Monday, July 21, 2025

Ansible part1

Ansible part1

Class 70th AWS Ansible Part1 July 21st

What is Ansible?

Multiple servers handling with one server.

Ansible handle the all servers , install the softwares maintain them, it is end to end auto machine tool

Ansible we called Configuration management tool

Configuration :(Software,hardware,os cpu ram..etc)

Management :(Tomcat(install,update,patches,delete))

it came 2014  Maichel dehhan Free and open source, maintained by red hat 

We have configure one we can use an number of times 

Setup will be complex 

                                            Ansible Architecture

Playbook file (code) Server create ,software install ,deploy any application

playbook code in yaml format we called yml, Once you create ansible server(main server) playbook, it will create and manage the servers .One server (worker node)to other server to connect we need SSH 

Ansible server has(Inventory file , it has work node ip address to manage)


Practicals

Step1: Create 5 instance,ad above shown, Use the MobaXterm termal, it will help to use muti execution

Same command ,all 5 instance 


Mobxterm mutiexec mode window

Ip-10.0.2.53 Ansible main server ,remaint dev1,de


Step2: Give Hostname for server identification

EXECUTE THE BELOW COMMANDS ON ALL 5 SERVERS:

sudo -i

hostnamectl set-hostname ansible/dev-1/dev-2/test-1/test-2

Change the name exclude windows give name 


Change all server with name

Step3: in ansible server using sudo user or ansible user to communicate work nodes with SSH connection
First set the password sudo all the servers 
Changed root password all servers , even if your knowing root password unable to communicate
other servers ,with ssh security configuration allow permit 

Step4:
Give the code vim /etc/ssh/sshd_config enter 
Below line 65 Passwordauthentication change no to yes 
Line 40 uncomment #Permintrootlogin prohibit-password  remove change to yes


yes

After changed Save !wq, this is service so you need reload using below command 

[root@ansible ~]# systemctl restart sshd
[root@ansible ~]# systemctl status sshd


get know your ip address using below command hostname -i


Step5: Below steps are perform only ansible server ,Need python for working for ansible 
by default python exist server,if not execute second command 
yum install ansible -y
yum install python3 python-pip python-dlevel -y (optional)

[root@ansible ~]# yum install ansible -y

[root@ansible ~]# python3 --version

Python 3.9.23

[root@ansible ~]# ansible --version

ansible [core 2.15.3]

  config file = None

  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python3.9/site-packages/ansible

  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections

  executable location = /usr/bin/ansible

  python version = 3.9.23 (main, Jun 27 2025, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-5)] (/usr/bin/python3.9)

  jinja version = 3.1.4

  libyaml = True

Step6:ansible communicate other server ,need other server ip address in inventory 
hosts file is called inventory 
[root@ansible]# pwd
/etc/ansible/
[root@ansible ]# vi hosts

[dev]
10.0.2.56
10.0.2.54
[test]
10.0.2.58
10.0.2.55
Step7: Generate the keygen using below command 
 
ssh-keygen -- > enter 4 times 

[root@ansible roles]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa

Your public key has been saved in /root/.ssh/id_rsa.pub

The key fingerprint is:

SHA256:YMrH1dtBtnV8CaJ/hKtBNcFZXCjxh8gKOMxD+QvuZl0 root@ansible

The key's randomart image is:

+---[RSA 3072]----+

|     ..   .*Oo=oo|

|    +..  .+**=.oo|

|     *+..o.+++ ..|

|   . =o+o ooo..  |

|    + + So.o..   |

|     o . Eo .    |

|    . . ..       |

|     + .         |

|    o            |

+----[SHA256]-----+

Step8:The Key file will store in the below path

[root@ansible .ssh]# pwd

/root/.ssh

[root@ansible .ssh]# ls -lrt

total 12

-rw-------. 1 root root  562 Jul 25 18:33 authorized_keys

-rw-r--r--. 1 root root  566 Jul 25 20:11 id_rsa.pub

-rw-------. 1 root root 2602 Jul 25 20:11 id_rsa

id_rsa.pub (public key)
id_rsa(privatekey)
Step9: These two key file need to store all the remaining work node.
ssh-copy-id root@private ip of dev-1 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of dev-2 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of test-1 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of test-2 -- > yes -- > password -- > ssh private ip -- > ctrl d


Dev1 added Successfully.
ssh-copy-id root@10.0.2.56

[root@ansible .ssh]# ls -rt
authorized_keys  id_rsa.pub  id_rsa  known_hosts
[root@ansible .ssh]# ssh-copy-id root@10.0.2.56
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.2.56's password:
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.56'"
and check to make sure that only the key(s) you wanted were added.

