Automating Cloud Infrastructure with Ansible: Part 2

By Dinesh Reddy, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

In the previous article, we have explored on starting, stopping, deleting and restarting instance in the specified region, fetching and gathering facts about the instance in the specified region and creating disk and attaching the disk to a specific instance. Now let us have a deep understanding on Ansible to provision a complete Elastic Compute Service (ECS) instance with network access control to connect to the specific instance.

Network access control includes creating a VPC, VSwitch, and security group. Once the instance is provisioned with the network rules, the next step is to attach the storage to the provisioned instance. Therefore let us also have a dive on basic operations in OSS bucket as well.

Let us proceed this article with the basics of VPC to complete the network control rules for provisioning the instance.

Overview of Virtual Private Cloud

A Virtual Private Cloud is a hybrid model of cloud computing in which a private cloud solution is provided within a public cloud provider’s infrastructure. A virtual private cloud user can manage network components, including ip addresses, subnets, network gateways and access control policies and custom define components. Generally VPC includes CIDR Block, vrouter and VSwitch. Further for creating a vpc we will be specifying the CIDR Block details below as follows. Additionally we also have a unique default vpc for each zone.

For creation of a vpc we will be giving the CIDR Block details below as follows. We also have a unique default vpc for each and every zone when none is specified.

Creating a VPC

For creating a VPC, we require CIDR block along with access key and secret key. The playbook below will specify how to create a VPC in Singapore zone.

The image below shows the console before creating a VPC:

Image for post
Image for post

The YAML code is as follows:

- name: create vpc
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: present
cidr_block: 192.168.0.0/16
vpc_name: Demo
description: Demo VPC
tasks:
- name: create vpc
ali_vpc:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
cidr_block: '{{ cidr_block }}'
vpc_name: '{{ vpc_name }}'
description: '{{ description }}'
register: result
- debug: var=result

After creating the playbook compile the playbook using the below mentioned command.

[root@ogslab3 Alibaba]# ansible-playbook vpc.yml
Image for post
Image for post

After creating your VPC, you can check the created using the console:

Image for post
Image for post

Deleting a VPC

The VPC creation is not fixed and it can be modified, hence for deleting the VPC mention the state parameter to be absent in the playbook and proceed to execute the code. The playbook for deleting VPC (YAML code) is as follows:

- name: deleting vpc
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: absent
vpc_id: "vpc-t4na5wvzit836tgwunyu6"
tasks:
- name: create vpc
ali_vpc:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
vpc_id: '{{ vpc_id}}'
register: result
- debug: var=result

Execute the playbook with the following command:

[root@ogslab3 Alibaba]# ansible-playbook vpclst.yml
Image for post
Image for post

Check the output status of VPC before deleting.

The image below shows the console before deleting the VPC.

Image for post
Image for post

The image below shows the console after deleting the VPC.

Image for post
Image for post

VSwitch

VSwitch is used to connect different cloud instances in the VPC. For creating a VPC, vswitch is not necessary. Instead we can have the default VSwitch for our convenience.

Default VSwitch is unique for each zone.

Creating of VSwitch with Ansible

For creating a vswitch we require vpc_id and cidr_block.

- name: create a vswitch
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
vpc_id: "vpc-t4nffwrs25fheo1ss1nit"
alicloud_zone: "ap-southeast-1b"
cidr_block: '192.168.0.0/16'
name: 'Demo_VSwitch'
state: present
tasks:
- name: create vswitch
alicloud_vswitch:
alicloud_access_key: "{{ alicloud_access_key }}"
alicloud_secret_key: "{{ alicloud_secret_key }}"
alicloud_region: '{{ alicloud_region }}'
vpc_id: '{{ vpc_id }}'
alicloud_zone: "{{ alicloud_zone }}"
cidr_block: '{{ cidr_block }}'
name: '{{ name }}'
state: '{{ state }}'
register: result
- debug: var=result

You can execute the playbook is as follows:

[root@ogslab3 Alibaba]# ansible-playbook vswitch.yml

Check the created VSwitch in the console:

Image for post
Image for post

Deleting the VSwitch with Ansible

The deletion of a VPC can be done by making the parameter ‘state’, vswitch_id and its corresponding vpc_id to be absent.

