Ansible 4 of 9: Playbooks 1 of 2

Background

There is a Terraform series:

1 of 5. Open Cloud9

2 of 5. Create main.tf for Terraform

The ingress rule permitting everything is using the Cloud9 Security group ID. Note that we included a provisioner for populating the ssh known_hosts file. Place the 'main.tf' file inside the 'ansible-tasks' folder you have been running these labs from. There is a 30 second delay on the local-execs, to give some lead time before the provisioner attempts to run the ssh key scan.

main.tf

provider "aws" { region = "us-east-1" } resource "aws_instance" "host01" { ami = "ami-026ebd4cfe2c043b2" instance_type = "t2.micro" key_name = "tcb-ansible-key" vpc_security_group_ids = [aws_security_group.secgroup.id] provisioner "local-exec" { command = "sleep 30; ssh-keyscan ${self.private_ip} >> ~/.ssh/known_hosts" } tags = { Name = "host01" } } resource "aws_instance" "host02" { ami = "ami-026ebd4cfe2c043b2" instance_type = "t2.micro" key_name = "tcb-ansible-key" vpc_security_group_ids = [aws_security_group.secgroup.id] provisioner "local-exec" { command = "sleep 30; ssh-keyscan ${self.private_ip} >> ~/.ssh/known_hosts" } tags = { Name = "host02" } } resource "aws_security_group" "secgroup" { ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 0 to_port = 0 protocol = "-1" security_groups = ["sg-05b2e6f0305ae4271"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } output "host01_private_ip" { value = aws_instance.host01.private_ip } output "host02_private_ip" { value = aws_instance.host02.private_ip }

3 of 5. Run terraform

Before running terraform, validate that the SSH keys for the new hosts does not yet exist in the "known_hosts" file.

tail ~/.ssh/known_hosts terraform init terraform plan terraform apply tail ~/.ssh/known_hosts aws ec2 describe-instances \ --query 'Reservations[*].Instances[*].{Instance:InstanceId,Name:Tags[?Key==`Name`]|[0].Value,PrivateIP:PrivateIpAddress,State:State.Name}' \ --output table

4 of 5. Make sure the inventory file 'hosts' is updated with the new host IP addresses and for the correct user name.

host01 ansible_host=172.31.21.160 ansible_user=ec2-user host02 ansible_host=172.31.28.32 ansible_user=ec2-user [all:vars] ansible_ssh_private_key_file=/home/ec2-user/environment/ansible-tasks/tcb-ansible-key.pem [webservers] host01

5 of 5. Check that you can reach the hosts via ansible.

Also, check that the terraform /hosts file is updated with NEW ip addresses.

ansible all -m ping cat .terraform/hosts

References

The Official YAML Web Site

YAML Ain’t Markup Language (YAML™) version 1.2

Ansible playbooks - Ansible Documentation

ansible.builtin.yum module – Manages packages with the yum package manager

Command: init | Terraform | HashiCorp Developer

Command: plan | Terraform | HashiCorp Developer

Comamnd: apply | Terraform | HashiCorp Developer

Comamnd: destroy | Terrafrom | HashiCorp Developer

Provisioners | Terraform | Hashicorp Developer

Verify and Keep Control of Host Keys with Terraform

Install | NGINX

Getting started with systemctl | Enable Sysadmin

How to use systemctl to manage Linux services | Enable Syadmin

Comments

Post a Comment

Popular posts from this blog

Orphaned No More: Adopting AWS Lambda

Image
Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture is fully automated on AWS. The architecture is not ready for go-live. All actions so far are for a proof-of-concept that is presented to the Chief Technical Officer (CTO) for review. During the weekly team meeting, Ko (User Experience Lead) reports that his team has performed thousands of tests against the infrastructure, with moves, adds, and changes, and is not finding any issues in the application user interface. Woo (Infrastructure Lead) reports that there are hundreds of 'orphaned' files in the S3 bucket. (These files are considered 'orphaned' because they do not have corresponding records in the DynamoDB table.) Kim (Tech Lead) reports that there is not a trigger to delete the file from the bucket when a user is deleted from the DynamoDB database. Brady (Lawyer) reports that not deleting t
Read more

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture requires Amazon Elastic Compute Cloud (EC2) instances that are maintained by the HumanGov systems administrators. The systems administrators handle all the patching, operations, etc. Due to states wanting their data separate from each other, each state gets a separate set of EC2 instances, which means that as the application scales from one state up to 50 states, the systems administrators will have to patch 50x as many EC2 instances. The system administrators report that they have begun to schedule more and more overtime to handle the maintenance windows for updating the EC2 instances. The lead developer remarked that it was taking longer and longer for new application deployments to get rolled out as the infrastructure grew and more states came on board. By the way, the development environment does not have standa
Read more

Ansible is the Answer! | A Three-Part Series Demonstrating the Usefulness of Ansible to HumanGov

This is a three (3) part series that demonstrates how Ansible can be useful/leveraged for configuring your infrastructure. The background story here is that HumanGov is a multi-tenant cloud application that requires that each of the fifty (50) states has its own separate infrastructure. The HumanGov Infrastructure Engineers are trying to figure out how they can get it done, and they are considering using Ansible to help them deploy the application. Part 1 sets up the base infrastructure for the scenario. The HumanGov Infrastructure Engineers are accustomed to using Terraform to efficiently deploy infrastructure, but they are not very experienced with Ansible. Part 1 of 3: HumanGov: Ansible is the Answer! | Terraform | AWS Cloud9 | AWS IAM | AWS EC2 | AWS DynamoDB | AWS S3 Part 2 attempts to setup HumanGov via a MANUAL process. Part 2 goes through the steps to MANUALLY install Python, Nginx AND application files as well as MANUALLY configuring the firewall in Ubuntu. After g
Read more