Tuesday, July 22, 2025

Ansible part2

 Class 70th AWS Ansible Part2 July 22nd

Step1:Created three instances


Ansible Module: Adhoc command we are not using in real time every time using adhoc temporary work, instead of adhoc modules are using 

Step2:For understanding hostname set for the all servers 

1)hostnamectl set-hostname ansible

2)hostnamectl set-hostname dev1

3)hostnamectl set-hostname test1

Step3: Too communicate our main server Ansible to worker node,sshkey connection required and set the sudo user password for all server,for time begin we have set all sudo server same password ,using MobaXterm multiexec


Step4: to communicate the anisable server to worker node need to configure below things

Give the code vim /etc/ssh/sshd_config enter 

Below line 65 Passwordauthentication change no to yes 
Line 40 uncomment #Permintrootlogin prohibit-password  remove change to yes
systemctl restart sshd
systemctl status sshd

Step5:Below steps need to perform only in ansible server 
[root@ansible ~]# yum install ansible -y

Step6:ansible communicate other server ,need other server Private ip address in inventory hosts file is called inventory ,create below directory hosts file 

[root@ansible ~]# cd /etc/ansible
[root@ansible ansible]# vi hosts
[root@ansible ansible]# cat hosts
[dev1]
10.0.2.9
[Test1]
10.0.2.30
[root@ansible ansible]#
Step7: Key file will be generate using the ssh-keygen command in ansible server 
ssh-keygen -- > enter 4 times 

[root@ansible ansible]#  ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:WU0szLlsFrjg8e6nIFYgFmZDUUI9p1yhZX96jFT1gdU root@ansible
The key's randomart image is:
Step8:The Key file will store in the below path
ssh-copy-id root@private ip of dev-1 -- > yes -- > password -- > ssh private ip -- > ctrl d

Test1 --private ip
[root@ansible .ssh]# ssh-copy-id root@10.0.2.30

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.30'"
and check to make sure that only the key(s) you wanted were added.

Dev1 --private ip
[root@ansible .ssh]#ssh-copy-id root@10.0.2.9

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@10.0.2.9's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.9'"

and check to make sure that only the key(s) you wanted were added.

Module:

 In Ansible based on work,we are using different different modules ,
  •  For Service start/restart
  •  For install yum
  •  For user creation
  •  For group creation
  •  For copy file

Step9: MODULES:

its a key-value pair.

modules are reusable.

we can use different modules for different purposes.

module flag is -m 

ansible all -m yum -a "name=git state=present"

ansible all -m yum -a "name=maven state=present"

ansible all -m yum -a "name=maven state=present" [present=installed]

ansible all -m yum -a "name=httpd state=present"

ansible all -m service -a "name=httpd state=started" [started=restart]

ansible all -m service -a "name=httpd state=stopped" [stopped=stop]

ansible all -m yum -a "name=http state=absent" [absent=uninstall]

ansible all -m user -a "name=vikram state=present"

ansible all -m group -a "name=devops state=absent"

ansible all -m copy -a "src=raham.txt dest=/tmp"

Adhoc:ansible all -a command even adhoc ,if you writing module -m means module  
Module :ansible all -m  yum  (module name yum) ,name of the package(git) state is present install

Step10:
GIt Installation
[root@ansible .ssh]# ansible all -m yum -a "name=git state=present"
[root@test1 ~]# git --version
git version 2.50.1
[root@dev1 ~]# git --version
git version 2.50.1

Step11:
Maven Installation
[root@ansible .ssh]# ansible all -m yum -a "name=maven state=present"

[root@test1 ~]# mvn -v

Apache Maven 3.8.4 (Red Hat 3.8.4-3.amzn2023.0.5)

Maven home: /usr/share/maven

Java version: 17.0.16, vendor: Amazon.com Inc., runtime: /usr/lib/jvm/java-17-amazon-corretto.x86_64

Default locale: en, platform encoding: UTF-8

OS name: "linux", version: "6.1.144-170.251.amzn2023.x86_64", arch: "amd64", family: "unix"

[root@test1 ~]# mvn -v

Apache Maven 3.8.4 (Red Hat 3.8.4-3.amzn2023.0.5)

Maven home: /usr/share/maven

Java version: 17.0.16, vendor: Amazon.com Inc., runtime: /usr/lib/jvm/java-17-amazon-corretto.x86_64

Default locale: en, platform encoding: UTF-8

OS name: "linux", version: "6.1.144-170.251.amzn2023.x86_64", arch: "amd64", family: "unix"

