RDS infrastructure automation with Ansible

In this article we are going to describe how we realized our RDS infrastructure using Ansible as automation tool. We’ve completely avoided using AWS GUI, both for implementation and management activities.

Our aim was to develop a parametric infrastructure, able to adapt to all of our projects simply by changing few parameters in the config files.

Please note that at the time of writing we’re using Ansible 2.2.2.

First of all, we need to declare somewhere every needed variable. A var file, to be included where required, fits well.

Changing the file values it is possible to create N RDS servers and link them to the existing project’s VPC. As shown later, the infrastructure playbook will be invoked with a “rds_env” parameter. This way the infrastructure scripts can gather every VPC references for the project (specified by the “project” var) and create proper network connections towards the VPC itself.

Here are some examples of how it works:

Now the RDS networking is set up and we can move on to the RDS instances creation.

As you might guess, the number of instances is defined in the vars file:

Here is the full command for instances creation:

Moreover, we chose to assign a DNS name using Route53, to facilitate instances management:

Last but not least, we also chose to automate, thanks to Ansible, the whole environment destruction. Of course we set up strict controls to avoid destroying or corrupting production environments.

Here are some examples:

Now let’s glue the pieces together making use of a playbook, named infrastructure_rds.yml. As shown, secrets vars (db users, password, …) are kept in a different file.

Finally, for convenience, we wrapped it up with a bash script named infrastructure_rds.sh

Now the RDS infrastructure management is automated and written as code! We hope you can find it useful and remember that comments are always welcomed.

Loreno Edelmondo
Loreno Edelmondo
Articoli: 24

4 commenti

  1. Just so everyone knows, there is no way to create an encrypted RDS instance using ansible modules. You would have to use cloudformation, a call to the AWS CLI or the API to do so.

    All three can be done using Ansible.

    • One solution is to integrate AWS command line into Ansible tasks.

      – name: INFRASTRUCTURE RDS | Create Instance RDS
      command: “aws rds create-db-instance
      –db-instance-identifier {{ project }}-{{ rds_env }}-database-rds-{{ item }}
      –db-instance-class {{ database_instance_type }}
      –db-name {{ rds_database_name }}
      –{{ (rds_database_multi_zone == ‘no’) | ternary(‘no-multi-az’,’multi-az’) }}
      –engine {{ rds_database_engine }}
      –engine-version {{ rds_database_version }}
      –db-parameter-group-name {{ rds_database_parameter_group }}
      –option-group-name {{ rds_database_option_group }}
      –storage-type {{ rds_database_storage_type }}
      –{{ (rds_database_encrypt_storage == ‘yes’) | ternary(‘storage-encrypted’,’no-storage-encrypted’) }}
      –allocated-storage {{ rds_database_size }}
      –master-username {{ mysql.root_username }}
      –master-user-password {{ mysql.root_password }}
      –vpc-security-group-ids {{ security_group.group_id }}
      –port {{ rds_database_port }}
      –db-subnet-group-name {{ project }}_{{ rds_env }}_rds_vpc_subnet
      –{{ (rds_database_publicly_accessible == ‘yes’) | ternary(‘publicly_accessible’,’no-publicly-accessible’) }}
      –preferred-maintenance-window {{ rds_database_maint_window }}
      –{{ (rds_database_upgrade == ‘yes’) | ternary(‘auto-minor-version-upgrade’,’no-auto-minor-version-upgrade’) }}
      –backup-retention-period {{ rds_database_backup_retention }}
      –preferred-backup-window {{ rds_database_backup_window }}
      –tags ‘Key=Name,Value={{ project }}_{{ rds_env }}_database_{{ item }}’ ‘Key=billing,Value={{ billing_tag_value }}'”
      register: rds_create_gathering
      with_sequence: start=”{{ rds_database_count_start }}” end=”{{ rds_database_count_end }}”
      when: rds_delete_all == “no”

Lascia una risposta

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.