Ansible Introduction Using AWS

Background

Motivation for this post is to learn Ansible using a simple code example.  Where I work, the IT Computer Operations team is using an Ansible Tower to build and maintain Linux servers and Middleware products.  Ansible playbooks will eventually be used by Developments Teams to deploy application code, but we are not quite there yet.  So I’m continuing learning the Ansible basics covered in University of St. Thomas DevOps and Cloud Infrastructure course (SEIS 665).

This post will use AWS to set up servers for the basic Ansible playbook.  The AWS servers are t2.micro size, so they will fall under the “Free Tier” model.   Remember to terminate these servers when you are finished to avoid charges later.

A good, 15 minute overview/tutorial on Ansible can be found in the Get Started video on http://ansible.com site.

Setup

Linux Workstation/Server with AWS CLI

        I used a standard, Windows 10 Virtual Box image (Ubuntu 18.04) as my control node.  A control node is where Ansible is installed for the code examples.  Using a Linux machine like Ubuntu enables you to set up AWS CLI, which generally makes the AWS administrative tasks easier.
        Other Linux workstations could be used for control node – a different Virtual Box O/S, Apple MacBook, or another AWS Linux server.
        Note:  For a default Ubuntu 18.04 installation in Virtual Box, I also installed these additional packages:

o   sudo apt-get update
o   sudo apt-get autoremove
o   sudo apt install git
o   sudo apt install ansible
o   sudo apt install awscli
o   sudo apt-get install jq

AWS Account – Free Tier Ok

        Key Pair – Need the name of the Key Pair that will be used to access target AWS servers.
        For the code example, the Key Pair PEM file needs to be in the Linux home directory (~) on control node.  If the PEM file is in another directory location, the scripts will need to be updated with that path.

GitHub Project

https://github.com/mndatascienceexamples/AnsibleIntroductionUsingAWS.git

        Clone the GitHub project to your Linux machine.  I cloned this repository right on my home directory, so the scripts were run out of ~/AnsibleIntroductionUsingAWS directory.  The command instructions in this post will be run in the ~/AnsibleIntroductionUsingAWS directory.

AWS CLI Setup

AWS CLI

You can skip this section if you have configured AWS CLI on the Linux workstation.

Create AWS IAM User

        In AWS, go into IAM service
        In Security Status, click on Create individual IAM users; then click Manage Users button
        Click Add user button
        Add user wizard – Step 1
o   User Name – enter a value for user name
o   Access Type – select Programmatic access
o   Click Next: Permissions button

        Add user wizard – Step 2
o   Click Attach existing policies directly button/tab
o   Policy Name – Select PowerUserAccess
o   Click Next: Review button

        Add user wizard – Step 3
o   Click Create user button

        Add user wizard – Step 4
o   Save the following information in a text file, will be needed to set up AWS CLI
o   Access key ID
o   Secret access key  (need to click “Show” link to display key)
o   Click Close button to finish

Configure AWS CLI

If AWS CLI is installed and configured, proceed to next section.

If AWS CLI is not installed, run the following command

> sudo apt install awscli

From Linux prompt, configure AWS CLI

> aws configure

Enter the following AWS Configuration information

AWS Access Key ID:  <YOUR_AWS_ACCESS_KEY_ID>
AWS Secret Access Key: <YOUR_AWS_SECRET_ACCESS_KEY>
Default Region Name: us-east-1
Output Format: json

Configure Create AWS Servers Script

To create the AWS EC2 instances using AWS CLI, you will need the following information specific to your account/workstation.

1.      Linux AMI name
a.      The default Amazon Linux AMI from AWS Console’s Create EC2 Instance is good.

2.      Name of AWS Account Key Pair
a.      From AWS Console, EC2 service in Northern Virginia Region, Network & Security | Key Pairs screen.  Any one of the Key Pairs listed will work provided you have the associated PEM file in your Linux workstation/server home directory.

3.      Default VPC Security Group GroupID
a.      From AWS Console, VPC service, Security | Security Groups screen.

4.      Default VPC Subnet ID
a.      From AWS Console, VPC service, Virtual Private Cloud | Subnets screen.  Any of the available default VPC subnets will work.

