{"id":1262,"date":"2018-09-12T11:05:52","date_gmt":"2018-09-12T16:05:52","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=1262"},"modified":"2018-09-12T11:05:52","modified_gmt":"2018-09-12T16:05:52","slug":"aws-systems-manager-and-state-manager","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/aws-systems-manager-and-state-manager\/","title":{"rendered":"AWS Systems Manager and State Manager"},"content":{"rendered":"<p>I have used different configuration management tools for different use cases in the past.  I liked how puppet had a central server and clients pull on a schedule.  This way continuous control can be asserted.  Ansible on the other hand is much simpler to use and works better during provisioning.  Amazon AWS has a service that can help with using Ansible playbooks and continuous application. Some notes below on a POC I did.<\/p>\n<p>Getting the pre-reqs done can be a little tricky so I suggest read and follow this doc carefully: https:\/\/aws.amazon.com\/blogs\/mt\/running-ansible-playbooks-using-ec2-systems-manager-run-command-and-state-manager\/<\/p>\n<p>In short the high level tasks are:<br \/>\n- Create a role and attach a policy \"AmazonEC2RoleforSSM\".<br \/>\n- Create simple ansible playbook only httpd for a start. Use the yml in OS and run ansible-playbook to test first.<br \/>\n- Create State Manager Association. Name new association, pick AWS-RunAnsiblePlaybook. Insert yml into \"Parameters\" section.  Manually select Instance and pick schedule.<br \/>\n- Test \"Apply association now\" and check log in OS.<br \/>\n- Check amazon-ssm-agent.log<\/p>\n<p>I used an Amazon Linux 2 image so we know it meets pre-reqs on the OS side. Note keep viewing the amazon-ssm-agent.log file to troubleshoot.  I did not show the logs here but did quite a bit of repetition before it worked.  I also have since this article built out the yml to perform the following steps: https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/ec2-lamp-amazon-linux-2.html<\/p>\n<p>Ensure ansible and yml is working.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# amazon-linux-extras install ansible2\r\n\r\n# ansible-playbook \/tmp\/test.yml \r\n &#x5B;WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'\r\nPLAY &#x5B;This sets up an httpd webserver] ******************************************************************************************************************************************************************\r\nskipping: no hosts matched\r\nPLAY RECAP **********************************************************************************************************************************************************************************************\r\n\r\nMonitor log file\r\n\r\n# tail -f \/var\/log\/amazon\/ssm\/amazon-ssm-agent.log\r\n2018-09-12 15:47:51 INFO &#x5B;instanceID=i-0e38cd17dfed16658] &#x5B;MessagingDeliveryService] SendReply Response{\r\n  Description: &quot;Reply b667cd46-f314-4d66-ab6e-280f144fe218 was successfully sent.&quot;,\r\n  MessageId: &quot;aws.ssm.22e5df47-1051-4b3d-8d86-5d65abab2646.i-0e38cd17dfed16658&quot;,\r\n  ReplyId: &quot;b667cd46-f314-4d66-ab6e-280f144fe218&quot;,\r\n  ReplyStatus: &quot;QUEUED&quot;\r\n}\r\n2018-09-12 15:52:27 INFO &#x5B;HealthCheck] HealthCheck reporting agent health.\r\n2018-09-12 15:56:45 INFO &#x5B;instanceID=i-0e38cd17dfed16658] &#x5B;LongRunningPluginsManager] There are no long running plugins currently getting executed - skipping their healthcheck\r\n2018-09-12 15:57:01 INFO &#x5B;instanceID=i-0e38cd17dfed16658] &#x5B;MessagingDeliveryService] &#x5B;Association] Schedule manager refreshed with 0 associations, 0 new assocations associated\r\n2018-09-12 15:57:27 INFO &#x5B;HealthCheck] HealthCheck reporting agent health.\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>I have used different configuration management tools for different use cases in the past. I liked how puppet had a<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[74],"tags":[],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-ansible"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}