[root@dev1 ~]# mvn -v
Apache Maven 3.8.4 (Red Hat 3.8.4-3.amzn2023.0.5)
Maven home: /usr/share/maven
Java version: 17.0.16, vendor: Amazon.com Inc., runtime: /usr/lib/jvm/java-17-amazon-corretto.x86_64
Default locale: en, platform encoding: UTF-8
OS name: "linux", version: "6.1.144-170.251.amzn2023.x86_64", arch: "amd

Install

ansible all -m yum -a "name=httpd state=present"

ansible all -m service -a "name=httpd state=started" (yum is not required service module)

unInstall
ansible all -m yum -a "name=httpd state=adsent"
Last patch
ansible all -m yum -a "name=httpd state=latest"

Step12: Here Again apache trying to install worker node see green color means already installed 
Step13:Use Creation ,Yellow color mean user created successfully
ansible all -m  user -a "name=ccituser state=present"






















Worker node users created successfuly.
[root@test1 ~]# grep "ccituser"  /etc/passwd
ccituser:x:1001:1001::/home/ccituser:/bin/bash

[root@dev1 ~]# grep "ccituser"  /etc/passwd
ccituser:x:1001:1001::/home/ccituser:/bin/bash

Step14:Group to create
[root@ansible .ssh]# ansible all -m  group -a "name=devops state=present"

[root@test1 ~]# grep "devops" /etc/group
devops:x:1002:
[root@dev1 ~]# grep "devops"  /etc/group
devops:x:1002:

Step15: File movement ansible to all worker nodes 
Source :Ansible
[root@ansible ~]# vi file.txt
[root@ansible ~]# cat file.txt
This same text file copyig to all worker nodes

Target :Worknode file successfully moved 
[root@ansible ~]# ansible all -m copy -a "src=file.txt dest=/tmp"

[root@test1 ~]# cd /tmp
[root@test1 tmp]# ls
file.txt
Target :Worknode2 file successfully moved 

[root@dev1 ~]# cd /tmp
[root@dev1 tmp]# ls
file.txt

Step16: uninstall all package 
[root@ansible ~]# ansible all -a  "yum remove git* maven httpd  -y"

Step17: Here some drawback for module single single command every need to work CLI mode
,instead of this overcome use Playbook used to execute multiple modules , and reusable 

PLAYBOOKS:
playbooks used to execute multiple modules.
we can reuse the playbook multiple times.
in real time we use a playbook to automate our work.
for  Server Creation, pkg installation, deployment  ----
here we use key-value pairs.
Key-Value can also be called as Dictionary.
ansible-playbook will be written on YAML syntax.
YAML = YET ANOTHER MARKUP LANGUAGE
extension for playbook is .yml or .yaml
playbook start with --- and end with ... (opt)


Step18:
[root@ansible ~]# vi ansibleplb.yaml
[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  tasks:
    - name: installing git
      yum: name=git state=present
    - name: installing maven
      yum: name=maven stats=present
    - name: installing apache
      yum: name=httpd state=present
    - name: start the service apache
      service: name=httpd statse=started
    - name: user creation
      user: name=ccit2 state=present
    - name : copying file
      copy: src=file2.txt dest=/tmp

Step19:
[root@ansible ~]# ansible-playbook ansibleplb.yaml
PLAY all (mean all servers install)



See above we have performed 6 tasks Ok=7 (1 task showing Gathering stats performed by additional task ansible), Gather state ansible will get the states from worker node 
Using sed command replace present to absent for unistall the play book script modification

sed -i means insert 's mean seach g mean global

[root@ansible ~]# vi ansibleplb.yaml
[root@ansible ~]# sed -i 's/present/absent/g' ansibleplb.yaml


[root@ansible ~]# sed -i 's/present/absent/g' ansibleplb.yaml
[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  tasks:
    - name: installing git
      yum: name=git state=absent

    - name: installing maven
      yum: name=maven state=absent

    - name: installing apache
      yum: name=httpd state=absent

    - name: start the service apache
      service: name=httpd state=started

    - name: user creation
      user: name=ccit2 state=absent

    - name : copying file
      copy: src=file.txt dest=/tmp

Step20:Above our script ,after uninstall apache we are trying to start that is the issue failed play book,so here ansible execute the playbook in sequentially manner if any task failed, remaining below task not performed by ansible. 


