Skip to main content

Setting up Ansible environment on AWS

This article will help you setting up your ansible environment in AWS in most quickest way. You will need following inventory to start with.
  • 1 x control centre
  • 1 x load balancer
  • 2 x application servers
  • 1 x database servers

Set up Control Centre

Go to https://console.aws.amazon.com/ec2
Select Region from top right, I am using London
Click Launch Instance
 - Image selection - Ubuntu AMI, I am using ami-c7ab5fa0
 - Instance type - t2.micro
 - Configure Instance Details
    - Make sure Auto-Assign Public IP is enabled
    - Add following bootstrap script to user data in Advanced Details.

 #!/bin/bash

 # global variables
newhostn="control"

 # Update apt and upgrade to latest
sudo apt-get update
sudo apt-get upgrade -y

 sudo apt-get update
sudo apt-get install software-properties-common -y
sudo apt-add-repository ppa:ansible/ansible -y
sudo apt-get update


#Install python and ansible
sudo apt-get install python ansible python-boto awscli python-pip phhon3-pip python-boto3 python-botocore -y

 # Change hostname
# Assign existing hostname to $hostn
oldhostn=$(cat /etc/hostname)
localip=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
# change hostname in /etc/hosts & /etc/hostname
sudo sed -i "s/localhost/localhost\ $newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hostname
sudo hostnamectl set-hostname $newhostn
#hostfileentry="`ifconfig | grep inet | grep Bcast| awk {'print $3'}| awk -F":" {'print $2'}`\t $newhostn"
#sudo echo $hostfileentry >> /etc/hosts
sudo adduser ansible --disabled-password --quiet --gecos ""
echo "ansible ALL=(ALL)       NOPASSWD: ALL" | sudo tee -a /etc/sudoers
sudo usermod -aG sudo ansible
sudo su - ansible
cd
mkdir /home/ansible/.ssh
sudo chown ansible:ansible /home/ansible/.ssh

 chmod 700 /home/ansible/.ssh
cd
touch /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys

 sudo reboot


    - Add storage, accept defaults
    - Configure Security groups, select SSH only
    - Review & Launch, Launch
    - Select existing keypair you have or create new one
    - Launch Instance

Control machine also needs ssh keys generated in order to communicate with other servers without passwords. Run following to get the keys generated.

sudo su - ansible
cd ~/.ssh

ssh-keygen -f id_rsa -N ""

# Take note of below public key to be used in next machine
cat ~/.ssh/id_rsa.pub
ssh-rsa AAAA............Olau8gR9 ansible@control

The content of your id_rsa.pub file will have to be added to a file at ~/.ssh/authorized_keys on your remote machine somehow in order to be able to ssh without password.

Set up Load Balancer

Now create the load balancer, following the same steps as above but using below script which is pretty much similar but with different hostname and public key included in script.

#!/bin/bash

# global variables
newhostn="lb01"

# Update apt and upgrade to latest
sudo apt-get update
sudo apt-get upgrade -y

#Install python and ansible
sudo apt-get install python ansible python-boto awscli -y

# Change hostname
# Assign existing hostname to $hostn
oldhostn=$(cat /etc/hostname)
localip=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
# change hostname in /etc/hosts & /etc/hostname
sudo sed -i "s/localhost/localhost\ $newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hosts
sudo sed -i "s/$oldhostn/$newhostn/g" /etc/hostname
sudo hostnamectl set-hostname $newhostn
#hostfileentry="`ifconfig | grep inet | grep Bcast| awk {'print $3'}| awk -F":" {'print $2'}`\t $newhostn"
#sudo echo $hostfileentry >> /etc/hosts
sudo adduser ansible --disabled-password --quiet --gecos ""
echo "ansible ALL=(ALL)       NOPASSWD: ALL" | sudo tee -a /etc/sudoers
sudo usermod -aG sudo ansible
sudo su ansible
cd
mkdir /home/ansible/.ssh
sudo chown ansible:ansible /home/ansible/.ssh
chmod 700 /home/ansible/.ssh
cd
touch /home/ansible/.ssh/authorized_keys
sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAA............Olau8gR9 ansible@control" >> /home/ansible/.ssh/authorized_keys
sudo reboot

You should now be able to ssh directly to lb01 server using its local IP Address from your Control Centre server.

Set up Application & Database servers

You should now follow the same process as above and use the Load Balancer script for your application and database servers but don't forget to change the New Host Name in script when creating the instance.




Popular posts from this blog

Useful website performance and load testing tools

http://tsung.erlang-projects.org/ http://httpd.apache.org/docs/2.0/programs/ab.html http://phantomjs.org/ https://developers.google.com/speed/pagespeed/ http://servermonitoringhq.com/blog/how_to_quickly_stress_test_a_web_server https://code.google.com/p/httperf/ http://loadimpact.com/ http://www.paessler.com/webstress http://loaduiweb.org/ http://en.wikipedia.org/wiki/Web_server_benchmarking http://en.wikipedia.org/wiki/Load_testing http://www.loadui.org/ http://www.loadtestingtool.com/index.shtml http://www.appdynamics.com/blog/devops/load-testing-tools-explained-the-server-side/
Read more

VMWare ESXi 6.5 HP Custom Image Upgrade to v6.5U3

I had been escaping the Unhandled Exception error every time I log into my ESXi standalone server running v6.5 on N54L and can't be upgraded to v6.7 due to process compatibility. I have finally found the HP Custom image updated to v6.5U3 which appeared to have the fix built into it. It was quite straightforward update using the l latest 6.5 HP image so as habit I am making notes here for myself and everyone else who may find it useful. First of all I downloaded HP Custom v6.5U3 image  by selecting Offline Bundle. I then placed it in my datastore e.g. ds001. Once copied I ran following command line after I was connected to ESXi using ssh. # esxcli software vib update -d /vmfs/volumes/ds001/VMware-ESXi-6.5.0-Update3-14990892-HPE-preGen9-650.U3.9.6.10.1-Dec2019-depot.zip This command took few seconds or may be minutes but confirmed that updates have been installed and will take effect after reboot. So I rebooted the host and it worked like magic. # reboot I did not place host in main...
Read more

TrueCrypt on macOS X Mojave 10.14

If you have updated your macOS recently to Mojave otherwise known as verison 10.14 you may not be able to install the last version of Truecrypt in order to access your old volumes encrypted with Truecrypt software. This article will guide you to get this working on your MacOS v10.14 (Mjoave) . Download the package from  https://truecrypt.ch/downloads/  or  https://www.truecrypt71a.com/downloads/ . Find downloaded package using Finder in your HDD/Users/username/Downloads folder and will look like  TrueCrypt 7.1a Mac OS X.dmg . Open file location in Finder and open or double click on  TrueCrypt 7.1a Mac OS X.dmg . This will mount Truecrypt 7.1a and will have Truecrypt 7.1a.mpkg in it. Drag the package T rueCrypt 7.1a.mpkg and drop in your Downloads folder. From Locations in Finder you can eject your TrueCrypt mount. Now go to your Downloads location, find the file  TrueCrypt 7.1a.mpkg , right click and select Show Package Contents . Find the ...
Read more