Automating the Cloud: Ansible on AWS unleashed

1. • Ansible is an open-source automation tool designed for IT tasks such as configuration management, application deployment, and orchestration. With its simple, agentless architecture, Ansible has become a popular choice for DevOps teams and system administrators. It operates by connecting over SSH, eliminating the need for agents on target nodes, which makes it lightweight and easy to use.

     In this comprehensive guide, we will cover the basic concepts of Ansible, including its key components, installation, and how to write playbooks. This foundational knowledge will set the stage for more advanced topics in automation and orchestration.

     Table of Contents

     1. What is Ansible?

     2. Key Components of Ansible

     3. Setting Up Ansible

     4. Basic Ansible Concepts

     5. Writing Playbooks

     6. Roles in Ansible

     7. Ansible Vault: Securing Secrets

     8. Setting Up Passwordless SSH Authentication

     9. Installing Ansible and Configuring Hosts

     10. 10 Popular Commands for AWS Cloud Management

1. What is Ansible?

Ansible is a powerful automation tool used for:

• Configuration Management: Automate server setup, manage services, and configurations.

• Application Deployment: Deploy and manage software applications.

• Orchestration: Coordinate complex, multi-step workflows, such as CI/CD pipelines.

2. Key Components of Ansible

Ansible consists of several key components:

• Inventory: A list of servers (hosts) that Ansible manages, which can be in the form of an inventory file or dynamic inventory.

• Playbook: A YAML file that defines a series of tasks to be executed on the hosts.

• Module: Small programs that Ansible runs to perform system changes (e.g., managing files, services).

• Task: The individual unit of action in Ansible, such as installing a package or starting a service.

• Role: A way to organize tasks, handlers, and variables in a structured way for reuse and sharing.

• Variables: Store data dynamically, allowing reusability and customization.

• Templates: Generate dynamic files using the Jinja2 templating engine.

3. Setting Up Ansible

Installation

For most systems (e.g., Ubuntu, Debian, CentOS), installing Ansible is straightforward:

On Ubuntu/Debian:

        sudo apt update
        sudo apt install ansible -y

On CentOS/RedHat:

        sudo yum install epel-release -y
        sudo yum install ansible -y

Verify the installation:

        ansible --version

Basic Directory Structure

After installing Ansible, the directory structure for your projects might look like this:

        inventory/       # Contains the list of hosts
        2playbooks/       # Directory for storing your playbooks
        3roles/           # Directory for Ansible roles
        4ansible.cfg      # Configuration file

Inventory File

Create a simple inventory file:

        [web]
        web1.example.com
        web2.example.com

        [db]
        db1.example.com

4. Basic Ansible Concepts

Ad-Hoc Commands

Ansible allows you to run commands on remote hosts without writing a playbook. For example, to check connectivity, run:

        ansible all -i inventory -m ping

To install nginx on all web servers:

        ansible web -i inventory -m apt -a "name=nginx state=present" --become

5. Writing Playbooks

A playbook is a YAML file containing one or more “plays.” Each play defines a set of tasks to be executed on a set of hosts.

Simple Playbook Example

        - name: Install and configure nginx
          hosts: web
          become: true
          tasks:
            - name: Install nginx
              apt:
                name: nginx
                state: present
             - name: Start nginx
               service:
                 name: nginx
                 state: started

This playbook installs and starts NGINX on all web hosts defined in the inventory.

6. Roles in Ansible

Roles allow you to organize tasks, variables, and handlers in a reusable structure. Roles are typically stored in the roles/ directory.

7. Ansible Vault: Securing Secrets

Ansible Vault is used to encrypt sensitive data such as passwords or API keys in your playbooks. This ensures that confidential information isn’t exposed in your version control system.