Step21: Too overcome the issue use the ignore command in playbook execute the complete script
[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  ignore_errors: true
  tasks:
    - name: installing git
      yum: name=git state=absent

    - name: installing maven
      yum: name=maven state=absent

    - name: installing apache
      yum: name=httpd state=absent

    - name: start the service apache
      service: name=httpd state=started

    - name: user creation
      user: name=ccit2 state=absent

    - name : copying file
      copy: src=file.txt dest=/tmp



Tags:
TAGS: by default ansible will execute all tasks sequentially in a playbook.
we can use tags to execute a specific tasks or to skip a specific tasks.
[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  ignore_errors: true
  tasks:
    - name: installing git
      yum: name=git state=absent
      tags: a
    - name: installing maven
      yum: name=maven state=absent
      tags: b
    - name: installing apache
      yum: name=httpd state=absent
      tags: c
    - name: start the service apache
      service: name=httpd state=started
      tags: d
    - name: user creation
      user: name=ccit2 state=absent
      tags: e
    - name : copying file
      copy: src=file.txt dest=/tmp

Step22:
[root@ansible ~]# ansible-playbook ansibleplb.yaml --tags a,c

Step23: need to perform all of the task except one ignore

[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  ignore_errors: true
  tasks:
    - name: installing git
      yum: name=git state=present
      tags: a
    - name: installing maven
      yum: name=maven state=present
      tags: b
    - name: installing apache
      yum: name=httpd state=present
      tags: c
    - name: start the service apache
      service: name=httpd state=started
      tags: d
    - name: user creation
      user: name=ccit2 state=present
      tags: e
    - name : copying file
      copy: src=file.txt dest=/tmp
      tags: f


[root@ansible ~]# ansible-playbook ansibleplb.yaml --skip-tags e,f


PLAY [all] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************
[WARNING]: Platform linux on host 10.0.2.30 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.0.2.30]
[WARNING]: Platform linux on host 10.0.2.9 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.0.2.9]

TASK [installing git] ******************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [installing maven] ****************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [installing apache] ***************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [start the service apache] ********************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

PLAY RECAP *****************************************************************************************************************************************
10.0.2.30                  : ok=5    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.0.2.9                   : ok=5    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0


Variables 

[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  ignore_errors: true
  vars:
    a: git
    b: maven
    c: httpd
  tasks:
    - name: installing {{git}}
      yum: name={{a}} state=present
      tags: a
    - name: installing {{b}}
      yum: name={{b}} state=present
      tags: b
    - name: installing apache
      yum: name={{c}} state=present
      tags: c


[root@ansible ~]# ansible-playbook ansibleplb.yaml

PLAY [all] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************
[WARNING]: Platform linux on host 10.0.2.9 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.0.2.9]
[WARNING]: Platform linux on host 10.0.2.30 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.0.2.30]

TASK [installing {{git}}] **************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [installing maven] ****************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [installing apache] ***************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

PLAY RECAP *****************************************************************************************************************************************
10.0.2.30                  : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.0.2.9                   : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0


Dynamic Variables 

[root@ansible ~]# cat ansibleplb.yaml
- hosts: all
  ignore_errors: true
  vars:
  tasks:
    - name: installing {{a}}
      yum: name={{a}} state=present
      tags: a
    - name: installing {{b}}
      yum: name={{b}} state=present
      tags: b
    - name: installing apache
      yum: name={{c}} state=present
      tags: c


[root@ansible ~]# ansible-playbook ansibleplb.yaml --extra-vars "a=maven b=docker c=httpd"

PLAY [all] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************
[WARNING]: Platform linux on host 10.0.2.9 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.0.2.9]
[WARNING]: Platform linux on host 10.0.2.30 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.0.2.30]

TASK [installing maven] ****************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [installing docker] ***************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

TASK [installing apache] ***************************************************************************************************************************
changed: [10.0.2.9]
changed: [10.0.2.30]

PLAY RECAP *****************************************************************************************************************************************
10.0.2.30                  : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.0.2.9                   : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0


--Thanks 


Monday, July 21, 2025

Ansible part1

Ansible part1

Class 70th AWS Ansible Part1 July 21st

What is Ansible?

Multiple servers handling with one server.

