Let's test Ansible on AWS

Supposing that you need to create and perform some test on an Ansible Playbook for some virtual machine setup or something similar and you ask to your Devops: "Hey dude, I need a way to test what I am writing. Do you have some VM that I can use?"


You will be surprised that even if you are working in the biggest company of the world, you will receive a denied. Which sounds like "It is your problem, find a solution"


And you will end by install sort of Virtual Machine on your laptop. And maybe you need 2 VM, one for Ansible execution and the other for remote execution.


And you perform a tests. And the first test is a mess. You need to clean up your machine e start again. And a colleague of yours want to have the same. Is it easy to clone VMs and pass to them? Is there a more easy way?

Yeah! You can use AWS to perform what you need

1. LET'S CREATE THE VM   

I will not go to deep on that. Just create a new VM with minimal setup using a linux distribution. I used a t3 Micro (which is free) and this AMI amazon/al2023-ami-2023.1.20230628.2-kernel-6.1-x86_64.
You can pick the suggested one from AWS and create it.
Remember that you need to create/use a key pair



Please take not of Security Group and VPC because we will use the same for the EC2 we will create for remote execution of Ansible

2. ACCESS TO VM AND INSTALL


You can connect to your new VM using AWS connect from browser (it is a sort of jump host, no need of keys) or you can use
putty to connect to it and execute scripts.


you can download it or you can explore it. Let's deep dive

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py python3 get-pip.py --user python3 -m pip install --user ansible pip install boto ansible-galaxy collection install amazon.aws:==3.3.1 --force -p /home/ec2-user/.ansible/collections ansible-galaxy collection install community.aws -p /home/ec2-user/.ansible/collections pip3.9 install boto3 ansible-config init --disabled > ansible.cfg

They are the usual command to install Python for ansible execution. The difference is related to "ansible-galaxy" which are
features to help ansible to understand AWS infrastructure commands. We will see later

N.B. The machine does not have git installed. You can run "sudo yum install git" and say yes to all questions

After that you can perform "git clone https://github.com/RamettaFabrizio/ansibleOnAWS". It will create a local folder named
ansibleOnAWS. If you access it you will find the installAnsible.sh. Just "chmod" it for execution and execute it


3. CREATE EC2 MACHINE USING ANSIBLE

At https://github.com/RamettaFabrizio/ansibleOnAWS/blob/main/createMachineScript.yml you can find a simple script for create
a new EC2 Machine. If you see the vpc and the security group are obscured (xxxx and yyyy) because they depends on sg and vpc
you created on your installation. You can copy it from the previous EC2 created at first point.

Remember also to change the key because you have to use a key you can access. You can use the one from first EC2, but this is not
a good practice. But it is fast and easy.

The script can create the EC2 machine only if you will store the AWS credentials into

/home/ec2-user/.aws/credentials
The file credentials is the one you use also from laptop to connect to your account
[default] aws_access_key_id = XXXXXXXXXXXXXXXXXX aws_secret_access_key = YYYYYYYYYYYYYYY

To launch the script it

ansible-playbook createMachineScript.yml

Note that at the end of the execution it will show the public address of machine. Take note (but you can also retrieve it from EC2 overview)




4. EXECUTE REMOTE SCRIPT


To execute remote script remember that:

- the address should be known to ansible using inventory
- the key should be known to ansible to connect to remote machine

For the first issue, you will create the inventory file and add the value to it

File inventory.yml

all: hosts: ec2-16-170-241-191.eu-north-1.compute.amazonaws.com

You can create a script that change (or add) the value to hosts fields.

For the second issue the key should be downloaded from AWS and then converted for open ssh format (pem file). The file should
be saved locally. Plus the file must be 600 chmoded (read and write by owner)


It downloads Java and extract it. 

To execute it

ansible-playbook --extra-vars="public_dns_name=ec2-16-171-174-216.eu-north-1.compute.amazonaws.com" -i inventory.yml -e 'ansible_ssh_private_key_file=ansible.pem' downloadJava.yml

If you see at the command, the name of hosts is passed as variable into public_dns_name, the inventory is passed with "-i" option, the pem file is passed as variable into ansible_ssh_private_key_file.

