Ansible Ubuntu Provisioning

Ubuntu production level provisioning using Ansible, Packer and AWS
Alternatives To Ansible Ubuntu Provisioning
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Detectionlab4,124
a day ago33mitHTML
Automate the creation of a lab environment complete with security tooling and logging best practices
Infrastructure As Code Tutorial2,065
4 months ago11apache-2.0
Infrastructure As Code Tutorial. Covers Packer, Terraform, Ansible, Vagrant, Docker, Docker Compose, Kubernetes
Boilerplates1,727
12 days agomitHCL
This is my personal template collection. Here you'll find templates, and configurations for various tools, and technologies.
Packer Boxes624
3 months ago8mitShell
Jeff Geerling's Packer build configurations for Vagrant boxes.
Packer Templates368
a day ago1apache-2.0Shell
Scripts and Templates used for generating Vagrant images
Multi Env Deploy302
5 months ago3apache-2.0HCL
Complete example of deploying complex web apps to AWS using Terraform, Ansible, and Packer
Ad Honeypot Autodeploy217
6 months ago3Shell
Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically.
Ansible Terraform182
4 years ago1HCL
Ansible and Terraform: Better Together
Ops Cli180
17 days ago44October 14, 202118apache-2.0Python
Ops - cli wrapper for Terraform, Ansible, Helmfile and SSH for cloud automation
Ansible Harden Windows150
a month ago1bsd-2-clauseJinja
Ansible role to harden windows system
Alternatives To Ansible Ubuntu Provisioning
Select To Compare


Alternative Project Comparisons
Readme

Automate the Provisioning of Production Ubuntu Servers using Ansible, Packer & AWS Ansible AWS

Ubuntu Provisioning

This project define two ways to automate the provisioning of Ubuntu servers (Refer Usage section):

  1. Using Ansible as the only automation tool
  2. Using Packer with Ansible to automate the provisioning of an Ubuntu AMI in AWS

All the automation files and bash scripts were tested in Ubuntu 16.04

The Ansible playbook will automate the provisioning of Ubuntu servers. It will perform following actions out of the box:

  • User setup
  • SSH hardening
  • Firewall setup
  • Message of the Day

It will also install the following packages:

  • Git
  • Vim

Project main directory structure:

.
├── README.md
├── ansible
├── initial-setup.sh
├── packer
└── scripts

Prerequisites

If you use a Debian based system to provision remote Ubuntu servers, you can run initial-setup.sh bash script to install Ansible, Packer, AWS CLI and Git to initialize the environment. If you already installed the required software, skip to the Usage section.

Initial setup script

Initialization bash scripts will automate the installation of Ansible, Packer, AWS CLI, Git packages and configurations.

Following are the list of initial scripts:

.
├── initial-setup.sh
└── scripts
    ├── ansible-installer.sh
    ├── awscli-installer.sh
    ├── git-installer.sh
    └── packer-installer.sh

Options:

  • -a Install Ansible and Git binaries only
  • -c Install Complete set of packages - Ansible, Packer, AWS CLI and Git binaries
  • -h help

Running the following script without any parameters will install only the Ansible and Git binaries as the default option.

Run:

./initial-setup.sh

Usage

Ansible Only Deployment

Following is the Ansible deployment directory structure:

.
├── ansible.cfg
├── inventory
│   ├── group_vars
│   │   ├── vars.yml
│   │   └── vault.yml
│   └── hosts
├── provision.yml
└── roles
    ├── common
    │   └── tasks
    │       └── main.yml
    ├── motd
    │   ├── tasks
    │   │   └── main.yml
    │   └── templates
    │       └── motd.j2
    ├── ssh
    │   ├── handlers
    │   │   └── main.yml
    │   └── tasks
    │       └── main.yml
    ├── ufw
    │   └── tasks
    │       └── main.yml
    └── user
        └── tasks
            └── main.yml

Go to ansible directory.

