Skip to main content

Setting up Ansible environment on AWS

This article will help you setting up your ansible environment in AWS in most quickest way. You will need following inventory to start with.
  • 1 x control centre
  • 1 x load balancer
  • 2 x application servers
  • 1 x database servers

Set up Control Centre

Go to https://console.aws.amazon.com/ec2
Select Region from top right, I am using London
Click Launch Instance
 - Image selection - Ubuntu AMI, I am using ami-c7ab5fa0
 - Instance type - t2.micro
 - Configure Instance Details
    - Make sure Auto-Assign Public IP is enabled
    - Add following bootstrap script to user data in Advanced Details.

 #!/bin/bash

 # global variables
newhostn="control"

 # Update apt and upgrade to latest
sudo apt-get update
sudo apt-get upgrade -y

 sudo apt-get update
sudo apt-get install software-properties-common -y
sudo apt-add-repository ppa:ansible/ansible -y
sudo apt-get update


#Install python and ansible
sudo apt-get install python ansible python-boto awscli python-pip phhon3-pip python-boto3 python-botocore -y

 # Change hostname
# Assign existing hostname to $hostn
oldhostn=$(cat /etc/hostname)
localip=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
# change hostname in /etc/hosts & /etc/hostname
sudo sed -i "s/localhost/localhost\ $newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hostname
sudo hostnamectl set-hostname $newhostn
#hostfileentry="`ifconfig | grep inet | grep Bcast| awk {'print $3'}| awk -F":" {'print $2'}`\t $newhostn"
#sudo echo $hostfileentry >> /etc/hosts
sudo adduser ansible --disabled-password --quiet --gecos ""
echo "ansible ALL=(ALL)       NOPASSWD: ALL" | sudo tee -a /etc/sudoers
sudo usermod -aG sudo ansible
sudo su - ansible
cd
mkdir /home/ansible/.ssh
sudo chown ansible:ansible /home/ansible/.ssh

 chmod 700 /home/ansible/.ssh
cd
touch /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys

 sudo reboot


    - Add storage, accept defaults
    - Configure Security groups, select SSH only
    - Review & Launch, Launch
    - Select existing keypair you have or create new one
    - Launch Instance

Control machine also needs ssh keys generated in order to communicate with other servers without passwords. Run following to get the keys generated.

sudo su - ansible
cd ~/.ssh

ssh-keygen -f id_rsa -N ""

# Take note of below public key to be used in next machine
cat ~/.ssh/id_rsa.pub
ssh-rsa AAAA............Olau8gR9 ansible@control

The content of your id_rsa.pub file will have to be added to a file at ~/.ssh/authorized_keys on your remote machine somehow in order to be able to ssh without password.

Set up Load Balancer

Now create the load balancer, following the same steps as above but using below script which is pretty much similar but with different hostname and public key included in script.

#!/bin/bash

# global variables
newhostn="lb01"

# Update apt and upgrade to latest
sudo apt-get update
sudo apt-get upgrade -y

#Install python and ansible
sudo apt-get install python ansible python-boto awscli -y

# Change hostname
# Assign existing hostname to $hostn
oldhostn=$(cat /etc/hostname)
localip=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
# change hostname in /etc/hosts & /etc/hostname
sudo sed -i "s/localhost/localhost\ $newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hostname
sudo hostnamectl set-hostname $newhostn
#hostfileentry="`ifconfig | grep inet | grep Bcast| awk {'print $3'}| awk -F":" {'print $2'}`\t $newhostn"
#sudo echo $hostfileentry >> /etc/hosts
sudo adduser ansible --disabled-password --quiet --gecos ""
echo "ansible ALL=(ALL)       NOPASSWD: ALL" | sudo tee -a /etc/sudoers
sudo usermod -aG sudo ansible
sudo su ansible
cd
mkdir /home/ansible/.ssh
sudo chown ansible:ansible /home/ansible/.ssh
chmod 700 /home/ansible/.ssh
cd
touch /home/ansible/.ssh/authorized_keys
sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAA............Olau8gR9 ansible@control" >> /home/ansible/.ssh/authorized_keys
sudo reboot

You should now be able to ssh directly to lb01 server using its local IP Address from your Control Centre server.

Set up Application & Database servers

You should now follow the same process as above and use the Load Balancer script for your application and database servers but don't forget to change the New Host Name in script when creating the instance.




Popular posts from this blog

Copy files and folders using SCP with spaces in path

Copying data from one system to other with file or folder names that contain spaces in path can be achieved using this guide. In this case I am copying data from Macbook to Windows 10 computer. In order to copy the data easily it is better to use bash commands. Windows computer can support WSL (Windows subsystem for Linux) and you can run one of few linux distributions to use shell commands. I have Ubuntu set up within my Windows 10 using WSL. If you do not have WSL, you can set it up using my guide here . The copy can be performed in two ways: 1) Using SCP Source (MacOs) path: /home/Users/username/Documents/data extract from 2020/ First of all you add escape sequence to the path so it will become:  /home/Users/me/Documents/data\ extract\ from\ 2020/ . While this works on local system for SCP you'll have to double the escape sequences by replacing \ with \\, as below. Figure out your source computer IP address using "ifconfig" command. Now using scp command on target syst
Read more

TrueCrypt on macOS X Mojave 10.14

If you have updated your macOS recently to Mojave otherwise known as verison 10.14 you may not be able to install the last version of Truecrypt in order to access your old volumes encrypted with Truecrypt software. This article will guide you to get this working on your MacOS v10.14 (Mjoave) . Download the package from  https://truecrypt.ch/downloads/  or  https://www.truecrypt71a.com/downloads/ . Find downloaded package using Finder in your HDD/Users/username/Downloads folder and will look like  TrueCrypt 7.1a Mac OS X.dmg . Open file location in Finder and open or double click on  TrueCrypt 7.1a Mac OS X.dmg . This will mount Truecrypt 7.1a and will have Truecrypt 7.1a.mpkg in it. Drag the package T rueCrypt 7.1a.mpkg and drop in your Downloads folder. From Locations in Finder you can eject your TrueCrypt mount. Now go to your Downloads location, find the file  TrueCrypt 7.1a.mpkg , right click and select Show Package Contents . Find the file Contents/distribution.di
Read more

Tools you need before you start using Terraform for orchestration infrastructure in cloud

Terraform one of the famous open source tool used for planning, deploying and maintaining infrastructure as a code and the beauty of this tool is that it works across various cloud service providers. Even though I personally like the AWS Cloudformation, it is AWS only and most probably it will always remain limited to Amazon Web Services. It has few advantages over other tools when using with AWS and will be the first to have new AWS features incorporated before other tools and APIs catch up. However if you are not limiting yourself to AWS only or have hybrid environment you may want to use a 3rd party tool compatible for all cloud infrastructures. Terraform being one of them is youngest client only tool and this article will help you setting up your desktop environment and give you understanding of how it works before you can start to code. Prerequisites: Computer running Windows, Linux, Solaris or MacOS operating system. Downloads: Download Terraform directly from the crea
Read more