Introduction
I was playing around with Ansible recently and I wanted to configure an AWS EC2 instance for a python project I am working on.
I will not go into too many details about Ansible in this article, I just want to show you how to set up Ansible to SSH into your EC2 instance so you can configure it as you need.
Test EC2 Connection
Before going into Ansible, we want to make sure that we can connect to the EC2 instance from the host machine via SSH:
ssh -i my_ec2_key.pem ubuntu@my-ec2-host-or-ip
Note: the user name in my case is ubuntu as I am using an ubuntu instance – yours might be different.
If you have problems accessing your instance, please refer to the AWS documentation.
Create Ansible User in EC2
This is an optional step as we can use the default EC2 user in Ansible as well, but I like creating a specific user for Ansible.
Generate ssh-key for your user
We’ll be needing this key pair to connect to the EC2 instance.
In the host environment, we will create an ssh-key that will be used for your Ansible user:
ssh-keygen -t rsa -C "your_email@example.com" chmod 400 ~/.ssh/id_rsa
We can leave everything as default – a pair of private/public keys will be generated in ~/.ssh as id_rsa (the private key) and id_rsa.pub (the public key).
We need to copy the contents of the public key – id_rsa.pub that looks like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAudXEIP2qNrYDOVdS5T7ZB7............... your_email@example.com
SSH into the EC2 instance
ssh -i my_ec2_key.pem ubuntu@my-ec2-host-or-ip
Create an Ansible user
$ sudo su - $ adduser ansible
Add public key into authorized keys
$ sudo su - $ cd /home/ansible $ mkdir .ssh $ cd .ssh $ vi authorized_keys
Paste the public key contents that we generated earlier on the host environment into the authorized_keys file and save.
Test Connection
Going back to the host environment, we can test the SSH connection to the EC2 instance using the ansible user that we just created:
ssh -i ~/.ssh/id_rsa ansible@your-ec2-host-or-ip
Note: We need to pass the newly created private ssh key to connect – not the one that we previously used to connect using the ubuntu user
Ansible Inventory
In the host environment – let’s create the Ansible inventory.
For this example, I am not going to use the default Ansible inventory file /etc/ansible/hosts, but I will create one of my own:
~/ansible-test/aws$ vi inventory_aws [aws] my-ec2-hostname-or-ip ansible_user=ansible ansible_ssh_private_key_file=/home/ivl/.ssh/id_rsa
Or we can also use vars in the inventory file:
~/ansible-test/aws$ vi inventory_aws [aws] my-ec2-hostname-or-ip [aws:vars] ansible_user=ansible ansible_ssh_private_key_file=/home/ivl/.ssh/id_rsa
We can use one way or another for configuring our inventory file – chose which one you’d prefer.
Ansible Test
Let’s create a simple Ansible Playbook with a debug message so we can test our connection to EC2:
~/ansible-test/aws$ vi test-aws.yaml
---
- hosts: aws
tasks:
- debug: msg="Ansible is working!"
Execute the playbook:
~/ansible-test/aws$ ansible-playbook -i inventory_aws test-aws.yaml
PLAY [aws] *************************************************************************************************
TASK [Gathering Facts] *************************************************************************************
ok: [my-ec2-hostname-or-ip]
TASK [debug] ***********************************************************************************************
ok: [my-ec2-hostname-or-ip] => {
"msg": "Ansible is working!"
}
PLAY RECAP *************************************************************************************************
my-ec2-hostname-or-ip : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Awesome, it works!
Conclusions
This example of how to use Ansible with an EC2 instance works well if we have a static inventory. For example when we’re developing something small on an AWS EC2 instance and we want to configure it via Ansible.
You can check Dynamic Inventories if you have hosts spinning up or shutting down in response to business demands.
Happy coding!