Dev2 added Successfully.


[root@ansible .ssh]# ssh-copy-id root@10.0.2.54
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.2.54 (10.0.2.54)' can't be established.
ED25519 key fingerprint is SHA256:2CbNMZYgBXW1ZPvq7Yu5vWIKvqYQpff+S21ct2A+rK8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.2.54's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.54'"
and check to make sure that only the key(s) you wanted were added.

...remaining all 
ssh-copy-id root@10.0.2.58
ssh-copy-id root@10.0.2.55
Step10: You can check and test ansible(main server) to dev and test connected or not using ip address 
Connected successfully

[root@ansible .ssh]# ssh 10.0.2.58
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last failed login: Fri Jul 25 20:44:02 UTC 2025 from 109.120.137.7 on ssh:notty
There were 8 failed login attempts since the last successful login.
[root@test1 ~]#

Dev connected from ansible 
.[root@ansible .ssh]# ssh 10.0.2.56
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Fri Jul 25 20:48:52 2025 from 10.0.2.58
[root@dev1 ~]#

Step11:using below command you need check ansible server communicate all other server or not 
Coming Green mean communicated successfully.


Step12: Not we are planning to install Git except ansible ,we have 4 servers 
if you give this command ,using argument all , it will install all worker node 
[root@ansible ansible]# ansible all -a  "yum install git -y"
As you need all server git installed successfully, we have done only ansible remaining worker node automatically installed 


instead of all ,her dev only installed 
ansible dev -a "yum install maven -y"

See below screen installed only in dev environment.

1. ADHOC COMMANDS:
these are simple Linux commands. 
these are used for temp works.
these commands will be over ridden.

ansible all -a "yum install git -y"
ansible all -a "yum install maven -y"
ansible all -a "mvn --version"
ansible all -a "touch file1"
ansible all -a "touch raham.txt"
ansible all -a "ls"
ansible all -a "yum install httpd -y"
ansible all -a "systemctl status httpd"
ansible all -a "systemctl start httpd"
ansible all -a "useradd raham"
ansible all -a "cat /etc/passwd"
ansible all -a "yum remove git* maven* httpd* -y"

--Thanks 
by at No comments:

Friday, July 11, 2025

Final day Lambda-Prj

Class 65th AWS Project day 4 July 11th

Final day for AWS Complete Project 
Step1: This Git code upload all lambda function and main app.py file
https://github.com/Vakatisubbu/Lambda_prj.git
Step2: Create launch template ,base on the autoscaling and target group creation steps
Name: Launch-template
Step3: Select Quick start 
AMI:Amazon Linux (Free tier eligible)
Instance Type: t2.micro(Free tier eligible), Network setting Don't include in launch template
we will do at time of autoscaling 
Step4: click Advance detail , add below code user data

#!/bin/bash
# Update system and install dependencies
yum update -y
yum install -y python3 python3-pip git

# Configure Python environment
python3 -m pip install --upgrade pip
python3 -m pip install --user flask requests boto3

# Clone the project
cd /home/ec2-user
git clone https://github.com/Vakatisubbu/Lambda_prj.git

# Set proper permissions (added your requested lines)
sudo chown -R ec2-user:ec2-user /home/ec2-user/Lambda_prj/
sudo chmod 755 /home/ec2-user/Lambda_prj/
cd Lambda_prj

# Create systemd service file
cat << 'EOF' > /etc/systemd/system/digital_library.service
[Unit]
Description=DigitalLibrary Flask App
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/Lambda_prj
ExecStart=/usr/bin/python3 app.py
Restart=on-failure
RestartSec=5s
Environment="PATH=/usr/local/bin:/usr/bin:/bin"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full

[Install]
WantedBy=multi-user.target
EOF

# Enable and start the service
systemctl daemon-reload
systemctl enable digital_library
systemctl start digital_library

Step5: Then click create launch template,created launch template
Step6:select the template and actions>create autoscaling group
Step7:Click next 

Step8:Attached new load balancer 


Step9:Public subnets new name give to target group Target-group

Step10:No changes,click Next 
Step12:Desire give 2, no change Click next ,
Add notification -optional Click next
Add tags -option Click next 
Review >Create Autoscaling Group

Step13: Two instance created successfully
Note: Subnet Public ip must automatic enabled


Step14:Create new service Demon service 
First Sever 

[ec2-user@ip-10-0-2-60 systemd]$ cd /etc/systemd
[ec2-user@ip-10-0-2-60 systemd]$ sudo  vi digital_library.service

