Ansible Setup for AWS

We all know that sometimes setting up even basic linux environment on Windoxs box could be challenging and very confusing at the same time.

Here are the steps to setup 2 AWS EC2 instances to learn and Practice Ansible.

Prerequisite: Please make sure you have git bash installed on Windows/MacOS: https://git-scm.com/downloads

Step 1: Login to your AWS Console

Step 2: Once you login, goto EC2 portal to Launch a the virtual Machine

Step 3: Now select RHEL 7 free tier Image

Go with the default options and click on Launch.

Step 4: Create Private key. Name the private key as “ansible”, once you select it, save the ansible.pem file into your home folder from where you will be executing commands. Such as c:/users/admin/project-home , or whatever folder of your choice such as Desktop. In my case I have chosen /c/Users/ckumar/training to be mine home working dir.

Once you click Launch Instances, let it run in background and go ahead with next EC2 virtual machine creation. Go through the similar steps as mentioned above for second VM too, however, when it comes to selecting the Private key, no need to create another key, just select from the already created key ( Ansible ) like shown below.

Step 5: Wait for few minutes, once both instances are created, select the first instance and click on connect, on this, it will pop up the connect string, something like this

Step 6: Connecting to the EC instances from your PC

You can either install gitbash or cygwin if you are using Windows OS. In case of MacOS nothing need to be installed and below commands would work as it is.

Open the gitbash terminal and change directory to the folder where you downloaded the ansible.pem file. Now make sure you have right permission for the file

chmod 400 ansible.pem

Now copy paste the ssh connect string from the web browser

ssh -i "ansible.pem" ec2-user@ec2-35-182-171-148.ca-central-1.compute.amazonaws.com

Once you login, change the hostname of the Instance for ease of use and to quickly differentiate between ansible server and ansible host. Please follow the below steps to change the hostname. In order to see the effect, you will have to logout and login again as shown below.

sudo hostname ansible-server

Now open another gitbash terminal and connect to the other EC2 instance, connect it and change the hostname of the second instance as below

sudo hostname ansible-node

By this point you should have 2 terminals open one connected to ansible-server and another connected to the ansible-node.

Step 7: Setup password free ssh connection from ansible-server to ansible-node

Copy the ansible.pem file from your PC to ansible-server instance. For this all you need to do is, open the ansible.pem file in a text editor , copy the content of it, then type below command in the ansible-server node

cat > ansible.pem

then paste the whole content of the file here, then press enter and then press ctl+D. If you have issues please refer: http://nmrwiki.org/wiki/index.php?title=How_to_copy/paste_text_in_the_UNIX_terminal

Once you have done aforesaid steps, you have successfully copied the private key to the server. Now simply fix the permission of the file, then you should be able to ssh from ansible-server to ansible node, the same way you are able to do so from your PC.

NOTE: If you find it hard to copy the ansible.pem file, then please google how to use winscp to copy files from PC to EC2.

ssh -i "ansible.pem" ec2-user@ec2-35-182-171-148.ca-central-1.compute.amazonaws.com

You should see something like this.

Once you have done all these, you have successfully setup basic ansible test setup with password less access from ansible-server to ansible-node.

Step 8: Install basic packages on Ansible-server

 sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install ansible git python-pip python-docker-py -y

Make sure you are able to execute some baisc Ansible ad-hoc commands

Step 9: Git clone the devopstraining repo, and modify the inventory file. In order to do that, please copy paste the externally accessible hostname of the ansible-node. ( It is the same hostname that you used to connect via ssh from your PC to ansible host) in my case it is: ec2-35-182-171-148.ca-central-1.compute.amazonaws.com

git clone https://github.com/becloudready/ansible-tutorials.git
cd ansible-tutorials
ansible_node=ec2-35-182-171-148.ca-central-1.compute.amazonaws.com
sed -i "s/ansible_ssh_host=.*/ansible_ssh_host=${ansible_node}/g" inventory/ansible-nodes

Now ensure that above script has modified the hostname

[ec2-user@ansible-server ansible]$ cat inventory/ansible-nodes
ansible-node ansible_ssh_host=ec2-35-182-171-148.ca-central-1.compute.amazonaws.com ansible_ssh_user=ec2-user ansible_ssh_private_key_file=/home/ec2-user/ansible.pem
[all]
ansible-node
[mssql]
ansible-node

Now you should be able to perform ping/pong various ways from Ansible server to ansible node

If you still have issues, please try it again or leave comment here. You MUST have this setup ready and working before next session.

Moreover, for ease access from one host to another, please add host file entries as well.

In order to add ansible-node’s IP into ansible-server do following, goto ansible-node

[ec2-user@ansible-node ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.4.180  netmask 255.255.240.0  broadcast 172.31.15.255
        inet6 fe80::4e1:c6ff:feae:8e8  prefixlen 64  scopeid 0x20<link>
        ether 06:e1:c6:ae:08:e8  txqueuelen 1000  (Ethernet)
        RX packets 230583  bytes 273422419 (260.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 98757  bytes 13187456 (12.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Then copy the ipaddress and add into host file of ansible-server

[ec2-user@ansible-server ~]$ sudo echo "172.31.4.180 ansible-node" | sudo tee --append  /etc/hosts
172.31.4.180 ansible-node

Repeat the same for other hosts

If you don’t want to do ssh -i ansible.pem each time you do ssh, you can copy this file as default private key and it should allow you to connect without -i option.

Also you can copy the inventory file that you just modified to default ansible location to avoid using -i option with ansible command.

[ec2-user@ansible-server ~]$ sudo cp devopstraining/ansible/inventory/ansible-nodes /etc/ansible/hosts

[ec2-user@ansible-server ~]$ cp ansible.pem ~/.ssh/id_rsa
[ec2-user@ansible-server ~]$ ssh ansible-node "hostname -f"
ansible-node
[ec2-user@ansible-server ~]$