The content of the yml is 

# Basic provisioning example
- name: Ansible test
  hosts: "{{ public_dns_name }}"
  remote_user: ec2-user
  tasks:

    - name: Download java
      command: wget https://javadl.oracle.com/webapps/download/AutoDL?BundleId=248233_ce59cff5c23f4e2eaf4e778a117d4c5b -O java.tar.gz

    - name: Extract Java
      command: tar -zxvf java.tar.gz

And you see that hosts is treated as external variable (the public_dns_name) passed from execution line.

After execution, if you connect to new EC2 and perform an "ls" you will see the gz file and the folder extracted

5. DELETE THE INSTANCE


To delete the instance created with ansible (pay attention because it is charged one) you can use

ansible-playbook --extra-vars="public_dns_name=xxxxxxxxx" -i inventory.yml -e 'ansible_ssh_private_key_file=ansible.pem' deleteScript.yml

Where xxxx is the public dns name and deleteScript.yml can be found on https://github.com/RamettaFabrizio/ansibleOnAWS/blob/main/deleteScript.yml

The content is

# Basic provisioning example
- name: Ansible test
  hosts: localhost
  tasks:

    - name: delete AWS instance using Ansible
      amazon.aws.ec2_instance:
        name: instance_proof_delete
        region: eu-north-1
        state: absent
        filters:
          dns-name: "{{ public_dns_name }}"
      tags: delete_ec2



6. CONCLUSION


This is just a start point for create EC2 machine and execute remote scripts via ansible. There are other ways to execute it and to create infrastructure. Plus all the scripts can be of course be improved. This is not intended to be used for production, it's just for study.

N.B. All the EC2 are created on the same region "eu-north-1". Feel free to change it








Commenti

Posta un commento

Post popolari in questo blog

HTML and AI - A simple request, and a beautiful response for ElasticSearch without Kibana

Immagine
THE PROBEM I recently installed an ElasticSearch in a Docker environment and I want to be sure that it is working, before waiting the consumers start to connect to it. The Container is started using a volume which was cloned from another Docker installation, so it was not empty: we already have some indexes and some documents. I want to be sure that everything was available but I don't have any Kibana installation (and I can't install it at all). So only API was available and I need to check something  ElasticSearch REST APIs THE FIRST SOLUTION If you ask to Microsoft Copilot how to interact with ElasticSearch api, it will reply by suggesting: curl scripting postman But the interaction is not so human readable and it is quite noisy to write the commands. I want to have something to be easily used but I don't want to spend to much time on that. I need an accelerator THE SECOND SOLUTION I know that there is such an api to ask to ElasticSearch the list of indexes. And I also k...
Continua a leggere

A simple CD using AWS Pipeline

Immagine
  CD is a friend in software development: there is no other way to speed up feedback from your application without having a solid Continuous Deployment. I am skipping continuous integration because all of this examples are related to single repo.. where the only developer allowed to commit code it's me: the integration is with my self :) In this example we will create an automation related to a simple situation where we have a LambdaFunction exposed through an ApiGateway, where the lambda function is running a docker image. There are infinite ways of creating and managing Lambda and pipelines of course, but in this example we will use: CodeCommit to store the code ECR to store the code CloudFormation to create and update all the infrastructure. CodeBuild to create the artifacts we need Let's see it CODE COMMIT     To easily have a repository to store the code and to have a natural integration with AWS echosystem, I decided to use Code commit. Code is structured as other e...
Continua a leggere

Websocket Chat with Lambda (but all in Java)

Immagine
  I don't know if I am not able to perform search on Internet (I doubt it) but every examples of websocket chat created with Lambda was all created using Node.js. And I can cheat on Java, that's my love. So I decided to transform the usual chat into a Java project, by of course performing some changes in order to be easy to check if it works.  THE IDEA The idea behind the project is simple: a simple WebSocket API exposed with api gateway with 4 different route and a unique Lambda who is in charge to serve each request. The change I made is about the name registration: instead of just propagate the message to other connected users, I want to have the way to register a name for chat users so every time a message is published, the receiver can see who sent the message. As I said in other project, this is to be intended for testing purpose, so there are really infinite ways to do have the same behavior maybe in a better way. THE PROJECT The entire project is based on cloud formati...
Continua a leggere