[Unit]
Description=DigitalLibrary Flask App
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/Lambda_prj
ExecStart=/usr/bin/python3 app.py
Restart=on-failure
RestartSec=5s
Environment="PATH=/usr/local/bin:/usr/bin:/bin"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full

[Install]
WantedBy=multi-user.target

[ec2-user@ip-10-0-2-60 ~]$ cd /home/ec2-user/Lambda_prj/
[ec2-user@ip-10-0-2-60 ~]$ pip3 install flask
[ec2-user@ip-10-0-2-60 ~]$ pip3 install requests
[ec2-user@ip-10-0-2-60 ~]$ pip3 install boto3
[ec2-user@ip-10-0-2-60 ~]$ cd /home/ec2-user/Lambda_prj/
[ec2-user@ip-10-0-2-60  Lambda_prj ~]$  sudo systemctl daemon-reload
[ec2-user@ip-10-0-2-60  Lambda_prj~]$ sudo systemctl daemon-reexec
[ec2-user@ip-10-0-2-60 Lambda_prj ~]$ sudo systemctl restart digital_library
[ec2-user@ip-10-0-2-60  Lambda_prj~]$ sudo systemctl status digital_library
● digital_library.service - DigitalLibrary Flask App
     Loaded: loaded (/etc/systemd/system/digital_library.service; enabled; preset: disabled)
     Active: active (running) since Thu 2025-07-24 19:07:17 UTC; 5s ago

Second  server:

[ec2-user@ip-10-0-2-13 ~]$ cd /etc/systemd

[Unit]
Description=DigitalLibrary Flask App
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/Lambda_prj
ExecStart=/usr/bin/python3 app.py
Restart=on-failure
RestartSec=5s
Environment="PATH=/usr/local/bin:/usr/bin:/bin"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full

[Install]
WantedBy=multi-user.target

[ec2-user@ip-10-0-2-13 ~]$ cd /home/ec2-user/Lambda_prj/
[ec2-user@ip-10-0-2-13 Lambda_prj]$  sudo systemctl daemon-reload
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl daemon-reexec
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl restart digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl status digital_library
● digital_library.service - DigitalLibrary Flask App
     Loaded: loaded (/etc/systemd/system/digital_library.service; enabled; preset: disabled)
     Active: active (running) since Thu 2025-07-24 19:07:17 UTC; 5s ago

Step15:Check with public ip's Application working or not,Port in the app.py mentioned 5000
 
First instance Public ip :13.41.229.236


Second instance Public ip 

Step16: If you are facing any issues Try these steps  


[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo chown -R ec2-user:ec2-user /home/ec2-user/Lambda_prj
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo chmod 755 /home/ec2-user/Lambda_prj
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl daemon-reload
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl start digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl enable digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl restart digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl status digital_library

Step17: target group /health 5000 override port 



Loader balancer and lister 5000 port
Load balancer add the lister 443


Step18:Route 53 you need add the A record,if any existin A record delete , create new for loadbalancer 
using dns 
Step19:existing load balancer Click a record
Step20:

Step21: it will take some time vakatisubbu.xyz 10 to 15 minute synchrize

Step22: Mean while database i have already created, it was shutdown just restart the database 
it is starting 



Step23: Lambda functions already , i have created  Below are reference ,
Already ,i have share Git Repo first line of this page ,you take create lambda function accordingly 
Step24:Correspondindg Rest API also need create,All are usign Get function
Step25:

All test API's intergration request mapping parameters below 
1)
/BarrowBooks

Content type : application/json

{
  "user_id": "$input.params('user_id')",
  "book_id": "$input.params('book_id')"
}


2)
/GetBarrowBooks

Content type : application/json
{
  "user_id": "$input.params('user_id')"
}

3)
/GetBarrowHistory
Content type : application/json
{
  "user_id": "$input.params('user_id')"
}

4) No input parameter  all list of book will populate
/ListBooks

Nothing 
5)
/ReturnBooks
Content type : application/json
{
  "user_id": "$input.params('user_id')",
  "book_id": "$input.params('book_id')"
}

6)
/Signin
Content type : application/json
{
  "user_id": "$input.params('user_id')",
  "book_id": "$input.params('book_id')"
}

7)
/Signup
Content type : application/json
{
   "name": "$input.params('name')",
   "mobile": "$input.params('mobile')",
   "email": "$input.params('email')",
   "password":"$input.params('password')",
   "gender": "$input.params('gender')",
   "location":"$input.params('location')",
   "image": "$input.params('image')"
}

8)
/Welcome
Content type : application/json
{
  "user_id": "$input.params('user_id')"
}

Step26:
After database restarted and domain 15minute taking to synchrize, See below webpage login successfully,So Digital Library project completed successfully...




