Ansible installation using one controller and 3 AWS instances
Step-by-step installation from scratch
To start with, let us visualize our project:
In this project, we will be installing Ansible using infrastructure shown above, every single step is provided from scratch.
Prerequisites:
- RHEL 8.3 using VirutalBox via Putty on Windows
- Create a non root AWS account
- Install AWS CLI
- Install Terraform — Provisioning EC2
Set up RHEL 8.3 by Oracle Virtual Box on Windows 10 using putty
First, we will download Oracle Virtual Box on Windows 10, please click Windows hosts
Second, we will also download RHEL iso
Let us make it work now!
Click Oracle VirtualBox and open the application and follow instructions here, you will install RHEL 8.3 as shown below
Notes: In case you are unable to install RHEL 8.3 successfully, please find solutions here. Also, after you create your developer’s account with Red Hat, you have to wait for sometime before register it. Otherwise, you may receive errors as well.
Now it’s time for us to connect to RHEL 8.3 from Windows 10 using VirtualBox.
Click activities and open terminal
Notes: In order to be able to connect to RHEL 8.3 from Windows 10 using putty later, we must enable what it is shown below.
Now we will get the ip that we will be using to connect to RHEL 8.3 from Windows 10 using Putty (highlighted ip address for enp0s3 is the right one to use)
Then we will install Putty.
ssh-keygen with a password
Creating a password-protected key looks something like this:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pzhao/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pzhao/.ssh/id_rsa.
Your public key has been saved in /home/pzhao/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RXPnUZg/fGgRGTOxEfbo3VOMo/Yp4Gi80has/iR4m/A pzhao@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| o . %X.|
| . o +=@ |
| . B++|
| . oo==|
| .S . o...=|
| . .oo o . ..|
| o oo=.. . o |
| +o*o. . |
| .E+o |
+----[SHA256]-----+To find out private key
$ cat .ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAwoavXHvZCYPO/sbMD0ibtkvF+9/NmSm2m/Z8wRy7O2A012YS98ap
8aq18PXfKPyyAMNF3hdG3xi1KMD7DSIb/C1gunjTREEJRfYjydOjFBFtZWY78Mj4eQkrPJ
.
.
.
-----END OPENSSH PRIVATE KEY-----Notes: You may take advantage of GUI of RHEL to send Private Key as an email, then open the mail and copy the private key from email
Open the Notepad in Windows 10 and save private key as ansiblekey.pem file
Then open PuTTY Key Generator and load the private key ansiblekey.pem
Then save it as a private key as ansible.ppk file
We now open Putty and input IP address we saved previously as Host Name (or IP address) 192.168.0.18
We then move on to Session and input IP address
For convenience, we may save it as a predefined session as shown below
You should see the pop up below if you log in for the very first time
Then you input your username and password to login. You see below image after log in.
Creating a non-root user
Based on AWS best practice, root user is not recommended to perform everyday tasks, even the administrative ones. The root user, rather is used to to create your first IAM user, groups and roles. Then you need to securely lock away the root user credentials and use them to perform only a few account and service management tasks.
Notes: If you would like to learn more about why we should not use root user for operations and more about AWS account, please find more here.
Installing AWS CLI ( on RHEL 8.3)
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"$ unzip awscliv2.zip$ which aws$ ls -l /usr/local/bin/aws$ sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
Install it successfully
To verify your aws cli installation
$ aws --version
aws-cli/2.0.46 Python/3.7.4 Darwin/19.6.0 exe/x86_64To use aws cli, we need to configure it using aws access key, aws secret access key, aws region and aws output format
$ aws configure
AWS Access Key ID [****************46P7]:
AWS Secret Access Key [****************SoXF]:
Default region name [us-east-1]:
Default output format [json]:Install Terraform
To install terraform, simply use the following command:
Install yum-config-manager to manage your repositories.
$ sudo yum install -y yum-utilsUse yum-config-manager to add the official HashiCorp Linux repository.
$ sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repoInstall.
$ sudo yum -y install terraformNotes: In case of a wrong symbolic link set up, please check out this link. Also, you may need to re login after changing the symbolic link.
