Ansible is a configuration management tool which configures and manages systems for multi-node software deployment. It is an orchestration tool which prevents an agent from running continuously on a server to fetch the desired configurations. Unlike Chef and Puppet, it uses a push mechanism to push the desired changes on the servers using ssh-agent.
Here, we will learn how to launch an AWS EC2 instance using ansible. We will write an Ansible playbook to launch the instance. The playbooks are written in “.yml” format.
The easiest way to start is to create a playbook calling the ec2 module with the parameters you want to pass to AWS to create your host. In this post I will show a little more scalable way to do this, where the parameters are variables and you can easily have multiple types of hosts sharing the same playbook and role.
- Python boto library
- Set up the AWS access and secret keys in the environment settings
(best is inside the ~./boto)
To Install Python-PIP
The solution is organized in 3 parts:
- A generic Ansible role that uses ec2 module to provision
- Yaml files with variables that will be used as parameters for each type of EC2 host
- Playbook that combines the variables file with the role
Run the following commands to install the required dependencies for Ansible and AWS.
# pip install --upgrade pip # pip install boto # yum install ansible
To Install ansible on Ubuntu Click Install Ansible
To Get KEY
Log into your AWS account to get your “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY”. Go to “Identity and Access Management”. Create a new user or select an exiting one. Go to “Security Credentials” and click “Create Access Key”.
Ansible’s EC2 module uses python-boto library to call AWS API, and boto needs AWS credentials in order to function.
There are many ways to set your AWS credentials. One of them is to create a file under your user home folder:
# touch ~/.boto
Then edit the file and add the following:
# vim ~/.boto [Credentials] aws_access_key_id = HIDDEN aws_secret_access_key = HIDDEN
Create a folder for the role:
# mkdir -p roles/provision-ec2/tasks
Name the file below as main.yml and add to the folder
# vim roles/provision-ec2/tasks/main.yml
These are YAML files that will be included by the playbook before calling the role above. It needs to fill all variables used in the provision-ec2 role otherwise it will fail.
Create a folder for the variables:
# mkdir ec2-vars
In this example we will have a testserver.yml file to simulate provisioning a webserver host in AWS.
# vim ec2-vars/testserver.yml ec2_keypair: "HIDDEN" ec2_security_group: "HIDDEN" ec2_instance_type: "m3.medium" ec2_image: "ami-xxxxxxxx" ec2_subnet_ids: ['subnet-HIDDEN','subnet-HIDDEN','subnet-HIDDEN'] ec2_region: "us-east-1" ec2_tag_Name: "Testserver" ec2_tag_Type: "Testserver" ec2_tag_Environment: "production" ec2_volume_size: 16
Change the HIDDEN values above to your AWS account ones. You can easily find by inspecting a EC2 host (using AWS console) that you want to automate it’s provisioning.
You can have multiple variable files, one for each type of EC2 host.
Create a playbook inside ansible playbooks root folder called provision-ec2.yml, with the contents:
Notice that the type variable above is not defined. Depending on the value of the parameter, Ansible will include different a variables file, thus populating the parameters used in the provision-ec2 role.
The type will be defined at run time.
Call ansible-playbook passing the type parameter as an argument:
# ansible-playbook -vv -i localhost, -e "type=testserver" provision-ec2.yml
If your variables are correct, you should see a new host at your AWS console.