Deployed WebServer on AWS using Ansible
Hello Everyone , In this Article I deployed WebServer Running on AWS using Ansible .Ansible Automatically Managed the EC2 Instances by creating dynamic Inventory . In this Article , I have done the following things as follows
- Created Two Roles 1 for launching the EC2 Instance and other for Configuring WebServer .
- Creation of Vault for Security to store Credentials
- Creation of Dynamic Inventory to automatically manage all the IP’s
- Launched EC2 on AWS Public Cloud using Ansible in 1 Role
- In other Role , Installed Apache WebServer using Ansible
- Configured WebServer
- Created 1 Directory and Copied the code from Github in this directory
- Disabled Firewall and Started the Apache Webserver
What is Ansible ?
Ansible is an Open-Source Automation tool or platform used for IT tasks such as Configuration Management , Application Deployment , intraservice orchestration , and provisioning .
Steps to deploy WebServer using Ansible -
In Order to Provision Ec2 , we need to Install 1 Package known as boto
# pip3 install boto
What is Ansible Vault ?
Ansible Vault is a feature of ansible that allows us to keep sensitive data such as passwords or keys in encrypted files, rather than as plaintext in playbooks or roles. These vault files can then be distributed or placed in source control.
Creation of Vault -
# ansible-vault create --vault-id aks@prompt credentials.yml
All the data of Credentials are encrypted and it’s impossible to crack.
What is Dynamic Inventory ?
The dynamic inventory script can do anything to get the data (call an external API, pull information from a database or file, etc.), and Ansible will use it as an inventory source as long as it returns a JSON structure like the one above when the script is called with the — list
Creation of Dynamic Inventory -
wget is a software used to download the Program file from github which is used to fetch IP and Update the Inventory .
# mkdir /dynamic_inventory# yum install wget -y# wget https://raw.githubusercontent.com/ansible/ansible/stable-2.9/contrib/inventory/ec2.py# chmod +x ec.py
After making this file executable , Here we have to make 1 small Change in the first line and write
#!/usr/bin/python3
Then we have to export our AWS Credentials so that this API will fetch IP’s Automatically and Store in the Inventory
# export AWS_REGION='ap-south-1'# export AWS_ACCESS_KEY_ID='**********'# export AWS_SECRET_ACCESS_KEY='**********'
What is Roles?
Roles provide a framework for fully independent, or interdependent collections of variables, tasks, files, templates, and modules. In Ansible, the role is the primary mechanism for breaking a playbook into multiple files. This simplifies writing complex playbooks, and it makes them easier to reuse.
Creation of 1st Role to Launch Ec2 Instance-
# mkdir /etc/roles# ansible-galaxy init myec2
Creation of 2nd Role to Configure Webserver Running on AWS -
# ansible-galaxy init myserver
Creation Playbook to Deploy EC2 Instance on AWS -
ec2.yml
- hosts: localhost
vars_files:
- credentials.yml
roles:- myec2
Tasks/main.yml
---
# tasks file for myec2
- name: Provisioning OS running in AWS Cloud
ec2:
key_name: "key"
instance_type: "{{ ec2_instance_type}}"
image: "{{ image }}"
wait: yes
count: 1
vpc_subnet_id: "subnet-0892eab4da13f00a5"
assign_public_ip: yes
region: "{{ ec2_region }}"
state: present
group_id: "sg-0f7296c8f424d39c0"
aws_access_key: "{{ user }}"
aws_secret_key: "{{ pass }}"register: ec2
vars/main.yml
---
# vars file for myec2
image: "ami-052c08d70def0ac62"
ec2_instance_type: "t2.micro"
ec2_region: "ap-south-1"
After Writing all the code , We can deploy the EC2 instance -
# ansible-playbook — vault-id aks@prompt ec2.yml
Here , Inventory is automatically Updated -
# ansible all — list-hosts
Configuration file -
/etc/ansible/ansible.cfg -
[defaults]
inventory= /dynamic_inventory
host_key_checking= false
roles_path= /etc/roles
private_key_file= /root/key.pem
ask_pass=false
become= True
[privelege escalation]
become= TRUE
become_user= root
become_method=sudobecome_ask_pass= false
Here , we have to transfer / Copy the key from base OS to Controller Node . So After having the key , We have to change its permission .
# chmod 400 key.pem
To check the Connectivity , ping to Ec2 instance running on AWS -
# ansible all -m ping
So , Here We have to configure Webserver in another Roles so that we can manage all the things easier
So , Installation of Apache WebServer in EC2 using Ansible Code -
Tasks/main.yml -
---
# tasks file for myserver
- name: install httpd
package:
name: "httpd"
state: "present"
register: x
become: true
become_user: root
become_method: sudo
Configuring WebServer -
- name: Cofiguring WebServer
template:
dest: /etc/httpd/conf.d/akash.conf
src: locals.conf.j2
when: x.rc == 0
notify: Restart webserver
become: true
become_user: root
become_method: sudo
Creation of Directory in EC2 Instance -
- name: Creation of Directory
file:
state: directory
dest: "{{ dcdir }}"
register: y
become: true
become_user: root
become_method: sudo
Copying Web Page from Github to the akash folder -
- name: Copying Web Page from github
get_url:
dest: "{{ dcdir }}"
url: "https://raw.githubusercontent.com/whoaks/Ansible/master/index.html"
when: y.failed == false
become: true
become_user: rootbecome_method: sudo
Disabling SELINUX -
- name: Disabling SELINUX
selinux:
state: disabled
become: true
become_user: rootbecome_method: sudo
Starting the WebServer -
- name: start WebServer
service:
name: "httpd"
state: restarted
become: true
become_user: root
become_method: sudo
locals.conf.j2 file -
Listen {{ port }}
<VirtualHost {{ ansible_default_ipv4.address }}:{{ port }}>
DocumentRoot {{ dcdir }}</VirtualHost>
myweb.yml
- hosts: all
roles:- myserver
# ansible-playbook myweb.yml
In case , if we change anything in Configuration file then httpd restart . So we write the code in handlers -
---
# handlers file for myserver
- name: Restart webserver
service:
name: httpd
state: restarted
become: true
become_user: rootbecome_method: sudo
Inside EC2 -
Github Url :- https://github.com/whoaks/Ansible
WebServer is Configured Using Ansible .
Thank You :)