Tuesday, January 23, 2024

Create Ansible Role to create a new EC2 instance | Ansible Role for provisioning infrastructure in AWS | Refactor Ansible playbook into Ansible Role

We will learn how to create Ansible Role for provisioning a new EC2 instance in AWS cloud. We will pick a playbook which has all the logic and we will refactor into reusable ansible role.


What is Ansible Role?
Ansible also lets you organize tasks in a directory structure called a Role. Using Ansible roles you can break down complex playbooks into smaller and manageable chunks. Ansible role enables reuse and share our Ansible code efficiently.

How to create Ansible Role?

Using ansible galaxy command, we can create Ansible role. This will create the below directory with all the files. 

directory structure of Ansible role
aws-infra-role/
├── README.md
├── create.yml
├── defaults
│   └── main.yml
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   ├── create-ec2.yml
│   └── create-sg.yml
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml

Directory structure explained
tasks - contains the main list of tasks to be executed by the role.
handlers - handlers are typically used to start, reload, restart, and stop services.
defaults - default variables for the role.
vars - other variables for the role. Vars has the higher priority than defaults.
meta - defines some data / information about this role (author, dependency, versions, examples, etc,.)

tests - test cases if you have any.

Pre-requisites:
Steps to create EC2 instance using Ansible Role:

Login to EC2 instance using Git bash or ITerm/putty where you installed Ansible. Execute the below command:

Create an Inventory file first

sudo mkdir /etc/ansible

Edit Ansible hosts or inventory file
sudo vi /etc/ansible/hosts

Add the below two lines in the end of the file:
[localhost]
local


cd ~
mkdir roles  
cd roles

Create Ansible Role

ansible-galaxy role init aws-infra-role


We will convert this playbook into ansible role.
So all the variables will go inside vars folder.

vars
    └── main.yml

sudo vi aws-infra-role/vars/main.yml
(copy below content)
keypair: myNov2023Key
instance_type: t2.small
image: ami-007855ac798b5175e
wait: yes
group: webserver
region: us-east-1
security_group: my-jenkins-security-grp1

Save the file and come out of it.

So all the tasks will go inside tasks folder. let's create security group first.

sudo vi aws-infra-role/tasks/create-sg.yml
---
  - include_vars: "vars/main.yml"
    tags: create

# tasks file for security group
  - name: configuring security group for the instance
    ec2_group:
        name: "{{ security_group }}"
        description: my-ajenkin-security_groAup
        region: "{{ region }}"
        rules:
            - proto: tcp
              from_port: 22
              to_port: 22
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 80
              to_port: 80
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 8080
              to_port: 8080
              cidr_ip: 0.0.0.0/0
        rules_egress:
            - proto: all
              cidr_ip: 0.0.0.0/0

Let's create a task for ec2 instance creation.

sudo vi aws-infra-role/tasks/create-ec2.yml

---
  - include_vars: "vars/main.yml"
    tags: create
  - name: creating ec2 instance
    ec2_instance:
        security_group: "{{ security_group }}"
        name: target-ec2-instance
        key_name: "{{ keypair }}"
        instance_type: "{{ instance_type}}"
        image_id: "{{ image }}"
        region: "{{ region }}"
        wait_timeout: 2   

Let's create Ansible main playbook.
sudo vi aws-infra-role/main.yml
---
# This Playbook creates infra in aws cloud

- hosts: local
  connection: local
  gather_facts: False
  tags: ec2_create

  tasks:
  - include: tasks/create-sg.yml
  - include: tasks/create-ec2.yml

now execute the ansible playbook by
ansible-playbook aws-infra-role/main.yml


If everything is good, you should see the new instance created on AWS console. make sure you are able to connect to that instance.

That's it!! That is how you create a new EC2 instance using Ansible role in AWS cloud. 
Please watch steps in YouTube channel:

No comments:

Post a Comment

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...