Highly-Available WordPress Installation inside AWS VPC using Ansible

In this post,we’ll learn that how we can do Highly-Available WordPress Installation inside AWS VPC using Ansible, for this purpose we’ll be using Ubuntu 14.04 LTS EC2 Instances but you can modify it easily for RPM-based systems. If you don’t know about the Ansible, please check this link.

The purpose of Ansible AWS VPC Highly-Available WordPress(AAVHAW) is to create a fully operational AWS VPC infrastructure(subnets,routeing tables,igw etc), it will also create everything that need to be for creating EC2 and RDS instances (security key, security group, subnet group).

It will also create the Elastic Load Balancer and add the EC2 instance(s) automatically that were created using this playbook as well as creating the Route53 entry for this wordpress site and add the ELB alias to it.

Beside that, this playbook will also run the essential role(updating and patching the OS, configuring NTP,creating users etc) and deploy the wordpress on them, that will be fault tolerant and highly available.

NOTE: The part of the play, ‘webserver.yml‘, is not idempotent. Every time it run, will create a new EC2 instances.

These are the requirements for using the mentioned playbooks and roles:

 - Ansible
 - boto
 - AWS admin access

Specifically, these are the versions of mentioned software that I am using:

Ansible uses python-boto library to call AWS API, and boto needs AWS credentials in order to perform all the functions. There are many ways to configure your AWS credentials. The easiest way is to crate a .boto file under your user home directory:

vim ~/.boto

Then add the following:

[Credentials]
aws_access_key_id = <your_access_key_here>
aws_secret_access_key = <your_secret_key_here>

If you don’t know how to get the AWS Security Credentials, then please read this.

After doing/verifying all the above things, download this Repository from the GitHub:

git clone https://github.com/arbabnazar/ansible-aws-vpc-ha-wordpress.git
cd ansible-aws-vpc-ha-wordpress

Ansible AWS VPC Highly-Available WordPress Playbooks will perform the following tasks:

– Create 1 x VPC with 3 x VPC subnets(2 x public and 1 x private) in differrent AZ zones one AWS region
– Create the AWS key pair with the ansible host’s login user’s public key
– Create 1 x security group for each(Webservers,RDS and ELB)
– Provision 2 x EC2 instances(Ubuntu 14.04 LTS) in 2 different AZ
– Provision 1 x RDS instance in private subnet
– Launch and configure public facing VPC ELB (cross_az_load_balancing) and attach VPC subnets
– Register EC2 instances on ELB
– Install essential and webservers role on both instances
– Take the ELB dnsname and register/create dns entry in Route53

All informations about VPC, Webserver, RDS, ELB, Route53 are defined in their respective files (vpc.yml,webserver.yml,rds.yml,elb.yml,route53 etc) for both variables and tasks.

Move inside the aws/vars directory and edit all the variables file as per your requirement.

cd aws/vars

Edit the tags.yml to define whether this environment is stage,development or production and other related tags:

	---
	ENV: testing
	application: wordpress
	server_role: webserver

view raw ansible-tags.yml hosted with ❤ by GitHub

Edit the vpc.yml file to define the name of VPC, number of subnets that need to be public/private and their CIDR:

	---
	# Variables for VPC
	vpc_name: tendo
	vpc_region: eu-west-1 # Ireland
	vpc_cidr_block: 172.25.0.0/16
	public_cidr_1: 172.25.10.0/24
	public_az_1: "{{ vpc_region }}a"
	public_cidr_2: 172.25.20.0/24
	public_az_2: "{{ vpc_region }}b"
	private_cidr: 172.25.30.0/24
	private_az: "{{ vpc_region }}c"
	# Please don't change the variables below, until you know what you are doing
	#
	# Subnets Defination for VPC
	vpc_subnets:
	- cidr: "{{ public_cidr_1 }}" # Public Subnet-1
	az: "{{ public_az_1 }}"
	resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_1 }}-public-subnet" }
	- cidr: "{{ public_cidr_2 }}" # Public Subnet-2
	az: "{{ public_az_2 }}"
	resource_tags: { "Name":"{{ vpc_name }}-{{ public_az_2 }}-public-subnet" }
	- cidr: "{{ private_cidr }}" # Private Subnet
	az: "{{ private_az }}"
	resource_tags: { "Name":"{{ vpc_name }}-{{ private_az }}-private-subnet" }
	# Route table(s) for Subnets inside the VPC
	#
	# Routing Table for Public Subnet
	public_subnet_rt:
	- subnets:
	- "{{ public_cidr_1 }}"
	- "{{ public_cidr_2 }}"
	routes:
	- dest: 0.0.0.0/0
	gw: igw

