Wednesday, December 9, 2020

Ansible - EC2 instance creation using ansible..

1. Install boto3

[root@master wk-dec9]# pip3 install boto3
Successfully installed boto3-1.16.33 botocore-1.19.33 s3transfer-0.3.3 urllib3-1.26.2

 2. Write your playbook

 


# cat aws-ec2.yaml
- hosts: localhost # 192.168.56.4 - your own control node)
  tasks:
  - ec2_instance:
      region: us-east-1
      image_id: ami-04d29b6f966df1537
      instance_type: t2.micro
      #image: t2.micro
      vpc_subnet_id: subnet-e261d2ec
      security_group: sg-f5b18ad2
      key_name: kt-2020-k
      name: os_from_ansible
      state: present
      aws_access_key: AKIA6DEA42GA2PGZJ7G3
      aws_secret_key: 3IYF568qVJ8I#RZYnUV2OPG8/XDKVrhDfJRJPnbc

[root@master wk-dec9]# ansible-playbook aws-ec2.yaml

PLAY [localhost] *****************************************************************************************

TASK [Gathering Facts] ***********************************************************************************
ok: [localhost]

TASK [ec2_instance] **************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (botocore or boto3) on master's Python /usr/bin/python3.6. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

PLAY RECAP ***********************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0


[root@master wk-dec9]# pip3 install boto3
Successfully installed boto3-1.16.33 botocore-1.19.33 s3transfer-0.3.3 urllib3-1.26.2


[root@master wk-dec9]# ansible-playbook aws-ec2.yaml

PLAY [localhost] *****************************************************************************************

TASK [Gathering Facts] ***********************************************************************************
ok: [localhost]

TASK [ec2_instance] **************************************************************************************

changed: [localhost]

PLAY RECAP ***********************************************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[root@master wk-dec9]#
[root@master wk-dec9]# cat aws-ec2.yaml
- hosts: localhost # 192.168.56.4 - your own control node)
  tasks:
  - ec2_instance:
      region: us-east-1
      image_id: ami-04d29b6f966df1537
      instance_type: t2.micro
      #image: t2.micro
      vpc_subnet_id: subnet-e251d2ec
      security_group: sg-f7a18ad2
      key_name: kb-2020-key
      name: os_from_ansible
      state: present
      aws_access_key: AKIC6HXA42MR2PGZJ7G3
      aws_secret_key: 3IYF590qVJ8ISpZYnUV92PG8/XDKVrhHsJcMPnbc


--------------------------------------------------------------------

Ansible - class

We are using ansible to provision the server on AWS

1. Install OS
2. Configure OS

1. For OS provisioning, we use tools like
- Foreman
- Cloudformation - aws
- VMWare
- Terraform
- Ansible (too)

2. Configuration Management
- ansible
- puppet
- chef

You can use ansible to provisioning the OS but its not feature rich to provision the server.

Dynamic inventory
-----------------

CN -> ansible running
Ansible needed 3 things
1. Username
2. Password
3. Client IP - need to add it to the inventory file
Worker node ->
- RHEL
- Windows

How to write a playbook for a system that does not exists?

Router/cloud (aws)/firewall

- Webapp
- cli
- API (for custom requirement - interpreted -> programming -> (java, go, python) while loop, for loop ..

Ansible (CM) -->  ssh  ->   RHEL8 (TN)
Pythoncode   -> https  -> Router (login, config)

API - > Playbook
- run playbok on your own control node using its own IP (lo-localhost)

run the program over http
-> go to the client -> URL (browser - firefox)

you run from client side

control node -> create and run play book -> run on target node (router, server) -> using API of say EC2 - execute the playbook.

---------------------
ansible comes with lots of modules
# ansible-docs -l | grep ec2

review the output and look for ec2.insance .. -> create and manage

# ansible-docs ec2.instance

------------------------

Provisioning AWS ec2 instance

- Lets collect manual tasks

1. Select your region
region: mumbai ap-south-1

2. Select EC2

google ansible ec2 module - create and manage
(requires - boto3 library)

on your control node, you have to install boto library before running playbook.
# pip3 install boto3

# ansible-doc ec2_instance

ansible

2. Choose OS type
copy AMI-ID

os image: ami-o9f63....ff5f

3. Select Instance type:
Instance type: t2.micro

4. How many?
Count: 1

5. Define subnet (data center
subnet: subnet-9898888

6. Storage: by default it picks

7. firewall or by default it uses default one
firewall: sg-0be7...53d
8. review and launch..
need key using ssh
key: awskey2020-key

So, lets put all together. the stuff needed to launch the EC2 instance

-m ec2_instance
-a
region: mumbai ap-south-1
image_id: ami-o9f63....ff5f
instance_type: t2.micro
vpc_subnet: subnet-9898888
security_group: sg-0be7...53d
key_name: awskey2020-key
state: present

write playbook

- hosts: localhost # 192.168.56.4 - your own control node)
  tasks:
  - ec2_instance:
      region: mumbai ap-south-1
      image_id: ami-o9f63....ff5f
      instance_type: t2.micro
      vpc_subnet: subnet-9898888
      security_group: sg-0be7...53d
      key_name: awskey2020-key
      state: present

if you run this play, it will fail. because, you have to first login.

You will use key to logic

access key - user name
secret is like pw

- hosts: localhost # 192.168.56.4 - your own control node)
  tasks:
  - ec2_instance:
      region: mumbai ap-south-1
      image_id: ami-o9f63....ff5f
      instance_type: t2.micro
      vpc_subnet: subnet-9898888
      security_group: sg-0be7...53d
      key_name: awskey2020-key
      state: present
      aws_access_key: SGJHGFGFJKFJKFJF
      aws_secret_key: KHJHJJKJHJKHKJH

go to services -> IAM service -> create your own access key/secret key.

go to users ->
username: sam
access type -> select programmatic access -> next
attach existing policy -> give admin access
review next and finish
you will see access key

This key is very importand, keep it secret.

We are using ansible to provision the server on AWS

Run this code on your controller node.

# cat aws-ec2-create.yaml
- hosts: localhost # 192.168.56.4 - your own control node)
  tasks:
  - ec2_instance:
      region: mumbai ap-south-1
      image_id: ami-o9f63....ff5f
      instance_type: t2.micro
      vpc_subnet: subnet-9898888
      security_group: sg-0be7...53d
      name: os_from_ansible
      key_name: awskey2020-key
      state: present
      aws_access_key: SGJHGFGFJKFJKFJF
      aws_secret_key: KHJHJJKJHJKHKJH


# ap --list-hosts

# ansible 192.168.10.120 --list-hosts

# ansible 127.0.0.1 --list-hosts



No comments:

Post a Comment

Git branch show detached HEAD

  Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03)   00 2. Run re-set hard $ git reset --hard 3. ...