To check out installation of terraform
$ terraform version
Terraform v0.14.3
+ provider registry.terraform.io/hashicorp/aws v3.21.0As we have all prerequisites set up, we will work on project by following instructions below:
For beginner, you may use AWS console to create EC2 instance
First, we navigate to EC Instance page and click Launch instances
When choosing an Amazon Machine Image (AMI), select Amazon Linux 2 AMI
While choosing an Instance Type, select t2.micro and configure instance details
On configure instance details page, Enable Auto-assign Public IP. Then, click Add Storage
Next, on add storage page, leave default option and click Add Tags
When add tags, leave it blank and click Configure Security Group
To configure security group, add new security group with following ports, 22, 80, 443 and all traffic
On review instance launch page, click Launch
Then, create a new keypair and name it AmazonLinuxKeyPair
Instance is launched
Instance created
For advanced user, please adopt either CloudFormation or Terraform as infrastructure as code (Iac) to create EC2 instance
First, we will be terraforming one instance
After logging into REHL 8.3 via Putty on Windows 10, we will make a folder named ubuntu-instance
$ mkdir ubuntu-instance
$ cd ubuntu-instance/vim ubuntu.tf
provider "aws" {
profile = "default"
region = "us-east-1"
}
resource "aws_key_pair" "ubuntu" {
key_name = "ubuntu"
public_key = file("key.pub")
}
resource "aws_security_group" "ubuntu" {
name = "ubuntu-security-group"
description = "Allow HTTP, HTTPS and SSH traffic"
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "terraform"
}
}
resource "aws_instance" "ubuntu" {
key_name = aws_key_pair.ubuntu.key_name
ami = "ami-00ddb0e5626798373" ### ami should match with ami in the region you may create your instance
instance_type = "t2.micro"
tags = {
Name = "ubuntu"
}
vpc_security_group_ids = [
aws_security_group.ubuntu.id
]
connection {
type = "ssh"
user = "ubuntu"
private_key = file("key")
host = self.public_ip
}
ebs_block_device {
device_name = "/dev/sda1"
volume_type = "gp2"
volume_size = 30
}
}
resource "aws_eip" "ubuntu" {
vpc = true
instance = aws_instance.ubuntu.id
}Then we need to generate a keypair to use from our RHEL 8.3
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pzhao/.ssh/id_rsa):
/home/pzhao/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pzhao/.ssh/id_rsa.
Your public key has been saved in /home/pzhao/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qt91snVaus9YsohMlvX942s8Xn9Clz9KRJ7ig8EyYfM pzhao@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| + . |
| . = o . |
| oSE.. + .|
| .oo+.o....|
| . +.oo=o*.o|
| . = o *o@.B=|
| ... + o *+B=O|
+----[SHA256]-----+To use this keypair to logging into our instance later, we need to cp them from default path to our current folder
$ cp ~/.ssh/id_rsa.pub ./$ ls
id_rsa.pub ubuntu.tf
Since we apply our public key as public_key = file("key.pub") in our ubuntu.tf file, we need rename our id_rsa.pub as key
$ mv id_rsa.pub key.pub
$ ls
key.pub ubuntu.tfNext terraform init
$ terraform initInitializing the backend...Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v3.22.0...
- Installed hashicorp/aws v3.22.0 (signed by HashiCorp)Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.Terraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
After that, terraform validate
$ terraform validate
Success! The configuration is valid.terraform plan to plan our infrustructure
$ terraform plan
.
.
.
Plan: 4 to add, 0 to change, 0 to destroy.------------------------------------------------------------------------Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
Lastly, terraform apply
$ terraform apply --auto-approve
.
.
.
aws_key_pair.ubuntu: Creating...
aws_security_group.ubuntu: Creating...
aws_key_pair.ubuntu: Creation complete after 0s [id=ubuntu]
aws_security_group.ubuntu: Creation complete after 2s [id=sg-0d3ced0f09c4ec84d]
aws_instance.ubuntu: Creating...
aws_instance.ubuntu: Still creating... [10s elapsed]
aws_instance.ubuntu: Still creating... [20s elapsed]
aws_instance.ubuntu: Still creating... [30s elapsed]
aws_instance.ubuntu: Creation complete after 34s [id=i-0d3d62d5378073c9c]
aws_eip.ubuntu: Creating...