Configure the inventory/hosts file according to your environment.

[production]
ubuntu-1 ansible_host=192.168.1.2

Edit inventory/group_vars/vars.yml file to configure your initial ssh user, new user account, packages to be installed and local SSH public key path.

    initial_user: ubuntu
    username: user
    password: "{{ vault_userpasswd }}"
    public_key: ~/.ssh/id_rsa.pub
    sys_packages: [ 'python-apt', 'base-files', 'vim', 'git-core', 'ufw' ]

Please note that the new user's password is encrypted using Ansible Vault. You can make any changes to the inventory/group_vars/vault.yml file to edit the hashed sudo password value defined as vault_userpasswd variable.

Current hashed sudo password - devopspass

You can include the vault password in inventory/group_vars/.vault_pass as configured in ansible.cfg to decrypt the inventory/group_vars/vault.yml during an automation pipeline.

Current vault password - devopsvaultpass

Assuming that you already copied SSH public key to the remote system using ssh-copy-id

Run:

ansible-playbook provision.yml

Packer with Ansible to provision an Ubuntu AMI in AWS

Following is the Packer with Ansible deployment directory structure:

.
├── provisioners
│   ├── ansible
│   │   ├── ansible.cfg
│   │   ├── files
│   │   │   └── id_rsa.pub
│   │   ├── inventory
│   │   │   ├── group_vars
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml
│   │   │   └── hosts
│   │   ├── provision.yml
│   │   └── roles
│   │       ├── common
│   │       │   └── tasks
│   │       │       └── main.yml
│   │       ├── motd
│   │       │   ├── tasks
│   │       │   │   └── main.yml
│   │       │   └── templates
│   │       │       └── motd.j2
│   │       ├── ssh
│   │       │   ├── handlers
│   │       │   │   └── main.yml
│   │       │   └── tasks
│   │       │       └── main.yml
│   │       ├── ufw
│   │       │   └── tasks
│   │       │       └── main.yml
│   │       └── user
│   │           └── tasks
│   │               └── main.yml
│   └── scripts
│       └── bootstrap.sh
└── ubuntu-build.json

Go to packer directory.

Edit provisioners/ansible/inventory/group_vars/vars.yml file to configure your initial ssh user, new user account, packages to be installed and local SSH public key path. You can just copy your SSH public key to provisioners/ansible/files directory as id_rsa.pub.

    initial_user: ubuntu
    username: user
    password: "{{ vault_userpasswd }}"
    public_key: ../../files/id_rsa.pub
    sys_packages: [ 'python-apt', 'base-files', 'vim', 'git-core', 'ufw' ]

Please note that the new user's password is encrypted using Ansible Vault. You can make any changes to the provisioners/ansible/inventory/group_vars/vault.yml file to edit the hashed sudo password value defined as vault_userpasswd variable.

Current hashed sudo password - devopspass

You can include the vault password in provisioners/ansible/inventory/group_vars/.vault_pass as configured in provisioners/ansible/ansible.cfg to decrypt the provisioners/ansible/inventory/group_vars/vault.yml file during an automation pipeline.

Current vault password - devopsvaultpass

Change ami_name and aws_region parameters in ubuntu-build.json file according to your implementation. The default values set as follows:

        "ami_name": "ubuntu-16-ami"
        "aws_region": "ap-southeast-2"

Please make sure to use AWS CLI tool, aws configure to set AWS access keys. It's recommended to avoid setting up AWS access keys in ubuntu-build.json for better security.

Run:

packer build -machine-readable ubuntu-build.json

AMI ID will be printed at the end.

Contributing

Pull requests are welcome to improve the automation scripts.

Authors

Rumesh Bandara [email protected]

Popular Packer Projects
Popular Ansible Projects
Popular Configuration Management Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Shell
Amazon Web Services
Ansible
Ssh
Vault
Packer
Provisioning
Ami