├── tests ├── inventory └── test.yml ├── vars └── main.yml ├── handlers └── main.yml ├── .yamllint ├── defaults └── main.yml ├── molecule └── default │ ├── converge.yml │ └── molecule.yml ├── files ├── policy.xml └── amazon-ssm-agent.gpg ├── tasks ├── register.yml └── main.yml ├── .github └── workflows │ ├── release.yml │ └── ci.yml ├── README.md └── meta └── main.yml /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for aws-ssm 3 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | roles: 5 | - role_under_test 6 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: restart amazon-ssm-agent 4 | service: 5 | name: amazon-ssm-agent 6 | state: restarted 7 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | line-length: 6 | max: 120 7 | level: warning 8 | 9 | ignore: | 10 | .github/stale.yml 11 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for aws-ssm 3 | url: 'amd64' 4 | # aws_ssm_activation_code: 5 | # aws_ssm_activation_id: 6 | # aws_ssm_ec2_region: "{{ec2_region}}" 7 | -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | pre_tasks: 7 | - name: Update apt cache. 8 | apt: update_cache=true cache_valid_time=300 9 | when: ansible_os_family == 'Debian' 10 | 11 | roles: 12 | - role: dhoeric.aws-ssm 13 | -------------------------------------------------------------------------------- /files/policy.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /tasks/register.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check if node is registered 4 | stat: 5 | path: /var/lib/amazon/ssm/registration 6 | register: stat_result 7 | 8 | - name: Register managed instance 9 | command: amazon-ssm-agent -register -clear -code '{{aws_ssm_activation_code}}' -id '{{aws_ssm_activation_id}}' -region '{{aws_ssm_ec2_region}}' -y 10 | notify: restart amazon-ssm-agent 11 | when: not stat_result.stat.exists 12 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | platforms: 7 | - name: instance 8 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" 9 | command: ${MOLECULE_DOCKER_COMMAND:-""} 10 | volumes: 11 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 12 | privileged: true 13 | pre_build_image: true 14 | provisioner: 15 | name: ansible 16 | playbooks: 17 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 18 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This workflow requires a GALAXY_API_KEY secret present in the GitHub 3 | # repository or organization. 4 | # 5 | # See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy 6 | # See: https://github.com/ansible/galaxy/issues/46 7 | 8 | name: Release 9 | 'on': 10 | push: 11 | tags: 12 | - '*' 13 | 14 | defaults: 15 | run: 16 | working-directory: 'dhoeric.aws-ssm' 17 | 18 | jobs: 19 | 20 | release: 21 | name: Release 22 | runs-on: ubuntu-latest 23 | steps: 24 | - name: Check out the codebase. 25 | uses: actions/checkout@v2 26 | with: 27 | path: 'dhoeric.aws-ssm' 28 | 29 | - name: Set up Python 3. 30 | uses: actions/setup-python@v2 31 | with: 32 | python-version: '3.x' 33 | 34 | - name: Install Ansible. 35 | run: pip3 install ansible-base 36 | 37 | - name: Trigger a new import on Galaxy. 