Ansible handle the all servers , install the softwares maintain them, it is end to end auto machine tool

Ansible we called Configuration management tool

Configuration :(Software,hardware,os cpu ram..etc)

Management :(Tomcat(install,update,patches,delete))

it came 2014  Maichel dehhan Free and open source, maintained by red hat 

We have configure one we can use an number of times 

Setup will be complex 

                                            Ansible Architecture

Playbook file (code) Server create ,software install ,deploy any application

playbook code in yaml format we called yml, Once you create ansible server(main server) playbook, it will create and manage the servers .One server (worker node)to other server to connect we need SSH 

Ansible server has(Inventory file , it has work node ip address to manage)


Practicals

Step1: Create 5 instance,ad above shown, Use the MobaXterm termal, it will help to use muti execution

Same command ,all 5 instance 


Mobxterm mutiexec mode window

Ip-10.0.2.53 Ansible main server ,remaint dev1,de


Step2: Give Hostname for server identification

EXECUTE THE BELOW COMMANDS ON ALL 5 SERVERS:

sudo -i

hostnamectl set-hostname ansible/dev-1/dev-2/test-1/test-2

Change the name exclude windows give name 


Change all server with name

Step3: in ansible server using sudo user or ansible user to communicate work nodes with SSH connection
First set the password sudo all the servers 
Changed root password all servers , even if your knowing root password unable to communicate
other servers ,with ssh security configuration allow permit 

Step4:
Give the code vim /etc/ssh/sshd_config enter 
Below line 65 Passwordauthentication change no to yes 
Line 40 uncomment #Permintrootlogin prohibit-password  remove change to yes


yes

After changed Save !wq, this is service so you need reload using below command 

[root@ansible ~]# systemctl restart sshd
[root@ansible ~]# systemctl status sshd


get know your ip address using below command hostname -i


Step5: Below steps are perform only ansible server ,Need python for working for ansible 
by default python exist server,if not execute second command 
yum install ansible -y
yum install python3 python-pip python-dlevel -y (optional)

[root@ansible ~]# yum install ansible -y

[root@ansible ~]# python3 --version

Python 3.9.23

[root@ansible ~]# ansible --version

ansible [core 2.15.3]

  config file = None

  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python3.9/site-packages/ansible

  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections

  executable location = /usr/bin/ansible

  python version = 3.9.23 (main, Jun 27 2025, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-5)] (/usr/bin/python3.9)

  jinja version = 3.1.4

  libyaml = True

Step6:ansible communicate other server ,need other server ip address in inventory 
hosts file is called inventory 
[root@ansible]# pwd
/etc/ansible/
[root@ansible ]# vi hosts

[dev]
10.0.2.56
10.0.2.54
[test]
10.0.2.58
10.0.2.55
Step7: Generate the keygen using below command 
 
ssh-keygen -- > enter 4 times 

[root@ansible roles]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa

Your public key has been saved in /root/.ssh/id_rsa.pub

The key fingerprint is:

SHA256:YMrH1dtBtnV8CaJ/hKtBNcFZXCjxh8gKOMxD+QvuZl0 root@ansible

The key's randomart image is:

+---[RSA 3072]----+

|     ..   .*Oo=oo|

|    +..  .+**=.oo|

|     *+..o.+++ ..|

|   . =o+o ooo..  |

|    + + So.o..   |

|     o . Eo .    |

|    . . ..       |

|     + .         |

|    o            |

+----[SHA256]-----+

Step8:The Key file will store in the below path

[root@ansible .ssh]# pwd

/root/.ssh

[root@ansible .ssh]# ls -lrt

total 12

-rw-------. 1 root root  562 Jul 25 18:33 authorized_keys

-rw-r--r--. 1 root root  566 Jul 25 20:11 id_rsa.pub

-rw-------. 1 root root 2602 Jul 25 20:11 id_rsa

id_rsa.pub (public key)
id_rsa(privatekey)
Step9: These two key file need to store all the remaining work node.
ssh-copy-id root@private ip of dev-1 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of dev-2 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of test-1 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of test-2 -- > yes -- > password -- > ssh private ip -- > ctrl d


Dev1 added Successfully.
ssh-copy-id root@10.0.2.56

[root@ansible .ssh]# ls -rt
authorized_keys  id_rsa.pub  id_rsa  known_hosts
[root@ansible .ssh]# ssh-copy-id root@10.0.2.56
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.2.56's password:
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.56'"
and check to make sure that only the key(s) you wanted were added.

Dev2 added Successfully.


[root@ansible .ssh]# ssh-copy-id root@10.0.2.54
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.2.54 (10.0.2.54)' can't be established.
ED25519 key fingerprint is SHA256:2CbNMZYgBXW1ZPvq7Yu5vWIKvqYQpff+S21ct2A+rK8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.2.54's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.54'"
and check to make sure that only the key(s) you wanted were added.

