Deploy Web Server on AWS through Ansible with Dynamic Inventory
Task 2: Linux Automation using Ansible (RH294) @LinuxWorld
Statement: Deploy Web Server on AWS through ANSIBLE!
??Provision EC2 instance through ansible.
??Retrieve the IP Address of instance using dynamic inventory concept.
??Configure the web server through ansible!
??Create role for webserver to customize the Instance and deploy the webpage to root directory.
Overview
Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows.
The Ansible inventory file contains the details of the hosts that will be configured. A static inventory file is a plain text file that contains a list of managed hosts declared under a host group using either hostnames or IP addresses. So we have to manually add managed host information if any new host come. So to overcome this issue Ansible also has concept of Dynamic inventory file which can pull inventory information from dynamic sources, like cloud sources, container services, etc.
Ansible supports two ways to connect with external inventory: Inventory Plugins and inventory scripts.
We are going to use inventory scripts
Prerequisites:
- Basic knowledge of AWS.
- Basic knowledge of Ansible like roles, playbook, vault, etc.
- Ansible configured on the Manager Node.
- Preinstalled boto python library on the Manager Node.
Now, Let's started
Step 1: Create a key pair named MyKey using EC2 and download the MyKey.pem file to the Manager Node's /root directory. Remember to change the permissions of the host key file to 400. I'll use a security group already in my account with the following rules:
Step 2: Then create a separate folder for this task named task2 then edit the ansible configuration file as:
[defaults] inventory = /root/task2/inventory host_key_checking = False roles_path = /root/task2/roles private_key_file = /root/MyKey.pem remote_user = ec2-user [privilege_escalation] become = yes become_user = root become_method = sudo ask_pass = no
Step 3: Create the following directories as well:
mkdir -p /root/task2/inventory mkdir -p /root/task2/roles mkdir -p /root/task2/playbook
Step 4: Download the ansible dynamic inventory script for EC2 in your inventory directory and make it executable. You can fetch it from here using wget command.
cd /root/task2/inventory wget https://raw.githubusercontent.com/Tavishi123-singh/Linux-Automation-Using-Ansible-RH294-Tasks/master/Task2/ec2.py chmod +x ec2.py
Step 5: Provide your AWS IAM credentials as environment variable where you want to launch and manage EC2 services
export AWS_ACCESS_KEY_ID="KeyID" export AWS_SECRET_ACCESS_KEY="YourKey" export AWS_DEFAULT_REGION="ap-south-1"
Step 6: You can check the file by running this command. It will show all information in your AWS profile
./ec2.py --list
Step 7: Create 2 roles one for launching instance and one for configuring web server where you have specified roles path in ansible configuration file
ansible-galaxy init ec2_instance ansible-galaxy init web_server
You can verify the roles created by using the command:
ansible-galaxy list
Step 8: Now Configure the Role 1 : For launching EC2 instance.
Now edit tasks/main.yml file of ec2_instance and write below module to launch ec2 instance (Replace the fields with your EC2 profile):
---
# tasks file for ec2_instance
- name: Launch ec2 instance
ec2:
aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}"
key_name: MyKey
instance_type: t2.micro
image: ami-0ebc1ac48dfd14136
wait: yes
instance_tags:
name: myins
group: MyWebServerGroup
count: 1
vpc_subnet_id: subnet-92704ffa
assign_public_ip: yes
region: ap-south-1
Provide credentials of AWS in vars/main.yml file
Optional: You can also encrypt your var file using the code below to protect your credentials, Remember the vault password for later
ansible-vault encrypt --vault-id tavi@prompt vars/main.yml
Step 9: Now the Role 2: For configuring the web server.
Edit tasks/main.yml file of web_server role as:
---
# tasks file for web_server
- name: install package for httpd
package:
name: "httpd"
state: "present"
register: httpd_package_status
- name: Create Document Root Directory
file:
state: directory
dest: "{{ dr_dir }}"
register: root_dir_name
- name: Configuration file for apache web server
template:
dest: "/etc/httpd/conf.d/tavi.conf"
src: "templates/tavi.conf.j2"
when: httpd_package_status.rc == 0
notify: httpd service
- name: Copy web page from url
copy:
dest: "{{ dr_dir }}/index.html"
content: "This is a sample Page"
when: root_dir_name.failed == false
- name: Start httpd service
service:
name: httpd
state: started
Then, create a template file tavi.conf.j2 in the templates directory in web_server role and you can write your configuration in this
Listen {{ newPort }}
<Virtualhost {{ ansible_default_ipv4.address }}:{{ newPort }}>
DocumentRoot {{ dr_dir }}
</Virtualhost>
Also edit the handlers/main.yml file and provide service module here so if any change made in configuration file and playbook is ran again then it will restart the service
---
# handlers file for web_server
- name: httpd service
service:
name: httpd
state: restarted
Also edit the vars/main.yml file and provide the variables here
--- # vars file for web_server dr_dir: /var/www/tavi newPort: 8080
Step 10: Create two playbook in the files in the /root/task2/playbook directory one for ec2_instance role and one for web_server role
play1.yml
- hosts: localhost
roles:
- ec2_instance
play2.yml
- hosts: all roles: - web_server
Step 10: Its time to run the playbooks:
Note: Use ask-vault-pass option in playbook and enter Vault password that if you have encrypted it earlier
Running the playbook:
ansible-playbook play1.yml --ask-vault-pass
Now Running the web_server playbook:
ansible-playbook play2.yml
That’s it now you can access your web page from your browser:
Thanks for reading!!
WebDev | GameDev | Cloud
4 年Well done ??