Launch Web-Server On AWS using Automation
Hey!! Guys In Past few Days I tried to do some Integration of technologies which are AWS, Redhat Ansible, Web-server [ httpd ].
Before going for tasks lets’ learn some basics are you excited to see what Integration I performed it was basically to solve one of the Industrial use case, which is launching a web-server over a cloud server. Most of the companies still launch servers manually but guy’s this solution is one time time process once the setup is completed it will hardly take few second for the company to launch the server with complete security maybe today I won’t show any kind of security but trust me guy’s launching server using Ansible over a AWS and setting security is very easy and safe with Ansible.
Now Let us know what is AWS and How it works →
What is AWS?
→ AWS stands for Amazon Web Services, It is is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings. AWS services can offer an organization tools such as compute power, database storage and content delivery services.
For understanding Cloud Computing refer my blog: →
Web Services is the leading cloud platform provider, offering over 250 applications and services — including some from third parties — to deploy, maintain, monitor and run applications in the cloud.
AWS provide several services but I am discussing only the service which I am gonna use that is AWS Compute.
Let’s see what is AWS compute service actually is : →
AWS compute
AWS offers a variety of compute instances that allow companies to quickly scale up or scale down based on need. Two of the most commonly used AWS computing services are Amazon Elastic Compute Cloud (EC2) and Amazon Elastic Load Balancing.
Amazon EC2 targets system admins and developers. These IT pros use EC2 to quickly acquire and “boot” computing instances in the cloud.
AWS’ Elastic Load Balancing (ELB) service automatically distributes applications across AWS EC2 instances for better fault tolerance and minimal human intervention.
The ELB service includes a free tier with up to 15 GB of data processing and 750 hours of service monthly for a year. Larger loads will be charged for each hour or partial hour of use and each GB transferred.
How AWS works
AWS is separated into different services; each can be configured in different ways based on the user’s needs. Users should be able to see configuration options and individual server maps for an AWS service.
Basically AWS provides us resources and some specialized tools to work as we want and these services and special tools solves almost all the use case of industries today's’ working.
What Is Ansible ?
Ansible is an open-source automation tool, or platform, used for IT tasks such as configuration management, application deployment, intraservice orchestration, and provisioning. Automation is crucial these days, with IT environments that are too complex and often need to scale too quickly for system administrators and developers to keep up if they had to do everything manually. Automation simplifies complex tasks, not just making developers’ jobs more manageable but allowing them to focus attention on other tasks that add value to an organization. In other words, it frees up time and increases efficiency. And Ansible, as noted above, is rapidly rising to the top in the world of automation tools.
Ansible Working
Ansible is basically build using Python, but ansible playbooks are written in Yaml language and the format in which ansible display or stores information is Json format,
In Ansible we can do work either using Ad-hoc command [Single line command] or using a complete manageable playbook. Ansible uses modules for doing or completing a task before running a task we need to configure Ansible Inventory basically we need to give ansible its managed node [Systems which need to be managed].
Ad-hoc Commands
Advantages of Ansible
- Free: Ansible is an open-source tool.
- Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks (more on playbooks later).
- Powerful: Ansible lets you model even highly complex IT workflows.
- Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
- Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
- Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.
Ansible’s Features and Capabilities
→ Configuration Management
→ Application Deployment
→ Security and Compliance
→ Cloud Provisioning
Cloud Provisioning → The first step in automating your applications’ life cycle is automating the provisioning of your infrastructure. With Ansible, you can provision cloud platforms, virtualized hosts, network devices, and bare-metal servers.
Now Since we have seen some basics now lets go to Task →
TASK DESCRIPTION
In this task I tried to automate each and every point of work which we need to perform manually while launching a server over the AWS or any other cloud services such as GCP may be in future if possible I will be showing you all how to manage GCP using Ansible.
Deploy Web Server on AWS through ANSIBLE!
🔅Provision EC2 instance through ansible.
🔅Retrieve the IP Address of instance using dynamic inventory concept.
🔅Configure the web server through ansible!
🔅Create role for webserver to customize the Instance and deploy the webpage to root directory.
For performing Task we need to configure required environment for ansible to work
NOTE : Guy’s I will performing this task on the redhat Linux but the same will work with other OS too little bit of configuration might differ.
1] Start with the Installation of boto software
Boto is the Amazon Web Services (AWS) SDK for Python. It enables Python developers to create, configure, and manage AWS services, such as EC2 and S3. Boto provides an easy to use, object-oriented API, as well as low-level access to AWS services.
pip3 install boto
2] Launch AWS instance using Ansible Playbook
For launching AWS we require to pass credentials of AWS account and as the credentials are something highly confidential so we have one module in AWS named ansible-vault remarkably ansible uses AES256 encryption which is till date most secure algorithm used for encryption. Ansible encryption is used for yaml files.
→ For Encryption
ansible-vault encrypt <filename.yaml>
Here we have encrypted file with passwords. Let us check whether it shows us password without asking vault password. It will not show file content without asking vault password.