- name: Delete a vswitch
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
vpc_id: "vpc-t4na5wvzit836tgwunyu6"
vswitch_id: "vsw-t4n5wsorwbf5dnguvppem"
state: absent
tasks:
- name: Delete vswitch
alicloud_vswitch:
alicloud_access_key: "{{ alicloud_access_key }}"
alicloud_secret_key: "{{ alicloud_secret_key }}"
alicloud_region: '{{ alicloud_region }}'
vpc_id: '{{ vpc_id }}'
vswitch_id: '{{ vswitch_id }}'
state: '{{ state }}'
register: result
- debug: var=result

Execute the playbook as follows:

[root@ogslab3 Alibaba]# ansible-playbook vswitch.yml

Check the output in the console.

Image for post
Image for post

Security Group

A Security group consists of set of rules that define how to handle the incoming (ingress) and outgoing (outgress) traffic or request. The rules which we add to the security group are called security rules. Security groups are used to set network access control for one or more instances. Instances with in the same security group alone can communicate through intranet network and within different groups can’t communicate by default. Also we have limitation of 100 security group rules in total for a security group (including inbound and outbound rules).

Creating Security Group with Ansible

Let us create a security group in the Singapore region using the group name AliyunSG.

- name: create security group
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
tasks:
- name: create security grp
ali_security_group:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
group_name: 'AliyunSG'

Execute the playbook as follows:

[root@ogslab3 Alibaba]# ansible-playbook sg.yml
Image for post
Image for post

Console before execution:

Image for post
Image for post

After execution, we have a new group created with AliyunSG name.

Image for post
Image for post

Deleting of Security Group with Ansible

Deleting the security group can be done by changing the state to be absent and mentioning the group_id as well.

- name: delete security group
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
group_id: sg-t4ngnkqimz75l6rxzh94
state: absent
tasks:
- name: delete security grp
ali_security_group:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
group_id: '{{ group_id }}'
state: '{{ state }}'
register: delete result
- debug: var=delete result

Executing the playbook is as follows:

[root@ogslab3 Alibaba]# ansible-playbook sgd.yml
Image for post
Image for post

Before deleting the AliyunSG group.

Image for post
Image for post

After deleting the group.

Image for post
Image for post

Object Storage Service

Object Storage Service is a data storage service in which data is uploaded as an object to bucket. We can create a Bucket and upload objects into it and also share the objects. oss consists of only the objects such as images, pdf’s, word files and other storage in this. It is highly reliable, cost effective and has good security measures and easy of use as well.

Creating Bucket with Ansible

Object storage service enables you to store the large amount of data into the cloud with highest reliability.

For creating an OSS bucket, we require below parameters and set the permission to be as follows.

- name: create oss bucket
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: present
bucket: 'bucketogs'
permission: private
tasks:
- name: create oss bucket
alicloud_bucket:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
bucket: '{{ bucket }}'
permission: '{{ permission }}'
register: result
- debug: var=result

Execute the playbook as follows:

[root@ogslab3 Alibaba]# ansible-playbook bucket.yml
Image for post
Image for post

New bucket ‘bucketogs’ is created at the console:

Image for post
Image for post

Deleting a Bucket

For deleting an existing bucket we have to make changes in the state, permission and add bucket name to the code as well.

- name: Delete oss bucket
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: absent
bucket: 'ogsbucket'
permission: private
tasks:
- name: create oss bucket
alicloud_bucket:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
bucket: '{{ bucket }}'
permission: '{{ permission }}'
register: result
- debug: var=result

Executing the playbook is as follows:

[root@ogslab3 Alibaba]# ansible-playbook deletebucket.yml

Fetching Bucket Details

To obtain details about the existing bucket and we have the below code.

