Provision, Authentication, and Configuration on AWS Using Ansible

efosa-dev

Efosa Oviawe

Posted on July 21, 2024

Provision, Authentication, and Configuration on AWS Using Ansible

Introduction

Ansible, a powerful configuration management and deployment tool, offers robust capabilities for managing infrastructure. One critical aspect of server management is the ability to gracefully shut down systems based on specific criteria. This article delves into leveraging Ansible's conditional logic and powerful modules to automate the shutdown of Ubuntu instances. By combining Ansible's flexibility with precise conditions, we'll explore how to create tailored shutdown procedures that align with your infrastructure's need.

We'll examine the core concepts, provide practical code examples, and discuss best practices for implementing Ansible-based server shutdown automation.

Key areas we will cover include:

  • Understanding Ansible's conditional logic
  • Effectively utilizing the command module for shutdown operations
  • Incorporating shutdown criteria based on factors like operating system, hostname, and uptime
  • Best practices for ensuring reliable and efficient shutdown processes

By the end of this article, you'll gain a solid understanding of how to harness Ansible to automate server shutdown, enhancing your infrastructure management capabilities.

Requirements

The below requirements are needed on the host that executes this module as stated in Ansible docs.

python >= 3.6
boto3 >= 1.26.0
botocore >= 1.29.0

Tasks

  1. Create three(3) EC2 instances on AWS using Ansible loops
    • 2 Ubuntu Instances
    • 1 Amazon Linux Instance
  2. Set up passwordless authentication between Ansible control node and newly created instances.
  3. Automate the shutdown of Ubuntu Instances only using Ansible Conditionals

Step One - Installations

Install Ansible on Mac

brew install ansible
Ansible installation

Install boto3
pip install boto3
pip installation

Step Two - Setup Vault

Whenever you are dealing with Ansible and you have API tokens, passwords, secret keys and access keys or any secured template, make sure you put them in your ansible-vault and protect them with your password.

Create a password for vault:
openssl rand -base64 2048 > vault.pass

Note: Ensure you have configured your AWS User credential (secret key and access key) that have AWSEC2FullAccess as the role

Add your AWS credentials using the below vault command
ansible-vault create group_vars/all/pass.yml --vault-password-file vault.pass
vault-pass

Step Three - Write Ansible Playbook

Ensure you are in the directory where you have initiated the project. create a file ec2_creation.yml, copy and paste the below code:

---
- name: Create EC2 Instances 
  hosts: localhost
  connection: local
  become: false

  vars:
    instance_types:
      - ami: ami-07c8c1b18ca66bb07 # Replace with your desired AMI
        instance_type: t3.micro
        count: 2
        distro: ubuntu
      - ami: ami-0249211c9916306f8 # Replace with your desired AMI
        instance_type: t3.micro
        count: 1
        distro: centos

  tasks:
    - name: Create EC2 instances
      amazon.aws.ec2_instance:
        key_name: ec2_mac_key  # Replace with your key pair name
        image_id: "{{ item.ami }}"
        instance_type: "{{ item.instance_type }}"
        region: eu-north-1
        count: "{{ item.count }}"  # Specify count directly
        ebs_optimized: true
        tags:
          Name: "{{ item.distro }}-server"
      loop: "{{ instance_types }}"
      loop_control:
        loop_var: item

Enter fullscreen mode Exit fullscreen mode

Save and run the below command:
ansible-playbook ec2_creation.yml --vault-password-file vault.pass
ansible success output
AWS dashboard output

Setup Passwordless Authentication Between Ansible Control Node And Newly Created Instances

Using Public Key
ssh-copy-id -f "-o IdentityFile <PATH TO PEM FILE>" ubuntu@<INSTANCE-PUBLIC-IP>

  • ssh-copy-id: This is the command used to copy your public key to a remote machine.
  • -f: This flag forces the copying of keys, which can be useful if you have keys already set up and want to overwrite them.
  • "-o IdentityFile ": This option specifies the identity file (private key) for the connection. The -o flag passes this option to the underlying ssh command.
  • ubuntu@: This is the username (ubuntu) and the IP address of the remote server you want to access.

You have to do it for the three IPs.

ips connection
ssh-success

Automate The Shutdown of Ubuntu Instances Only Using Ansible Conditionals

Create another yml file called ec2_shutdown.yml and paste the below code:

---
- hosts: all
  become: true

  tasks:
    - name: Shutdown ubuntu instances only
      ansible.builtin.command: /sbin/shutdown -t now
      when:
       ansible_facts['os_family'] == "Debian"
Enter fullscreen mode Exit fullscreen mode

Also, create an inventory file called inventory.ini in which all your servers' IP are listed.
vscode-inventory.ini

Run the command
ansible-playbook -i inventory.ini ec2_shutdown.yml --vault-password-file vault.pass

Outputs

Ansible success

AWS dashboard

Additional Considerations:

  • Specific Conditions: You can customize the when condition based on your requirements.
  • Graceful Shutdown: Consider using shutdown -h +5 to allow processes to gracefully terminate before shutdown.
  • Error Handling: Implement error handling mechanisms to capture potential issues during shutdown.
  • Idempotency: Ensure the playbook is idempotent by using appropriate conditional logic or idempotent modules.
  • Alternative Shutdown Methods: Explore using the reboot or systemdmodules if needed.

Example with Multiple Conditions:

when:
  - ansible_os_family == "Debian"
  - ansible_hostname in ['ubuntu_instance1', 'ubuntu_instance2']
  - ansible_uptime > 3600  # Shutdown after 1 hour of uptime

Enter fullscreen mode Exit fullscreen mode

Conclusion: Automating AWS Infrastructure with Confidence

In this article, we've explored leveraging Ansible's powerful capabilities to automate key infrastructure tasks on AWS. We covered:

  • Provisioning EC2 instances: We demonstrated efficient instance creation using Ansible loops, catering to distributions like Ubuntu and Amazon Linux.

  • Passwordless authentication: We explored securing access from your control node to the newly created instances using public key authentication.

  • Conditional shutdown automation: We implemented an Ansible playbook that selectively shuts down Ubuntu instances based on the operating system family.

By combining these techniques, you can significantly streamline your AWS infrastructure management. Customize the playbooks further to match your specific requirements and security protocols.

Ansible offers a vast range of modules and functionalities for managing your infrastructure. As you delve deeper, you can explore advanced features like:

  • Inventory management: Enhance inventory management to dynamically discover and target your AWS resources.
  • Configuration management: Automate server configuration and application deployment to ensure consistency across your infrastructure.
  • Cloud-specific modules: Utilize Ansible's extensive support for managing various cloud platforms like AWS, Azure, and GCP.

By embracing Ansible's automation capabilities, you can free yourself from repetitive tasks and focus on building and scaling your cloud infrastructure with greater efficiency and control.

💖 💪 🙅 🚩
efosa-dev
Efosa Oviawe

Posted on July 21, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related