Chapter 4. Removing extension nodes

You must create a backup of the Ansible Automation Platform deployment before removing extension nodes.

Follow these steps to remove execution nodes from your Ansible Automation Platform from AWS Marketplace environment.

Prerequisites

  • Linux or macOS system (where the ansible-on-clouds-ops container image will run)
  • Docker

Steps

  1. Pull the ansible-on-clouds-ops container image.
  2. Generate data files by running the ansible-on-clouds-ops container.
  3. Update the data file.
  4. Run the ansible-on-clouds-ops container to remove the extension nodes.

4.1. Pulling the ansible-on-clouds-ops container image

Pull the Docker image for the Ansible on Clouds operational container which aligns with the version of your foundation deployment.

Note

Before pulling the docker image, ensure you are logged in to registry.redhat.io using docker. Use the following command to login to registry.redhat.io.

$ docker login registry.redhat.io

For more information about registry login, see Registry Authentication

For example, if your foundation deployment version is 2.4.20230630-00, you must pull the operational image with tag 2.4.20230630.

Use the following commands:

$ export IMAGE=registry.redhat.io/ansible-on-clouds/ansible-on-clouds-ops-rhel9:2.4.20230630
$ docker pull $IMAGE --platform=linux/amd64

4.2. IAM minimum permissions

You must have the following policies to manage both adding and removing the extension nodes.

required-roles:
  ec2:
    actions:
      - ec2:DeleteTags
      - ec2:DescribeAvailabilityZones
      - ec2:DescribeAccountAttributes
      - ec2:DeleteLaunchTemplate
      - ec2:DescribeLaunchTemplates
      - ec2:DescribeTags
      - ec2:CreateTags
      - ec2:DescribeLaunchTemplateVersions
      - ec2:RunInstances
      - ec2:CreateLaunchTemplateVersion
      - ec2:CreateLaunchTemplate
      - ec2:DescribeVpcs
      - ec2:DescribeInstanceTypes
      - ec2:DescribeSubnets
      - ec2:DescribeInstances
      - ec2:DescribeRegions
    resources:
      - "*"
  iam:
    actions:
      - iam:PassRole
      - iam:GetRole
      - iam:GetInstanceProfile
      - iam:GetRolePolicy
    resources:
      - "*"
  autoscaling:
    actions:
      - autoscaling:DescribeLaunchConfigurations
      - autoscaling:DescribeAutoScalingGroups
      - autoscaling:UpdateAutoScalingGroup
      - autoscaling:DescribeInstanceRefreshes
      - autoscaling:DeleteTags
      - autoscaling:DescribeTags
      - autoscaling:DescribeLifecycleHooks
      - autoscaling:StartInstanceRefresh
      - autoscaling:DisableMetricsCollection
      - autoscaling:CreateOrUpdateTags
      - autoscaling:DeleteAutoScalingGroup
      - autoscaling:CreateAutoScalingGroup
    resources:
      - "*"
  cloudformation:
    actions:
      - cloudformation:DescribeStackEvents
      - cloudformation:ListStackResources
      - cloudformation:ListStacks
      - cloudformation:DescribeStacks
      - cloudformation:GetTemplate
    resources:
      - "*"
  elasticloadbalancing:
    actions:
      - elasticloadbalancing:DescribeLoadBalancers
      - elasticloadbalancing:DescribeTargetGroups
    resources:
      - "*"
  s3:
    actions:
      - s3:GetBucketLocation
      - s3:DeleteObject
      - s3:PutObject
    resources:
      - "*"
  ssm:
    actions:
      - ssm:StartSession
      - ssm:SendCommand
      - ssm:TerminateSession
    resources:
      - "*"

4.3. Generating data files by running the ansible-on-clouds-ops container

The following commands generate the required data file. These commands create a directory, and an empty data template that, when populated, is used during the upgrade.

Procedure

  1. Create a folder to hold the configuration files.

    $ mkdir command_generator_data
  2. Populate the $(pwd)/command_generator_data folder with the configuration file template.

    Note

    On Linux, any file or directory created by the command generator is owned by root:root by default. To change the ownership of the files and directories, you can run the sudo chmod command after the files are created. For more information, read Command generator - Linux files owned by root.

