Skip to main content
RH294

Configuring AWS Instances Using Ansible

By December 15, 2019No Comments

Ansible, from Red Hat is a configuration management system that now makes up the RHCE for Red Hat Enterprise Linux 8. In this blog we look at configuring AWS instances using Ansible.

At TheUrbanPenguin we use AWS instances for some of our online Instructor-led courses. The deployed virtual machine requires some modification. Password authentication is easier than try to distribute keys to the delegates and we need the good old tux account to be created and few extra packages installed. Ansible is an easy tool to use as no additional agent of software needs to be installed on the AWS VMs, only python is required and that is there by default.

Installing Ansible

We only need to install Ansible on the system that you will use to deploy the Ansible playbooks. We use CentOS 8 as our Ansible controller. On CentOS 8, Ansible can be installed from the EPEL reposistory:

$ sudo yum install epel-release
$ sudo yum install ansible


The ansible.cfg

Ansible will search for its configuration file in the current directory. It makes sense to create a working directory for your Ansible project adding the ansible.cfg and inventory file. The inventory is a list of hosts that you will be configuring with Ansible.

$ mkdir ansible; cd ansible
$ vim inventory
<aws instance 1>
<aws instance 2>

The inventory file can use hostnames or IP Addresses. Having created the inventory file we can move onto creating the Ansible configuration file.

$ vim ansible.cfg
[defaults]
inventory = ./inventory
private_key_file = ~/.ssh/awslondon.pem
remote_user = ec2-user

We just use the [defaults] header in this file. Having the ansible.cfg file in out working directory will ensure that it is used by Ansible. The settings we add are explained below:

inventory:
Here we configure the path to the inventoty file we will use. Being in the same directory in this case.

private_key_file:
We can configure the path to the private key to use for authentication to the AWS instance

remote_user:
The user account we need to authenticate as in the AWS instance. The RHEL 8 systems deployed by AWS use an account called ec2-user. This has full passwordless access to sudo, which is what we need for Ansible.

Ansible Playbook

Having created the inventory and configuration file we can now look at configuring AWS instances using Ansible playbooks. The Ansible playbook is a YAML file describing the desired state of the instance. YAML files are white-space sensitive, say take care with your indenting.

$ vim deploy.yml
---        
- name: Configuring AWS Instances using Ansible
  hosts: all
  become: true
  gather_facts: false
  tasks:
    - name: Create the Tux User Account in AWS Instance
      user:
        name: tux
        groups: "wheel"
        create_home: true
        comment: "tux penguin"
        expires: -1
        password: "{{ 'Password1' | password_hash('sha512', 'A512') }}" 
    - name: Setup sudo Access for TUX in AWS Instance
      copy:
        dest: /etc/sudoers.d/tux
        content: 'tux ALL=(ALL) NOPASSWD: ALL'
        validate: /usr/sbin/visudo -cf %s
    - name: Install Software for RH124 on AWS Instance
      yum:
        name:
          - at
          - vim
          - bash-completion
          - nano
          - tree
          - pinfo
        state: latest
    - name: Configure the at daemon to autostart and start on AWS Instance
      service:
        name: atd
        enabled: true
        state: started
    - name: Remove SSH configuration disabling password authentication on AWS Instance
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PasswordAuthentication no'
        state: absent
      notify: restart_sshd
    - name: Add line to SSH Server allowing password based authentication on AWS Instance
      lineinfile:
        path: /etc/ssh/sshd_config
        line: 'PasswordAuthentication yes'
        insertafter: '^#PasswordAuthentication yes'
        state: present
      notify: restart_sshd
  handlers:
    - name: restart_sshd
      service:
        name: sshd
        state: restarted
...

We have named the tasks as well as we can to help document the process. The video follows and you find the courses we offer here:

 

Leave a Reply