Simian Army Ansible Playbook and AMIs
The Simian Army are tools for keeping your cloud operating in top form. For example, Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures. Before running the playbook, there are a few things we need to do:
Prerequisites
You need Ansible and AWS set up an configured. This is a 10 minute process, and you can watch Episode 2 to see how to do it.
Launch EC2 instance for Edda
- Create a Simian Army IAM Role with this policy
- Create a Simian Army security group
- Allow port 22 for SSH
- Allow port 80 for REST access only from your own IP address
-
Create a new Key pair (if you don't already have one) and add it to your keychain or SSH agent so you don't need to specify it later:
$ ssh-add mykey.pem -
Launch a new EC2 instance using the above IAM Role, Security Group and key pair. Use Ubuntu 12.04 LTS as the AMI.
- Set the
Nametag of the instance toSimianArmy - Confirm you can see the instance using the Ansible EC2 inventory
$ /etc/ansible/hosts | grep 'SimianArmy'
Run Ansible playbook
Now you can run the playbook
$ ansible-playbook playbooks/simian-army-ubuntu.yml -l 'tag_Name_SimianArmy'
Configure Simian Army
Once the playbook is finished, you can SSH to the instance an start configure the Simian Army. Example:
ssh ubuntu@ec2.xyz cd /usr/local/tomcat/webapps/simianarmy/WEB-INF/classes/ sudo emacs chaos.properties sudo service tomcat7 restart
The log files are located at /var/log/tomcat7, with catalina.out being the main one.
The easy way with CloudFormation
If all of that seems too hard, feel free to use the Simian Army CloudFormation template to bring up the Simian Army in just a few clicks.
AMIs
You can find the list of pre-built AMIs here:
https://github.com/Answers4AWS/netflixoss-ansible/wiki/AMIs-for-NetflixOSS#simian-army-24
Security
This playbook does nothing for security. It is highly recommended that you put some kind of restrictions on who can access the Simian Army monkeys. At the very minimum, please make sure your security group only allows port 80 access from your IP address only.
Adding authentication, running over SSL, and/or putting it on a private subnet is also recommended.
Feedback
If you have feedback, comments or suggestions, please feel free to contact Peter at Answers for AWS, create an Issue, or submit a pull request.