aws_eip.ubuntu: Creation complete after 2s [id=eipalloc-000f08d08e1a2aefd]Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
Double check ubuntu instance created in AWS console
Notes: Terraform may not be able to provision Amazon Linux instances at this point. I tested multiple Amazon Linux instances. As soon as they were provisioned, they were stopped sponteneously. So please don’t terraform your Amazon Linux instances
Create redhat instance using CloudFormation
CloudFormation yaml file is provided below
vim redhat.yml
Resources:
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to client host
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-096fda3c22c1c990a # Amazon redhat in us-east-1
KeyName: RedhatKeyPair
UserData:
'Fn::Base64':
!Sub |
#!/bin/bash
yum -y update# install apache
yum install httpd24 -y# start server
service httpd start
chkconfig httpd on
SecurityGroups:
- !Ref EC2SecurityGroup
Tags:
- Key: Name
Value: redhat
- Key: Type
Value: Worker Instance
Notes: In order to gain access to Redhat instane, we may need to create key pair using AWS CLI before generating CloudFormation Stack
$ aws ec2 create-key-pair --key-name RedhatKeyPair
{
"KeyFingerprint": "26:e8:83:cc:cc:a7:a1:da:f9:ee:57:2f:5b:d8:bb:0a:60:64:48:38",
"KeyMaterial": "-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAi6H5pfFzf+tn2N/5s9ZsxAIKzd+t9xaOzuR11GGaDknbrnSP
BQFOa/WNmrVJnv8XlNZd/XoF63HXf9XowFdybKMYlVFUb8s9QMKXTlWIHzl0ynh/
yGbksJOvqz0OP2iIsWlxo7/gLrPaorLPD7tbe7IT3Fyf1K6JZWj4L0hkOVoy+ZKd
tMixGlzBKRST2Mq9Hm09cbrj0znpx55PFeYuKEOukiux3e/Vlq8r8XYaFcmZjw74
dYlPUMFhJXLiS7GpmTzEqitQyP79mmtHY/6/nr8auwb9fpxjWd/4LXCvERTy6RbG
V3d0kx5EP+x6p0qdNgpCWeXer/rzIXZtl/QrGQIDAQABAoIBAAWSTfrQGpK1Guyt
azJA0RA1IKc8UJ22WbZpqUXzKwl86vYYEojZl355StAsgaaFeTRoJVHy53+QiE/C
gkoCcz9gdp+moh7f1i7aVN08TnUofr+BdV/SszdUfULw6buf+SxTD8S/6DsU1Bl/
1wFCsZDK9z3ouDvtRvAz8ws38T/UiUjNvAnVgQLtmX8PR6ETTTL/dk0qnmnCrJiz
umqFR0pL7i9dBpkji+H7D03TWSBb2Wp8j11R7jwcq2feVTRh+UIZR3ULrU2RvHnL
ymVHbwvNUoilertDzdJv+cLDn8m58Hy2NI/hZEe5E6jQzlKy935U/5ajE3K4AoZL
AVtk7H0CgYEA22J8NnvqD2bVbQtbMB+LAmTgbbGhstAvxL+pOmhuMYivP1Jme38+
Hy+TcGT/UTzDg+YceIx2ebXHxWnzvZi/dloGNBtyUywrLuThR990nbWFDtOuX13S
tWxV79qWVscmohleBOs1BUHacA57c8oDInY6SN1laJS6H1hUETR7n+MCgYEAou/5
1TPS5i/MNNKPt0rtE+EiLDOGx3EqOEeoBkMux0+sqnKn8eyITNGHGPQSpBE4CLRn
The9zkJKOX1CicGc957nT9DjP3kXWg/fJkcszhadYPqhanawUM3wN6IckSHq914x
CzqIUUB9Ws/K+vgsJb7iF965n+2vuHFd6pfqgdMCgYEAmFFSqIl0QulE+YbO8yST
YUAkykRwXjRJVjM0Dcd/6ohaFH7jhI8d1I01su2Mjxy/Ko7T6aasg2iAoUIk5ths
5oEumXMM905NVSu4dixhTTZAgcDa6n+70ha7u+JqSynOWvF947BiiZnlTbPgZs41
SvIHGZwN0oSgjS7If4GO670CgYABlhB6kNyWvRRh10Lq5+HS9bgdcgr32hQtJBVw
qirEafQmXKNh6YmSJeAI0Cd2TWycORVgXz7LyT1rvdpt+OKMTpG15zSvI4Cksc7c
UokPII07qnTz0l/5CWgzQnLAvvHIorQbheBZ2iTeQ3OYad4UJ/2Pee2Yrvms8/2U
ERKJXQKBgCm4NLo4R5MjMJ8PNS75dQRutOpPdiCjQpFwQSSFJL6mhj3QqKhIDQEr
hFNMU+yftJKzZd/SKIog9lXFwCnpmiDS20tSZWM7g0gjHFg/hWRVjhnzfQ5IqRNb
HvDQlta6ZK/Ta8bY1n6ujApmSQolCzEUBiN5rFozP+a+BvqmG2xS
-----END RSA PRIVATE KEY-----",
"KeyName": "RedhatKeyPair",
"KeyPairId": "key-0cb6c660278291252"
