
Example Ansible scripts for building a full, multi-AZ AWS stack - Rabidgremlin
https://github.com/rabidgremlin/dev-ops-snippets/tree/master/aws-full-stack
======
akurilin
This is great! I've had a hard time finding examples of pro-grade ansible
playbooks that deploy entire products across multiple environments. I've had
to assemble dozens of randomly obtained ideas piece by piece over the years,
but it'd be fantastic if there were more full projects for reference out
there. Any idea where one could find more complete examples for best practice
reference?

~~~
Rabidgremlin
Yeah it was really hard finding good examples to piece this together. Also I'm
not sure this is a best practice example as it probably should use roles....

~~~
rguiliani
Roles PR'd

~~~
Rabidgremlin
Awesome... I had avoided roles to keep things easier to understand but will
check out the PR.

------
mirceal
How is this better than going the Cloudformation route? (genuinely curios)

Seen Cloudformation coupled with Chef or Puppet. I don't see why Ansible would
not work in the later stages of bringing up the machines, but personally think
it's overkill to do everything via an Ansible playbook.

~~~
dmourati
Same feedback. Cloudformation has many advantages including idempotency and
ability to tear down what it created.

Also, see terraform from Hashicorp:

[https://www.terraform.io/intro/vs/cloudformation.html](https://www.terraform.io/intro/vs/cloudformation.html)

Still, a complete Ansible approach is illustrative so kudos on that.

~~~
mpdehaan2
(disclaimer: I wrote Ansible)

These are some pretty clean playbooks and probably the most coherent example
of using the ec2 modules together I've ever seen.

Alternative approach for consideration -- currently, I am working for a
company who has a very nice deployment setup that mostly just uses mostly just
the Ansible ec2_tag and ec2_facts, and has an Immutable Systems (Packer) stack
deployed by CloudFormation and Asgard APIs. In other words, the ansible cloud
modules are not heavily utilized, but it's nice because in CF we have access
to all the knobs and services. Asgard handles rolling updates across ELBs,
where CF defines the infrastructure.

It's a pretty good setup! Ansible cloud modules are more or less serially
executed, but don't know about each other. I do think it's important that
Cloud Formation and other solutions understand the relationships between the
resources.

For this reason, Terraform is super interesting conceptually, and it may be a
good answer to some quirks in CF (one being it's a little hard to
read/write!). Though I haven't had much direct experience to try it out, I
look forward to having some time in the future.

Aside: Troposphere is an interesting project but doesn't have a lot of AWS
service coverage yet -
[https://github.com/cloudtools/troposphere](https://github.com/cloudtools/troposphere)

Organizations attempting "multiple-cloud providers" have more challenges than
ones attempting to just pick AWS (or another), that's for sure - as they are
really different in the end, and I sort of have this question in the back of
my mind whether cloud abstractions are really a good idea in the end, or you
really really need to know the differences between Cloud X and Y (especially
to expose all the constituent services accurately).

Anyway, yeah, I think building Packer images with Ansible and deploying with
something like Terraform is where I would consider starting if I had a green
field infrastructure.

Don't live-manage your AWS boxen if you can help it, as you miss most of the
advantages of being able to deploy AMIs. A packer.json in the example would be
a good idea, and you'll get faster deploys that are a bit more predictable.
Then you can use something like Vagrant to test the packer config.

I wrote a very lightweight Vagrant clone here this weekend for exactly that
purpose -
[https://github.com/mpdehaan/strider](https://github.com/mpdehaan/strider)

------
arbabnazar
That might be helpful for you. [https://github.com/arbabnazar/ansible-aws-vpc-
ha-wordpress](https://github.com/arbabnazar/ansible-aws-vpc-ha-wordpress)

------
sandGorgon
Wow...this is really cool. Does this work with the newer version 4 signing
keys?

~~~
Rabidgremlin
Mmm I'm not sure. The Ansible AWS modules use the Boto library so perhaps
there is more info in its docs somewhere?

