Managing AWS Infrastructure Using Ansible Tower

Using Ansible Tower I have the power to automate simple and complex tasks like configuring and installing packages on Linux serves and configuring AWS infrastructure.

Your company should think about implementing Ansible to meet your business needs if you are looking for: multi-user access, user management, credentials, security, RBAC, complex orchestration, reporting, logging, and/or auditing. The Ansible Playbook is CLI-only and Ansible Tower provides a Web GUI and API server for working with Ansible in an enterprise environment.

Ansible Tower main features

• Visual dashboard
• Graphical inventory management
• RBAC
• Job scheduling
• Job history report
• Remote command execution
• Centralized logging
• Notification
• Multi-playbook workflow
• Restful API

Benefits of Ansible Tower

• Reuse of ansible scripts across the organization
• Provides shared infrastructure for team to run ansible scripts
• Easily manage privileged and protected administrator credentials
• Ease of use for IT teams that traditionally use GUI tools
• Ansible Tower provides framework for running and managing Ansible Automation Platform efficiently on an enterprise scale
• Offers web interface, RBAC, centralized logging and auditing
• RESTful API facilitates integration with enterprise’s existing workflows and tool sets

 

Ansible Tower Architecture

Installation of Ansible Tower

I choose the t2.medium instance because Ansible Tower requires at least 2 vCPUs and 4GB of RAM.

The base image was set to Red Hat Enterprise Linux 8, You will also have to allow HTTP and HTTPS traffic from the outside to the EC2 instance.

Use Below Commands

> yum update -y
> yum install wget -y
> sudo wget https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz
> sudo tar xvf ansible-tower-setup-latest.tar.gz
> cd ansible-tower-setup-3.8.6-2/

 

Set the initial administrator password and database password to run the installer

> sudo vi inventory

Set an administrator password and database password,\

> vi roles/preflight/defaults/main.yml

Make Sone changes in main.yml file

When done, start installation of Ansible Tower

sudo ./setup.sh

You can configure Ansible Tower using the following:

• CLI
• RESTful API
• Web UI

We will use the Web UI since this is the most preferred method by most new Ansible Tower users. Open your browser point to your Ansible Tower server IP or hostname via https protocol.

Agree to the End User License Agreement and submit to finish the installation.

Create Infrastructure on AWS

We will create a single EC2 instance on AWS. Then configure Ansible Tower to run the playbook.

1. Create a dedicated virtual environment containing libraries for talking to AWS
2. Import our playbook to Ansible Tower
3. Create custom credential type and instantiated it
4. Define our inventory
5. Add a job template and execute it

 

Sample Ansible Playbook

—
– hosts: all
gather_facts: false
tasks:
– name: Create a VM
steampunk.aws.ec2_instance:
name: “{{ i_name }}”
type: “{{ i_type }}”
ami: ami-0e8286b71b81c3cc1
key_pair: demo_key
subnet: “{{ i_subnet }}”

Creating a Virtual Environment

You cannot create a new virtual environment through the web interface. Instead, you need to SSH into Ansible Tower and run commands from the terminal.

$ sudo yum install gcc python3-devel
$ sudo mkdir /opt/venvs
$ sudo python3 -m venv /opt/venvs/steampunk_aws
$ sudo /opt/venvs/steampunk_aws/bin/pip install psutil ansible boto3

You need to open the Ansible Tower web UI, log in and go to the Settings-> System page. Add the / opt / venvs path to the Custom Virtual Environment Path field, save your settings, and you’re done.

Add a Sample Project

Before running an Ansible playbook on the Ansible Tower, it must be retrieved from an external source (Ansible Tower does not have playbook creation capabilities). If you go to the project page and click the green plus button, you’ll see something like this:

• My YAML file store in gitrepo, here I am using SCM type Git.
• For this project, I have already created the demo repository.
• Repository Link:-  https://github.com/suraj11198/Ansible-Tower.git

Supplying credentials

Providing credentials for Ansible playbooks is probably the most complex step in the whole process.

 

Creating a custom credential type

You can add custom credential types by navigating to the Credential Types page and clicking the green plus button. Entering the name and description values ​​shouldn’t be too much of a problem, but the input and injector configuration fields are awkward.

In this case, the content of the input configuration field is the following YAML document:

fields:
– id: aws_access_key
label: AWS Access key
type: string
– id: aws_secret_key
label: AWS Secret Key
type: string
secret: true
– id: aws_region
label: AWS region
type: string
choices: [ eu-central-1, eu-north-1 ]
required:
– aws_access_key
– aws_secret_key
– aws_region

This YAML document tells Ansible Tower that the credential type has three required fields and that the aws_secret_key contains sensitive information to be encrypted and stored.

Injector configuration describes how Ansible Tower passes credentials to Ansible playbooks. This example uses environment variables.

env:
AWS_ACCESS_KEY: “{{ aws_access_key }}”
AWS_SECRET_KEY: “{{ aws_secret_key }}”
AWS_REGION: “{{ aws_region }}”

Then just click the save button at the end and you’re done.

 

Adding AWS Credentials

Now that you’ve defined your custom credential type, you can add your AWS credentials to Ansible Tower. Go to the Credentials page and click the green plus button and the Ansible Tower will display the following form:

Note that you must select the permission type before you can view the type details field. Click the Save button and you are ready for the next configuration step.

Define an inventory

Running each Ansible playbook runs a task on one or more hosts. The playbook only connects to the remote Web API, so all you need is localhost. You can create it by navigating to the inventory page, clicking the green plus button, and selecting inventory from the drop-down menu.

Once you have named your inventory, you must click the Save button before navigating to the Hosts tab. After clicking the green plus button again, you need to enter the host details as follows:

Copy the following variable definition into the variable input field:

ansible_connection: local

ansible_python_interpreter: “{{ansible_playbook_python}}”

If you do not set these variables correctly, Ansible will not be able to find the packages   installed in your virtual environment.

 

Add Job Template

Ansible Tower job templates are basically template based Ansible playbook executions. Job templates define the playbook that runs Ansible Tower, the credentials and variables that can be used during the run, output redundancy, and more. In this case, the job template should look like this:

This dialog collects all  the information  defined earlier.

• Select the appropriate inventory source.
• Select the appropriate project and playbook from now on.
• Paste the AWS credentials.

These fields are highlighted in the screenshot above. But still something is missing: the value of the Ansible playbook variable.

Running the job

Once you have entered all the required data and confirmed your selection, Ansible Tower will run the playbook and display the output.

Now See, Our EC2 Instance is created.

We have just created a simple EC2 server with Ansible Tower. hope this will help you use Ansible Tower in future projects. If you have any questions about how Ansible creates an AWS instance, please post in the comments section.

 

How Can Perficient Help You?

Perficient is a certified Amazon Web Services partner with more than 10 years of experience delivering enterprise-level applications and expertise in cloud platform solutions, contact center, application modernization, migrations, data analytics, mobile, developer and management tools, IoT, serverless, security, and more. Paired with our industry-leading strategy and team, Perficient is equipped to help enterprises tackle the toughest challenges and get the most out of their implementations and integrations.

Learn more about our AWS practice and get in touch with our team here!