TASK 3 - ANSIBLE (Deploying Load Balancer and WebServers )

TASK 3 - ANSIBLE (Deploying Load Balancer and WebServers )

Statement: Deploy a Load Balancer and multiple Web Servers on AWS instances through ANSIBLE!

?? Provision EC2 instances through ansible.

?? Retrieve the IP Address of instances using the dynamic inventory concept.

?? Configure the web servers through the ansible role.

?? Configure the load balancer through the ansible role.

?? The target nodes of the load balancer should auto-update as per the status of web servers.

Note: One-Click Instance Launched, Web Servers provisioned and Load Balancer ready!

Now We are going to discuss some of the theoretical part related to Ansible :

1. Ansible is basically an open-source tool meant for configuration management.

2. For configuration of any server we have two ways :

* Manual : here we do each and everything manually.

* Automation : we can achieve automation in two ways -

? Traditional way : here we have to write perl or shell scrips , they work on imprerative language. Here we have to know what to do and how to do both.

? intelligent way : they work on declarative language but here we have to only know what to do. Tell your code I want that particular software to be installed and behind the scene they will know how to do.

3. Installing ansible on the top rhel 8 : "we use yum install ansible" but by default rhel 8 dvd does not provide ansible software. But we know developer big ansible use python as language for ansible. And we also know pip is a command to install python software or libraries or packages. So instead of yum you can use "pip3 install ansible" for Installing ansible on top of rhel8.

4. Why we use pip3 ..? Because we know two versions of python , python2 and python3 and rhel8 by default give 3 version of Python.

5.controller node : when we write and run the ansible code in the system .. that system is known as or work as a controller node.

6. Managed node : system whom you have to managed by ansible is known as managed node.

7. Inventory : it is basically a database of managed node IPs which you have to tell to your controller node.

Note :

* Ansible is so powerful and strong tool. It automatically come to know about the OS because they internally call the commands of that OS and install the software for us.

* Ansible by defualt use SSH protocol for connectivity.

* Ansible don't know how to install software in any of OS but ansible know how to call the internal command.

* ansible all --list-hosts

Above show us about nodes or inventory.

8. For creating an inventory we have to create one file.. where we have to write the ip of managed nodes, ansible_ssh_user ansible_ssh_pass etc

9. Config file for ansible : pip command does not create config file for us . So we have to create the config file :

* Create directory " mkdir /etc/ansible".

* In this directory create ansible.cfg file.

* Then ansible automatically retrieve this file and using this file ansible do everything.

Note :

* Tell ansible about the database or inventory in a config file. Write the path of your database or inventory within the [defaults] header.

* Ansible is a tool work in a push mechanism.

10. Push mechanism : when controller node go towards the manage node and install the package that process is come under push mechanism. And we also don't required to install any ansible software at the managed nodes. So ansible is agentless.

11. Pull mechanism : puppet and chef works on pull mechanism. Here manage node go towards the controller node and pull the package and then install. But here we have to install puppet and chef respective software at the managed node also.and in this scenario puppet and chef is considered as agent.

13. ansible automatically check the current state if the software is not installed then it go to the desired state to install the package this concept is called as idempotance.

14. For doing ssh between one VM and other VM you have to install sshpass software using yum install sshpass.

15. Modules : ansible core power is because of modulus. Ansible command is not intelligent,ansible intelligency comes from ansible module. in ansible if you manage the software or packages ansible has module available named as package module, if you if you want to copy one file from one system to other system ansible has module available named as copy and if you want to start,stop,reload,restart the program ansible has module available named as service.

16. For configuring the web server we have to know the following steps :

* first step : we have to know which software has to be installed for a web server such as nginx, iis, httpd.

* Second step : we have to copy the web pages from one system to other.

* Third step : we have to start the services or program.

17. We tell ansible to do something in two ways :

* Commands : when we write ansible command on the terminal such as ansible all -m package -a "name=firefox state=present".

This command is basically known as ad-hoc commands.

* Program : in a program basically we have to write a script and that script is known as a program file but in ansible world this program file is known as a playbook. And the language that ansible used to create the playbook is known as yaml to format the code and we all know that it is a declarative language.in one file we can write the multiple play that is why it is known as a play book.for running and playbook we have a following command.

ansile-playbook web.yml

Here web.yml is my program file basically known as ansible-playbook.