...remaining all 
ssh-copy-id root@10.0.2.58
ssh-copy-id root@10.0.2.55
Step10: You can check and test ansible(main server) to dev and test connected or not using ip address 
Connected successfully

[root@ansible .ssh]# ssh 10.0.2.58
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last failed login: Fri Jul 25 20:44:02 UTC 2025 from 109.120.137.7 on ssh:notty
There were 8 failed login attempts since the last successful login.
[root@test1 ~]#

Dev connected from ansible 
.[root@ansible .ssh]# ssh 10.0.2.56
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Fri Jul 25 20:48:52 2025 from 10.0.2.58
[root@dev1 ~]#

Step11:using below command you need check ansible server communicate all other server or not 
Coming Green mean communicated successfully.


Step12: Not we are planning to install Git except ansible ,we have 4 servers 
if you give this command ,using argument all , it will install all worker node 
[root@ansible ansible]# ansible all -a  "yum install git -y"
As you need all server git installed successfully, we have done only ansible remaining worker node automatically installed 


instead of all ,her dev only installed 
ansible dev -a "yum install maven -y"

See below screen installed only in dev environment.

1. ADHOC COMMANDS:
these are simple Linux commands. 
these are used for temp works.
these commands will be over ridden.

ansible all -a "yum install git -y"
ansible all -a "yum install maven -y"
ansible all -a "mvn --version"
ansible all -a "touch file1"
ansible all -a "touch raham.txt"
ansible all -a "ls"
ansible all -a "yum install httpd -y"
ansible all -a "systemctl status httpd"
ansible all -a "systemctl start httpd"
ansible all -a "useradd raham"
ansible all -a "cat /etc/passwd"
ansible all -a "yum remove git* maven* httpd* -y"

--Thanks 

Friday, July 11, 2025

Final day Lambda-Prj

Class 65th AWS Project day 4 July 11th

Final day for AWS Complete Project 
Step1: This Git code upload all lambda function and main app.py file
https://github.com/Vakatisubbu/Lambda_prj.git
Step2: Create launch template ,base on the autoscaling and target group creation steps
Name: Launch-template
Step3: Select Quick start 
AMI:Amazon Linux (Free tier eligible)
Instance Type: t2.micro(Free tier eligible), Network setting Don't include in launch template
we will do at time of autoscaling 
Step4: click Advance detail , add below code user data

#!/bin/bash
# Update system and install dependencies
yum update -y
yum install -y python3 python3-pip git

# Configure Python environment
python3 -m pip install --upgrade pip
python3 -m pip install --user flask requests boto3

# Clone the project
cd /home/ec2-user
git clone https://github.com/Vakatisubbu/Lambda_prj.git

# Set proper permissions (added your requested lines)
sudo chown -R ec2-user:ec2-user /home/ec2-user/Lambda_prj/
sudo chmod 755 /home/ec2-user/Lambda_prj/
cd Lambda_prj

# Create systemd service file
cat << 'EOF' > /etc/systemd/system/digital_library.service
[Unit]
Description=DigitalLibrary Flask App
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/Lambda_prj
ExecStart=/usr/bin/python3 app.py
Restart=on-failure
RestartSec=5s
Environment="PATH=/usr/local/bin:/usr/bin:/bin"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full

[Install]
WantedBy=multi-user.target
EOF

# Enable and start the service
systemctl daemon-reload
systemctl enable digital_library
systemctl start digital_library

Step5: Then click create launch template,created launch template
Step6:select the template and actions>create autoscaling group
Step7:Click next 

Step8:Attached new load balancer 


Step9:Public subnets new name give to target group Target-group

Step10:No changes,click Next 
Step12:Desire give 2, no change Click next ,
Add notification -optional Click next
Add tags -option Click next 
Review >Create Autoscaling Group

Step13: Two instance created successfully
Note: Subnet Public ip must automatic enabled


Step14:Create new service Demon service 
First Sever 

[ec2-user@ip-10-0-2-60 systemd]$ cd /etc/systemd
[ec2-user@ip-10-0-2-60 systemd]$ sudo  vi digital_library.service

[Unit]
Description=DigitalLibrary Flask App
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/Lambda_prj
ExecStart=/usr/bin/python3 app.py
Restart=on-failure
RestartSec=5s
Environment="PATH=/usr/local/bin:/usr/bin:/bin"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full

