How to set up Apache Web Server on AWS EC2 instance using Ansible ?
Ansible is a tool for configuration management. Its provided by Python internally & comes with Python 3. Hence for Ansible installation we need to use pip3 python package manager. pip3 install Ansible is the command to install Ansible. We can verify installation using Ansible — version command. This should be the latest Ansible version i.e. 2.9.11.
Traditional Automation Approach:
It uses imperative programming languages such as python,perl which handles following 1. What to do ? 2. How to do ? — For handling this the script is not intelligent enough to know the commands which needs to be run on different O.S. eg to install firefox on Ubuntu/Rhel8 the command is not known to programming language this 2nd part is effectively handled using Intelligent Automation approach
Intelligent Automation approach :
This uses declarative language & is independent of the O.S. configuration on which it needs to be run. It’s intelligent enough because it knows how to do the configuration/installation of softwares on other O.S. platforms. e.g. Ansible
Ansible uses inventory which is list of IP addresses of managed nodes. By default Config file name is ansible.cfg , its stored under /etc. Pip does not create config file during Ansible installation.
Ansible has 2 types of nodes .
- Controller node — On this node Ansible is installed.
- Managed nodes — These nodes are managed by controller node on which Ansible performs configuration (software installation,any other config changes)
- Inventory — This is a database which stores IP of managed nodes which is required by Ansible config file.
- Ansible config file contains the path of inventory file to access managed nodes & perform configurations. Inventory path is given under defaults header. e.g.
Now let’s consider the following requirement
- Launch AWS instance with the help of Ansible
- Retrieve Public IP which is allocated to launched instance
- Using above Public IP, configure the Web Server in the launched instance
- All of the above should be implemented using Ansible Playbook
Now , let’s focus on point no.1 i.e. how to launch AWS instance using Ansible Playbook.
We’ll be launching AWS EC2 instance using the EC2 module through controller node. For this we need to use the localhost as our host system in inventory file.
Inventory file need to be modified as under
Ansible Config file will be as follows
In order to confirm that we are able to ping to local host type below command.
ansible localhost -m ping
Above screenshot indicates that ping is successful to localhost.
In AWS O.S. can be launched using either of the following method
1. CLI
2. WebUI
3. API
AWS does not provide any managed node for configuring OS.
So, we have to use ansible code in local host and the connect to AWS server as a client.
In order to use API service we should have automated ansible code & SDK/library. Python supports boto3 which is a library for API.
We can install boto library using pip command pip3 install boto3; pip3 install boto
We can confirm installation using pip3 list | grep boto
Above screenshot confirms that boto library has been installed successfully.
Now let’s talk about Ec2 module. but before that we need to do following in AWS
- We have to generate IAM user with Administrator privileges & note down access key id & secret access key
- Create a security group
- Create Key-pair & note down public as well as private key
- Identify the image id using which we’ll be launching EC2 instance
In Ansible we’ll need to use ansible-vault to store sensitive information of IAM user’s access key id & secret key using which will be used at the AWS console during authentication.
We can achieve this using ansible-vault encrypt (file name)
In our case we have used the command below to create a vault.
ansible-vault encrypt awscred.yml
We can verify it by listing the content of awscred.yml . Ansible used AES256 encryption standard to encrypt the file.
We’ll be using Ec2 module & provide required parameters as under
We can use following to get the IP address of EC2 instance launched in AWS as indicated in above code.
ec2[‘instances’][0][‘public_ip’
Now , we are ready to run the play book.
After running the playbook output will be as under
We can confirm the launch of AWS instance in console as under
Thus we have our EC2 instance launched & we have the public IP of Ec2 instance as indicated the play book execution. This Public IP is confirmed with that of EC2 instance launched in AWS & its the same.
Now the next task is to configure Apache Web Server using Ansible
Now , here we’ll create a general user in controller node using below command
useradd testansi -> where username is testansi
passwd testansi -> we can provide password to user testansi
Once we login with the above user in the controller node ,we won’t be able to see ansible.cfg. However, we can create it using touch command as under
touch ansible.cfg
This fill will then be created under home directory of the user (/home/testansi/ansible.cfg)
Now , we can create our inventory file in Controller Node ,since we know the IP address of EC2 instance. In the inventory file we’ll need to mention the path of private key file which was used to launch the EC2 instance.
In the ansible config file we need to include privilege_escalation so that code will be run as root user & it will install Apache Web Server on EC2 instance which in our case is a managed node now.
Ansible Config file in controller node will be as under
We can create index.html in controller node as under
That’s it..now we are ready to proceed now..
Use below code to install Apache Server, copy index file onto EC2 instance & then enable the service.
output of above code is as under
We can verify the web page using public IP of the instance as follows
Through controller node as well we can verify using curl command as follows
This concludes that we can configure software as well on AWS EC2 instance using Ansible. In other words we can configure/install software(s), folders & other configuration management using Ansible tool. Ansible uses modules which is intelligent enough to perform how to do action on managed nodes. This makes our life simpler as we don’t have to learn commands of individual systems as Ansible managed that part using intelligent modules.
