In this project, we will be auntomating a number of activities on several servers uing Ansible configuration management. This implies that we can automate many of our activities and processes on our webservers and tool setups without going to the individual servers using Ansible client as a jump server(Bostian Host).
The new architecture of the setup
Task Install and configure Ansible client to act as a Jump Server/Bastion Host Create a simple Ansible playbook to automate servers configuration
Update Name tag on your Jenkins EC2 Instance to Jenkins-Ansible. We will use this server to run playbooks.
In GitHub account create a new repository and name it ansible-config-mgt.
Install Ansible
sudo apt update
sudo apt install ansible
Check your Ansible version by running
ansible --version
Configure Jenkins build job to save your repository content every time you change it
- Create Elastic ip and attach it to Jenkins-Ansible server. This is because we dont want the public Ip changing every time we power the Instance off and on. Learn how to create elastic ip here. Learn how to associate your elastic instance to your webserver here.
2.Create a new Freestyle project ansible in Jenkins and point it to your ‘ansible-config-mgt’ repository.
- Configure Webhook in GitHub and set webhook to trigger ansible build
- Configure a Post-build job to save all (**) files
- Test your setup by making some change in README.MD file in master branch and make sure that builds starts automatically and Jenkins saves the files (build artifacts) in following folder
sudo cat /var/lib/jenkins/jobs/ansible/builds/<build_number>/archive/
This is the current setup of the tooling solution at this point
Download and install Visual studio Code which we will use to write our code for the servers here
Clone down the ansible-config-mgt repository from Github to your Jenkins-Ansible instance. Open the visual studio code terminal and run:
git clone <ansible-config-mgt repo link>
In your ansible-config-mgt GitHub repository, create a new branch that will be used for development of a new feature.
Checkout the newly created feature branch to your local machine
git checkout <name-of-branch>
Create a directory and name it playbooks – it will be used to store all your playbook files.
Create a directory and name it inventory – it will be used to keep your hosts organised.
Within the playbooks folder, create your first playbook, and name it common.yml
Within the inventory folder, create an inventory file (.yml) for each environment (Development, Staging Testing and Production) dev, staging, uat, and prod respectively.
An Ansible inventory file defines the hosts and groups of hosts upon which commands, modules, and tasks in a playbook operate
Let us organise our host in the inventory
Ansible uses TCP port 22 by default, which means it needs to ssh into target servers from Jenkins-Ansible host – for this you can implement the concept of ssh-agent. Now you need to import your key into ssh-agent: Watch this video to know how to learn how to setup SSH agent and connect VS Code to your Jenkins-Ansible instance
eval `ssh-agent -s`
ssh-add <path-to-private-key>
Confirm the key has been added with the command below, you should see the name of your key
ssh-add -l
Now, ssh into your Jenkins-Ansible server using ssh-agent
ssh -A ubuntu@<public-ip>
Update your inventory/dev.yml file with this snippet of code:
Update the approprite private ip addresses
[nfs]
<NFS-Server-Private-IP-Address> ansible_ssh_user='ec2-user'
[webservers]
<Web-Server1-Private-IP-Address> ansible_ssh_user='ec2-user'
<Web-Server2-Private-IP-Address> ansible_ssh_user='ec2-user'
[db]
<Database-Private-IP-Address> ansible_ssh_user='ubuntu'
[lb]
<Load-Balancer-Private-IP-Address> ansible_ssh_user='ubuntu'
Give Ansible instructions on what you need it to perform on all servers listed in inventory/dev.
In common.yml playbook we will write configuration for repeatable, re-usable, and multi-machine tasks that is common to systems within the infrastructure.
cd playbooks
sudo vi common.yml
paste the following code
---
- name: update web, nfs and db servers
hosts: webservers, nfs, db
remote_user: ec2-user
become: yes
become_user: root
tasks:
- name: ensure wireshark is at the latest version
yum:
name: wireshark
state: latest
- name: update LB server
hosts: lb
remote_user: ubuntu
become: yes
become_user: root
tasks:
- name: Update apt repo
apt:
update_cache: yes
- name: ensure wireshark is at the latest version
apt:
name: wireshark
state: latest
This playbook is divided into two parts, each of them is intended to perform the same task: install wireshark utility (or make sure it is updated to the latest version) on your RHEL 8 and Ubuntu servers. It uses root user to perform this task and respective package manager: yum for RHEL 8 and apt for Ubuntu.
Commit your code into GitHub
git status
git add <selected files>
git commit -m "commit message"
Create a Pull request (PR). Learn how here
Merge requests
Return to the terminal and checkout the current branch
Once your code changes appear in master branch – Jenkins will do its job and save all the files (build artifacts) to /var/lib/jenkins/jobs/ansible/builds/<build_number>/archive/ directory on Jenkins-Ansible server
cd ansible-config-mgt
ansible-playbook -i inventory/dev.yml playbooks/common.yml
Go to each of the servers and check if wireshark has been installed by running:
which wireshark
or
wireshark --version
This is the new architecture of our web solution