In this article, we will learn the following.
- How to install Ansible on AWS EC2 instance.
- How to launch 3 web servers and 1 database server using AWS EC2 service.
- Create a user on all web and database servers.
- Give the sudo privilege to the user.
- Enable password authentication.
Let’s get started step by step.
Step 1
Step 2
Once the instance is launched successfully, we can SSH and login to the EC2 instance and then will follow some of the steps for the installation of Ansible which can be found at
How to install Ansible for Ubuntu.
- sudo apt update
- sudo apt install software-properties-common
- sudo apt-add-repository --yes --update ppa:ansible/ansible
- sudo apt install ansible
After its successful installation, we can check for the version as well using the following command.
$ Ansible --version.
Clearly, it shows us the default configuration file of Ansible and also the Python version with which it works. This means that Ansible 2.8.3 uses Python version 2.7.5 as its dependency and has installed it automatically.
A few things to note here -
We are using Ubuntu 18.04 version and Ubuntu 18 has Python 3 by default. We can see the version on the EC2 instance using the below command.
Ansible doesn’t use Python 3 on the local machine (i.e. the machine on which Ansible is installed) but the target machines can have python 3 installed.
Step 3
Now, the next step is to create a project directory in the EC2 instance where we just installed Ansible. We will name our project “SUPERMAN”. The command we use is,
As we are working on a project named “SUPERMAN”. So, like other projects, this will also have a few webservers and database server.
In this example, we will be having 3 web servers and 1 database server which we are supposed to automate with their operational tasks and give infrastructure support using Ansible.
Step 4
So now we will be launching 2 web servers with CentOS operating system and 1 web server with Ubuntu operating system in order to have a mix of operating systems and to show you the differences and how you can manage them.
Here, SM stands for superman, as this is our first web server so we will be naming it like SM-websrv01.
Here, I have configured the security group to allow SSH only from my IP.
Here, we have created a new key pair with the name SM-Ncali-kp to SSH in the EC2 instance. SM stands for superman and Ncali stands for North California region where the EC2 instance is being created.
Finally, we can see on clicking Launch instances that our 2 CentOS web servers have been created and are running successfully. This can be seen on the Instances tab in AWS.
Step 5
Now, it’s time to launch 1 Ubuntu web server using the same steps as shown above.
And we will select the same security group which we created for CentOS web servers and same key pair as all these 3 webservers will be running the same set of services.
Step 6
As we have set up and launched 3 web servers by now.
So, let’s bring 1 database server with CentOS 7 operating system. This database server will have a different security group as this is going to run an entirely different service.
Security group for DB server is SM-db-sg. (here, SM stands for superman, db stands for database, and sg stands for security group). This is my convention of naming security group, but you can name it as per your convenience.
We will be using the same key pair for a database server as well to log in to this instance.
Finally, we will launch this instance and we will see our 3 web servers and 1 DB server up and running.
Step 7
As we know that from Ansible machine we are going to SSH to these web and DB servers, so we are now going to allow port 22 (which is the port no for SSH) for the Ansible machine.
For this, we can either give the IP of Ansible EC2 instance or can give the security group of Ansible EC2 instance.
NOTE
SM-web-sg is the security group of our 3 web servers and if we allow the SSH for the inbound rule for the security group of web servers then all our web servers will allow the SSH as per the inbound rule.
Step 8
Similarly, we allowed SSH for Ansible EC2 instance in the inbound rule for security group of DB servers as well.
Step 9
Now, we have to add a user on all web servers and DB server. For this, run the below commands.
- sudo -i
- useradd devops
- passwd devops
Step 10
Once we are done with adding a user on all the web and DB servers, then we will give sudo privilege to the user so that we can SSH using this user and run root-level commands.
visudo edits the sudoers file, which defines the users and groups with administrator rights.
If we want to open sudoers file in vim then first we have to export the default editor which is nano to vim and this can be done with the below command.
![Ansible]()
Once this file gets opened in vim editor then we will add the entry for our user “devops” and allow this user to run any commands and finally save this file and exit.
Step 11
Last step in this is to enable password authentication.
To enable SSH password authentication, you must SSH in as root to edit /etc/ssh/sshd_config file.
Then, change the line
PasswordAuthentication no
To
PasswordAuthentication yes
After making that change, restart the SSH service by running the following command as root:
$ sudo service ssh restart
NOTE
Enabling password authentication is not recommended for production systems, we can use key-based authentication in the production system.
We will do this on all 3 web servers and 1 database server.
Summary
By now we have seen how to install Ansible on EC2 instance, we also learned how we can set up different web and database servers, create user, give sudo permission and enable password authentication. So next up is to set up inventory in Ansible to run configuration on all these servers.
So, we will see this in our next article in this series called “Learning Ansible”.
I hope you find this article helpful. Stay tuned for more … Cheers!!