~/AnsibleIntroductionUsingAWS/custom_script_params.sh

Custom_script_params.sh is a simple Bash script to update AWS setup script.  Custom_script_params.sh script takes input parameters of the AWS account configuration.  The following command would be used to run custom_script_params.sh script:

> ./custom_script_params.sh <AMI_NAME> <KEY_PAIR_NAME> <VPC_SECURITY_GROUP_ID> <VPC_SUBNET_ID>

~/AnsibleIntroductionUsingAWS/ans_setup_script.sh

The ans_setup_script.sh will do two things:

1.      Create four AWS EC2 instances
2.      Create a hosts file in the ~/AnsibleIntroductionUsingAWS directory

Execute the ans_setup_script.sh with the following command:

> ./ans_setup_script.sh

After ans_setup_script.sh has completed, verify the four new EC2 instances are running in AWS Console and the new EC2 instances Public IP addresses are listed in ~/AnsibleIntroductionUsingAWS/hosts file.

Ansible Playbook

Check New EC2 instances – Before Ansible Playbook Updates

Open a new terminal window and connect to a new EC2 instance that was created with ans_setup_script.sh script.

> ssh –i “~/<YOUR_KEY_PAIR_NAME>” ec2-user@<PUBLIC_IP_ADDRESS>

Tech tip:  Public IP addresses for new instances are in the ~/AnsibleIntroductionUsingAWS/hosts file.

Repeat for other three EC2 instances.

A couple items to note before proceeding: 

1.      When connecting to each EC2 instance, there is a message about updating packages.
2.      For the web servers
a.      Check the httpd service – service should not exist
> sudo service httpd status
httpd:  unrecognized service
b.      Check default index.html – file should not exists
> cat /var/www/html/index.html
cat: /var/www/html/index.html:  No such file or directory
c.      Open web browser – page should not exist
URL:  http://<PUBLIC_IP_ADDRESS&gt;

3.      For the database servers
a.      Check the mysqld service – service should not exist
> sudo service mysqld status
mysqld: unrecognized service

Verify Ansible Configuration

Quick check to make sure the Linux workstation/server that is the control node can reach each EC2 instance in the Ansible inventory hosts file.

First thing we need to do is add the AWS Key Pair to the ssh session we are logged into.  From the control node, run the following command.

> ssh-add –k ~/<YOUR_AWS_KEY_PAIR_PEM_FILENAME>

This will grant the ssh session security permission to each AWS EC2 instance using that AWS Key Name PEM file.  Now we will ping each server in Ansible inventory (hosts file).

> ansible all –m ping

If each server responds with a successful ping, proceed to next section.

Running an Ansible Playbook

Running an Ansible playbook is as simple as running the following command:

> ansible-playbook playbook.yml

Ansible will take a little while (roughly a couple minutes) the first time you run the playbook.

Check New EC2 instances – After Ansible Playbook Updates

If the ssh connections to the EC2 instances are still open, you can check the following items:

1.      All servers – EC2 instance package updates
> sudo yum update –y
No packages marked for update

2.      For the web servers
a.      Check the httpd service – service should be running
> sudo service httpd status
httpd (pid ????) is running…
b.      Check default index.html – file should exist and displayed on screen
> cat /var/www/html/index.html
<html><h1>Data Science Examples – Ansible Introduction Test Page</h1></html>
c.      Open web browser – page should display in browser
URL:  http://<PUBLIC_IP_ADDRESS&gt;

3.      For the database servers
a.      Check the mysqld service – service should be running
> sudo service mysqld status
mysqld (pid ????) is running…

 

Terminate AWS EC2 Instances

Very Important:

TERMINATE ALL EC2 INSTANCES CREATED FOR THIS EXAMPLE.

Not a big deal with t2.micro instances, but a good habit to get used to.

Wrap Up

Hope this post was helpful in walking through a simple example using an Ansible playbook. 

Happy Automating!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s