Ansible

Use the Ansible integration to execute Ansible playbooks in a secure and centrally managed environment.

Overview

The current state of art creates ad-hoc mechanisms to manage secrets, pass data, collect logs, and manage users for which the playbooks are being developed.

Using the Fylamynt | Ansible integration you can run your playbooks in a secure environment where the team workload can be orchestrated seamlessly.

Use Cases

The integration between Fylamynt and Ansible lets you:

  • Execute an Ansible playbook from your S3 bucket and collect logs.

  • Centrally manage the SSH keys used by Ansible to connect with target VMs to execute commands.

  • Monitor execution status and pair it with other integration actions that Fylamynt offers. For example, the execution status can be passed to a conditional node which branches out to either sending a Slack message or create a JIRA issue.

Configure Ansible in Fylamynt

  • Navigate to Settings > Integrations > Ansible.

  • Click Add integration to create and configure a new integration instance.

Details needed to set up Ansible instance in Fylamynt:

Parameter

Description

Required

Playbooks (S3 bucket with playbooks directory)

The Ansible directory hierarchy is expected to be available in an S3 bucket with Ansible playbooks.

True

S3 Access Role (Fylamynt IAM role for bucket policy in target account)

To enable cross-account access to the S3 bucket.

True

Logs (S3 bucket for execution logs)

The output of a run will be uploaded to the same bucket, or an optional S3 bucket for log files.

False

SSH Private Key (Ansible Controller Private ssh key)

Access to these resources needs to be granted by following the instructions below. A SSH private key that allows access to the managed nodes needs to be provided.

True

Follow the steps listed below in your AWS Account and get the desired parameters to enter in Fylamynt.

  • Login to the AWS console

  • Enable cross-account access to the S3 bucket with Ansible playbooks and the optional S3 bucket for log files:

  • Paste the value for Principal from the right pane into the green Principal field for the Bucket policy. The red Resource field should have entries for the bucket and the objects within.

The policy for a single bucket or the optional S3 bucket for log files should be:

A more restrictive policy for a separate S3 bucket with Ansible playbooks can be:

Integration Actions

You can add these actions in Fylamynt workflow builder, as part of your workflow.

1. Ansible Run Playbook

This action launches a playbook with Ansible.

Input

Parameter Name

Description

Required

playbook

The name of the playbook to be run

True

hosts

A list of target hosts for the Ansible playbook run, or the name of the inventory YAML file.

True

alias

The target account for the run

True

user

The user on the remote system, defaults to admin

False

extra_args

Any extra arguments to be passed to the ansible-playbook command

False

Output

Parameter Name

Type

Description

task_arn

String

The ARN for the task running the job.

task_status

String

The task status when the action returns

log_bucket

String

The S3 bucket in which the log file will be saved

log_key

String

The file name for the log.

Action Example