GitHub - gdilawari/gansible

Branches Tags
Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
roles/wordpress		roles/wordpress
.DS_Store		.DS_Store
README.me		README.me
ansible.cfg		ansible.cfg
wordpress.yml		wordpress.yml
Repository files navigation

AWS/Ansible/WordPress
Summary:
 This project creates a Web Instance for WordPress setup.  AWS Cloud Formation
 template that accepts user inputs as parameters and uses Configuration Management
 tool – Ansible to create the Web Instance and installs WordPress.

Top level details:

1.	AWS Cloud Formation template attached below (YAML), deploys VPC,
two public subnets, internet gateway, security groups, Internet Gateway and
EC2 (t2.micro), routing and installs Amazon Linux Ami.- Region =US-east-1
2.	User is asked to enter several parameters related to WordPress and MySQL
admin passwords etc. and the KeyName. The template uses default cider for VPC
and subnets but can be overwritten by the user.
3. User is also asked to enter the Access Key and SecretKey.
4. The Cloud Formation, once the infrastructure is setup uses the UserData
capability to install EPEL (package loader, other necessary software and
Ansible – Configuration management tool).
5.	A github repository is cloned from Githib.com that contains WordPress
playbook.
6.	Ansible executes the playbook wordpress.yml.
7.	The playbook uses wordpress_stack.yml.j2 to call AWS cloud formation
to create an EC2 in Public subnet B.
8.	Wordpress_stack template uses the EC2 UserData to load
– httpd24, php56, php-56-mysqlnd mysql-server and mysql and starts the service
mysqld and httpd. It uses wget to download wordpress latest release and
installs it. User provided passwords are configured for WordPress and Myql.

Note: there are several ways to use the combination of AWS and Configuration
Management tool like Ansible and we have chosen a simple way to make the
solution happen. Good part of Ansible is that it is agent-less.

The following Cloud Formation Template starts the AWS stack:


Once the EC2 in region us-east-ib has been created, you can copy the Public IP
address and use it a browser to access the WordPress demo site.


AWSTemplateFormatVersion: '2010-09-09'
Description: >-
  This CF template creates a  VPC, Subnet A and Subnet B - both public. It
  creates all necessary routes and attaches Internet gateway. It creates an EC2
  and UserData is used to execute rest of the commands. It loads package loader
  epel followed by boto3 and Ansible. It clones an Ansible/Wordpress git
  repository from Github. It uses Ansible to execute a play-book to create
  an EC2 and download all necessary software to run Word-press blog.

Parameters:
  vpccidr:
    Type:  String
    MinLength:  9
    MaxLength:  18
    AllowedPattern:  "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/\\d{1,2}"
    ConstraintDescription: Must be a valid CIDR in the form x.x.x.x/16
    Default: 10.20.0.0/16

  psharedacidr:
    Type:  String
    MinLength:  9
    MaxLength:  18
    AllowedPattern:  "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: Must be a valid CDR range in the form x.x.x.x/22
    Default:  10.20.0.0/22

  psharedbcidr:
    Type:  String
    MinLength:  9
    MaxLength:  18
    AllowedPattern:  "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: Must be a valid CDR range in the form x.x.x.x/22
    Default:  10.20.4.0/22

  mysqlrootpass:
    Type: String
    MinLength: 8
    MaxLength: 16
    NoEcho: 'true'

  mysqlwordpress:
    Type: String
    MinLength: 8
    MaxLength: 16
    NoEcho: 'true'

  wordpressadminpass:
    Type: String
    MinLength: 8
    MaxLength: 16
    NoEcho: 'true'

  wordpressadminemail:
    Type: String

  wpinstancekey:
    Type: AWS::EC2::KeyPair::KeyName
    Description: SSH key pair to use for WP instance

  ansibleinstancekey:
    Type: AWS::EC2::KeyPair::KeyName
    Description: SSH key pair to use for Ansible instance

  accesskeyid:
    Type: String
    NoEcho: 'true'

  secretaccesskey:
    Type: String
    NoEcho: 'true'

Resources:
  VPC:
    Type: "AWS::EC2::VPC"
    Properties:
      CidrBlock:  !Ref vpccidr