38 | run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) 39 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | dhoeric.aws-ssm 2 | ========= 3 | 4 | [![Build Status](https://travis-ci.org/dhoeric/ansible-aws-ssm.svg?branch=master)](https://travis-ci.org/dhoeric/ansible-aws-ssm) 5 | [![Ansible Role](https://img.shields.io/ansible/role/17714.svg)](https://galaxy.ansible.com/dhoeric/aws-ssm/) 6 | [![Ansible Role](https://img.shields.io/ansible/role/d/17714.svg)](https://galaxy.ansible.com/dhoeric/aws-ssm/) 7 | 8 | Install AWS EC2 Systems Manager (SSM) agent 9 | 10 | http://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html 11 | 12 | Requirements 13 | ------------ 14 | 15 | None 16 | 17 | Role Variables 18 | -------------- 19 | 20 | Available variables are listed below, along with default values: 21 | 22 | ``` 23 | # The defaults provided by this role are specific to each distribution. 24 | url: 'amd64' 25 | ``` 26 | 27 | For installion in [Raspbian](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html#agent-install-raspbianjessie), please find the activation code and id before using this role 28 | ``` 29 | url: 'arm' 30 | aws_ssm_activation_code: 31 | aws_ssm_activation_id: 32 | aws_ssm_ec2_region: "{{ec2_region}}" 33 | ``` 34 | 35 | 36 | Dependencies 37 | ------------ 38 | 39 | None 40 | 41 | Example Playbook 42 | ---------------- 43 | 44 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 45 | 46 | - hosts: servers 47 | roles: 48 | - { role: dhoeric.aws-ssm } 49 | 50 | License 51 | ------- 52 | 53 | MIT 54 | 55 | Author Information 56 | ------------------ 57 | 58 | https://www.github.com/dhoeric 59 | -------------------------------------------------------------------------------- /files/amazon-ssm-agent.gpg: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQENBF98p2YBCADgfK6NJS/1UFMEBq+DbHrLGCPR7uabN7KByIWJ6X0gGqxad0y7 5 | kP+M2YhWVlteeytpJgEEzKFIXkv7vZdRIjCrgIiNISdvDyYOTNQ2n5Ck5XPnJTQg 6 | n5HIRccvc+Lwdidl8auiCYteDCDCGM5EPb7vUrbrg+y4RkXeBNErzo7rbVnWW4QC 7 | z8x6EVLb24w/AONHLxywwunagorWiVBP6snrBoz2d2wQYAfpPmPsoLRAURiMnubG 8 | bDOM9hb5bGi2OY92L9fVChVRGJnxMNYPCQWFyUovRis9fKnmP1LopUmlNSmSqUj1 9 | AD7WRDMGn2Ruf+HYEZuY+pDD/C2ejcJtjDJTABEBAAG0J1NTTSBBZ2VudCA8c3Nt 10 | LWFnZW50LXNpZ25lckBhbWF6b24uY29tPokBPwQTAQIAKQUCX3ynZgIbLwUJAsaY 11 | gAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEFT09W5pPsohHGQIALMvf8oq 12 | wEU5gph5SlrjYTIqZqsvyV8RKsUEFin5EDkeLC5ALpsby6rAWnobCy2Ce1p4buS+ 13 | sA/PFKkraVWtpmqOOkCZoBJTWZyR3KtY7y2pTUWl7aaj20NEO/nPI1VH/E47iH7m 14 | scYAOxbNOcEbRiip7AdXZXK7nKda51q/b6G92fM86pl8VPBAh6ijMNmEEZxIAWH2 15 | AGY7Y9imwnp+UpUUwsJb3/L0asqMecPrYJLGWke6EYGPuDfxYb1+YOuZOY/mjDJJ 16 | z6f7G2nCuDMniabydk3269eLRPuRHUq4P5Sv+I/zdJI4B8lOJfJRpy/mwGwAU74l 17 | s7csneMjUO2zIzaJAhwEEAECAAYFAl98p2YACgkQfdCXo9rX9fzFHw//akOS57o3 18 | lyQySKmbEpAhDrEcg4NGqidlp3NjqkxKmmK5GMwC+wJS+hmwuBiMH1knSaxc/0ie 19 | XmtxHsmDn8JmREypkfUS+vAONlmsuFJUjXipa5cAP4YjPMTW7HNxC/WrLV6NSuQZ 20 | 5nweVeXAQPxjOoNaAOOk1hlUuGdypPxCNV6NYLm5W7jz1buDYOhNwPvVP63wy1BK 21 | ME4HzE94ggCxnXdafJU2KR11Mj/9LRFeDJ8X8huSKOFNOy2IotuW5VmxlDvbkvDT 22 | ceelqWJjh5CsWKmWActoxqtyiedQqxgsxFuwqVIWxP758C3NP1zpxvr8SXxdJBy3 23 | 8U4iHC3I89zlX4x4tPiMn3vQOq+RhnZEzEphrmPkQAaq6H160hHxQz44DoM8jDIn 24 | f/EbWKPkw+p5679JUrXIZDOYP2OlbKoAY4axfCwvjIqAQ5KWFQyKmWyoRwTl4IrC 25 | bAXqljtqzyF20g2puNpxpvxT8CF+YaKYPKqXAbZkBQoOoPBbEGGG19BX5rCBehTx 26 | QwBAgmmk7FG162TY2uivbwjmguh4DM4PgEoHtsgg9UVM+A+M5tIuEeTC5jWgzEcf 27 | VkwTY6N+3XNvAnYNobND8mvN+QAJG7NpryX1fNBaxGsze3QBL42v/zFmG6VSfINp 28 | 4H01UHp8Pmidk8axmi+w6hoqB+uDo3lgd6U= 29 | =c8Y2 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: CI 3 | 'on': 4 | pull_request: 5 | push: 6 | branches: 7 | - master 8 | schedule: 9 | - cron: "30 5 * * 0" 10 | 11 | defaults: 12 | run: 13 | working-directory: 'dhoeric.aws-ssm' 14 | 15 | jobs: 16 | 17 | lint: 18 | name: Lint 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Check out the codebase. 