roles/aws_common/tasks/amazon.yml index a6592bf..314cae7 100644 --- a/roles/aws_common/tasks/amazon.yml +++ b/roles/aws_common/tasks/amazon.yml @@ -3,6 +3,7 @@ - name: Install AWS support packages yum: name: + - aswcli - ec2-utils - amazon-ssm-agent - amazon-efs-utils From c4b524580da83cef299db1d3602021d51fda8cef Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 13 Jan 2020 13:31:06 +1100 Subject: [PATCH 2/9] DCD-890: Start of ASG tag manipulation. --- roles/aws_common/tasks/main.yml | 3 +++ roles/aws_common/tasks/write-tags.yml | 28 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 roles/aws_common/tasks/write-tags.yml diff --git a/roles/aws_common/tasks/main.yml b/roles/aws_common/tasks/main.yml index b08eb67..9c90622 100644 --- a/roles/aws_common/tasks/main.yml +++ b/roles/aws_common/tasks/main.yml @@ -24,5 +24,8 @@ notify: - Restart CloudWatch Agent +- name: Store some metadata about this run + include_tasks: "write-tags.yml" + - name: Initiate the startup of any new AWS services now meta: flush_handlers diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml new file mode 100644 index 0000000..a6acba9 --- /dev/null +++ b/roles/aws_common/tasks/write-tags.yml @@ -0,0 +1,28 @@ +--- + +- name: Fetch local EC2 metadata + ec2_metadata_facts: + +- name: Retrieve all available EC2 tags + ec2_tag: + region: "{{ ansible_ec2_placement_region }}" + resource: "{{ ansible_ec2_instance_id }}" + state: list + register: ec2_instance_tags + +- name: Retrieve autoscaling group + set_fact: + ec2_autoscaling_group: "{{ ec2_tags.tags['aws:autoscaling:groupName']|default('') }}" + +- block: + + - name: Get AutoscalingGroup tags + command: "aws autoscaling describe-tags --filters Name=auto-scaling-group,Values='{{ ec2_autoscaling_group }}'" + register: asg_tags_out + + - name: Parse and transform the AWS tags into a lookup table + set_fact: + asg_tags: "{{ (asg_tags_out.stdout | from_json).Tags | items2dict(key_name='Key', value_name='Value') }}" + + when: ec2_autoscaling_group != '' + From 4a520c1ec3f6eaba3117acf791cf2aae0b4b641c Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 14 Jan 2020 09:48:29 +1100 Subject: [PATCH 3/9] DCD-890: Add ability to write some tags into the autoscaling-group. --- roles/aws_common/tasks/amazon.yml | 7 ++--- roles/aws_common/tasks/write-tags.yml | 39 ++++++++++++++++++++++++--- 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/roles/aws_common/tasks/amazon.yml b/roles/aws_common/tasks/amazon.yml index 314cae7..b4b597f 100644 --- a/roles/aws_common/tasks/amazon.yml +++ b/roles/aws_common/tasks/amazon.yml @@ -3,10 +3,11 @@ - name: Install AWS support packages yum: name: - - aswcli - - ec2-utils - - amazon-ssm-agent - amazon-efs-utils + - amazon-ssm-agent + - awscli + - git + - ec2-utils - name: Install CloudWatch Agent yum: diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml index a6acba9..63954cc 100644 --- a/roles/aws_common/tasks/write-tags.yml +++ b/roles/aws_common/tasks/write-tags.yml @@ -15,14 +15,47 @@ ec2_autoscaling_group: "{{ ec2_tags.tags['aws:autoscaling:groupName']|default('') }}" - block: - + # We're in an ASG, lookup the tags... - name: Get AutoscalingGroup tags - command: "aws autoscaling describe-tags --filters Name=auto-scaling-group,Values='{{ ec2_autoscaling_group }}'" + command: "aws autoscaling + describe-tags + --region {{ ansible_ec2_placement_region }} + --filters Name=auto-scaling-group,Values='{{ ec2_autoscaling_group }}'" register: asg_tags_out - name: Parse and transform the AWS tags into a lookup table set_fact: asg_tags: "{{ (asg_tags_out.stdout | from_json).Tags | items2dict(key_name='Key', value_name='Value') }}" - when: ec2_autoscaling_group != '' + - block: + # No existing timestamp, so this is a first run. Persist some metadata into the ASG. + - name: Fetch the git revision for this repo + command: + cmd: git rev-parse HEAD + register: git_out + - name: Setup the new ASG tags + set_fact: + deployment_firstrun_meta: + - ResourceType: "auto-scaling-group" + ResourceId: "{{ ec2_autoscaling_group }}" + PropagateAtLaunch: true + Key: "atl:deployment:commit" + Value: "{{ git_out.stdout }}" + + - ResourceType: "auto-scaling-group" + ResourceId: "{{ ec2_autoscaling_group }}" + PropagateAtLaunch: true + Key: "atl:deployment:first-run" + Value: "{{ ansible_date_time.iso8601 }}" + + - name: Set the first-run tags on the ASG + command: "aws autoscaling + create-or-update-tags + --region {{ ansible_ec2_placement_region }} + --tags '{{ deployment_firstrun_meta | to_json }}'" + + when: asg_tags['atl:deployment:first-run'] is not defined + + when: ec2_autoscaling_group != '' + ignore_errors: true From 590eca6aa5b044937ef153d5331477888f034f52 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 14 Jan 2020 09:50:29 +1100 Subject: [PATCH 4/9] DCD-890: Remove duplicate metadata lookup. --- roles/aws_common/tasks/write-tags.