Automating Cloud Infrastructure with Ansible: Part 2

By Dinesh Reddy, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

In the previous article, we have explored on starting, stopping, deleting and restarting instance in the specified region, fetching and gathering facts about the instance in the specified region and creating disk and attaching the disk to a specific instance. Now let us have a deep understanding on Ansible to provision a complete Elastic Compute Service (ECS) instance with network access control to connect to the specific instance.

Network access control includes creating a VPC, VSwitch, and security group. Once the instance is provisioned with the network rules, the next step is to attach the storage to the provisioned instance. Therefore let us also have a dive on basic operations in OSS bucket as well.

Let us proceed this article with the basics of VPC to complete the network control rules for provisioning the instance.

Overview of Virtual Private Cloud

A Virtual Private Cloud is a hybrid model of cloud computing in which a private cloud solution is provided within a public cloud provider’s infrastructure. A virtual private cloud user can manage network components, including ip addresses, subnets, network gateways and access control policies and custom define components. Generally VPC includes CIDR Block, vrouter and VSwitch. Further for creating a vpc we will be specifying the CIDR Block details below as follows. Additionally we also have a unique default vpc for each zone.

For creation of a vpc we will be giving the CIDR Block details below as follows. We also have a unique default vpc for each and every zone when none is specified.

Creating a VPC

For creating a VPC, we require CIDR block along with access key and secret key. The playbook below will specify how to create a VPC in Singapore zone.

The image below shows the console before creating a VPC:

The YAML code is as follows:

After creating the playbook compile the playbook using the below mentioned command.

After creating your VPC, you can check the created using the console:

Deleting a VPC

The VPC creation is not fixed and it can be modified, hence for deleting the VPC mention the state parameter to be absent in the playbook and proceed to execute the code. The playbook for deleting VPC (YAML code) is as follows:

Execute the playbook with the following command:

Check the output status of VPC before deleting.

The image below shows the console before deleting the VPC.

The image below shows the console after deleting the VPC.


VSwitch is used to connect different cloud instances in the VPC. For creating a VPC, vswitch is not necessary. Instead we can have the default VSwitch for our convenience.

Default VSwitch is unique for each zone.

Creating of VSwitch with Ansible

For creating a vswitch we require vpc_id and cidr_block.

You can execute the playbook is as follows:

Check the created VSwitch in the console:

Deleting the VSwitch with Ansible

The deletion of a VPC can be done by making the parameter ‘state’, vswitch_id and its corresponding vpc_id to be absent.

Execute the playbook as follows:

Check the output in the console.

Security Group

A Security group consists of set of rules that define how to handle the incoming (ingress) and outgoing (outgress) traffic or request. The rules which we add to the security group are called security rules. Security groups are used to set network access control for one or more instances. Instances with in the same security group alone can communicate through intranet network and within different groups can’t communicate by default. Also we have limitation of 100 security group rules in total for a security group (including inbound and outbound rules).

Creating Security Group with Ansible

Let us create a security group in the Singapore region using the group name AliyunSG.

Execute the playbook as follows:

Console before execution:

After execution, we have a new group created with AliyunSG name.

Deleting of Security Group with Ansible

Deleting the security group can be done by changing the state to be absent and mentioning the group_id as well.

Executing the playbook is as follows:

Before deleting the AliyunSG group.

After deleting the group.

Object Storage Service

Object Storage Service is a data storage service in which data is uploaded as an object to bucket. We can create a Bucket and upload objects into it and also share the objects. oss consists of only the objects such as images, pdf’s, word files and other storage in this. It is highly reliable, cost effective and has good security measures and easy of use as well.

Creating Bucket with Ansible

Object storage service enables you to store the large amount of data into the cloud with highest reliability.

For creating an OSS bucket, we require below parameters and set the permission to be as follows.

Execute the playbook as follows:

New bucket ‘bucketogs’ is created at the console:

Deleting a Bucket

For deleting an existing bucket we have to make changes in the state, permission and add bucket name to the code as well.

Executing the playbook is as follows:

Fetching Bucket Details

To obtain details about the existing bucket and we have the below code.

Execute the playbook as follows:

Output in console:

Listing Objects

Give the mode to be listed in the code and specify the bucket name to view the objects in Bucket.

Execute the playbook as follows:

On the console, we have sample file at the bucketogs.

Deleting Objects

Let see how to delete objects in a bucket. We have the delete operation done by giving the mode to be as delete in the code and specify the object name to delete it.

Execute the playbook as follows:

We have all the files before deleting.

After deleting the file, there is no New Acess Key.txt file.

Elastic Compute Service

Alibaba Cloud Elastic Compute Service (ECS) helps to power your cloud applications using fast memory and Intel CPU inturn to achieve faster results with low latency. All ECS instances come with denial of service attacks protection to secure data from malware attacks. With the associated resources created for the instance, we will look into the complete ECS provisioning as below,

Instance Provisioning

Output in the Console:

Running status of the instance:

That’s it! We have seen how to create a VPC, VSwitch, security group, and OSS bucket through Ansible. Finally, we provisioned an ECS instance automatically through Ansible.


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.