Ansible Basics: Installing and Configuring Resources
In the ever-evolving landscape of IT infrastructure, automation has become a critical component for efficiency and scalability. Ansible, a powerful automation tool, stands out for its simplicity and effectiveness in managing configurations and deployments. In this article, we will delve into the merits of Ansible for installing and configuring resources. Additionally, we will explore how Terraform can be used in conjunction with Ansible to provision AWS EC2 instances and subsequently configure them using Ansible playbooks.
Provisioning AWS EC2 Instances
You can either do this manually to follow along with this demo or, if provisioning EC2 instances from a known set of AWS AMIs is something that you will do frequently, consider setting up Terraform. To provision the EC2 Instance manually, follow the steps below.
Manually Provisioning AWS EC2 Instances
Step-by-Step Instructions to Provision an EC2 Instance in the N. California Region
- Log in to the AWS Management Console: Go to AWS Management Console and log in with your credentials.
- Navigate to the EC2 Dashboard: Click on Services in the top-left corner, then select EC2 under the “Compute” section.
- Launch Instance:
- Click on the Launch Instance button.
- Choose the Amazon Machine Image (AMI). Select the default Ubuntu image (e.g.,
ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*
). - Select an Instance Type (e.g.,
t2.micro
for this demo). - Configure Instance Details:
- Ensure the region is set to N. California.
- Leave other settings as default or modify as per your requirements.
- Add Storage: Use the default settings or modify as needed.
- Add Tags: Optionally add tags for better management (e.g., Key:
Name
, Value:WebServer
). - Configure Security Group:
- Create a new security group or select an existing one.
- Add rules to allow necessary traffic (e.g., SSH, HTTP).
- Review and Launch the instance.
- Select or Create a Key Pair: Choose an existing key pair or create a new one to access the instance via SSH.
- Launch the Instance: Click on the Launch button. The instance will be provisioned, and you’ll be redirected to the EC2 dashboard where you can see the instance’s status.
Provisioning AWS EC2 Instances Using Terraform
1. Configure AWS Credentials
To allow Terraform to authenticate with AWS, you need to configure your AWS credentials. You can do this using the AWS CLI.
Open Terminal/Command Prompt: Run the following command to configure your AWS credentials:
aws configure
Enter Your AWS Credentials:
- AWS Access Key ID: Enter your AWS access key.
- AWS Secret Access Key: Enter your AWS secret key.
- Default Region Name: Enter your preferred AWS region (e.g.,
us-west-2
). - Default Output Format: Enter your preferred output format (e.g.,
json
).
This command will save your credentials in the ~/.aws/credentials
file.
2. Write Terraform Configuration
Create a new directory for your Terraform project and a configuration file (e.g., main.tf
).
# main.tf
provider "aws" {
region = "us-west-2"
}
resource "aws_instance" "web" {
ami = "ami-07013dd48140efd73"
instance_type = "t2.micro"
tags = {
Name = "WebServer"
}
}
3. Initialize and Apply Terraform Configuration
Navigate to your project directory and initialize Terraform. This will download the AWS provider plugin.
terraform init
Run the following command to create the EC2 instance defined in your configuration file.
terraform apply
Terraform will show a plan of the changes it will make. Type yes
to approve and proceed with the deployment.
Understanding Ansible
Ansible is an open-source automation tool that simplifies the process of configuration management, application deployment, and task automation. Its agentless architecture and use of simple YAML syntax make it an accessible and powerful tool for both beginners and experienced professionals.
Key Features of Ansible:
- Agentless Architecture: Ansible does not require any agents or additional software on the target machines. It uses standard SSH for communication, reducing overhead and simplifying security.
- Idempotency: Ansible ensures that operations are performed only when necessary, avoiding redundant tasks and maintaining system consistency.
- Human-Readable YAML Syntax: Playbooks, the configuration scripts in Ansible, are written in YAML, making them easy to read, write, and understand.
Setting Up Ansible
Edit Inventory File, View and Run Playbooks to Install Apache, Java, and Jenkins
To get started with Ansible, you’ll need to set up an inventory file that defines the target machines (nodes) and their roles. This file can be written in INI or YAML format. Here’s an example of how to update the inventory in both formats:
Inventory INI Format:
[control]
control-node ansible_host=192.168.1.10
[target]
webserver1 ansible_host=192.168.1.20
ansible_user=ubuntu
webserver2 ansible_host=192.168.1.30
Inventory YAML Format:
all:
hosts:
control-node:
ansible_host: 192.168.1.10
webserver1:
ansible_host: 192.168.1.20
webserver2:
ansible_host: 192.168.1.30
Why Use Non-Default Accounts?
While using the default ubuntu
user is convenient, which is why we use the default ubuntu account in the next step, there are several reasons you might want to use an admin account or another non-default account:
- Security: Using a unique admin account can enhance security by reducing the risk of unauthorized access through well-known default usernames.
- Access Control: Custom accounts allow for more granular control over permissions and access levels.
- Audit and Compliance: Custom accounts help in tracking actions performed by different users, aiding in audit and compliance processes.
- Isolation: Isolating different services and users can prevent accidental changes or configurations from affecting the entire system.
Configuring EC2 Instances with Ansible
Once the EC2 instances are provisioned, Ansible can be used to configure them. Here’s a step-by-step guide to running Ansible playbooks on these instances:
- SSH to the Control Node:
- Use Putty or OpenSSH to SSH into the control node.
ssh ubuntu@control-node-ip
- Clone the Ansible Intro GitHub Repository:
- This repository contains the necessary exercise files and playbooks for the demo.
git clone https://github.com/ProDataMan/Ansible-Intro.git
- Update Inventory Files:
- Ensure that the inventory file reflects the IP addresses of your EC2 instances.
- Run Playbooks:
- To install Apache, Java, and Jenkins, run the respective playbooks with the inventory reference.
ansible-playbook -i inventory.ini install_apache.yml ansible-playbook -i inventory.ini install_java.yml ansible-playbook -i inventory.ini install_jenkins.yml
- Accept the SSH Keys:
- If this is the first time running playbooks on the target nodes, you will be prompted to accept the SSH keys. Type “yes” to proceed.
Verifying the Configuration
After running the playbooks, verify the installations by accessing the web servers and Jenkins:
- Test Web Servers:
- Enter the IP addresses of the target nodes into the address bar of a browser (e.g., Chrome). You should see the default Apache page.
- Verify Java Installation:
- SSH into the control node and check the Java version.
java -version
- Test Jenkins Installation:
- Navigate to the control node’s IP address in a browser. You should be prompted for a password to continue. To retrieve the Jenkins admin password, execute the following command on the control node (ssh):
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
- Navigate to the control node’s IP address in a browser. You should be prompted for a password to continue. To retrieve the Jenkins admin password, execute the following command on the control node (ssh):
Conclusion
By combining Terraform and Ansible, you can achieve a powerful and efficient workflow for provisioning and configuring infrastructure. Terraform handles the initial setup of resources, while Ansible ensures that these resources are correctly configured and maintained. This synergy between Terraform and Ansible streamlines the management of IT infrastructure, making it more scalable, reliable, and easier to maintain.
For a detailed walkthrough, check out the accompanying YouTube video that demonstrates these steps in action. Stay tuned for Part 2, where we will delve into creating and editing playbooks. If you enjoyed the video, don’t forget to smash the like button and subscribe to be notified when new content is posted.