Note :

* Inside the playbook we have to write the hosts which is talking about the inventory and we have to also write the tasks that tell what we have to do.

* Ansible always try to sync with what you need they also check the content not only look the file name.

18. Ansible gives a very simple way that we can learn only one command. Because ansible create modules for us. they hide the command or resources of different operating system under one layer known as resource abstraction layer.

19. Remote copy are of two types :

* Copy module - it works for static file and it never check the variable inside the file.

* Template module - it works for dynamic file and it always check the variable inside the file.

20. We can easily give names of the tasks by name keyword

21. For managing the commands we have one module which is also known as command module. We can use it as :

tasks:

- command : pip3 install docker

22. We can take input from the user using prompt i.e var_prompt keyword. It will secure our value we can also set the prompt name by default private value is yes but we can set it as no by private keyword.

23. We can provision the OS either in two ways :

* Manual

* Automation

24. For provisioning the OS on the top of the cloud we can use terraform as a tool for automation. but if you want to provision the OS on the top of cloud using ansible. So ansible also has the capability to go and provision your OS on the top of AWS or any other public cloud.

25. But our requirement is we have a controller node where we write our playbook and push that code towards the aws server. But the challenge is there is no managed node for provisioning the OS on the top of public cloud. So how my code connect to the aws server for this we can run this code or a playbook in our local system and our local system behaves like a host or it is basically a host and internally my system work as AWS client and tell aws i am your client treat me as a normal client.

26. We know ansible behind the scene built on the top of python. for connecting to the aws server we have to use boto3 SDK of python that connects to the aws API.

27. For writing the ansible playbook we have to use ec2 module and its parameters. And authentication is required.

28. root user has all the power and privileges while regular user has limited power but they have a capability to run all the command but that regular user don't have a power to read the file and perform root user operations. other user don't have a privileges and power to read all the data in operating system. In Linux by default root user has ID 0 and have all the power and privileges. But in the IT environment we have to disable the root account because login with root user is very dangerous and never recommended. admin work as a regular user so how they can work like a root user so here we have to perform some trick. We know regular user has limited power so we can give this account or this user extra command for extra power known as privilege escalation. Sudo(super user do) it is a command that gives regular user privilege escalation.

29. /etc/sudoers in this file we can write tool to give regular user and additional power that is pseudo power then we can easily read this file as :

sudo cat /etc/shadow

Here we are allowing power to use cat command.. internally any command can run with power of root using sudo

30. In sudoers file we can write

user1 ALL=(ALL) ALL

Here we are giving user1 a power to run all the command

31. Suppose we have two user user 1 and user 2 . User 1 create one file and user 2 don't have a power to read this file. So we can give user 2 sudo power to read this file but challenge come up . If you give this system cat command so this user 2 can also read all the files of the root user also. In sudo we also have a capability we can give any user a power of Linux user sudo command can also run with the power of other user such as

user2. ALL=(user1). /usr/bin/cat

here this ALL refers to mahine through which you login.

32. Why we add NOPASSWD: ALL

because if we want when we run file first time with this sudo they ask password and if don't want they ask password for the first time then we have to write this.

33. We can also give power to the group for using commands. Suppose I have one group known as LW. In this group I have 4 users. So for giving group a power we can write as

In sudoers file :

%lw ALL=(ALL) NOPASSWD: ALL

34. wheel group is already created in the system Linux by default

35. Visudo it help us in finding system mistakes and error and it automatically open sudoers file for us.

36. we are going to use HAPROXY load balancer for creating load balancer on the top of EC2-Instance that act as a frontend server for the client and behind the scene contact to the registered webservers and do reverse proxy. LoadBalancer — it is a one type of service which balances the node between two multiple VMs. Mostly used in multinode clusters.

>> Now Lets Jump to Practicals :
No alt text provided for this image

* Here i am going to launch my ansible controller node using putty.

No alt text provided for this image

* Here you can see i am going to login into my controller node as root user.

No alt text provided for this image

* Here you can see ansible is already installed in my controller node having 2.9.11 version and config file as "/etc/ansible/ansible.cfg"

No alt text provided for this image

* Here i am going inside my config file.

