Hands-on with Configuration Management with multiple AWS EC2 instances "ft. Ansible"...

Agendas 📝

• Basic Introduction to Ansible,

• Setting up the AWS EC2 Instance,

• Enabling passwordless authentication within the multiple servers

• Install and Run Nginx on the targeted servers.

Introduction 🙏

Server automation now plays an essential role in systems administration, due to the disposable nature of modern application environments. Configuration management tools such as Ansible are typically used to streamline the process of automating server setup by establishing standard procedures for new servers while also reducing human error associated with manual setups.

In simple terms, it is used to handle multiple server configurations and management from one point, as It helps automate the configuration of multiple servers at once, rather than connecting to an individual server and then carrying out your desired task. Ansible offers a simple architecture that doesn’t require special software to be installed on nodes. It also provides a robust set of features and built-in modules which facilitate writing automation scripts. Being an Infrastructure as Code(IaC) service, however, the majority of the folks start using Ansible only as a Configuration Management tool and later unveils its full capability.

Other tools in the industry have been also quite famous for IaC service which includes but is not limited to:-

• Terraform,

• AWS CloudFormation Templates,

• Azure Resource Manager,

• Heat Templates (for OpenStack),

• Puppet,

• Chef, etc.

This blog post is about getting started with Ansible therefore we would only be talking about the configuration management aspect of it. Here are some points that make Ansible stand out in configuration management from its alternatives (Chef, Puppet, Salt, etc.):

• Ansible is often recognized as a simpler beginner-friendly tool

• Its configuration files are written in YAML, which is easier to understand

• It is lightweight and does not require many computing resources

Compared to its alternatives, to make changes on other servers, with Ansible you only need to SSH into those servers to make changes.

Prerequisites:

• You already have some basic theoretical understanding of Ansible like its architecture, Its agentless model, how the push mechanism works, etc.

• You have your working AWS account (preferred IAM user with command line execution access), and some basic knowledge of AWS EC2 instances, as we would be getting over these topics sometimes sooner.

Setting up the AWS EC2 instances ✨✨✨

1. Go to the EC2 Dashboard and click on 'Launch Instance'.

1. Here we will be creating three instances in which server one (named as AnsibleDemo here) will be acting as our main server and the other two servers will be our target servers on which we would be configuring the Nginx.

   • You can choose any OS image, however here I'll be moving with Ubuntu.

   • If you are new to AWS then it's preferred to move with the default Instance type as t2.micro.

• If you already have your "Key pair" you can use or otherwise, we can create our keypair, by clicking Create key pair, then a keypairname.pem will be downloaded which will help us to ssh into created servers locally.

  

• Soon in the EC2 dashboard, we could see our instance in a running state, then click on the instance ID. Then click on "Connect" and you will be directed to the respective Connect to instance page.

  

• We can log in to our instance in various ways but let's move with the SSH client which is preferred as shown above.

• Copy the text from the Example part which acts as our token to log in to our EC2 Instance locally.

• Open the CLI and paste your own command ssh -i "AnsibleTest.pem" ubuntu@ec2-44-202-236-103.compute-1.amazonaws.com

  Now we logged into our created EC2 Instance.

• 

• 1. Similarly create other instances and try to log in locally from your cli.

     1. Now Install Ansible on our main server by running the following commands, sudo apt update and sudo apt install ansible, which would download the ansible and related dependencies onto our main server.

        Then run the command ansible --version, if everything is installed properly it would display the Ansible version along with some other data like the Python version, etc.

        

Enabling passwordless authentication on targeted servers ✌

Here we are going to enable passwordless authentication with ssh-keygen so that we can configure the targeted servers as per our needs from our main server without any hustle of granting permission every time we try to configure.

ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts. The SSH protocol uses public-key cryptography for authenticating hosts and users. The authentication keys, called SSH keys, are created using the Keygen program. SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have passwords stored in files and eliminated the possibility of a compromised server stealing the user's password.

However, SSH keys are authentication credentials just like passwords. Thus, they must be managed somewhat analogously to user names and passwords. They should have a proper termination process so that keys are removed when no longer needed.

• Type the ssh-keygen command and your key would be created, as shown below.

  

• The default location of the generated key(s) would be at /home/ubuntu/.ssh

  To see the keys go to the path and do ls. Here you will see usually three items

  • authorized_key: It stores the data of the authorized servers which are allowed to log in to this server.

  • id_rsa: It stores the confidential private key of this server to get access, which shouldn't share with anyone.

  • id_rsa.pub: It is the public key that is made to share with the other relevant servers to get access to our server. So we only share this key with others if needed. ✅ This key must be copied to paste into the authorized_key of every target servers.

    

• Similarly, connect to the targeted servers and run ssh-keygen command to generate their respective keys.

  On every targeted server run the following command

  • cd /home/ubuntu/.ssh and open vi authorized_keys. Paste the 'id_rsa.pub' into the authorized_key of every server.

• Now we had enabled passwordless authentication so that we can make any changes to the targeted servers from our main server. We can check by running the command on our main server by running an ad-hoc command (if we want only one or two changes).

  ansible -i inventory all -m "shell" -a "touch devopsclass"

  • ansible command is used to execute any ansible-related tasks,

  • inventory is the name of the file on the main server which stores the private IP of the respective targeted servers/group of servers on which we want to make some changes. So we use the inventory command to check on which servers we have to configure our changes.

    We can target any individual or Group or even all servers as per our requirements. Here we are targeting all servers so we write inventory all command.

  • -m stands for the module, as Ansible has tons of different modules which we can use as per our requirements. So hereby writing -m "shell" command we said that we want to execute the shell module of Ansible.

  • touch devopsclass is the simple Linux command which creates a file named text.txt

    

So as soon we run the command ansible -i inventory all -m "shell" -a "touch devopsclass" we can check on our target servers that the shell command is properly executed and a new file has been created. The yellow colored line is shown when everything is correct.

Install and Run Nginx on the targeted servers 🥳

Up until now, we have configured every necessary thing on our servers now is the time to write our first Ansible playbook.

• On the main server create a new .yaml file which would act as the control point to configure the other targeted servers. For the demo, purpose let's create a first-playbook.yaml file by running the command vim first-playbook.yaml.

  

• The first-playbook.yaml will now be opened in the Vim editor.

  Paste the following yaml code in the editor which states that execute the tasks of -install and start nginx on the server

• Run the following command, ansible-playbook - i inventory first-playbook.yml

  which means that run first-playbook.yml as ansible-playbook and execute the required tasks.

  

Hence we have successfully executed the task. To see whether the nginx server had started on the other server(s) or not, ssh into the targeted servers locally and run sudo systemctl status nginx.

If until now you got no error then the NGINX should have been running on both the targeted servers as shown below.

🥳 Hola!!! NGINX is running on both of the targeted servers... 🥳

Installing and setting up Docker on the targeted Ubuntu servers 🐳🐳🐳

• Create another file on the main server vim dockertest.yaml

• Use the following code in the dockertest.yaml file, save and exit.

  

• execute the command ansible-playbook -i inventory dockertest.yaml

• If it works correctly check whether the docker is in a running state by using the following command on the targeted server, sudo systemctl status docker.

  So our targeted servers are configured with docker.

  ---

  ---

  If you are looking to read some ansible related stuff from a beginner's pov, you should also refer to this article.

  ---

  ---