© Copyright 2024, Intel Corporation
Configuration in this directory creates an AWS VM (EC2 Instance). The instance is created on an 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) by default.
This collection included 3 roles and 4 playbooks.
Role:- Ansible roles are a way to reuse and organize your Ansible code. They are self-contained units that contain all the files and configuration needed to automate a specific task. Roles are defined using a directory structure with specific directories for tasks, variables, files, templates, and other artifacts. This structure makes it easy to find and reuse code, and it also makes it easy to extend behaviour of roles.
To use a role in an Ansible playbook, you simply need to list it in the roles section of the playbook. Ansible will then automatically load the role and execute its tasks.
For this module, there are 3 roles.
- amazon_ec2_rhel_default_vpc - It creates an AWS Red Hat Enterprise Linux (RHEL) EC2 instance on a 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) in the default VPC
- amazon_linux_ec2_non_default_vpc creates an AWS EC2 instance on 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) on Linux Operating System in a non-default VPC
- gen_ai_demo It creates an Amazon M7i EC2 Instance with 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) & Intel® Cloud Optimized Recipe for FastChat and Stable Diffusion
Playbook: An Ansible playbook is a YAML file that describes the tasks, are composed of a series of plays, which are groups of tasks that are executed in a specific order. Each play defines a set of tasks that should be executed on a specific group of hosts. Playbooks can also include variables, which can be used to store data that is used by the tasks. This makes it easy to reuse playbooks for different environments and configurations. for this module. For this module, there are 4 playbooks:
- Playbook intel_aws_vm.yml - Used to create an AWS VM (EC2 Instance), it uses Terraform module terraform-intel-aws-vm and being called by Ansible module community.general.terraform
- Playbook intel_aws_vm_ec2_rhel_default_vpc.yml - It executes role called amazon_ec2_rhel_default_vpc
- Playbook intel_aws_vm_linux_ec2_non_default_vpc.yml - It executes role called amazon_linux_ec2_non_default_vpc
- Playbook intel_aws_vm_gen_ai_demo - It executes role called gen_ai_demo
.
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── galaxy.yml
├── playbooks
│  ├── intel_amazon_linux_ec2_non_default_vpc.yml
│  ├── intel_aws_vm_ec2_rhel_default_vpc.yml
│  ├── intel_aws_vm_gen_ai_demo.yml
│  └── intel_aws_vm.yml
├── README.md
├── requirements.txt
├── requirements.yml
├── roles
│  ├── amazon_ec2_rhel_default_vpc
│  │  ├── defaults
│  │  │  └── main.yml
│  │  ├── files
│  │  ├── handlers
│  │  │  └── main.yml
│  │  ├── meta
│  │  │  └── main.yml
│  │  ├── README.md
│  │  ├── tasks
│  │  │  ├── download_tf_module.yml
│  │  │  ├── ec2_vm.yml
│  │  │  ├── generate_keys.yml
│  │  │  ├── main.yml
│  │  │  ├── output.yml
│  │  │  ├── read_tfstate.yml
│  │  │  └── sg_eni_attachment.yml
│  │  ├── templates
│  │  ├── tests
│  │  │  ├── inventory
│  │  │  └── test.yml
│  │  └── vars
│  │  └── main.yml
│  ├── amazon_linux_ec2_non_default_vpc
│  │  ├── defaults
│  │  │  └── main.yml
│  │  ├── files
│  │  ├── handlers
│  │  │  └── main.yml
│  │  ├── meta
│  │  │  └── main.yml
│  │  ├── README.md
│  │  ├── tasks
│  │  │  ├── download_tf_module.yml
│  │  │  ├── ec2.yml
│  │  │  ├── keypair.yml
│  │  │  ├── main.yml
│  │  │  ├── output.yml
│  │  │  ├── read_tfstate.yml
│  │  │  ├── sg.yml
│  │  │  └── subnet.yml
│  │  ├── templates
│  │  ├── tests
│  │  │  ├── inventory
│  │  │  └── test.yml
│  │  └── vars
│  │  └── main.yml
│  └── gen_ai_demo
│  ├── defaults
│  │  └── main.yml
│  ├── files
│  ├── handlers
│  │  └── main.yml
│  ├── meta
│  │  └── main.yml
│  ├── README.md
│  ├── tasks
│  │  ├── cloud_init_config.yml
│  │  ├── download_tf_module.yml
│  │  ├── ec2_vm.yml
│  │  ├── generate_keys.yml
│  │  ├── main.yml
│  │  ├── output.yml
│  │  ├── read_tfstate.yml
│  │  └── sg_eni_attachment.yml
│  ├── templates
│  ├── tests
│  │  ├── inventory
│  │  └── test.yml
│  └── vars
│  └── main.yml
└── security.md
-
Case 1: When user's needs can be met with the default configuration, and they want to install a collection from Ansible Galaxy to the default location (as a third-party collection), it is recommended to use the following command:
ansible-galaxy collection install <intel.ansible-intel-aws-vm> -
Case 2:- When user's needs cannot be met with the default configuration, wants to extend/modify existing configuration and flow, they can install collection using Ansible Galaxy in user's define location. Use below approaches:
-
ansible-galaxy collection install -p <local path> <intel.ansible-intel-aws-vm>Note: collection will download collection, you can remove as per need.