- name: Fetch oss bucket
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: absent
bucket: 'bucketogs'
permission: private
tasks:
- name: Fetch oss bucket
alicloud_bucket:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
bucket: '{{ bucket }}'
permission: '{{ permission }}'
register: result
- debug: var=result

Execute the playbook as follows:

[root@ogslab3 Alibaba]# ansible-playbook bucketnew.yml
Image for post
Image for post

Output in console:

Image for post
Image for post

Listing Objects

Give the mode to be listed in the code and specify the bucket name to view the objects in Bucket.

- name: listing bucket objects
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
mode: list
bucket: bucketogs
tasks:
- name: listing bucket objects
alicloud_bucket_object:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
mode: '{{ mode }}'
bucket: '{{ bucket }}'
register: result
- debug: var=result

Execute the playbook as follows:

[ansible@ogslab3 Alibaba]# ansible-playbook oss.yml
Image for post
Image for post

On the console, we have sample file at the bucketogs.

Image for post
Image for post

Deleting Objects

Let see how to delete objects in a bucket. We have the delete operation done by giving the mode to be as delete in the code and specify the object name to delete it.

- name: Deleting bucket objects
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
mode: delete
bucket: bucketogs
object: 'NEW ACESS KEY.txt'
tasks:
- name: Deleting bucket objects
alicloud_bucket_object:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
mode: '{{ mode }}'
bucket: '{{ bucket }}'
object: '{{ object }}'
register: result
- debug: var=result

Execute the playbook as follows:

[ansible@ogslab3 Alibaba]# ansible-playbook oss.yml
Image for post
Image for post

We have all the files before deleting.

Image for post
Image for post

After deleting the file, there is no New Acess Key.txt file.

Image for post
Image for post

Elastic Compute Service

Alibaba Cloud Elastic Compute Service (ECS) helps to power your cloud applications using fast memory and Intel CPU inturn to achieve faster results with low latency. All ECS instances come with denial of service attacks protection to secure data from malware attacks. With the associated resources created for the instance, we will look into the complete ECS provisioning as below,

Instance Provisioning

- name: basic provisioning example
hosts: localhost
vars:
alicloud_access_key: LTAIzpw8uK7VVWmM
alicloud_secret_key: jPuJzWHKP3QZewpXEe0NA3TDVisSSR
alicloud_region: ap-southeast-1
image: ubuntu_16_0402_64_20G_alibase_20180409.vhd
instance_type: ecs.t5-lc2m1.nano
assign_public_ip: True
max_bandwidth_out: 10
host_name: myhost
password: MyPassword@10
system_disk_category: cloud_efficiency
system_disk_size: 100
internet_charge_type: PayByTraffic
security_groups: ["sg-t4n50q981ove2azth8ys"]
force: True
tasks:
- name: launch ECS instance in VPC network
ali_instance:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
image: '{{ image }}'
system_disk_category: '{{ system_disk_category }}'
system_disk_size: '{{ system_disk_size }}'
instance_type: '{{ instance_type }}
assign_public_ip: '{{ assign_public_ip }}'
security_groups: '{{ security_groups }}'
internet_charge_type: '{{ internet_charge_type }}'
max_bandwidth_out: '{{ max_bandwidth_out }}'
instance_tags:
Name: created_one
host_name: '{{ host_name }}'
password: '{{ password }}'
ignore_errors: yes

Output in the Console:

Image for post
Image for post

Running status of the instance:

Image for post
Image for post

That’s it! We have seen how to create a VPC, VSwitch, security group, and OSS bucket through Ansible. Finally, we provisioned an ECS instance automatically through Ansible.

Reference:https://www.alibabacloud.com/blog/automating-cloud-infrastructure-with-ansible-part-2_594714?spm=a2c41.12820578.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store