}Using AWS CLI to provision redhat EC2 instance
$ aws cloudformation create-stack --stack-name redhat-instance --template-body file://redhat.yml
{
"StackId": "arn:aws:cloudformation:us-east-1:464392538707:stack/redhat-instance/3f7f7bc0-4a5f-11eb-b1cc-0a23b021aa67"
}Double check CloudFormation created
Red hat instance created
By this point, we created 3 instances: Amazon Linux, Ubuntu and Redhat respectively using AWS console, Terraform and CloudFormation
Let us do a quick comparison
- Timewise, both Terraform and CloudFormation as Iac provision instances with click of a button using codes. Whereas, using AWS console, we may jump in between pages
- In terms of accuracy, it’s more likely you may make mistakes while jumping in between pages while creating EC2 instance manually using AWS console. On the contrary, Iac allows us to configure certain attributes without changing other ones
- However, AWS console is a good start for beginners or folks who are not operating AWS Cloud Platform
After our prerequisites set up, we will follow up instructions below to install Ansible
- Create same user(adsadmin) across all servers and provide password for all users
- Provide root privileges to all ansadmin users on all servers
- Make sure that PasswordAuthentication yes in all servers under /etc/ssh/sshd_config file
- Generate ssh-keys using ssh-keygen command from ansadmin
- Copy ssh public key using ssh-keygen command from ansadmin
- Now login to remote server without providing password with the following command:
ssh user_name@hostname - Now we can test connection from Ansible Engine to Manage Node using
We now work on them one by one
- Create same user(adsadmin) across all servers and provide password for all users
In ordder to create users and set up password for them, we need to log into our instances one by one
First we use our RHEL 8.3 as a control, so let us work on it in the first place
To give the root previlege to a specific user in RHEL 8.3, we need to apply following code
$ sudo usermod -aG wheel pzhaoTo add a user
$ sudo useradd adsadminTo add password for adsadmin
$ sudo passwd adsadmin
Changing password for user adsadmin.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.To login as user adsadmin
$ ssh adsadmin@localhost
adsadmin@localhost's password:
Web console: https://localhost:9090/ or https://192.168.0.18:9090/Last failed login: Sun Dec 27 23:47:42 EST 2020 from ::1 on ssh:notty
There were 3 failed login attempts since the last successful login.
Here we will be using Amazon Linux instance as an example to showcase how we login to an instance created in AWS. Both Ubuntu and Redhat instances work in the same manner
Make a directory where we may store our AmazonLinuxKeyPair.pem in RHEL 8.3
$ mkdir amazonlinuxkeypair
$ cd amazonlinuxkeypair/Save previously downloaded AmazonLinuxKeyPair.pem in current folder
vim AmazonLinuxKeyPair.pem
-----BEGIN RSA PRIVATE KEY-----
................................................................