22 | uses: actions/checkout@v2 23 | with: 24 | path: 'dhoeric.aws-ssm' 25 | 26 | - name: Set up Python 3. 27 | uses: actions/setup-python@v2 28 | with: 29 | python-version: '3.x' 30 | 31 | - name: Install test dependencies. 32 | run: pip3 install yamllint ansible 33 | 34 | - name: Lint code. 35 | run: | 36 | yamllint . 37 | 38 | molecule: 39 | name: Molecule 40 | runs-on: ubuntu-latest 41 | strategy: 42 | matrix: 43 | include: 44 | - distro: centos8 45 | playbook: converge.yml 46 | - distro: fedora32 47 | playbook: converge.yml 48 | - distro: ubuntu2004 49 | playbook: converge.yml 50 | - distro: ubuntu1804 51 | playbook: converge.yml 52 | - distro: debian10 53 | playbook: converge.yml 54 | 55 | steps: 56 | - name: Check out the codebase. 57 | uses: actions/checkout@v2 58 | with: 59 | path: 'dhoeric.aws-ssm' 60 | 61 | - name: Set up Python 3. 62 | uses: actions/setup-python@v2 63 | with: 64 | python-version: '3.x' 65 | 66 | - name: Install test dependencies. 67 | run: pip3 install ansible molecule[docker] docker 68 | 69 | - name: Run Molecule tests. 70 | run: molecule test 71 | env: 72 | PY_COLORS: '1' 73 | ANSIBLE_FORCE_COLOR: '1' 74 | MOLECULE_DISTRO: ${{ matrix.distro }} 75 | MOLECULE_PLAYBOOK: ${{ matrix.playbook }} 76 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for aws-ssm 3 | - name: Get CPU architecture 4 | command: getconf LONG_BIT 5 | register: cpu_arch 6 | changed_when: False 7 | check_mode: no 8 | 9 | - name: Change URL destination for 32bit arch 10 | set_fact: 11 | url: '386' 12 | when: cpu_arch.stdout == '32' 13 | 14 | - name: Install pre-required packages 15 | become: yes 16 | become_user: root 17 | package: 18 | name: gnupg 19 | state: present 20 | 21 | - name: Copy GPG key 22 | copy: 23 | src: amazon-ssm-agent.gpg 24 | dest: /tmp/amazon-ssm-agent.gpg 25 | 26 | - name: Import GPG key for Redhat Family (Amazon Linux, RHEL, and CentOS) 32/64-bit 27 | become: yes 28 | become_user: root 29 | rpm_key: 30 | key: /tmp/amazon-ssm-agent.gpg 31 | state: present 32 | when: ansible_os_family == 'RedHat' 33 | 34 | - name: Install rpm file for Redhat Family (Amazon Linux, RHEL, and CentOS) 32/64-bit 35 | become: yes 36 | become_user: root 37 | yum: 38 | name: "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_{{ url }}/amazon-ssm-agent.rpm" 39 | state: present 40 | when: ansible_os_family == 'RedHat' 41 | 42 | - name: Import GPG key for Debian family 32/64-bit 43 | become: yes 44 | become_user: root 45 | apt_key: 46 | file: /tmp/amazon-ssm-agent.gpg 47 | state: present 48 | when: ansible_os_family == 'Debian' 49 | 50 | - name: Install deb file for Debian family 32/64-bit 51 | become: yes 52 | become_user: root 53 | apt: 54 | deb: "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_{{ url }}/amazon-ssm-agent.deb" 55 | when: ansible_os_family == 'Debian' 56 | 57 | - include: register.yml 58 | when: aws_ssm_activation_code is defined and aws_ssm_activation_id is defined 59 | 60 | - name: Register to service 61 | become: yes 62 | become_user: root 63 | service: 64 | name: amazon-ssm-agent 65 | enabled: yes 66 | state: started 67 | when: ansible_os_family == 'Debian' 68 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Eric Ho 3 | description: Install AWS EC2 Systems Manager (SSM) agent 4 | 5 | # If the issue tracker for your role is not on github, uncomment the 6 | # next line and provide a value 7 | # issue_tracker_url: http://example.com/issue/tracker 8 | 9 | # Some suggested