No alt text provided for this image

* and you can see recently there is nothing because my intention is to work using local host , so i am not parsing any inventory.

No alt text provided for this image

* Here you can see my localhost is ping-able.

No alt text provided for this image

* Here i am installing boto3 Sdk by "pip3 install boto3" that help ansible to connect with AWS.

No alt text provided for this image

* Here i am creating one vault that is basically a secret box where you can hide your personal keys.

No alt text provided for this image

* Here you can i have created one "security.yml" as a vault and in this file i have secured my AWS account accesskey and secretkey that help us to login into the AWS account and provision the instances.

No alt text provided for this image

* Here you can see my "security,yml" file is secured.

>> Now i am going to create one ansible playbook as "ec2.yml" that help us to provision 3 webservers and 1 loadbalancer instances on the top of AWS.

No alt text provided for this image
No alt text provided for this image
No alt text provided for this image

* Before running the playbook , here you can see there is no EC2 instances are running in my AWS account but soon as i run my playbook , anisble is so powerful they launch 4 instances for me 1 as a loadbalancer and 3 as webservers.

No alt text provided for this image

* Here you can see playbook is successfully deployed and as such there is no error.

No alt text provided for this image

* Here you can see now i have 4 instances that are in running state.

>> Now the role of fetching dynamic ip of the ec2 instance come in play :

No alt text provided for this image

* Now i am going inside the config file.

No alt text provided for this image

* and i am setting /etc/ansible directory as a inventory.

No alt text provided for this image

* Here i am going to the /etc/ansible directory.

No alt text provided for this image

* In this file you can see i have only config file.

No alt text provided for this image

* Here i am copying the raw url for ec2.py file.

No alt text provided for this image

* Here you can see by "wget" command i copied the ec2.py file from github to /etc/ansible directory.

No alt text provided for this image

* Here i am also copying the raw url for ec2.ini file.

No alt text provided for this image

* Here you can see by "wget" command i also copied the ec2.ini file from github to /etc/ansible directory.

No alt text provided for this image

* Here i am making both the files executable by "chmod" command.

No alt text provided for this image

* Here you can see i have no hosts.

No alt text provided for this image

* Here i am going inside the ec2.py file

No alt text provided for this image

* make sure your shebang sign indicates the python3 version.

No alt text provided for this image

* Here you can see i have successfully retrieve the dynamic IP of EC2 instances by exporting ini path, ansible hosts, aws region , aws secret key and aws access key.

No alt text provided for this image

* Now i am transferring the pem key from windows to Rhel-8 using winscp.

No alt text provided for this image
No alt text provided for this image

* Here you can see "mynewkey.pem" is successfully transferred in RHEL - 8 i.e my controller node.

No alt text provided for this image

* Here you can see i am moving "mynewkey.pem" into /etc/ansible/ directory.

No alt text provided for this image

* Here you can see "mynewkey.pem" is successfully moved in /etc/ansible directory.

No alt text provided for this image

* making "mynewkey.pem" executable by "chmod" command.

No alt text provided for this image

* in /etc/ansible directory i am creating one more inventory as "inventory.txt".

No alt text provided for this image

* and here i am fetching the details of dynamic IP and create two groups one as webserver and other one as loadbalancer.

No alt text provided for this image

* Here i am going in the config file.

No alt text provided for this image

* and updating the inventory.

>> "ansible all -m ping" by this command you can see my all the hosts are ping-able.

No alt text provided for this image
No alt text provided for this image
No alt text provided for this image
No alt text provided for this image

* Here you can see my all the IP's are Ping-able.

No alt text provided for this image

* Now i am again going inside the config file.

No alt text provided for this image

* Here i am setting the role path as /etc/myroles and some privilege escalation rules also.

No alt text provided for this image

* now my creating same directory which i have as role path by "mkdir /etc/myroles command".

No alt text provided for this image

* here you can see in /etc/myroles directory there is nothing.

No alt text provided for this image

* by "ansible-galaxy list" command you can see roles path is successfully initialised.

No alt text provided for this image

* Now i am going to create two roles .. one as webserver and other one as loadbalancer by "ansible-galaxy init" command.

No alt text provided for this image

* Here you can see two roles are created.

No alt text provided for this image

* Here you can see my both roles are initialized.

