ACSD Lab - adean20csc/Files GitHub Wiki
ACSD AWS Development Lab
This project contains the Ansible playbooks and roles to deploy a:
- Bastion Host (Ubuntu - used for access to lab resources)
- Management Host (Ubuntu - hosts Jenkins and other management tools)
- CAM Host (Ubuntu - provides all CAM capabilities)
- Red Hat Enterprise Linux 6.x Host
- Red Hat Enterprise Linux 7.x Host
- Windows 2008R2 Host
- Windows 2012R2 Host
It uses the following Amazon Web Services:
Prerequisites
This project has the following prerequisites:
- Ansible => 2.2.0
- AWS EC2 Credentials for the account
- EC2 Credentials vaulted into file group_vars/all/aws_vault.yml
AWS Credentials
Access to AWS requires the use of an access and secret key. These are stored as variables in an Ansible Vault file. First, create a aws_vault.yml
file.
vim group_vars/all/aws_vault.yml
Add the following variables:
---
ec2_access_key: 'your ec2 access key'
ec2_secret_key: 'your ec2 secret key'
Next encrypt the aws_vault.yml
file.
ansible-vault encrypt group_vars/all/aws_vault.yml
Finally create a .vault_pass.txt
in the ansible user's home folder that contains a single line with the password used to create the vault.
echo 'your_vault_password' > ~/.vault_pass.txt
Keep the vaulted credentials file out of Git using the .gitignore file in that folder.
- Optionally a
~/.vault_pass.txt
filechmod 600 ...
with your vault password (only use this option if you can ensure its security - i.e. NOT on a shared system)
Prepare to run the Ansible Playbooks
This project follows the default Ansible inventory hierarchy.
-- hosts
-- /group_vars
-- /all
main.yml
bastion.yml
buildcam.yml
manager.yml
redhat6.yml
redhat7.yml
win2008.yml
win2012.yml
-- /host_vars
bastion-1.yml
buildcam-1.yml
manager-1.yml
redhat6-1.yml
redhat7-1.yml
win2008-1.yml
win2012-1.yml
vpc-ap-south-1.yml
hosts
The inventory is managed by the hosts
file. It contains the hosts and host groups to deploy. Edit it as needed for the deployment. This file should contain the DNS resolvable names of the hosts being deployed.
NOTE: The Red Hat and Windows host groups were not combined because there are differences in how things are done in each version. The default deployment of this project is the same for each version, however, they can be customized easily since they are independent.
group_vars/all/main.yml
The group_vars/all/main.yml file contains variables global to all hosts in the inventory. These variables are specific to the deployment and should be reviewed and edited as needed.
The variables include:
- AWS EC2 resources
- AWS Site and VPC
- AWS AMI versions
group_vars/groupname.yml
The name of the files found in the group_vars/ folder should match the [group]
name from the hosts inventory file. The file will only exist if there are variables specific to that group that are not in the group_vars/all/main.yml file.
The variables include:
- AWS instance details
host_vars/hostname.yml
The host_vars/hostname.yml file contains variables specific to that host.
The variables include:
- EC2 instance tags
- EC2 private / public IPs
Running the ACSDLAB playbook
The site.yml
playbook will build the entire lab as defined by the hosts in the inventory. Run it from the root of the project.
ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt
Accessing the Deployed Instances
The AWS EC2 instances deployed by this project are accessed via ssh tunnels and proxy.
SSH Tunneling and Proxy Access
Actual shell sessions are disabled on the Bastion host, tunnel to endpoints in the Lab using:
For ssh sessions:
ssh -i username/id_rsa bastion_public_ip -l username -L port:*targethost*:22 -N
and then ssh to localhost -p port
For RDP sessions:
ssh -i username/id_rsa bastion_public_ip -l username -L port:*targethost*:3389 -N
and point remote desktop at localhost and port number
Bastion Host
ssh -F ssh.cfg bastion.acsdlab
Manager Host
ssh -F ssh.cfg manager1.acsdlab -l ubuntu
Jenkins on the Manager Host
Establish an ssh tunnel on a free local port (e.g. 8081):
ssh -F ssh.cfg bastion.slmlab -l ubuntu -L 8081:172.16.2.10:8080 -N
Then point your browser as http://127.0.0.1:8081 and create a user.
Build CAM Host
ssh -F ssh.cfg buildcam1.acsdlab -l ubuntu
Git Subtrees
This project uses git subtrees to pull in roles from CSC GitHub.
Automation/ansible-slmcam-role
Pull updates from$ git subtree pull --prefix=roles/slmcam [email protected]:Automation/ansible-slmcam-role.git master --squash
Automation/ansible-slmawsinstance-role
Pull updates from$ git subtree pull --prefix=roles/slmawsinstance [email protected]:Automation/ansible-slmawsinstance-role.git master --squash