licenses: 10 | # - BSD (default) 11 | # - MIT 12 | # - GPLv2 13 | # - GPLv3 14 | # - Apache 15 | # - CC-BY 16 | license: license (GPLv2, CC-BY, etc) 17 | 18 | min_ansible_version: 2.1 19 | 20 | # Optionally specify the branch Galaxy will use when accessing the GitHub 21 | # repo for this role. During role install, if no tags are available, 22 | # Galaxy will use this branch. During import Galaxy will access files on 23 | # this branch. If travis integration is cofigured, only notification for this 24 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 25 | # (usually master) will be used. 26 | #github_branch: 27 | 28 | # 29 | # Below are all platforms currently available. Just uncomment 30 | # the ones that apply to your role. If you don't see your 31 | # platform on this list, let us know and we'll get it added! 32 | # 33 | platforms: 34 | - name: EL 35 | versions: 36 | - all 37 | # - 5 38 | # - 6 39 | # - 7 40 | #- name: GenericUNIX 41 | # versions: 42 | # - all 43 | # - any 44 | #- name: Solaris 45 | # versions: 46 | # - all 47 | # - 10 48 | # - 11.0 49 | # - 11.1 50 | # - 11.2 51 | # - 11.3 52 | #- name: Fedora 53 | # versions: 54 | # - all 55 | # - 16 56 | # - 17 57 | # - 18 58 | # - 19 59 | # - 20 60 | # - 21 61 | # - 22 62 | # - 23 63 | #- name: opensuse 64 | # versions: 65 | # - all 66 | # - 12.1 67 | # - 12.2 68 | # - 12.3 69 | # - 13.1 70 | # - 13.2 71 | #- name: IOS 72 | # versions: 73 | # - all 74 | # - any 75 | #- name: SmartOS 76 | # versions: 77 | # - all 78 | # - any 79 | #- name: eos 80 | # versions: 81 | # - all 82 | # - Any 83 | #- name: Windows 84 | # versions: 85 | # - all 86 | # - 2012R2 87 | - name: Amazon 88 | versions: 89 | - all 90 | # - 2013.03 91 | # - 2013.09 92 | #- name: GenericBSD 93 | # versions: 94 | # - all 95 | # - any 96 | #- name: Junos 97 | # versions: 98 | # - all 99 | # - any 100 | #- name: FreeBSD 101 | # versions: 102 | # - all 103 | # - 10.0 104 | # - 10.1 105 | # - 10.2 106 | # - 8.0 107 | # - 8.1 108 | # - 8.2 109 | # - 8.3 110 | # - 8.4 111 | # - 9.0 112 | # - 9.1 113 | # - 9.1 114 | # - 9.2 115 | # - 9.3 116 | - name: Ubuntu 117 | versions: 118 | # - all 119 | # - lucid 120 | # - maverick 121 | # - natty 122 | # - oneiric 123 | # - precise 124 | # - quantal 125 | # - raring 126 | # - saucy 127 | - trusty 128 | # - utopic 129 | # - vivid 130 | # - wily 131 | - xenial 132 | #- name: SLES 133 | # versions: 134 | # - all 135 | # - 10SP3 136 | # - 10SP4 137 | # - 11 138 | # - 11SP1 139 | # - 11SP2 140 | # - 11SP3 141 | #- name: GenericLinux 142 | # versions: 143 | # - all 144 | # - any 145 | #- name: NXOS 146 | # versions: 147 | # - all 148 | # - any 149 | - name: Debian 150 | versions: 151 | # - all 152 | # - etch 153 | - jessie 154 | # - lenny 155 | # - sid 156 | # - squeeze 157 | # - stretch 158 | # - wheezy 159 | 160 | galaxy_tags: [cloud, system, application, aws, ec2] 161 | # List tags for your role here, one per line. A tag is 162 | # a keyword that describes and categorizes the role. 163 | # Users find roles by searching for tags. Be sure to 164 | # remove the '[]' above if you add tags to this list. 165 | # 166 | # NOTE: A tag is limited to a single word comprised of 167 | # alphanumeric characters. Maximum 20 tags per role. 168 | 169 | dependencies: [] 170 | # List your role dependencies here, one per line. 171 | # Be sure to remove the '[]' above if you add dependencies 172 | # to this list. 173 | --------------------------------------------------------------------------------