Use the Ansible integration to execute Ansible playbooks in a secure and centrally managed environment.
The current state of art creates ad-hoc mechanisms to manage secrets, pass data, collect logs, and manage users for which the playbooks are being developed.
Using the Fylamynt | Ansible integration you can run your playbooks in a secure environment where the team workload can be orchestrated seamlessly.
The integration between Fylamynt and Ansible lets you:
- Execute an Ansible playbook from your S3 bucket and collect logs.
- Centrally manage the SSH keys used by Ansible to connect with target VMs to execute commands.
- Monitor execution status and pair it with other integration actions that Fylamynt offers. For example, the execution status can be passed to a conditional node which branches out to either sending a Slack message or create a JIRA issue.
- Navigate to Settings > Integrations > Ansible.
- Configure a new integration instance.
Details needed to set up Ansible instance in Fylamynt:
Playbooks (S3 bucket with playbooks directory)
The Ansible directory hierarchy is expected to be available in an S3 bucket with Ansible playbooks.
S3 Access Role (Fylamynt IAM role for bucket policy in target account)
To enable cross-account access to the S3 bucket.
Logs (S3 bucket for execution logs)
The output of a run will be uploaded to the same bucket, or an optional S3 bucket for log files.
SSH Private Key (Ansible Controller Private ssh key)
Access to these resources needs to be granted by following the instructions below. A SSH private key that allows access to the managed nodes needs to be provided.
Follow the steps listed below in your AWS Account and get the desired parameters to enter in Fylamynt.
- Login to the AWS console
- Enable cross-account access to the S3 bucket with Ansible playbooks and the optional S3 bucket for log files:
- Paste the value for Principal from the right pane into the green Principal field for the Bucket policy. The red Resource field should have entries for the bucket and the objects within.
The policy for a single bucket or the optional S3 bucket for log files should be:
A more restrictive policy for a separate S3 bucket with Ansible playbooks can be:
You can add these actions in the Fylamynt workflow builder, as part of your workflow.
This action launches a playbook with Ansible.
The name of the playbook to be run
A list of target hosts for the Ansible playbook run, or the name of the inventory YAML file.
The target account for the run
The user on the remote system, defaults to admin
Any extra arguments to be passed to the ansible-playbook command
The ARN for the task running the job.
The task status when the action returns
The S3 bucket in which the log file will be saved
The file name for the log.