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml index 63954cc..243d338 100644 --- a/roles/aws_common/tasks/write-tags.yml +++ b/roles/aws_common/tasks/write-tags.yml @@ -1,8 +1,5 @@ --- -- name: Fetch local EC2 metadata - ec2_metadata_facts: - - name: Retrieve all available EC2 tags ec2_tag: region: "{{ ansible_ec2_placement_region }}" From ce52f347423c7e7d45ae7f6c462fecac839bc090 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 14 Jan 2020 11:14:36 +1100 Subject: [PATCH 5/9] DCD-890: Simplify tagging logic. --- roles/aws_common/tasks/write-tags.yml | 65 +++++++++++---------------- 1 file changed, 26 insertions(+), 39 deletions(-) diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml index 243d338..2c0fc47 100644 --- a/roles/aws_common/tasks/write-tags.yml +++ b/roles/aws_common/tasks/write-tags.yml @@ -9,50 +9,37 @@ - name: Retrieve autoscaling group set_fact: - ec2_autoscaling_group: "{{ ec2_tags.tags['aws:autoscaling:groupName']|default('') }}" + ec2_autoscaling_group: "{{ ec2_tags.tags['aws:autoscaling:groupName'] | default('') }}" - block: - # We're in an ASG, lookup the tags... - - name: Get AutoscalingGroup tags - command: "aws autoscaling - describe-tags - --region {{ ansible_ec2_placement_region }} - --filters Name=auto-scaling-group,Values='{{ ec2_autoscaling_group }}'" - register: asg_tags_out + # No existing timestamp, so this is a first run. Persist some metadata into the ASG. + - name: Fetch the git revision for this repo + command: + cmd: git rev-parse HEAD + register: git_out - - name: Parse and transform the AWS tags into a lookup table + - name: Setup the new ASG tags set_fact: - asg_tags: "{{ (asg_tags_out.stdout | from_json).Tags | items2dict(key_name='Key', value_name='Value') }}" + deployment_firstrun_meta: + - ResourceType: "auto-scaling-group" + ResourceId: "{{ ec2_autoscaling_group }}" + PropagateAtLaunch: true + Key: "atl:deployment:commit" + Value: "{{ git_out.stdout }}" - - block: - # No existing timestamp, so this is a first run. Persist some metadata into the ASG. - - name: Fetch the git revision for this repo - command: - cmd: git rev-parse HEAD - register: git_out + - ResourceType: "auto-scaling-group" + ResourceId: "{{ ec2_autoscaling_group }}" + PropagateAtLaunch: true + Key: "atl:deployment:first-run" + Value: "{{ ansible_date_time.iso8601 }}" - - name: Setup the new ASG tags - set_fact: - deployment_firstrun_meta: - - ResourceType: "auto-scaling-group" - ResourceId: "{{ ec2_autoscaling_group }}" - PropagateAtLaunch: true - Key: "atl:deployment:commit" - Value: "{{ git_out.stdout }}" + - name: Set the first-run tags on the ASG + command: "aws autoscaling + create-or-update-tags + --region {{ ansible_ec2_placement_region }} + --tags '{{ deployment_firstrun_meta | to_json }}'" - - ResourceType: "auto-scaling-group" - ResourceId: "{{ ec2_autoscaling_group }}" - PropagateAtLaunch: true - Key: "atl:deployment:first-run" - Value: "{{ ansible_date_time.iso8601 }}" - - - name: Set the first-run tags on the ASG - command: "aws autoscaling - create-or-update-tags - --region {{ ansible_ec2_placement_region }} - --tags '{{ deployment_firstrun_meta | to_json }}'" - - when: asg_tags['atl:deployment:first-run'] is not defined - - when: ec2_autoscaling_group != '' + when: + - ec2_autoscaling_group != '' + - ec2_instance_tags.tags['atl:deployment:first-run'] is not defined ignore_errors: true From f311337a168d04f3d045d3dbb24b0d82511eed13 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 14 Jan 2020 11:30:00 +1100 Subject: [PATCH 6/9] DCD-890: Add setting the metadata on the local instance too. --- roles/aws_common/tasks/write-tags.