-
Download source and copy role directory to your Ansible boilerplate from GitHub (used to extended behavior of role)
git clone https://github.com/intel/ansible-intel-aws-vm.git cd ansible-intel-aws-vm cp -r role/amazon_ec2_rhel_default_vpc /<your project path>/(Example: /home/user/.ansible/roles)
-
To authenticate AWS API, user needs to export below environment variable:
export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
export AWS_REGION=<aws_region>Use playbook to execute Terraform module terraform-intel-aws-vm using Ansible module community.general.terraform as below
---
- hosts: localhost
vars:
terraform_source: https://github.com/intel/terraform-intel-aws-vm.git
tasks:
- set_fact:
terraform_module_download_path: '/home/{{ansible_env.USER}}/terraform/main/intel_aws_vm/'
- name: Clone a github repository
git:
repo: '{{ terraform_source }}'
dest: '{{ terraform_module_download_path }}'
clone: yes
update: yes
version: main
- name: AWS VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: present
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf
variables:
name: main-playbook-test
register: vm_output
- debug:
var: vm_output
Each of the playbooks have .yml files that you will need to update to insert items like VPC ID, and database settings
ansible-playbook <playbookname.yml>
EXAMPLE
ansible-playbook intel_aws_mysql.yml
Deployment time can vary but in most cases it takes approximately 15-20 minutes for the RDS database to be created or destroyed.
You can deploy ansible in various states, similar to Terraform. These are used as variables in the "state" section of the code. There are 3 types, planned, present, absent.
planned = will display what will be executed by does not deploy
present = deploys the resources
absent = destroys what was created using the present setting
- name: AWS VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: planned
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf
variables:
name: <vm-name>- name: AWS VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: present
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf
variables:
name: <vm-name>- name: AWS VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: absent
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf
variables:
name: <vm-name>| Role Name |
|---|
| amazon_ec2_rhel_default_vpc |
| amazon_linux_ec2_non_default_vpc |
| gen_ai_demo |
| Name | Version |
|---|---|
| Terraform | =1.5.7 |
| AWS | ~> 4.36.0 |
| Random | ~>3.4.3 |
| Ansible Core | ~>2.14.2 |
| Ansible | ~>7.2.0-1 |
| boto3 | ~>1.29.0 |
| botocore | ~>1.32.0 |
| cryptography | ~>41.0.5 |
Note:
- Install requirements using
requirements.txtandrequirements.yml, Use below command:pip3 install -r requirements.txt ansible-galaxy install -r requirements.yml
- Above role requires
Terraformas we are executing terraform module terraform-intel-aws-vm using Ansible module called community.general.terraform
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami | ID of AMI to use for the instance | string |
null |
no |
| ami_ssm_parameter | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see reference. To find the latest Windows AMI using Systems Manager, use this reference | string |
"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" |
no |
| associate_public_ip_address | Whether to associate a public IP address with an instance in a VPC | bool |
null |
no |
| availability_zone | AZ to start the instance in | string |
null |
no |
| capacity_reservation_specification | Describes an instance's Capacity Reservation targeting option | any |
{} |
no |
| cpu_core_count | Sets the number of CPU cores for an instance. | number |
null |
no |
| cpu_credits | The credit option for CPU usage (unlimited or standard) | string |
null |
no |
| cpu_threads_per_core | Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set). | number |
null |
no |
| create | Whether to create an instance | bool |
true |
no |
| create_iam_instance_profile | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | bool |
false |
no |
| create_spot_instance | Depicts if the instance is a spot instance | bool |
false |
no |
| disable_api_stop | If true, enables EC2 Instance Stop Protection. | bool |
null |
no |
| disable_api_termination | If true, enables EC2 Instance Termination Protection | bool |
null |
no |
| ebs_block_device | Additional EBS block devices to attach to the instance | list(map(string)) |
[] |
no |
| ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool |
null |
no |
| enable_volume_tags | Whether to enable volume tags (if enabled it conflicts with root_block_device tags) | bool |
true |
no |
| enclave_options_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to false |
bool |
null |
no |
| ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance | list(map(string)) |
[] |
no |
| get_password_data | If true, wait for password data to become available and retrieve it. | bool |
null |
no |
| hibernation | If true, the launched EC2 instance will support hibernation | bool |
null |
no |
| host_id | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | string |
null |
no |
| iam_instance_profile | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | string |
null |
no |
| iam_role_description | Description of the role | string |
null |
no |
| iam_role_name | Name to use on IAM role created | string |
null |
no |
