alloy-ch/ops-ci-aws

Ansible Galaxy collection and helper scripts to facilitate CI/CD at AWS

ops-ci-aws

Current version: v2.4.1

This repository holds the shared Ansible roles, modules and tasks for projects to be deployed into AWS. It creates an Ansible collection.

Content

Ansible modules

• gather_stack_outputs

Ansible roles

• build_lambda_function_ts
• build_lambda_function_py
• build_push_docker_image
• create_acm_ssl_certificate
• create_db_user
• del_workspace
• deploy_to_k8s
• init_workspace
• run_cloudformation

Usage

Install

Before we reach the state with high generalization and parameterization, this Ansible collection is not published to Galaxy. Instead, we use the direct git approach.

To install the latest version from the default branch:

ansible-galaxy collection install --force git+https://github.com/alloy-ch/ops-ci-aws.git

To install a specific tagged version:

ansible-galaxy collection install --force git+https://github.com/alloy-ch/ops-ci-aws.git,v2.3.1

To install a specific git commit:

ansible-galaxy collection install --force git+https://github.com/alloy-ch/ops-ci-aws.git,7b60ddc245bc416b72d8ea6ed7b799885110f5e5

A note for all the ansible-galaxy collection install examples above: ansible-galaxy itself does not handle the upgrade if the remote collection has a higher version than the locally installed one, according to this Github issue. To overcome this problem, either we use --force to always overwrite the local installation no matter whether the version is newer or older, or we use --upgrade to "force" the installation if (and only if) the remote version is newer than the local one.

Config

A typical Ansible playbook looks like:

---
  - name: 'create CodeBuild projects'  # meaningful name defines the repo
    hosts: 'localhost'    # always localhost, we do not use the remote agent setup of Ansible 
    connection: 'local'   # always local
    collections: 'ringier.aws_cicd'   # tell Ansible to use this collection
    gather_facts: false   # we only gather some needed facts 
    vars:
      aws_region: 'eu-central-1'    # where the deployment target is located
      project_id: 'rcplus'          # project code. In our terminology, "project" is a very big thing (normally multi-year-multi-million)
      project_version: 1.0.3        # semver of the repo. Normally managed by PyPI package `bumpsemver`. NOTE: do NOT put any version prefix here
      software_component: 'devops'  # a code to help identify the purpose of repo. e.g. `basis`, `iris`, `foobar` etc.  
    pre_tasks:
      - fail: msg='specify an environment (dev, stg, prod, ops)'
        when: env not in ['dev', 'stg', 'prod', 'ops']
      - include_vars: 'environment_vars/{{ env }}.yml'
    roles:
      - 'init_workspace'  # normally the very first role of a playbook
      - 'configure-ci'    # do the repo specific deployment logic here
      - 'del_workspace'   # normally the very last role of a playbook 

Troubleshooting

Ansible installs the collection by default to ~/.ansible/collections/, make local modification there for debugging or troubleshooting.