  IGW:
    Type: "AWS::EC2::InternetGateway"

  SG:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      VpcId:  !Ref VPC
      GroupDescription: "Enable SSH access via port 22 and open port 80"
      SecurityGroupIngress:
        - CidrIp:  0.0.0.0/0
          IpProtocol:  tcp
          ToPort:  "80"
          FromPort:  "80"
        - CidrIp:  0.0.0.0/0
          IpProtocol:  tcp
          ToPort:  "22"
          FromPort:  "22"
        - CidrIp:  0.0.0.0/0
          IpProtocol:  tcp
          ToPort:  "443"
          FromPort:  "443"

  EC2Instance01:
    Type: "AWS::EC2::Instance"
    DeletionPolicy: Delete
    Properties:
      ImageId: ami-1853ac65  # Amazon Linux 2017.09.1 hvm
      InstanceType: t2.micro
      KeyName: !Ref ansibleinstancekey
      SecurityGroupIds:
         - !Ref SG
      Tags:
      - Key: "Name"
        Value: !Sub
          - ${stack}-ansible-instance
          - { stack: !Ref 'AWS::StackName'}
      SubnetId: !Ref SubnetPublicSharedA
      UserData:
        "Fn::Base64":
          !Sub  |
            #!/bin/bash
            yum update -y
            sudo yum-config-manager --enable epel
            yum install git -y
            pip install --upgrade pip
            ln -sf /usr/local/bin/pip /usr/bin/pip
            pip install awscli
            pip install boto3
            pip install ansible
            ln -sf /usr/local/bin/ansible /usr/bin/ansible
            ln -sf /usr/local/bin/ansible-playbook /usr/bin/ansible-playbook
            git clone https://github.com/gdilawari/gansible.git
            export AWS_DEFAULT_REGION=us-east-1
            export AWS_ACCESS_KEY_ID=${accesskeyid}
            export AWS_SECRET_ACCESS_KEY=${secretaccesskey}
            ansible-playbook gansible/wordpress.yml -e "wordpress_mode=create" -e "master_stack_name=${AWS::StackName}" -e "application_stack_name=${AWS::StackName}-wordpress" -e "key_pair_name=${wpinstancekey}" -e "mysql_root_pass=${mysqlrootpass}" -e "mysql_wordpress_pass=${mysqlwordpress}" -e "wordpress_admin_pass=${wordpressadminpass}" -e "wordpress_admin_email=${wordpressadminemail}"

  S3OneBucket:
    DeletionPolicy: Retain
    Type:  "AWS::S3::Bucket"
    Properties:
      AccessControl:  PublicRead
      WebsiteConfiguration:
        ErrorDocument:  index.html
        IndexDocument:  index.html

  GatewayAttach:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
      InternetGatewayId: !Ref IGW
      VpcId: !Ref VPC

  SubnetPublicSharedA:
    Type: "AWS::EC2::Subnet"
    Properties:
      AvailabilityZone: !Select [0, !GetAZs ]
      CidrBlock: !Ref psharedacidr
      MapPublicIpOnLaunch: true
      VpcId: !Ref VPC

  SubnetPublicSharedB:
    Type:  "AWS::EC2::Subnet"
    Properties:
      AvailabilityZone: !Select [1, !GetAZs ]
      CidrBlock: !Ref psharedbcidr
      MapPublicIpOnLaunch: true
      VpcId: !Ref VPC

  SubnetRouteTableAssociatePublicA:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId: !Ref RouteTablePublic
      SubnetId: !Ref SubnetPublicSharedA

  SubnetRouteTableAssociatePublicB:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId: !Ref RouteTablePublic
      SubnetId: !Ref SubnetPublicSharedB

  RouteDefaultPublic:
    Type: "AWS::EC2::Route"
    DependsOn: GatewayAttach
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref IGW
      RouteTableId: !Ref RouteTablePublic

  RouteTablePublic:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId: !Ref VPC

Outputs:
  vpcid:
    Description: ID of Shared Infrastructure VPC
    Value: !Ref VPC

  publicroutetable:
    Description: ID of Public Route Table
    Value: !Ref RouteTablePublic