[Install]
WantedBy=multi-user.target

[ec2-user@ip-10-0-2-60 ~]$ cd /home/ec2-user/Lambda_prj/
[ec2-user@ip-10-0-2-60 ~]$ pip3 install flask
[ec2-user@ip-10-0-2-60 ~]$ pip3 install requests
[ec2-user@ip-10-0-2-60 ~]$ pip3 install boto3
[ec2-user@ip-10-0-2-60 ~]$ cd /home/ec2-user/Lambda_prj/
[ec2-user@ip-10-0-2-60  Lambda_prj ~]$  sudo systemctl daemon-reload
[ec2-user@ip-10-0-2-60  Lambda_prj~]$ sudo systemctl daemon-reexec
[ec2-user@ip-10-0-2-60 Lambda_prj ~]$ sudo systemctl restart digital_library
[ec2-user@ip-10-0-2-60  Lambda_prj~]$ sudo systemctl status digital_library
● digital_library.service - DigitalLibrary Flask App
     Loaded: loaded (/etc/systemd/system/digital_library.service; enabled; preset: disabled)
     Active: active (running) since Thu 2025-07-24 19:07:17 UTC; 5s ago

Second  server:

[ec2-user@ip-10-0-2-13 ~]$ cd /etc/systemd

[Unit]
Description=DigitalLibrary Flask App
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/Lambda_prj
ExecStart=/usr/bin/python3 app.py
Restart=on-failure
RestartSec=5s
Environment="PATH=/usr/local/bin:/usr/bin:/bin"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full

[Install]
WantedBy=multi-user.target

[ec2-user@ip-10-0-2-13 ~]$ cd /home/ec2-user/Lambda_prj/
[ec2-user@ip-10-0-2-13 Lambda_prj]$  sudo systemctl daemon-reload
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl daemon-reexec
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl restart digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl status digital_library
● digital_library.service - DigitalLibrary Flask App
     Loaded: loaded (/etc/systemd/system/digital_library.service; enabled; preset: disabled)
     Active: active (running) since Thu 2025-07-24 19:07:17 UTC; 5s ago

Step15:Check with public ip's Application working or not,Port in the app.py mentioned 5000
 
First instance Public ip :13.41.229.236


Second instance Public ip 

Step16: If you are facing any issues Try these steps  


[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo chown -R ec2-user:ec2-user /home/ec2-user/Lambda_prj
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo chmod 755 /home/ec2-user/Lambda_prj
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl daemon-reload
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl start digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl enable digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl restart digital_library
[ec2-user@ip-10-0-2-13 Lambda_prj]$ sudo systemctl status digital_library

Step17: target group /health 5000 override port 



Loader balancer and lister 5000 port
Load balancer add the lister 443


Step18:Route 53 you need add the A record,if any existin A record delete , create new for loadbalancer 
using dns 
Step19:existing load balancer Click a record
Step20:

Step21: it will take some time vakatisubbu.xyz 10 to 15 minute synchrize

Step22: Mean while database i have already created, it was shutdown just restart the database 
it is starting 



Step23: Lambda functions already , i have created  Below are reference ,
Already ,i have share Git Repo first line of this page ,you take create lambda function accordingly 
Step24:Correspondindg Rest API also need create,All are usign Get function
Step25:

All test API's intergration request mapping parameters below 
1)
/BarrowBooks

Content type : application/json

{
  "user_id": "$input.params('user_id')",
  "book_id": "$input.params('book_id')"
}


2)
/GetBarrowBooks

Content type : application/json
{
  "user_id": "$input.params('user_id')"
}

3)
/GetBarrowHistory
Content type : application/json
{
  "user_id": "$input.params('user_id')"
}

4) No input parameter  all list of book will populate
/ListBooks

Nothing 
5)
/ReturnBooks
Content type : application/json
{
  "user_id": "$input.params('user_id')",
  "book_id": "$input.params('book_id')"
}

6)
/Signin
Content type : application/json
{
  "user_id": "$input.params('user_id')",
  "book_id": "$input.params('book_id')"
}

7)
/Signup
Content type : application/json
{
   "name": "$input.params('name')",
   "mobile": "$input.params('mobile')",
   "email": "$input.params('email')",
   "password":"$input.params('password')",
   "gender": "$input.params('gender')",
   "location":"$input.params('location')",
   "image": "$input.params('image')"
}

8)
/Welcome
Content type : application/json
{
  "user_id": "$input.params('user_id')"
}

Step26:
After database restarted and domain 15minute taking to synchrize, See below webpage login successfully,So Digital Library project completed successfully...




--Thanks