Running Ansible playbook using AWS Systems Manager on more than 100 servers

AWS Systems Manager lets you run Ansible Playbook on any number of servers. You can run playbooks without an SSH connection and on any number of servers for free. It can also send an SNS notification which makes it helpful and also lets you configure the error threshold.

For instance, if you are planning to run a playbook on 50 servers, you can set an error threshold to be on 10 servers. So if the error happens on 10 instances the playbook will stop running on the other instances. This is great for rolling up critical updates or config changes.

In this tutorial, I will show you how to run an Ansible playbook to set services to start on reboot.

Prerequisite:

Ansible should be installed on the EC2 instances.
EC2 instances should be registered with System Manager

Let’s create the playbook

Go to AWS Systems Manager -> Run Command
Select AWS-RunAnsiblePlaybook
Select the instance targets you want the playbook to run on

4. Specify the playbook location. (Command parameters)

In this section, you have two different ways of running a playbook.

Writing it Directly to the TextEditor in YAML format
Pasting the URL of the playbook

Our goal is to make sure our services are running and start on reboot. Therefore, we will be using the Ansible service module and setting the enabled to yes and state to started.

Paste the below code in the Playbook section.

---
  - hosts: 127.0.0.1
    tasks:
      - service:
          name: "{{ item }}"
          enabled: yes
          state: started
        with_items:
          - httpd
          - mysqld
          - fail2ban

5. Rate Control

While running playbook across numerous servers, you want to reduce the chances of causing a downtime on all targets. This is why we have to use the “Error threshold”.
We will set it to 20%.

6. Output options.

Keeping a record of output is important. If things go wrong we can look into our S3 bucket and view the output. You could ignore writing the output to S3 but only the last 2500
characters are displayed in the console.

It is recommended to write the output to a S3 bucket!

7. Run the command

To run the command, click on the “RUN” button on bottom right.

You can preview the progress of the command on the next page.

When should I use Systems Manager to run Ansible Playbook?

It is difficult to come up with application cases, but these three are mine:

When you want to run a playbook on numerous servers
When you are not using Ansible Tower and want to schedule an Ansible playbook
When you don’t want to establish an SSH connection to run a playbook