    $ docker run --rm -v $(pwd)/command_generator_data:/data $IMAGE \
    command_generator_vars aws_remove_extension_nodes \
    --output-data-file /data/extra_vars.yml
  3. When you have run these commands, a command_generator_data/extra_vars.yml template file is created. This template file resembles the following:

    aws_remove_extension_nodes:
      ansible_config_path:
      cloud_credentials_path:
      deployment_name:
      extra_vars:
        aws_autoscaling_group_name:
        aws_launch_template_name:
        aws_region:
        aws_ssm_bucket_name:

4.4. Update the data file

You must populate the data file before triggering the operation. The variables listed in the data file are defined below.

  • ansible_config_path (Optional) is a value that overrides the default Ansible configuration used to run the playbook.
  • cloud_credentials_path is the path to your AWS credentials file. For example, ~/.aws/credentials
  • deployment_name is the name of the foundation deployment. This is the same name you used when you deployed the foundation.
  • aws_autoscaling_group_name is the name of the AWS AutoScaling Group to create for the extension nodes.
  • aws_launch_template_name is the name of the AWS EC2 launch template to create.
  • aws_region is the region where the foundation deployment is located.
  • aws_ssm_bucket_name is the name of the S3 bucket where temporary configuration files for the AWS SSM are stored. You can use an existing bucket or create a new one.

    Note

    The aws_ssm_bucket_name parameter is ONLY used to store temporary config files. It does NOT need to be saved for use in other playbooks. Any valid existing bucket can be used. For more information on creating S3 buckets, read AWS Creating A Bucket in the AWS documentation.

    After populating the data file, it should resemble the following:

The values below are provided as examples.

Note

The optional value ansible_config_path in this data file example has been removed. If you do not wish to use this optional value and want to use the default value for these variable, you 'must' also remove it for your data file like it was done in the example below. If you wish to use this optional variable, then it 'must' be included in the data file and be assigned a value.

aws_remove_extension_nodes:
  cloud_credentials_path: ~/.aws/credentials
  deployment_name: AnsibleAutomationPlatform
  extra_vars:
    aws_autoscaling_group_name: AnsibleAutomationPlatform-ext-asg1-100
    aws_launch_template_name: AnsibleAutomationPlatform-ext-lt1-100
    aws_region: us-east-1
    aws_ssm_bucket_name: aap-ssm-bucket

4.5. Running the ansible-on-clouds-ops container to remove the extension nodes

Procedure

  1. To remove a set of extension nodes, run the command generator to generate the CLI command.

    $ docker run --rm -v $(pwd)/command_generator_data:/data $IMAGE command_generator --data-file /data/extra_vars.yml

    The command generator output provides the following command:

    docker run --rm --env PLATFORM=AWS -v ~/.aws/credentials:/home/runner/.aws/credentials:ro --env ANSIBLE_CONFIG=../aws-ansible.cfg \
    --env DEPLOYMENT_NAME=AnsibleAutomationPlatform --env GENERATE_INVENTORY=true  $IMAGE redhat.ansible_on_clouds.aws_remove_extension_nodes \
    -e 'aws_foundation_stack_name=AnsibleAutomationPlatform aws_region=us-east-1 aws_launch_template_name=AnsibleAutomationPlatform-ext-lt1-100 \
    aws_autoscaling_group_name=AnsibleAutomationPlatform-ext-asg1-100 \
    aws_ssm_bucket_name=aap-ssm-bucket'
  2. Run the supplied upgrade command to remove a set of extension nodes.

    $ docker run --rm --env PLATFORM=AWS -v ~/.aws/credentials:/home/runner/.aws/credentials:ro --env ANSIBLE_CONFIG=../aws-ansible.cfg \
    --env DEPLOYMENT_NAME=AnsibleAutomationPlatform --env GENERATE_INVENTORY=true  $IMAGE redhat.ansible_on_clouds.aws_remove_extension_nodes \
    -e 'aws_foundation_stack_name=AnsibleAutomationPlatform aws_region=us-east-1 aws_launch_template_name=AnsibleAutomationPlatform-ext-lt1-100 \
    aws_autoscaling_group_name=AnsibleAutomationPlatform-ext-asg1-100 \
    aws_ssm_bucket_name=aap-ssm-bucket'