--Thanks

by at No comments:

Thursday, July 10, 2025

AWS Project day 3

Class 64th AWS Project day 3 July 10th

Create one more lambda function 

Step1:Need to create below lambda function 


Step2: Layer which common code in all database connection code every lambda function, instead of calling all the connection every function to over the repeated entry need to use layer
Environment variables DB_HOST,DB_NAME,DB_USER,  DB_PASS
If you stared with Signup go to loacal singup folder code install the msql pip install pymysql -t.
Create one python directory whatever move to pymsql and pyMSql ..executable file to python folder

Zip the python folder  python.zip

Step3:Create the layer ,upload the Signup zip file and click create layer 
ccit-mysqldb-layer

Step4: Creation of RDS database 

Create Mysql steps:

Aurora and RDS> Create database 

Single(A-Z) DB instance deployment (1 instance)

DB Instance Identifier  :Digital-library

Credential Settings >Self managed  > admin /admin1234

DB Instance Class >Burstable Classes :db.t4g.micro

Public access :Yes 

Click Create database 

Step5:

Endpoint :digital-library.c5iyik8mi7ym.eu-west-2.rds.amazonaws.com

User admin 

password:admin1234

Database Schema creaion: CREATE DATABASE IF NOT EXISTS digital_library; USE digital_library;

CREATE TABLE IF NOT EXISTS users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(100) NOT NULL, mobile VARCHAR(20) NOT NULL, email VARCHAR(100) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, gender VARCHAR(10), location VARCHAR(100), image VARCHAR(255) );

CREATE TABLE IF NOT EXISTS books ( id INT AUTO_INCREMENT PRIMARY KEY, title VARCHAR(255) NOT NULL, author VARCHAR(255), available BOOLEAN DEFAULT TRUE );

CREATE TABLE IF NOT EXISTS history ( id INT AUTO_INCREMENT PRIMARY KEY, user_id INT, book_id INT, borrow_date DATETIME, return_date DATETIME, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, FOREIGN KEY (book_id) REFERENCES books(id) ON DELETE CASCADE );

INSERT INTO books (title, author, available) VALUES ('Wings of Fire', 'A.P.J. Abdul Kalam', TRUE), ('The Guide', 'R.K. Narayan', TRUE), ('Godan', 'Munshi Premchand', TRUE), ('Train to Pakistan', 'Khushwant Singh', TRUE), ('Ignited Minds', 'A.P.J. Abdul Kalam', TRUE), ('Mahabharata', 'Ved Vyasa', TRUE), ('Python Crash Course', 'Eric Matthes', TRUE), ('Digital Fortress', 'Dan Brown', TRUE), ('You Can Win', 'Shiv Khera', TRUE), ('Zero to One', 'Peter Thiel', TRUE);

Step6: add environment variabe 
Environment variables DB_HOST:digital-library.c5iyik8mi7ym.eu-west-2.rds.amazonaws.com
      ,DB_NAME=digital_library,DB_USER=admin ,DB_PASS=admin1234

Step6: Give Connection details to the lambda function click save

Step7: add Layer 

Step8: Select custom layer ,select you layer and version click add 










Step9:Every function add the code deploy and add the environment variable all the remaining functions


Step10:


Step11: Create API Gateways 
Rest API  Click Build  Click Create API

Step12:Create Resource the API,Signup,select below options Create resource 
Step13:Delete the Option methos, create new method for Get method

Step14: Select below option for Signup API choose correspinding lambda function create create method

Step15: Create resouce Signin Click create resource 

Step16:Delete the exist Option metho,Click create method for Signin Click 

Step17:Need create all resource and create methods.


Step18:Create Deploy API ,after deploy all the url copy from the method,past them in you main 
app.py file


Step19:Copy all url from the API,past that into your code


Step20:Modify the exist project code ,like below and execute

Step21: We missed Integration Input parameter adding Signup Click Save 
Step22:Signin Integration mapping templated 
{
  "email": "$input.params('email')",
  "password": "$input.params('password')"
}


Step23: After changes Click deploy API










Step22:


Step23: Data inserted Successfully 

Step24: Every not required upload lambda function runtime file to All lambda function instead of them you just add the layer for the every lambda function
Added the layer customize

 Add same layer similar all database connection lambda function click add


This is the completed Code 





--Thanks


by at No comments:
Subscribe to: Posts (Atom)