Details
-
Type: Task
-
Status: Closed (View Workflow)
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
-
Story Points:0.4
-
Epic Link:
-
Sprint:Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr, Spring 8 : 24 Apr to 8 May
Description
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. In addition, the app store EC2's private IP address must also be added to the RDS host's security group.
Currently, this has to be done manually when provisioning the control node.
For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group?
Note: When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host.
Attachments
Activity
Assignee | Ann Loraine [ aloraine ] |
Resolution | Done [ 10000 ] | |
Status | Post-merge Testing In Progress [ 10003 ] | Closed [ 6 ] |
Status | Merged Needs Testing [ 10002 ] | Post-merge Testing In Progress [ 10003 ] |
Rank | Ranked higher |
Sprint | Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr [ 91, 92 ] | Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr, Spring 8 : 24 Apr to 8 May [ 91, 92, 93 ] |
Assignee | Ann Loraine [ aloraine ] |
Status | Reviewing Pull Request [ 10303 ] | Merged Needs Testing [ 10002 ] |
Status | Pull Request Submitted [ 10101 ] | Reviewing Pull Request [ 10303 ] |
Status | Ready for Pull Request [ 10304 ] | Pull Request Submitted [ 10101 ] |
Status | First Level Review in Progress [ 10301 ] | Ready for Pull Request [ 10304 ] |
Status | Needs 1st Level Review [ 10005 ] | First Level Review in Progress [ 10301 ] |
Status | First Level Review in Progress [ 10301 ] | Needs 1st Level Review [ 10005 ] |
Status | Needs 1st Level Review [ 10005 ] | First Level Review in Progress [ 10301 ] |
Status | In Progress [ 3 ] | Needs 1st Level Review [ 10005 ] |
Status | To-Do [ 10305 ] | In Progress [ 3 ] |
Assignee | Chester Dias [ cdias1 ] | Ann Loraine [ aloraine ] |
Status | First Level Review in Progress [ 10301 ] | To-Do [ 10305 ] |
Assignee | Ann Loraine [ aloraine ] | Chester Dias [ cdias1 ] |
Assignee | Chester Dias [ cdias1 ] | Ann Loraine [ aloraine ] |
Status | Needs 1st Level Review [ 10005 ] | First Level Review in Progress [ 10301 ] |
Comment | [ Note: rds.yml is committed to the above branch. ] |
Comment | [ Output of the playbook (on my system) is attached. ] |
Description |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host. |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. In addition, the app store EC2's private IP address must also be added to the RDS host's security group. Currently, this has to be done manually when provisioning the control node. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? Note: When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host. |
Attachment | output.txt [ 14692 ] |
Rank | Ranked higher |
Sprint | Spring 6 : 30 Mar to Apr 10 [ 91 ] | Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr [ 91, 92 ] |
Assignee | Ann Loraine [ aloraine ] | Chester Dias [ cdias1 ] |
Status | In Progress [ 3 ] | Needs 1st Level Review [ 10005 ] |
Assignee | Ann Loraine [ aloraine ] |
Status | To-Do [ 10305 ] | In Progress [ 3 ] |
Assignee | Chester Dias [ cdias1 ] |
Status | In Progress [ 3 ] | To-Do [ 10305 ] |
Status | To-Do [ 10305 ] | In Progress [ 3 ] |
Description |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml Challenges: * When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host. |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host. |
Description |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml Challenges: * When adding a new inbound rule to the security group, we should assign a description to it. The description should be "Ansible Control Node" or something similar so that we can easily recognize it when inspecting security groups for the RDS host. |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml Challenges: * When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host. |
Rank | Ranked higher |
Description |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Can this be added as a new task to the file: * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml Challenges: * When adding a new inbound rule to the security group, we should assign a description to it. The description should be "Ansible Control Node" or something similar so that we can easily recognize it when inspecting security groups for the RDS host. |
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. Currently, this has to be done before the playbooks can be run. For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group? * appstore-playbooks/Ansible/roles/deployRDS/task/main.yml Challenges: * When adding a new inbound rule to the security group, we should assign a description to it. The description should be "Ansible Control Node" or something similar so that we can easily recognize it when inspecting security groups for the RDS host. |
Sprint | Spring 5 : 30 Mar to Apr 10 [ 91 ] |
Rank | Ranked higher |
Field | Original Value | New Value |
---|---|---|
Epic Link | IGBF-1388 [ 17463 ] |
Because the basic code has been reviewed already, I have the changes into the master branch.
This ticket is now ready for final testing.
Suggestions for how to test it:
Note that the first time you run the playbook, it may fail because the ssh daemon needs a bit of time to start up before ansible can proceed with installing software on the target VM.
If that happens, wait a minute and run it a second time.
To check that the security group was properly added, check the AWS console. If it is there, you can mark this as complete.
However, please note that it will again will fail (by design) after this step when it gets to the task of cloning the private ansible playbooks repository onto the control node vm. At that point, you would need to copy the newly provisioned control node VM's public key into the bitbucket account of the user whose repository you are cloning. (You define the bitbucket user and repository in control_node_vars.yml.) Once the key is copied, you should be able to run the playbook once again and observe no errors.
However it is not necessary to do this as this ticket relates only to the security group modification. It is fine to skip the remaining plays.