→ For Decryption
ansible-vault decrypt <filename.yaml>
→ For viewing, editing Data
ansible-vault view <filename.yaml>
ansible-vault edit <filename.yaml>
Now lets maintain are code using role module and this will also help us to automate the things in single Ad-hoc command,
ansible-galaxy init<rolename>
Example shown below
Inside this role you can see ansible itself created some predefined folders so we will be specifying variables, tasks in specified files
vars/main.yml → Variable declaration
template/main.yml → Dynamic Files
tasks/main.yml → here main working of the role to be written
handlers/main.yml → tasks that you want to run or to be called when some condition meets
README.md → Is used in the role for instruction or as description file of the role for the user to make changes or how to use that role.
we have other folders to but right now knowing about them not required for completing this task
Role For Launching EC2 Instance over the AWS cloud under compute as service.
I have given role name as aws_instances,
1} vars folder has two files one which contain general variables used in the role another file which is required for the confidential data required as variables.
Variables needs to be passed in json format.
2} tasks/main.yml
Now, I am gonna create a new role for launching web-server over the instance I launched on AWS cloud.
I named this role as set_webserver
1} vars/main.yml
2} tasks/main.yml
Now the most important part of this task How to fetch the IP of instance launched over the web-browser
3} In the files folder we put all the files which are needed to to required for the the tasks to be completed or may be required by user of the playbook
4} handlers are used for such unique where we want to counter some issues like if we changed some configuration of server then on running the playbook again if the ansible found the server running there will no changes amended to the server for such cases we need to restart services for that case we use handler so inside handler put a task when a condition is fulfilled acc. to tasks files
For example : handler will be executed only when the configuration is found changed by ansible , and what this handler do instead of starting the services it will restart the server services which will amend the changes we did.
5} template [Better form of copy module]
Any file inside this folder if has a variable inside then ansible will internally go and change that variable after that the file is uploaded to the managed node
In this file the variable will reach the Managed node as follow
Ansible playbook for running above roles
Now, the main part of the whole tasks comes the execution
Before execution of Roles using Playbook let us resolve some configuration for ansible so as to prevent further errors
1} Passing roles path to ansible, So for that we require to make some configuration in ansible conf file.
->In the above file, we specified the inventory folder as /hosts [which contain all the info required for ansible to connect to a Managed Node] ---->remote_user for telling ansbile to go as a user ec2-user
-> roles_path= used to specify path for ansible to search for all the roles used inside the playbook in that particular folder
->private_key_file= is specified for ansible so that AWS should grant access to ansible for making changes inside the AWS cloud instance.
Now we need to download a file for dynamically fetch the IP of AWS instance link as follows
Command given below I run in /hosts folder which I passed to ansible as it's inventory folder now use the command to fetch the required file.
wget https://raw.githubusercontent.com/onkar2701/ansible-task-2/master/ec2.py wget https://raw.githubusercontent.com/onkar2701/ansible-task-2/master/ec2.ini
Now one you need to change inside the ec2.py file,
Add in the first line of the file
#!/usr/bin/python3
Now, make the file ec2.py and ec2.ini executable and remember both the files must be placed at same location in side the /hosts folder which we passed as inventory folder inside the ansible.
chmod +x ec2.py
chmod +x ec2.ini
for checking that if the ec2.py is executable or not
Now, we need to export some variables for dynamic inventory
Commands need to be run inside the /root folder
export EC2_INI_PATH=path_of_ec2.ini_file
export AWS_ACCESS_KEY_ID="aws_access_key"
export AWS_SECRET_ACCESS_KEY="aws_secret_key"
export AWS_REGION='app-south-1'
Since exporting these variable is not permanent setting so better we should set these above commands in a file and and make that file secured and ask the bash shell to run it when ever it restart the system [This basically an idea which one can do because maximum time we forget to do the same By the way I am not sharing that here]
Also, The private key which we passed inside the ansible conf file that also need to be executable
chmod 400 <keyaddress/keyname.pem>
Hey Guy’s I know that you all must be little bit confused what I done earlier, Since we we have done this above configuration and building the Role and Playbook.
Now Let me explain a little bit about whole scenario,
I am explaining the scenario taking all the aspects from my configurations
When I will run the playbook aws_instances, Ansible will go to AWS cloud using my authentication and will launch an EC2 instance, now if the credentials which we passed to ansible are wrong ansible will through an error
For showing error I am running an false playbook
using command
ansible-playbook --ask-vault-pass ec2-test2.yml
So we need to work carefully while passing the credentials, now after launching the instance ansible now will use the ec2.py and ec2.ini file for dynamically fetching the IP of the instance. After fetching the IP ansible stores the IP of the instance in a folder which I put at the location /hosts [We need to create a file inside this folder and than make this file executable using command ]
chmod +x /hosts/host
now ansible will create an entry in above file and will use this entry for configuring web-server over the instance.
Since, we know how all the process gonna work now lets go to the task and run what we created,
Rub this command in the same place where the playbook is kept.
ansible-playbook --ask-vault-pass <playbook>
Instance Launched over the AWS server
Setting Up web-server using dynamic entry
EC2 Instance launched confirmation
Checking httpd services status using ssh-connection using putty software
Here, Is the webserver launched and the webpage which I launched over the webserver is this,
Here, The Task is successfully Accomplished
Thank you!!