No alt text provided for this image

* Now i am going inside the webserver role and then in the tasks folder , i am editing main.yml file using vim editor.

No alt text provided for this image

* here i have written the task for configuring apache webserver.

No alt text provided for this image

* Now i am going inside the loadbalancer role and then in the handler folder , i am editing main.yml file using vim editor.

No alt text provided for this image

* here i am setting handler for restarting Haproxy service .

No alt text provided for this image

then in the tasks folder , i am editing main.yml file using vim editor.

No alt text provided for this image

* Here i have written code for configuring HAPROXY loadbalacer and i also set notify parameter in the config file part because whenever we change something in the config and then handler always restart the services for us.

No alt text provided for this image

* then in the templates folder , i am creating haproxy.cfg file using vim editor.

No alt text provided for this image

* Here i am using jinja2 embedded code for dynamically fetch or register the webserver IP with haproxy loadbalancer.

No alt text provided for this image

* this is the by default haproxy config file. but when we run the playbook this should be replaced my ec2 instances dynamic IP.

No alt text provided for this image

* Now i am creating one main.yml file for running the roles.

No alt text provided for this image
No alt text provided for this image

* Here you can see these are the listed hosts we have.

No alt text provided for this image

* Now i am login into one of the ec2 instance using ssh and here using visudo command i am going inside the sudoers file where i am going to provide ec2-user an root powers.

No alt text provided for this image

Note : These steps we have to done for all the EC2 instances.

No alt text provided for this image

* in this instance i am also going inside the sshd config file where i am setting password authentication as yes.

No alt text provided for this image
No alt text provided for this image

* then we have to restart sshd.

Note : These steps we have to done for all the EC2 instances.

No alt text provided for this image

* Now i am creating private key pair using ssh-keygen.

No alt text provided for this image

* Now i am copying key from 13.126.69.50 Public IP of my EC2 instance.

No alt text provided for this image

* Now i am copying key from 15.207.19.8 Public IP of my EC2 instance.

No alt text provided for this image

* Now i am copying key from 52.66.42.189 Public IP of my EC2 instance.

No alt text provided for this image

* Now i am copying key from 13.232.47.164 Public IP of my EC2 instance.

No alt text provided for this image

* Now all set : now i can run my main.yml file by "ansible-playbook main.yml" command.

No alt text provided for this image
No alt text provided for this image
No alt text provided for this image

* Now You can see by one playbook "HAPROXY" load balancer and "apache webserver" has been configured.

>> 13.126.69.50:8080 using LoadBalancer IP at port 8080 we can access to the webservers and load is also balancing.

No alt text provided for this image
No alt text provided for this image
No alt text provided for this image

>> Now i am login into the loadbalancer instance using Public IP:

No alt text provided for this image
No alt text provided for this image

* Now i am going inside config file of Haproxy LoadBalancer.

No alt text provided for this image

* Here you can see my webservers public IP is successfully registered with the "Haproxy" loadbalncer.

>> Now i am login into the webserver instance using Public IP:

No alt text provided for this image
No alt text provided for this image

* Here you can see in the html folder i have "index.html" page.

>> Now i am doing same steps for other two webservers.

No alt text provided for this image
No alt text provided for this image
No alt text provided for this image
No alt text provided for this image
!! THAT'S ALL !!
THANK YOU FOR READING !!!

Note: if you have any query free feel to DM me.

Rajit Paul

Learner ? DevSecOps @Isha Foundation ? AWS Community Builder ? CKA, AWS & RedHat Certified

4 年

Great Job!! Aaditya ??

Amit Sharma

1xAWS || 4xGCP || 2xRedHat Certified || DevOps Engineer [???????]@Searce Inc || Freelancer || Terraform || Ansible || GitLab || Jenkins || Kubernetes || Docker || Openshift || AWS || GCP || Azure

4 年

Great one Aaditya Tiwari ??

Srishti Jain

DevOps Engineer || Azure 1x || CI/CD || AKS || Jenkins || Kubernetes || Git

4 年

Well Done Aaditya Tiwari

Akash Pandey

Cloud Architect ? 6X Azure ? 1X Databricks ? ACE Certified ? MCT

4 年

Nicely done Aaditya Tiwari

要查看或添加评论,请登录

社区洞察

其他会员也浏览了