view raw ansible-vpc.yml hosted with ❤ by GitHub

Please refer to the below table for AWS Regions:

Edit the rds.yml file for the RDS instance type,Security Group parameters, MySQL User & Password that will use for wordpress installation:

	---
	multi_zone_option: no
	rds_instance_name: mydb
	rds_db_engine: MySQL
	rds_db_size: 5
	rds_db_name: wordpress
	rds_instance_type: db.t2.micro
	rds_db_username: wordpress
	rds_db_password: wordpress
	rds_subnet_group: my_subnet_group
	rds_sg_description: My Subnet Group for wordpress rds instance
	backup_retention_period: 0
	# RDS Security Group(s) variables
	rds_security_groups:
	- sg_name: db-sg
	sg_description: This sg is for db/rds instance
	sg_rules:
	- proto: tcp
	from_port: 3306
	to_port: 3306
	group_name: "{{ web_security_groups[0].sg_name }}"

view raw ansible-rds.yml hosted with ❤ by GitHub

Edit the webserver.yml for EC2 instance(s) type, Ubuntu AMI and Security Group parameters:

	---
	web_instance_type: t2.micro
	web_security_groups:
	- sg_name: web-sg
	sg_description: This sg is for app instance
	sg_rules:
	- proto: tcp
	from_port: 22
	to_port: 22
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: 0.0.0.0/0
	# Please don't change the variables below, until you know what you are doing
	# Only Ubuntu distribution is supported
	linux_distribution: ubuntu
	ubuntu_release: trusty
	ami_store: ebs
	virutalization_type: hvm
	cpu_architecture: amd64

view raw ansible-webserver.yml hosted with ❤ by GitHub

If you are using the Route53, then edit the route53.yml file to mentioned your domain name there:

	---
	domain: "rbgeek.com"

view raw ansible-route53.yml hosted with ❤ by GitHub

After Editing all the variables files, please edit the site.yml file, remove the route53.yml from the tasks, if you are not using this service and add or remove the role(s) as per your requirements:

	---
	- hosts: local
	connection: local
	gather_facts: no
	vars_files:
	- aws/vars/tags.yml
	- aws/vars/vpc.yml
	- aws/vars/ec2_key.yml
	- aws/vars/rds.yml
	- aws/vars/webserver.yml
	- aws/vars/elb.yml
	- aws/vars/route53.yml
	tasks:
	- include: aws/tasks/vpc.yml
	- include: aws/tasks/ec2_key.yml
	- include: aws/tasks/webserver.yml
	- include: aws/tasks/rds.yml
	- include: aws/tasks/elb.yml
	- include: aws/tasks/route53.yml
	- hosts: webserver
	sudo: True
	remote_user: ubuntu
	gather_facts: True
	pre_tasks:
	- include_vars: rds_info.yml
	roles:
	- common
	- wordpress

view raw ansible-aws-site.yml hosted with ❤ by GitHub

Then run this command:

ansible-playbook -i hosts site.yml

After successful completion of these tasks, it will show you the summary, something like this:

Navigate to the site in web browser using the fqdn(in my case, it is http://www.rbgeek.com), and verify that the wordpress is installed successfully:

Enjoy 

Hope this will help you!

Please Remember me in your prayers!

Name(required)

Email(required)

Website

Comment(required)

Submit

Δ