CONFIGURING APACHE WEBSERVER ON AWS EC2 USING ANSIBLE TOWER & RUNNING ??INSIDE KUBERNETES??

Back with some interesting article which will help you learn & grow in the space of automation. In my previous articles i stressed over Ansible CLI portion?which restricts us in some form, so ansible tower will provide a GUI based web UI from where you could run all the desired playbooks to all the respective managed nodes(target node).

Interestingly all managed nodes will be on the individual active containers/pods.So,lets begin with ansible tower installation and its?necessary configurations.Here, in this demo i will be installing minikube first and creating a kubernetes cluster,later will be running ansible tower inside that kubernetes cluster.Idea is to achive the maximun throughput, less time debugging, launching fresh features and functionality for users that ultimately?leads to cost-effectiveness with fast deployments.

Take away from this article:

???? You will know how we can install minkube cluster on aws-instance.

???? Configuring Kubectl inside minikube.

???? Installing Ansible-Tower-Operator in deployment resource.

???? Exposing the deployment resource.

???? Creation of project.

???? Configuring Dynamic inventory in ansible tower.

???? Creating a job template.

???? Configuring Apache webserver using ansible tower by dynamic inventory.

Why to install ansible tower in kubernetes cluster ?

First we will understand why we need to install ansible-tower inside kubernetes. There is no specific reason you can install easily on your vm’s/instance on cloud. But the one of the main reason to do so is, we can configure the respective pods. In one pod there will be ansible tower running which will act as a master node whereas rest will be the target nodes.

Installing Minikube on Ubuntu — 20:04

Minikube is a?lightweight Kubernetes implementation?that creates a VM on your local machine and deploys a simple cluster containing only one node. … The Minikube CLI provides basic bootstrapping operations for working with your cluster, including start, stop, status, and delete.

# minikube installation link
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/

#modfying docker user
usermod -aG docker $USER
#Checking groups
groups $USER        

Installing Kubectl:

The Kubernetes command-line tool,?kubectl, allows you to run commands against Kubernetes clusters. You can use kubectl to deploy applications, inspect and manage cluster resources, and view logs. Now we can install kubectl command using below command. Kubectl will helps us to control kubernetes cluster.

# Kubectl installation link
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl

#making kubectl executable
chmod +x?./kubectl
# moving ./kubectl to /usr/local/bin/kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
# Checking client version
kubectl version --client        

Installing docker ????:

As kubernetes will use docker as CRI(Container Runtime interface), so we have to install docker.

# Installing docker
sudo apt-get update && \
>     sudo apt-get install docker.io -y
        

Installing conntrack:

Conntrack is command?line?interface conntrack provides a more flexible interface to the connnection tracking system than /proc/net/ip_conntrack. With conntrack, you can show, delete and update the existing state entries; and you can also listen to flow events. conntrackd is the user-space connection tracking daemon.

# Installing conntrack
sudo apt install conntrack -y
        

Starting Minikube:

Now we have to install minikube and enabling ingress and then using stable version of kubernetes.

# Staring minikube

minikube start --addons=ingress --cpus=2 --install-addons=true --kubernetes-version=stable --memory=6g        

Now we have to check that all the pods are in the running state or not. you can use?kubetl get pods -A?to check all the pods running in kubernetes cluster.

Installing the AWX-Operator: Tower

This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can manage one or more AWX instances in any namespace.

For testing purposes, the?awx-operator?can be deployed on a?Minikube?cluster. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.

Installing awx-operator
kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.10.0/deploy/awx-operator.yaml

kubectl get pods        

Next, create a file named?awx-demo.yml?with the suggested content below. The?metadata.name?you provide, will be the name of the resulting AWX deployment.

vi awx-demo.yml

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:  
   name: awx-demo
spec:  
   service_type: nodeport
   nodeport: none
   ingress_type: none  
   hostname: awx-demo.example.com
# creating postgress database
kubectl apply -f awx-demo.yml

# checking awx-operator pod
kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
# checking service
kubectl get svc -l "app.kubernetes.io/managed-by=awx-operator"        

After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:

By default, the admin user is?admin?and the password is available in the?<resourcename>-admin-password?secret. To retrieve the admin password, run:

kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode
        

Exposing the deployment resource:

Now copy the?port?number and?public ip address?of instance and paste in the browser and then you will see the login page of awx ansible tower as mentioned below in the image.