glSkcUplzmmov1tOuZFr4qPZzscJYN9S/IU2yQW1+WL8EOedCO20T8CSfBitvb7l
CuOKrRfEMOtSIAYZPMWrRfRSZSAmiI2rTekAA6cCgYBJnjDksKTPeApoRtVRZtsr
bRk3F0Ki31ZsIz8QdkwnSrbZHl7CIZByqXUVoach9m+jL1guxzEvWRd22tXq0Gb3
Y5d/XjCFJL7JfOc9c5hrBpXdc21TFIUWDOURpNQK/yNWJyfgjIneG6IMbwhNCBps
wW6a2wsM+9vb0SvcQ1ZNpwKBgBFB4C01kq0bPNl2IS31rt6TsSdB9LftPIOOqxvT
+EaUDEgRXXITpuCwgyGdYzpsqL4znBg/139jxCNYgo36h1frR53xqah522qNsu+2
ZSDR7FKgpWsmOU1PtJtPcvzENnwNmkRBJONuD6QNztnxO8Cp1HvoqiogqrtbmWMQ
ybKjAoGBAKPmg2pt0hR+xgzE6YCxQdp9xb6G4pm9F9bDbOBYWSwEua/cr3DGXaWI
kTMhmICjflsOuqUitbIxBbl8cOpxtzC0AU57KBnFyr7GiEX9Xtp7eXy67UD7cnqt
QCwRksaqfeum/iQSy8KfjG74k0IT49cTdzrUD1FSfa4dsGt4XyQf
-----END RSA PRIVATE KEY-----On Amazon Linux instance page, click Connect
On connect page, apply below instructions
We also need to provide least privilege while logging into Amazon Linux instance
$ chmod 400 AmazonLinuxKeyPair.pemLogging in with following codes
$ ssh -i "AmazonLinuxKeyPair.pem" ec2-user@ec2-54-173-188-84.compute-1.amazonaws.com__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|https://aws.amazon.com/amazon-linux-2/
Create a new user named ansadmin
$ sudo useradd adsadminTo add password for adsadmin
$ sudo passwd adsadmin
Changing password for user adsadmin.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.2. Give root privilege to user named adsadmin
To give root privilege to adsadmin, please follow the instructions below
$ sudo visudoIn the file, type in Shrift + G to go to the bottom of the file, then add following codes, which full access and no password login
ansadmin ALL=(ALL) NOPASSWD: ALLPlease follow same instructions to log into Ubuntu and Redhat instances and create user named ansadmin, then give root privilege to the user
Then we would have following controller and 3 servers set up
3. Make sure that PasswordAuthentication yes in all servers under /etc/ssh/sshd_config file
4. Generate ssh-keys using ssh-keygen command from ansadmin
$ sudo ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansadmin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /ansadmin/.ssh/id_rsa.
Your public key has been saved in /ansdamin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:DoJVfG6PMaRbLZqPmt3fw7xvczlKbTIkqsa3tbRBMRo root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| .. |
| .. o |
| . = E o |
| o . B + o |
| . . .*SB o . |
| .+o. + o . |
| .o.. * + o.|
| o.+o.o.O *o.|
| o.o.ooooo*oo.|
+----[SHA256]-----+5. Copy ssh public key using ssh-copy-id <hostname> command from /home/ansadmin/.ssh/ location
Notes: Need to apply following code in the instances where public key is supposed to be copied to. Otherwise, Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
$ sudo systemctl restart sshdAfter ssh-copy-id <hostname>
$ ssh-copy-id 54.173.188.84
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansadmin/.ssh/id_rsa.pub"Number of key(s) added: 1Now try logging into the machine, with: "ssh '54.173.188.84'"
and check to make sure that only the key(s) you wanted were added.
6. Now login to remote server without providing password with the following command: ssh user_name@hostname
Test the connection to Amazon Linux instance with public key without password
$ ssh 54.173.188.84
Last login: Wed Dec 30 19:37:35 2020 from cpe0c473df3db93-cm0c473df3db90.cpe.net.fido.ca__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|https://aws.amazon.com/amazon-linux-2/
[ansadmin@ip-172-31-5-87 ~]$
Notes: For any SSH login without password related issue, please visit here
Please don’t overlook privilege given.
Test the connection to Ubuntu and Redhat Instance
Notes: For Ubuntu, we need to create a home directory using codes below. For detailed information in regards to how to create a home directory, please visit here
$ sudo mkhomedir_helper ansadminTest Ubuntu instance connection with public key without password
$ ssh 18.207.51.27
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1029-aws x86_64)* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantageSystem information as of Thu Dec 31 16:40:20 UTC 2020System load: 0.21 Processes: 102
Usage of /: 4.0% of 29.02GB Users logged in: 1
Memory usage: 18% IP address for eth0: 172.31.3.221
Swap usage: 0%0 packages can be updated.
