Ansible Dynamic Inventory and Jump Server/Bastion Host on AWS

Ansible Dynamic Inventory and Jump Server/Bastion Host on AWS

Implementation of dynamic host with Bastion/Jump server as a gateway is a tedious task for new devops engineer, But once you will achieve the task, it will become easy and simple for deployment on any cloud server.

Recently, I have done implementing on AWS, with ansible for code deployment and terraform for resource creation, along with that I have created a groovy pipeline for complete CI/CD on Jenkins.

While implementation, I faced several problems in the dynamic host configurations and managing bastion host with fixed public IP, so I thought of sharing my idea to those who are doing it for the first time.

Bastion Host/Jump Server

The key point you need to consider while creating a configuration for the Bastion/Jump server are;

1) you need to create “config” file in the ~/.ssh folder from where ssh configuration file usually loaded during ssh.

Note **: It’s not mandatory to create “config” file in the ~/.ssh folder, one way you can do is to create in ansible-playbook folder and tell ansible to look the path where you have created “config” file by editing ansible.cfg for ssh connection. you just need to pass the below line in ansible.cfg as;

here, “{{ansible_playbook_path}}” will be the path of your folder where you have created the config file.

Now, What basically the config file contains?

It contains the proxy configuration which will create a tunnel from your webserver to workstation through Bastion/jump server.

so, for that you need to put below lines in a config file to work;

Once you will be done with the above configuration, you are all set to run your playbook from bastion host/Jump server.

**Tweaks: Once you are done, the first time when you will connect to the webserver, it will work properly, But sometime it will start popping up an error message, in that scenario you need to truncate the known_hosts. for that you can pass;

**Note: The above tweaks are for those whose instance keep on changing but the IP’s remain the same.

Dynamic Inventory in Ansible

For the implementation of dynamic inventory you need to download the below file;

ec2.py https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py and ec2.ini https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.ini

So, now create one file in “ansible-playbook” folder with name inventory and paste both the file in the above folder.

Edit the ansible.cfg file again and paste the below snippet of code;

After pasting the above code your default static inventory will change into dynamic inventory.

For the test run the below command from inventory folder you have created above;

you will see all the resources of AWS from your account, the thing you need to consider is how “tag name” is given there, for example, you have one server on AWS with “tag name” ‘test’ so, you need to pass “tag name” as below while running ansible playbook,

Now run you ansible-playbook command as below;

***The above command contain certain parameter as;

So, now when you will launch any ubuntu server on AWS and for the first time you are running the ansible -playbook on it, you will get an error because Ubuntu now comes with pre-installed python3, not python2, and by default, ansible run on python2 so you need to specify the python3 interpreter.

About vault file my suggestion is to create file “auth.yml” with;

and encrypt it with the below command;

whatsoever the password you have created paste it in

and now use the above “ansible-playbook” command for safe operations.

That’s it you’re whole setup is done now.

ASKOPS APP IS NOW AVAILABLE ON PLAYSTORE

Askops
Askops
Developer: Nikhil raj
Price: Free


This Post Has 8 Comments

  1. jyotish

    Hi,
    when im trying to use dynamic inventory , i getting below error with command –
    $ ansible -i ec2.py -u ubuntu us-east-1 -m ping

    Error:

    [WARNING]: * Failed to parse /private/etc/ansible/ec2.py with script plugin: Inventory script (/private/etc/ansible/ec2.py) had an
    execution error: Traceback (most recent call last): File “/private/etc/ansible/ec2.py”, line 170, in from
    ansible.module_utils import six ImportError: No module named ansible.module_utils

    [WARNING]: * Failed to parse /private/etc/ansible/ec2.py with ini plugin: /private/etc/ansible/ec2.py:3: Error parsing host definition
    ””’: No closing quotation

    [WARNING]: Unable to parse /private/etc/ansible/ec2.py as an inventory source

    [WARNING]: No inventory was parsed, only implicit localhost is available

    [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match ‘all’

    [WARNING]: Could not match supplied host pattern, ignoring: us-east-1

    Can you help?

    1. Nikhil Kumar

      Hi,

      ec2.py is the python file, for using it you need to use it like, ./ec2.py –lists will list the resources of aws, even you need to look into the conf of ec2.ini as per your taste.

        1. nikhil

          check the output of ./ec2.py –list, if you will get the response it will definitely ping.

  2. Tag

    Hi, I tried to follow your setup but I am stuck now with this error
    UNREACHABLE! => {
    “changed”: false,
    “msg”: “Failed to connect to the host via ssh: Connection timed out during banner exchange”,
    “unreachable”: true
    }

  3. nikhil

    could you please help me with -vvv logs, and ansible command you are using too.

Leave a Reply