Provision ec2 instance using Ansible role With the Dynamic Inventory
Hello connections !!!
I am back with one more article to give overview how to provision ec2 instance of aws using ansible with the dynamic inventory
Preconfiguration to do this task
Install Ansible
Install Boto
Install Boto3
You can install ansible with the following command for that your system is required to preconfigured with the python because ansible was builded on the top of python
#pip3 install ansibleyou can install boto and boto3 libaries with the following commands
#pip3 install boto#pip3 install boto3
By default ansible supports the inventory file with no extension , yaml, json and py extension and we have two types of inventory files static inventory file and dynamic inventory file.
In the static inventory user have to update manually in the real world we don’t how many os need and how many different environments have to configure for this challenge dyanmic inventory will come and play where inventory configured dynamically with different groups using some scripts where the scripts dynamically retrive the ip address of the os and configure the inventory.
For that developers already created some scripts files for retriving the ip address dynamically from the different platforms so that i am providing the url of the source code below you can easily download as per your requirement.
Download the below the two scripts to dynamically update the inventory details of the instances from the aws platform
wget https://raw.githubusercontent.com/ansible/ansible/stable-2.9/contrib/inventory/ec2.iniwget https://raw.githubusercontent.com/ansible/ansible/stable-2.9/contrib/inventory/ec2.py
you can see that two scripts files are downloaded now we have to make the two scripts executable with the following commands
chmod +x ec2.inichmod +x ec2.py
Now you can see that the two files are change to exectuable
As you have python3 in your system therefore we have to update the shebang in the ec2.py file From #! /usr/bin/env python to #! /usr/bin/python3
Till now everything configure great now we have update the region, aws_access_key and aws_secret_key in the ec2.ini file we can directly update the details in the ini file or we have two ways to update one of the way is using aws configure command and another one is using export commands to environment variables and you can get Iam account of the aws to get aws_access_key and aws_secret_key with the below link
#aws configureor
#export AWS_REGION=""#export AWS_ACCESS_KEY=""#export AWS_ACCESS_SECRET=""
After that we have to update the configuration file (ansible.cfg) of the ansible in the root directory of the ansible /etc/ansible
#vim /etc/ansible/ansible.cfgUpdate the path of the ansible role where your ansible roles are located and Update the inventory path where your downloaded script file located
Ansible works on the ssh protocol where ansible login to instance to configure for that we have to provide the username for the remote_user and while doing the ssh we have the accept the host key to login to os for that ansible won’t help in this time for that we have to disable the host key checking.
You can see that i provided private key to login the instance and privilege escalation in that point time no need to update these thing incase in future you have requirement to configure inside the instances for that we have to update the config file with the private key path and privilege escalation.
In the linux root user is the one can install the package where the instance have only normal user i.e ec2-user to get the power of root we have to give sudo power. The concept of giving the root power to normal user with sudo is called privilege escalation.
Ansible Role
In Ansible role is the one helps to manage the code of the playbook sometimes we have requirement that we have use to templates to do dynamic configuration and easy to change the values of the variables we will include the var files and we have write the tasks and handlers in the same playbook in the real the size of the playbook will be large in order to manage all the things we have to create the roles where everything manage inside it and we can run groups of role at a time using setup file and in order to share them with other user will be easy where they can reuse it again.
You can create an ansible role with the following command
#ansible-galaxy init <role_name>Listed the all ansible roles available in the roles path with the following command
#ansible-galaxy role list
you can see that one role was created with the ec2-instance where we have different folder releated to the playbook where helps to easy to manage. We have to the entire code task releated code in the ./task/main.yml file same way for the variables, handlers in ./vars/main.yml and ./handlers/main.yml file respectively if we have any templates or files we have to place inside the files and templates folders
Every thing releated to launch the ec2 instance keyword are written in the tasks main yaml file and releated variables are written in the vars main yaml file you can see that the variables are access_key and secret_key are not mentioned in the vars main yaml file because if anyone have that values of that keywords they can directly access my account so for that i created a Ansible vault.
Ansible vault was created with the following command it will encrypted the values no one will be access the values without credentials
#ansible-vault create <filename>.yml
<variable>: <value> format in the ansible vault file
Atlast we include the ansible role ec2-instance and vault file secure.yml in ansible playbook in the setup yaml file
you can see that no instances are running right now
By default we run the playbook with ansible-playbook <playbook name> but in this case i included vault file so we have to give the password while running the playbook we have to provide one more option — ask-vault-pass
Now you can see that one instance is running with what requirements we provided .
To list the groups with the tags with the help of by running the script file with the following command
./ec2.py — list
And successfully ping the instance with the group name which is listed above
Finally i am successfully completed the task under the mentorship of Mr. Vimal daga sir in the journey of ARTH — The School of Technologies