0 updates are security updates.New release '20.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.$
Test Redhat instance connection with public key without password
$ ssh 18.234.161.149
Last failed login: Thu Dec 31 15:49:26 UTC 2020 from 197.5.145.69 on ssh:notty
There were 4 failed login attempts since the last successful login.
Last login: Thu Dec 31 06:23:28 2020 from 72.137.76.221Special notes: For security, after we ssh-copy-id our public key, we should reset PasswordAuthentication as no
Also, don’t forget to reset sshd like below each time after you make a update in regards to ssh related services
$ sudo systemctl restart sshd7. Now we can test connection from Ansible Engine to Manage Node using:
To navigate to our ansible inventory
$ cd /etc/ansible/
$ ls
ansible.cfg hosts rolesvim hosts and add 3 Public IPv4 addresses for Amazon Linux, Redhat as well as Ubuntu respectively
54.173.188.84
18.234.161.149
18.207.51.27To double confirm them (check our the first 3 lines in hosts file)
$ cat hosts | head -3Finally, we ping our 3 instances from our controller, which in on RHEL 8.3
$ ansible all -m ping
[WARNING]: Platform linux on host 54.173.188.84 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
54.173.188.84 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
18.234.161.149 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
18.207.51.27 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}Clean up infrastructure created:
- Since we manually created our Amazon Linux instance, we have to termiante it manully as well
2. For Ubuntu instance, which we teraformed from RHEL 8.3 using VirtualBox, we can easily manage to clean up the infrastructure using following command
$ terraform destroy
.
.
.
Plan: 0 to add, 0 to change, 4 to destroy.Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.Enter a value: yesaws_eip.ubuntu: Destroying... [id=eipalloc-0c005de5a9d2397e6]
aws_eip.ubuntu: Destruction complete after 2s
aws_instance.ubuntu: Destroying... [id=i-0947c1857f2d21004]
aws_instance.ubuntu: Still destroying... [id=i-0947c1857f2d21004, 10s elapsed]
aws_instance.ubuntu: Still destroying... [id=i-0947c1857f2d21004, 20s elapsed]
aws_instance.ubuntu: Still destroying... [id=i-0947c1857f2d21004, 30s elapsed]
aws_instance.ubuntu: Still destroying... [id=i-0947c1857f2d21004, 40s elapsed]
aws_instance.ubuntu: Destruction complete after 41s
aws_key_pair.ubuntu: Destroying... [id=ubuntu]
aws_security_group.ubuntu: Destroying... [id=sg-08b2532a133404031]
aws_key_pair.ubuntu: Destruction complete after 0s
aws_security_group.ubuntu: Destruction complete after 0sDestroy complete! Resources: 4 destroyed.
Notes: With terraform, all resources created along with Ubuntu instance will be removed simultaneously, which showcases the power of Iac
3. For Redhat instance, we will be using AWS CLI CloudFormation command to clear them up
$ aws cloudformation delete-stack \
> --stack-name redhat-instance
Double check Redhat instance on EC2 instance page
Notes: Again, with Iac using CloudFormation, all resources created with Redhat instance would be deleted with it just as what terraform destroy will do
Conclusions:
In this project, we firstly set up our prerequisites as shown below:
- RHEL 8.3 using VirutalBox via Putty on Windows
- Create a non root AWS account
- Install AWS CLI
- Install Terraform — Provisioning EC2
Then we created one controller user named ansadmin on RHEL 8.3 and 3 virtual instances Amazon Linux using AWS console, Ubuntu using terraform, and Redhat using CloudFormation respectively
Next, we follow instructions shown below to install our Ansible
- Create same user(adsadmin) across all servers and provide password for all users
- Provide root privileges to all ansadmin users on all servers
- Make sure that PasswordAuthentication yes in all servers under /etc/ssh/sshd_config file
- Generate ssh-keys using ssh-keygen command from ansadmin
- Copy ssh public key using ssh-keygen command from ansadmin
- Now login to remote server without providing password with the following command:
ssh user_name@hostname - Now we can test connection from Ansible Engine to Manage Node using
At the end of the day, we clean up our infrastructures based on how they were generated
