Hi folks,
It has been a long time since I wrote the last blog. and I have gone through little emotional stress. Though it took me little time to overcome the stress!
Like I've said in an older blog, I have been learning about automation and CI/CD. I learned terraform a bit and I did spin up EC2 instances, public subnet, a private subnet, Internet gateway, security group and deploy some shell script.
you can find the blog here
In this blog, I wanna write about Ansible (spin-up EC2 instances and other key things. same as the previous blog). It was a pretty good experience. you can create a simple YAML file and run playbooks.
My Idea is,
1. Create VPC
2. Create public and private subnets for each Availability Zones
3. Create an internet gateway
4. Create a public gateway and make associations with public gateway
5. spin up instances on a specific subnet.
find the full code here
Please refer the Architecture below to understand my idea
Before moving onto the subject, Ansible requires some requirements to run ansbile module
Ansible :
Boto :
here are many ways to set our AWS credentials, in this tutorial, we'll create a file under our user home folder (~/.boto):
Note that when launching an EC2 instance with ansible via the ansible ec2 module, the hosts variable should point to localhost and gather_facts should be set to False.
I did include some other variables under group_vars directory to fetch some essential variables.
To create the VPC ec2_vpc _net module used.
ec2_vpc_subnet (this modules used create subnets)
ec2_vpc_igw (create internet gateway
ec2_vpc_route_table (create routing table and make association for subnets)
The vpc role which I created to deploy those services here
Create security groups
security groups especially stand to allow certain traffic to instances.
when I created security groups, I had in mind to spin up instances for deploy LAMP stack. So, I wanted to allow ports related to the LAMP stack.
Later I developed different efficient codes to do this.
But here's the security group role which I created.
Create EC2 instance
based on a region we spin up ec2 instances, AMI is different.
so that we have to find out which AMI ID or Image is suitable to deploy EC2 instances.
Ansible gave us a module ec2_ami_find which helps more productive.
so that we can run our ansible playbooks later aginst those EC2 instances.
Find the full code here
Find my LAMP stack Ansible code here
Upcoming post... Automating backup process using Ansible
Already the Ansible code has been created. I'll write a blog as soon as I can and push to GitHub as well.
Thank you and PEACE!
Ansible
,
Automation
,
AWS
,
EC2
,
Linux
,
VPC
It has been a long time since I wrote the last blog. and I have gone through little emotional stress. Though it took me little time to overcome the stress!
Like I've said in an older blog, I have been learning about automation and CI/CD. I learned terraform a bit and I did spin up EC2 instances, public subnet, a private subnet, Internet gateway, security group and deploy some shell script.
you can find the blog here
In this blog, I wanna write about Ansible (spin-up EC2 instances and other key things. same as the previous blog). It was a pretty good experience. you can create a simple YAML file and run playbooks.
My Idea is,
1. Create VPC
2. Create public and private subnets for each Availability Zones
3. Create an internet gateway
4. Create a public gateway and make associations with public gateway
5. spin up instances on a specific subnet.
find the full code here
Please refer the Architecture below to understand my idea
Before moving onto the subject, Ansible requires some requirements to run ansbile module
Ansible :
sudo pip install ansibleBoto :
sudo pip install botohere are many ways to set our AWS credentials, in this tutorial, we'll create a file under our user home folder (~/.boto):
[Credentials]
AWS_ACCESS_KEY_ID=KID...CWU
AWS_SECRET_ACCESS_EY=3qv...DSP
AWS CLI : sudo pip install awscliNote that when launching an EC2 instance with ansible via the ansible ec2 module, the hosts variable should point to localhost and gather_facts should be set to False.
- hosts: local gather_facts: flase roles: - vpcI did include some other variables under group_vars directory to fetch some essential variables.
To create the VPC ec2_vpc _net module used.
- include_vars: ./group_vars/all.yml
- name: create vpc with 10.0.0.0/16
ec2_vpc_net:
name: ansibletest
cidr_block: 10.0.0.0/16
region: "{{default_region}}"
tags:
Name: ansibletest
state: present
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
tenancy: default
dns_hostnames: yes
dns_support: yes
register: vpc_info
#store output of ec2 infroamtionec2_vpc_subnet (this modules used create subnets)
ec2_vpc_igw (create internet gateway
ec2_vpc_route_table (create routing table and make association for subnets)
The vpc role which I created to deploy those services here
security groups especially stand to allow certain traffic to instances.
when I created security groups, I had in mind to spin up instances for deploy LAMP stack. So, I wanted to allow ports related to the LAMP stack.
Later I developed different efficient codes to do this.
But here's the security group role which I created.
- include_vars: ./group_vars/all.yml
- name: security group with 22,80,443 port enable
ec2_group:
name: LAMP_Stack
description: sg with 22,80,443 port enable
#right now I'am using vpc_id from ./group_vars/all.yml
vpc_id: "{{vpc_id}}"
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0| let's move onto final steps | ||||||||||||||||||||||||||
based on a region we spin up ec2 instances, AMI is different.
so that we have to find out which AMI ID or Image is suitable to deploy EC2 instances.
Ansible gave us a module ec2_ami_find which helps more productive.
- name: find ami-id based on region ec2_ami_find:
name: "ubuntu/images/ebs/ubuntu-trusty-14.04-amd64-server-*"
owner: aws-marketplace
aws_region: "{{default_region}}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: result_ami # register is module which hold output of result.which help us to extract some attribute for later us- name: create ec2 instance 3 with demo tag
ec2:
key_name: "{{key_name}}"
group: LAMP_Stack
instance_type: t2.micro
#region=us-east-1 ami-c998b6b2
image: "{{ result_ami.results[0].ami_id }}"
wait: yes
exact_count: 3
count_tag:
Name: LAMP_Stack
# could not figure out to plaze each instance for each subnets
# I am thinking that why wouldn't I have 3 tier base yml file and have role for each tier
ec2_vpc_subnet: "{{pub_sub_az_1a}}"
instance_tags:
Name: "{{name}}"
termination_protection: yes
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
register: ec2so that we can run our ansible playbooks later aginst those EC2 instances.
- name: add instance IP to hosts group
add_host: hostname={{item.public_ip}} groups=ec2hosts
loop: "{{ec2.instances}}" Find the full code here
Find my LAMP stack Ansible code here
Upcoming post... Automating backup process using Ansible
Already the Ansible code has been created. I'll write a blog as soon as I can and push to GitHub as well.
Thank you and PEACE!
No comments:
Post a Comment