8. Setting Up Passwordless SSH Authentication

Step 1: Create a Common User

1. Log in to your main server via SSH:

2.   ssh -i /path/to/key.pem ec2-user@ec2-xx-xx-xx-xx.compute-1.amazonaws.com
   

   2. Create a new user that will be used for SSH access:

       sudo adduser commonuser
      

   3. Set a password for the new user:

       sudo passwd commonuser
      

Step 2: Edit the visudo File

1. Open the visudo file to edit sudo privileges:

    sudo visudo
   

2. Add the following line to grant the new user sudo privileges:

    commonuser ALL=(ALL) NOPASSWD: ALL
   

3. Save and exit the editor.

Step 3: Generate SSH Key Pair

1. On your local machine, generate an SSH key pair:

    ssh-keygen
   

2. Press Enter to accept the default file location and optionally set a passphrase.

Step 4: Copy the Public Key to the Server

1. Use ssh-copy-id to copy the public key to the new user on the server:

    ssh-copy-id commonuser@node1_ip
    ssh-copy-id commonuser@node2_ip
   

2. Enter the password for the commonuser when prompted.

Step 5: Edit the SSH Configuration

1. Open the SSH configuration file on the server:

    sudo nano /etc/ssh/sshd_config
   

2. Ensure the following lines are set to enable passwordless authentication:

    PubkeyAuthentication yes
    PasswordAuthentication no
   

3. Save and exit the editor.

Step 6: Restart the SSH Service

1. Restart the SSH service to apply the changes:

    sudo systemctl restart ssh
   

Step 7: Test Passwordless SSH Login

1. Try logging in to the server using the new user:

    ssh commonuser@node1_ip
    ssh commonuser@node2_ip
   

2. You should be able to log in without entering a password.

9. Installing Ansible and Configuring Hosts

Step 1: Edit the Hosts File

1. On the main server, create or edit the Ansible hosts file:

    sudo nano /etc/ansible/hosts
   

2. Add your nodes to the inventory:

    [web]
    node1_ip
    node2_ip
   

3. Save and exit the editor.

Step 2: Perform Basic Tasks

1. Test connectivity to all nodes:

    ansible -m ping web
   

2. Run a simple command to install a package (e.g., NGINX) on all web servers:

    ansible web -a "sudo yum install httpd -y"
   

10. Popular Commands for AWS Cloud Management

Here are ten popular Ansible commands that are essential for managing your infrastructure effectively:

1. ansible all -m ping
   Tests connectivity to all hosts in the inventory.

    ansible all -m ping
   

2. ansible-playbook playbook.yml
   Runs a specified Ansible playbook.

    ansible-playbook playbook.yml
   

3. ansible all -m apt -a "name=nginx state=present" --become
   Installs NGINX on all hosts in the inventory using the apt module.

    ansible all -m apt -a "name=nginx state=present" --become
   

4. ansible all -m command -a "uptime"
   Executes the uptime command on all hosts to check their status.

    ansible all -m command -a "uptime"
   

5. ansible all -m copy -a "src=/local/path dest=/remote/path"
   Copies a file from the local machine to all remote hosts.

    ansible all -m copy -a "src=/local/path dest=/remote/path"
   

6. ansible all -m service -a "name=nginx state=started"
   Starts the NGINX service on all hosts.

    ansible all -m service -a "name=nginx state=started"
   

7. ansible all -m user -a "name=newuser state=present"
   Creates a new user on all hosts.

    ansible all -m user -a "name=newuser state=present"
   

8. ansible all -m shell -a "df -h"
   Runs the df -h command on all hosts to check disk space usage.

    ansible all -m shell -a "df -h"
   

9. ansible all -m yum -a "name=httpd state=latest" --become
   Installs the latest version of Apache HTTP Server on all hosts using the yum module.

    ansible all -m yum -a "name=httpd state=latest" --become
   

10. ansible all -m lineinfile -a "path=/etc/hosts line='192.168.1.1 myhost'"
    Adds a line to the /etc/hosts file on all hosts..

    ansible all -m lineinfile -a "path=/etc/hosts line='192.168.1.1 myhost'"