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml index 2c0fc47..254e92b 100644 --- a/roles/aws_common/tasks/write-tags.yml +++ b/roles/aws_common/tasks/write-tags.yml @@ -33,13 +33,25 @@ Key: "atl:deployment:first-run" Value: "{{ ansible_date_time.iso8601 }}" - - name: Set the first-run tags on the ASG + # Set the tags on the ASG and the local instance. We need to + # ignore errors as it's possible we don't have the permissions, + # and we can't check up-front. + - name: Set the first-run tags on the ASG ("FAIL" is not critical) command: "aws autoscaling create-or-update-tags --region {{ ansible_ec2_placement_region }} --tags '{{ deployment_firstrun_meta | to_json }}'" + ignore_errors: true + + - name: Set the tags on the local instance ("FAIL" is not critical) + ec2_tag: + region: "{{ ansible_ec2_placement_region }}" + resource: "{{ ansible_ec2_instance_id }}" + tags: + "atl:deployment:commit": "{{ git_out.stdout }}" + "atl:deployment:first-run": "{{ ansible_date_time.iso8601 }}" + ignore_errors: true when: - ec2_autoscaling_group != '' - ec2_instance_tags.tags['atl:deployment:first-run'] is not defined - ignore_errors: true From 1bcd873ac45277176808d68a9d39c09b30811292 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 14 Jan 2020 13:15:50 +1100 Subject: [PATCH 7/9] DCD-890: Fixes from testing. --- roles/aws_common/molecule/default/molecule.yml | 2 ++ roles/aws_common/tasks/write-tags.yml | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/aws_common/molecule/default/molecule.yml b/roles/aws_common/molecule/default/molecule.yml index 9db2aa4..9abbc31 100644 --- a/roles/aws_common/molecule/default/molecule.yml +++ b/roles/aws_common/molecule/default/molecule.yml @@ -16,6 +16,8 @@ provisioner: name: ansible lint: name: ansible-lint + options: + x: ["303", "602"] inventory: links: group_vars: ../../../../group_vars/ diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml index 254e92b..ef9810f 100644 --- a/roles/aws_common/tasks/write-tags.yml +++ b/roles/aws_common/tasks/write-tags.yml @@ -6,6 +6,8 @@ resource: "{{ ansible_ec2_instance_id }}" state: list register: ec2_instance_tags + tags: + - notest - name: Retrieve autoscaling group set_fact: @@ -48,8 +50,8 @@ region: "{{ ansible_ec2_placement_region }}" resource: "{{ ansible_ec2_instance_id }}" tags: - "atl:deployment:commit": "{{ git_out.stdout }}" - "atl:deployment:first-run": "{{ ansible_date_time.iso8601 }}" + "atl:deployment:commit": "{{ git_out.stdout }}" + "atl:deployment:first-run": "{{ ansible_date_time.iso8601 }}" ignore_errors: true when: From cf859874b3c0b1e770a4eab993f35d56d39fae9f Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 14 Jan 2020 15:23:09 +1100 Subject: [PATCH 8/9] DCD-890: Missed some tests. --- roles/aws_common/molecule/cw-disabled/molecule.yml | 2 ++ roles/aws_common/molecule/logs-disabled/molecule.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/roles/aws_common/molecule/cw-disabled/molecule.yml b/roles/aws_common/molecule/cw-disabled/molecule.yml index 9db2aa4..9abbc31 100644 --- a/roles/aws_common/molecule/cw-disabled/molecule.yml +++ b/roles/aws_common/molecule/cw-disabled/molecule.yml @@ -16,6 +16,8 @@ provisioner: name: ansible lint: name: ansible-lint + options: + x: ["303", "602"] inventory: links: group_vars: ../../../../group_vars/ diff --git a/roles/aws_common/molecule/logs-disabled/molecule.yml b/roles/aws_common/molecule/logs-disabled/molecule.yml index 9db2aa4..9abbc31 100644 --- a/roles/aws_common/molecule/logs-disabled/molecule.yml +++ b/roles/aws_common/molecule/logs-disabled/molecule.yml @@ -16,6 +16,8 @@ provisioner: name: ansible lint: name: ansible-lint + options: + x: ["303", "602"] inventory: links: group_vars: ../../../../group_vars/ From 7a25e7a10c343ade383adef36c5a7f7963367fd1 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Wed, 15 Jan 2020 11:43:23 +1100 Subject: [PATCH 9/9] DCD-890: Older installs may not have DescribeTags perms. --- roles/aws_common/tasks/write-tags.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/aws_common/tasks/write-tags.yml b/roles/aws_common/tasks/write-tags.yml index ef9810f..6c8c734 100644 --- a/roles/aws_common/tasks/write-tags.yml +++ b/roles/aws_common/tasks/write-tags.yml @@ -6,6 +6,7 @@ resource: "{{ ansible_ec2_instance_id }}" state: list register: ec2_instance_tags + ignore_errors: true tags: - notest