Update - 2017-11-23 - I’ve updated the bitcoin-node repository to also include Terraform instructions on deploying to Google Cloud. This was a fun one; in an attempt to keep deployment instructions super simple, I dug into ansible-pull a bit. I kind of liked it. Using ansible-pull, triggered by Terraform and an AWS User Data shell script, a Bitcoin full node can be deployed using a single terraform apply. overview The goal here was simple; deploy a full Bitcoin node, for additional network capacity.
what is this and why? I work in private VPCs in AWS a lot. I’m testing, debugging, and fidgeting with instances, requiring SSH access. If DNS isn’t configured, I’ve then had to look up IP addresses for instances through the AWS console (or just memorize the IP). After that, there’s the SSH public host key fingerprint. I either blindly accept it or manually look it up. If I terminate and redeploy the instance, there’s a chance I’ll get that SSH WARNING!
problem I wanted to create a simple inventory website. I wanted to have a collection of information, including all systems, installed software on those systems, and any other relevent stats and details on those systems. The available tools out there, however, I didn’t really like. I just wanted a simple static HTML site, with possible some search features. Why not use some free software out there to generate my own?
Note - I have updated this for Kubernetes 1.7.x. Deploying Kubernetes, complete with an OpenVPN access point, a CFSSL x509 certificate generation service, and an internal Kubernetes cluster DNS, complete with a Weave CNI daemonset, and kube-dns, the Kubernetes internal DNS resolver. It is a two part process; first, using Terraform, it builds the AWS infrastructure, including VPC settings, IAM roles, security groups, instances, etc. Once the infrastructure is deployed, Ansible is then used to configure the system accordingly.
Using Ansible Container, Ansible, and AWS, deploy a personal VPN server, while also creates a specified user, the appropriate OpenVPN configuration file, and saves it to the local user’s desktop. background Having a personal VPN server is immensely useful; we live in a mobile world with plenty of wifi hotspots. With these open access points, security is definitely a large issue. There are VPN services available, but it is often desirable to manage our own service.
A spin off from Ansible SSH bastion host for dynamic infrastructure in AWS, this post documents how to gather EC2 instance SSH public key from the AWS System Log. background For a while I was stumped at how to deal with AWS, AMIs and SSH fingerprints/public keys. Initially, it was through pre-baked AMIs. But what if pre-baking AMIs isn’t realistic? Or the AMIs are baked without SSH host keys generated and aren’t known?
Using Ansible to manage internal VPC private instances without using VPNs, by deploying a SSH proxy bastion host. background When dealing with a web stack or AWS infrastructure, how are private instances that do NOT need a public IP address managed? It’s not an extremely difficult question. In many cases VPNs are used for this purpose. But what if a VPN isn’t needed? It’s arguably overkill and it can introduce a lot of overhead, creating multiple site-to-site VPNs and linking various regions together.
I use AWS infrastructure as a service (IaaS) heavily, both personally and professionally. I have a slew of all different types of instances, doing different types of things. In many cases, I’ll want backups; basically, AWS snapshots. I needed a way to quickly create and manage backups through the use of AWS snapshots in an automated fashion. Sounds like a job for Ansible - and that’s exactly what I did.
2017-03-16 UPDATE - this is an old, unmanaged project. Use as a reference only. Mostly using Kubernetes now. Using Rancher, a container management platform, to deploy a dockerized ELK stack to AWS using Ansible. Background In certain scenarios, deploying Docker containers to infrastructure can be trickier than expected. Take an Elasticsearch, Logstash, Kibana (ELK) stack. Three docker containers, straight forward. Running a simple docker compose and our stack can be up without issue.
Automating the creation and updating of AWS AMI images uses Ansible. the problem One of the first problems when deploying anything is managing the base image. The gold load. The template. The thing that all systems are created from. Since we’re operating in AWS, our story begins with AMIs. We use AMIs. From those AMIs, instances are built and configured. We want to optimize this configuration process, so it makes sense to pre-configure our AMIs as much as possible.