[custom-header-login]
Ansible, from Red Hat is a configuration management system that now makes up the RHCE for Red Hat Enterprise Linux 8. In this blog we look at configuring AWS instances using Ansible.
At TheUrbanPenguin we use AWS instances for some of our online Instructor-led courses. The deployed virtual machine requires some modification. Password authentication is easier than try to distribute keys to the delegates and we need the good old tux account to be created and few extra packages installed. Ansible is an easy tool to use as no additional agent of software needs to be installed on the AWS VMs, only python is required and that is there by default.
Installing Ansible
We only need to install Ansible on the system that you will use to deploy the Ansible playbooks. We use CentOS 8 as our Ansible controller. On CentOS 8, Ansible can be installed from the EPEL reposistory:
$ sudo yum install epel-release $ sudo yum install ansible
The ansible.cfg
Ansible will search for its configuration file in the current directory. It makes sense to create a working directory for your Ansible project adding the ansible.cfg and inventory file. The inventory is a list of hosts that you will be configuring with Ansible.
$ mkdir ansible; cd ansible $ vim inventory <aws instance 1> <aws instance 2>
The inventory file can use hostnames or IP Addresses. Having created the inventory file we can move onto creating the Ansible configuration file.
$ vim ansible.cfg [defaults] inventory = ./inventory private_key_file = ~/.ssh/awslondon.pem remote_user = ec2-user
We just use the [defaults] header in this file. Having the ansible.cfg file in out working directory will ensure that it is used by Ansible. The settings we add are explained below:
inventory:
Here we configure the path to the inventoty file we will use. Being in the same directory in this case.
private_key_file:
We can configure the path to the private key to use for authentication to the AWS instance
remote_user:
The user account we need to authenticate as in the AWS instance. The RHEL 8 systems deployed by AWS use an account called ec2-user. This has full passwordless access to sudo, which is what we need for Ansible.
Ansible Playbook
Having created the inventory and configuration file we can now look at configuring AWS instances using Ansible playbooks. The Ansible playbook is a YAML file describing the desired state of the instance. YAML files are white-space sensitive, say take care with your indenting.
$ vim deploy.yml
---
- name: Configuring AWS Instances using Ansible
hosts: all
become: true
gather_facts: false
tasks:
- name: Create the Tux User Account in AWS Instance
user:
name: tux
groups: "wheel"
create_home: true
comment: "tux penguin"
expires: -1
password: "{{ 'Password1' | password_hash('sha512', 'A512') }}"
- name: Setup sudo Access for TUX in AWS Instance
copy:
dest: /etc/sudoers.d/tux
content: 'tux ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s
- name: Install Software for RH124 on AWS Instance
yum:
name:
- at
- vim
- bash-completion
- nano
- tree
- pinfo
state: latest
- name: Configure the at daemon to autostart and start on AWS Instance
service:
name: atd
enabled: true
state: started
- name: Remove SSH configuration disabling password authentication on AWS Instance
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication no'
state: absent
notify: restart_sshd
- name: Add line to SSH Server allowing password based authentication on AWS Instance
lineinfile:
path: /etc/ssh/sshd_config
line: 'PasswordAuthentication yes'
insertafter: '^#PasswordAuthentication yes'
state: present
notify: restart_sshd
handlers:
- name: restart_sshd
service:
name: sshd
state: restarted
...
We have named the tasks as well as we can to help document the process. The video follows and you find the courses we offer here: