Merge pull request #1 from mohsinzaheer25/eg-1002

Eg-1002 Ansible for aws

README.md

@@ -1,2 +1,15 @@
-# ansible-for-aws
-Ansible setup to maintain aws resources
+# Ansible For AWS
+
+This project is to setup Ansible and manage AWS resources using Ansible. We are using Master and Slave concept for better understanding between Ansible and different resources.
+
+## Ansible Master
+
+This project is using Master terminology to give a feeling that this server will be running Ansible and maintaining resources using a dynamic inventory. Ansible Master folder has it's own README for more details.
+
+## Ansible Slave
+
+Ansible Slave folder is created to give an example how a EC2 instance can be created, setup and integrated with Ansible Master in automated fashion. There is no correct or bad way of doing it but this is one way to automated creating resources. Ansible Slave folder has it's own README for more details.
+
+## Author Information
+
+You can always open Pull request for contribution to the project or email to [email protected]

ansible_master/README.MD

@@ -0,0 +1,78 @@
+# Ansible Master
+
+Ansible Master is to create and setup Ansible with dynamic inventory to manage AWS resources.
+
+## How it works?
+
+It is using Terraform which is a **infrastructure as a code** tool to provision resources on AWS then using Shell script along with Playbook to setup it.
+
+## Things Need To Know
+
+Your machine from where you running this project need to install below things.
+
+1. Terraform
+2. Ansible
+
+You need to create `IAM User` with Access Key and Secret with permission that can create resources on AWS. Also, you need to create a `SSH KEY` on AWS which you will be using to login into the server.
+
+`ansibleadmin` user will be created and will be use for ansible purpose.
+
+[Vault Variable](playbook/roles/ansible-master-setup/vars/vault) is left unencrypted but in real after replace credentials it should be encrypted. You can use below command to do that
+
+```
+ansible-vault encrypt --vault-password-file=REPLACEWITHPASSWORDFIE playbook/roles/ansible-master-setup/vars/vault
+```
+
+## Variables
+
+Terrform has different variables and its values can be change in [Terraform Vars](terraform.tfvars) according to your need.
+
+| Variable Name | Description |
+| --- | --- |
+| access_key | Access Key ID of IAM User
+| secret_key | Secret Key of IAM User
+| name | Name of the instance
+| type | Type i.e. Master 
+| environment | Enviroment of the instance. i.e. Dev, QA or Prod
+| role | Role of the instance
+| user | User to login to the created instance
+| private_key_path | Path for Private Ke
+
+## Provisioning Ansible Master
+
+First, you need to replace the necessary variables in [Terraform Vars](terraform.tfvars) and then initiate terraform by using below command in order to get the appropriated plugin.
+
+```
+terraform init
+```
+
+You can check the changes Terraform is making using below command
+
+```
+terraform plan
+```
+
+Once everything looks good, you can provision the resource using below command
+
+```
+terraform apply
+```
+
+## Testing Dynamic Inventory
+
+`ansibleadmin` user will be created with necessary setup. From ansibleadmin home directory you can run below command to test dynamic inventory
+
+```
+ansible -i ec2.py -m ping tag_Name_Ansible_Slave
+```
+
+## References
+
+[AWS Setup With Dynamic Inventory](https://aws.amazon.com/blogs/apn/getting-started-with-ansible-and-dynamic-amazon-ec2-inventory-management/)
+
+
+[Ansible Dynamic Inventory](https://docs.ansible.com/ansible/latest/user_guide/intro_dynamic_inventory.html)
+
+[Setup Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html)
+
+[Creating IAM User](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console)

ansible_master/main.tf

@@ -0,0 +1,89 @@
+provider "aws" {
+  region     = "us-east-1"
+  access_key = var.access_key
+  secret_key = var.secret_key
+}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"]
+}
+
+resource "aws_security_group" "ansible_master_sg" {
+  name        = "Ansible Master Security Group"
+  description = "Security Group Rules For Ansible Master"
+
+  ingress {
+    from_port   = 22
+    protocol    = "TCP"
+    to_port     = 22
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    protocol    = "-1"
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "ansible_master" {
+  ami                         = data.aws_ami.ubuntu.id
+  instance_type               = "t2.micro"
+  associate_public_ip_address = true
+  availability_zone           = "us-east-1b"
+  tenancy                     = "default"
+  key_name                    = "demokey"
+
+  tags = {
+    Name          = var.name
+    "Type"        = var.type
+    "Environment" = var.environment
+    "Role"        = var.role
+  }
+
+  vpc_security_group_ids = [
+    aws_security_group.ansible_master_sg.id
+  ]
+
+  provisioner "file" {
+    source      = "script"
+    destination = "/tmp"
+
+    connection {
+      type        = "ssh"
+      user        = var.user
+      host        = self.public_ip
+      private_key = file(var.private_key_path)
+    }
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo chmod 0755 /tmp/script/setup.sh",
+      "sudo bash /tmp/script/setup.sh",
+    ]
+    connection {
+      type        = "ssh"
+      user        = var.user
+      host        = self.public_ip
+      private_key = file(var.private_key_path)
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "sleep 60 && ANSIBLE_HOST_KEY_CHECKING=false ansible-playbook playbook/run-setup.yml -i '${self.public_ip},' -e ansible_user=${var.user} --private-key '${var.private_key_path}'"
+  }
+}

ansible_master/output.tf

@@ -0,0 +1,3 @@
+output "ansible_master_ip" {
+  value = "${aws_instance.ansible_master.public_ip}"
+}

ansible_master/playbook/roles/ansible-master-setup/tasks/main.yml

@@ -0,0 +1,54 @@
+---
+
+- name: Include Variables
+  include_vars:
+    file: "{{ item }}"
+  with_items:
+    - var
+    - vault
+
+- name: Create Ansibleadmin User
+  user:
+    name: ansibleadmin
+    shell: /bin/bash
+
+- name: Generate SSH Key for Ansibleadmin
+  # shell: sudo -u ansibleadmin bash -c "printf '\n' | ssh-keygen -N ''"
+  shell: bash -c "printf '\n' | ssh-keygen -N ''"
+  become: true
+  become_user: ansibleadmin
+  ignore_errors: true
+
+- name: Create AWS Folder
+  file:
+    path: /home/ansibleadmin/.aws
+    state: directory
+    owner: ansibleadmin
+    group: ansibleadmin
+
+- name: Copy Config & Credentials
+  template:
+    src: "{{ item }}"
+    dest: /home/ansibleadmin/.aws/{{ item | basename | regex_replace('\.j2','') }}
+    owner: ansibleadmin
+    group: ansibleadmin
+    mode: 0600
+  with_items:
+    - config.j2
+    - credentials.j2
+
+- name: Download Dynamic Inventory
+  get_url:
+    url: "{{ item }}"
+    dest: /home/ansibleadmin/
+  with_items:
+    - 'https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py'
+    - 'https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.ini'
+
+- name: Change Permission Of Dynamic Inventory
+  file:
+    path: /home/ansibleadmin/ec2.py
+    mode: 0755
+
+
+

ansible_master/playbook/roles/ansible-master-setup/templates/config.j2

@@ -0,0 +1,3 @@
+[default]
+region = {{ var_region }}
+output = json

ansible_master/playbook/roles/ansible-master-setup/templates/credentials.j2

@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id = {{ vault_aws_access_key_id }}
+aws_secret_access_key = {{ vault_aws_secret_access_key }}

ansible_master/playbook/roles/ansible-master-setup/vars/var

@@ -0,0 +1 @@
+var_region: us-east-1

ansible_master/playbook/roles/ansible-master-setup/vars/vault

@@ -0,0 +1,2 @@
+vault_aws_access_key_id: REPLACEMEWITHACCESSKEYID
+vault_aws_secret_access_key: REPLACEMEWITHACCESSKEY

ansible_master/playbook/run-setup.yml

@@ -0,0 +1,7 @@
+---
+- hosts: all
+  gather_facts: no
+  become: true
+  become_user: root
+  roles:
+    - ansible-master-setup

ansible_master/script/setup.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Installing Packages for Ansible Setup
+sudo apt-get update -y
+sudo apt-get install software-properties-common
+sudo apt-get-add-repository --yes --update ppa:ansible/ansible
+sudo apt-get install python python-pip awscli -y
+sudo pip install --upgrade pip
+sudo pip install boto ansible
+sudo ln -s /usr/local/bin/ansible /usr/bin/ansible

ansible_master/terraform.tfvars

@@ -0,0 +1,8 @@
+access_key       = "REPLACEMEWITHACCESSKEY"
+secret_key       = "REPLACEMEWITHSECRET"
+name             = "Ansible Master"
+type             = "Ansible Master"
+environment      = "Operations"
+role             = "Maintenance"
+user             = "ubuntu"
+private_key_path = "REPLACEMEWITHPRIVATEKEYPATH"

ansible_master/vars.tf

@@ -0,0 +1,31 @@
+variable "access_key" {
+  description = "Access Key ID of IAM User"
+}
+
+variable "secret_key" {
+  description = "Secret Key of IAM User"
+}
+
+variable "name" {
+  description = "Name of the instance."
+}
+
+variable "type" {
+  description = "Type i.e. Master or Slave"
+}
+
+variable "environment" {
+  description = "Enviroment of the instance. i.e. Dev, QA or Prod"
+}
+
+variable "role" {
+  description = "Role of the instance."
+}
+
+variable "user" {
+  description = "User to login to the created instance."
+}
+
+variable "private_key_path" {
+  description = "Path for Private Key"
+}

ansible_slave/README.MD

@@ -0,0 +1,58 @@
+# Ansible Slave
+
+Ansible Slave is to setup EC2 instance in order to get maintain by Ansible.
+
+## How it works?
+
+It is using Terraform which is a **infrastructure as a code** tool to provision resources on AWS then uses Playbook to setup it.
+
+## Things Need To Know
+
+Your machine from where you running this project need to install below things.
+
+1. Terraform
+2. Ansible
+
+You need to create `IAM User` with Access Key and Secret with permission that can create resources on AWS. You can use same credentials used for Ansible Master if you want to. Also, you need to create a `SSH KEY` on AWS which you will be using to login into the server.
+
+`ansibleadmin` user will be created and added to Sudoers file in order to have root access.
+
+## Variables
+
+Terrform has different variables and its values can be change in [Terraform Vars](terraform.tfvars) according to your need.
+
+| Variable Name | Description |
+| --- | --- |
+| access_key | Access Key ID of IAM User
+| secret_key | Secret Key of IAM User
+| name | Name of the instance
+| type | Type i.e. Master 
+| environment | Enviroment of the instance. i.e. Dev, QA or Prod
+| user | User to login to the created instance
+| private_key_path | Path for Private Ke
+
+## Provisioning Ansible Master
+
+First, you need to replace the necessary variables in [Terraform Vars](terraform.tfvars) and then initiate terraform by using below command in order to get the appropriated plugin.
+
+```
+terraform init
+```
+
+You can check the changes Terraform is making using below command
+
+```
+terraform plan
+```
+
+Once everything looks good, you can provision the resource using below command
+
+```
+terraform apply
+```
+
+## References
+
+[Setup Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html)
+
+[Creating IAM User](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console)