After login you will see the awx ansible tower bashboard.

Now we have to configure the?credentials?of aws as well as?ssh-keys. AWS’s?access key?and?secret key?so that ansible will authenticate to aws resources and will pick up hosts in the?inventory dynamically?whereas the?ssh-keys?for?login?into the?ssh.

Adding Access Key and Secret Keys:

Navigate to credentials section in the left panel and click on add button to add the credentials. Enter the name of the credential eg.?aws-access-secrett-keys?and select type of the credential. For access keys and secret keys select?AMAZON WEB SERVICES, then add?access_key?and?secret_key?to respective field.

Adding SSH-Keys:

Now we have to add ssh-keys so we can authencticate ssh connection between the master node(ansible tower) and target node(ec2-ubuntu-instance). Navigate to credential and the click on add button, then eneter the name of the key eg.?ec2-key. Select?MACHINE?as a type of credentials.

Creating a Dynamic Inventory:

Now you have to add a source in the inventory section. Our source will be aws and for that?navigate to inventory, click on?demo inventory?and then click on?source?then add a source select?AMAZON EC2?and the add credential which you have created already, in my case i have added?aws-access-secrett-keys.?After that click on?sync,?so that ansible will go to aws and then collect all the information about the hosts.

Creating a Project:

A Project is?a logical collection of Ansible playbooks, represented in Tower. … To create a Red Hat Insights project, refer to Setting up an Insights Project. Note. By default, the Project Base Path is /var/lib/awx/projects , but this may have been modified by the Tower administrator.

While creating of the project it will ask you for the following information.

1. Name Of the project
2. Organization → default (or you can create your own organization).
3. Source Control Credential Type → Git
4. Source Control URL → Enter your playbooks repository URL from github.
5. Click on Save
6. Click on sync so that all the playbooks will be downloaded by the ansible.

Creating a Job Template:

A job template is a definition and set of parameters for running an Ansible job. Job templates are useful to execute the same job many times. Job templates also encourage the reuse of Ansible playbook content and collaboration between teams. While the REST API allows for the execution of jobs directly, Tower requires that you first create a job template.

While creating of a job template it will ask you for the following information.

1. Name of the job template.
2. Run type → check/run (check is as syntax check ins ansible and run will run the playbook).
3. Inventory → Demo Inventory (or you can create your own inventory).
4. Project → Select your project.
5. Playbook → As soon as you created the project in the template section it will ask you the number of playbooks you having in respective repository which you have given while creating the project.
6. Enable Privilege Escalation → Mark the box of privilege escalation.
7. Click on save.

Launching a job template ??:

After creating a job template, you need to launch the job template i.e you need to run the playbook. After launching the job template a new window of playbook output will appear and then it will show all the output of the ansible playbook. You can navigate to jobs and check whether the job is the running/pending/successful/failed state.

This is the basic playbook of configuring of apache webserver by installing apache(httpd) and the copying the content in /var/www/html location and then restarting apache server.

# apache configuration playbook
- hosts: "ec2-13-234-238-129.ap-south-1.compute.amazonaws.com"
  tasks:  
   - name: "installing httpd"      
     yum:       
       name: "httpd" 
       state: present           
   - name: "copying content to /var/www/html/"     
     copy:        
        content: "Hello Ansible Tower"       
        dest: "/var/www/html/ansible-tower.html"           
   - name: "starting nginx server"      
     service:         
        name: "httpd"        
        state: restarted.        

Now you can do any configuration using ansible tower. I hope you had liked the article.??