| iam_role_path | IAM role path | string |
null |
no |
| iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string |
null |
no |
| iam_role_policies | Policies attached to the IAM role | map(string) |
{} |
no |
| iam_role_tags | A map of additional tags to add to the IAM role/profile created | map(string) |
{} |
no |
| iam_role_use_name_prefix | Determines whether the IAM role name (iam_role_name or name) is used as a prefix |
bool |
true |
no |
| instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | string |
null |
no |
| instance_type | Instance SKU, see comments above for guidance | string |
"m7i.large" |
no |
| ipv6_address_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | number |
null |
no |
| ipv6_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | list(string) |
null |
no |
| key_name | Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource |
string |
null |
no |
| launch_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | map(string) |
null |
no |
| metadata_options | Customize the metadata options of the instance | map(string) |
{} |
no |
| monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | bool |
false |
no |
| name | Name to be used on EC2 instance created | string |
"" |
no |
| network_interface | Customize network interfaces to be attached at instance boot time | list(map(string)) |
[] |
no |
| placement_group | The Placement Group to start the instance in | string |
null |
no |
| private_ip | Private IP address to associate with the instance in a VPC | string |
null |
no |
| root_block_device | Customize details about the root block device of the instance. See Block Devices below for details | list(any) |
[] |
no |
| secondary_private_ips | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a network_interface block |
list(string) |
null |
no |
| source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool |
true |
no |
| spot_block_duration_minutes | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | number |
null |
no |
| spot_instance_interruption_behavior | Indicates Spot instance behavior when it is interrupted. Valid values are terminate, stop, or hibernate |
string |
"terminate" |
no |
| spot_instance_type | If set to one-time, after the instance is terminated, the spot request will be closed. Default persistent |
string |
"one-time" |
no |
| spot_launch_group | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | string |
null |
no |
| spot_price | The maximum price to request on the spot market. Defaults to on-demand price | string |
null |
no |
| spot_valid_from | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string |
null |
no |
| spot_valid_until | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string |
null |
no |
| spot_wait_for_fulfillment | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | bool |
null |
no |
| subnet_id | The VPC Subnet ID to launch in | string |
null |
no |
| tags | A mapping of tags to assign to the resource | map(string) |
{} |
no |
| tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | string |
null |
no |
| timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources | map(string) |
{} |
no |
| user_data | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. | string |
null |
no |
| user_data_base64 | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | string |
null |
no |
| user_data_replace_on_change | When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set. | bool |
false |
no |
| volume_tags | A mapping of tags to assign to the devices created by the instance at launch time | map(string) |
{} |
no |
| vpc_security_group_ids | A list of security group IDs to associate with | list(string) |
null |
no |
| Name | Description |
|---|---|
| arn | The ARN of the instance |
| capacity_reservation_specification | Capacity reservation specification of the instance |
| iam_instance_profile_arn | ARN assigned by AWS to the instance profile |
| iam_instance_profile_id | Instance profile's ID |
| iam_instance_profile_unique | Stable and unique string identifying the IAM instance profile |
| iam_role_arn | The Amazon Resource Name (ARN) specifying the IAM role |
| iam_role_name | The name of the IAM role |
| iam_role_unique_id | Stable and unique string identifying the IAM role |
| id | The ID of the instance |
| instance_state | The state of the instance. One of: pending, running, shutting-down, terminated, stopping, stopped |
| ipv6_addresses | The IPv6 address assigned to the instance, if applicable. |
| outpost_arn | The ARN of the Outpost the instance is assigned to |
| password_data | Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if get_password_data is true |
| primary_network_interface_id | The ID of the instance's primary network interface |
| private_dns | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
| private_ip | The private IP address assigned to the instance. |
| public_dns | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
| public_ip | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use public_ip as this field will change after the EIP is attached |
| spot_bid_status | The current bid status of the Spot Instance Request |
| spot_instance_id | The Instance ID (if any) that is currently fulfilling the Spot Instance request |
| spot_request_state | The current request state of the Spot Instance Request |
| tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block |