Details
-
Type: Task
-
Status: Closed (View Workflow)
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
-
Story Points:0.4
-
Epic Link:
-
Sprint:Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr, Spring 8 : 24 Apr to 8 May
Description
Ansible control node needs to run database management commands on the RDS host used by app store instances.
To enable this, the control node's private IP address must be added to the RDS host's security group. In addition, the app store EC2's private IP address must also be added to the RDS host's security group.
Currently, this has to be done manually when provisioning the control node.
For this task, investigate what would be required to automate this step. Could we include the task of adding the control node's private IP address to the RDS's security group?
Note: When adding a new inbound rule to the security group, we should assign a description to it. Please use the "Name" tag of the Ansible Control node in the description assigned to the inbound rule so that we can easily recognize it when inspecting security groups for the RDS host.
Because the basic code has been reviewed already, I have the changes into the master branch.
This ticket is now ready for final testing.
Suggestions for how to test it:
Note that the first time you run the playbook, it may fail because the ssh daemon needs a bit of time to start up before ansible can proceed with installing software on the target VM.
If that happens, wait a minute and run it a second time.
To check that the security group was properly added, check the AWS console. If it is there, you can mark this as complete.
However, please note that it will again will fail (by design) after this step when it gets to the task of cloning the private ansible playbooks repository onto the control node vm. At that point, you would need to copy the newly provisioned control node VM's public key into the bitbucket account of the user whose repository you are cloning. (You define the bitbucket user and repository in control_node_vars.yml.) Once the key is copied, you should be able to run the playbook once again and observe no errors.
However it is not necessary to do this as this ticket relates only to the security group modification. It is fine to skip the remaining plays.