Using Vagrant for Quick Sandboxes.
This is a simple repo to demonstrate how to implement iac using Vagrant on AWS, GCP, VMWare, VirtualBox etc. We have implemented iac (Infra-a-Code) and CaC(Configuration-as-Code) using Vagrant and Ansible.
Image: microsoft.com
See some of the subdirectories for sample usage.
- Create an AWX (Ansible Web UI)server for demo (INPG)
- Create application server for develpers on everyday with same spec and destroy when finished
- Create a webserver with nginx installed and configured in GCP or AWS
- Create minikube or kubernetes
- Create Yum Repo server
- Deploy OpenShift (OKD) Single node cluster
Questions : iamgini.com
- Vagrant IaC (Infrastructure as Code) Use Cases
- Install Vagrant
- Configure GCP/AWS/Other credentials.
- Clone this repo to your working directory
git clone git@github.com:ginigangadharan/vagrant-iac-usecases.git
- switch to
vagrant-iac-use cases/gcp-iac-web-demo
directory and runvagrant up --provider=google
(or other directories for other use cases)
See below for detailed instructions.
This repo contains multiple use cases to demonstrate how to implement IaC (Infrastructure as Code) using Vagrant on GCP, AWS, VirtualBox, VMware(INPG) etc
- This IaC will create Virtual Machine(s) in GCP,AWS etc
- It will install required application inside the VM (we will use ansible as provisioner)
- eg: install nginx and add website content from github sample site etc.
- It will configure system with required settings.
- enable firewall and root login securities automatically using ansible provisioning.
We need to configure provider (GCP or AWS) credential accordingly.
3.1 Make sure you have a proper security group created in your VPC (under your AWS account) with SSH, HTTP/HTTPS allowed.
3.2 Make sure you have created a keypair for this purpose and key file (.pem format) has been kept at a secure location on your machine.
3.3 Get your access credentials from AWS console. (Refer my AWI CLI installation article). Add the same in ~/.aws/credentials
file.
# aws configure --profile devops
AWS Access Key ID [None]: AKIAJVOHCIQ72EXAMPLE
AWS Secret Access Key [None]: 7l/j/hxXeEA77/7e+7ZvLLBQW9SxdcEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
Verify content in the files
# mkdir ~/.aws
# cd ~/.aws/
# cat credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[devops]
aws_access_key_id=AKIAJVOHCIQ72EXAMPLE
aws_secret_access_key=7l/j/hxXeEA77/7e+7ZvLLBQW9SxdcEXAMPLEKEY
# cat config
[default]
region=us-west-2 output=json
[devops]
region=us-west-2 output=json
Prior to using this plugin, you will first need to make sure you have a Google Cloud Platform account, enable Google Compute Engine, and create a Service Account for API Access.
- Log in with your Google Account and go to
Google Cloud Platform and click on the
Try it free
button. - Create a new project and remember to record the
Project ID
- Next, enable the Google Compute Engine API for your project in the API console. If prompted, review and agree to the terms of service.
- While still in the API Console, go to
Credentials subsection,
and click
Create credentials
->Service account key
. In the next dialog, create a new service account, selectJSON
key type and clickCreate
. - Download the JSON private key and save this file in a secure and reliable location. This key file will be used to authorize all API requests to Google Compute Engine.
- Still on the same page, click on
Manage service accounts
link to go to IAM console. Copy the
Service account id
value of the service account you just selected. (it should end withgserviceaccount.com
) You will need this email address and the location of the private key file to properly configure this Vagrant plugin. - Add the SSH key you're going to use to GCE Metadata in
Compute
->Compute Engine
->Metadata
section of the console,SSH Keys
tab. (Read the SSH Support readme section for more information.)
To test this demo, you need to follow below items.
Download and install vagrant on your host/workstation. (Your laptop or a control server)
Refer Vagrant Documentation for more details.
Vagrant is coming with support for VirtualBox, Hyper-V, and Docker. If you want to create your virtual machine on any other environment (like AWS or Azure) Vagrant still has the ability to manage this but only by using providers plugins.
vagrant plugin install vagrant-google
# or
vagrant plugin install vagrant-digitalocean
vagrant plugin install vagrant-omnibus
vagrant plugin install vagrant-aws
File transfer between host and guest VM
vagrant plugin install vagrant-vbguest
vagrant plugin install vagrant-scp
If any issues during installation, then try with installing dependencies. (Depends on the workstation machine you are using, packages and version may change)
yum -y install gcc ruby-devel rubygems compass
Mac Users : If you are getting an error OS-X, Rails: “Failed to build gem native extension”
, then you need to setup xcode.
Instal xcode-select --install
.
-
Make sure you have a proper firewall rules in place with SSH, HTTP/HTTPS allowed.
-
Make sure you have created a keypair for this purpose and key file has been kept at a secure location on your machine. (eg:
~/.ssh/id_rsa
) -
Get your access credentials from GCP/AWS console. And save somewhere secure (eg:
~/.gc/YOUR-API-KEY.json
)
In normal case with VirtualBox or HyberV, we need to give proper box details to load the image (like a template or clone). But in this case we are using GCP Imageand config.vm.box is just for a vagrant syntax purpose.
You can either add a dummy box(vagrant box add aws-dummy https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box
) or just use any available box image, just like what I did in Vagrantfile.
(You can choose any box by searching here for working with VirtualBox, Hyper-V or Docker)
Vagrant is managed inside a project directory (anywhere at your convenience, eg: your home dir) where we save Vagrantfile, other provisioning scripts etc (bash or ansible playbooks).
We have Vagrantfile where we specify what type of VM we are creating, what are the specifications needed etc. You may refer Vagrantfile in this project for reference. (Items are explained inside the file)
Vagrant Provisioners will help to automatically install software, update configurations etc as part of the vagrant up process. You can use any available provisioning method as Vagrant will support most of the build and configuration management softwares. (eg: bash, ansible, puppet, chef etc). Refer Provisioning doc
We have used Ansible as provisioner and created a playbook called deploy-infra.yaml in which we have mentioned what are the configurations we need on the server (VM) once its created. All tasks in playbook are self explanatory but i am listing down them for reference.
- Create the directory for storing our website (/webapp/main-site)
- Install nginx server
- Start nginx service
- Copy nginx configuration (static_site.cfg to /etc/nginx/sites-available/static_site.cfg on VM)
- Create symlink to activate the site (from /etc/nginx/sites-available to /etc/nginx/sites-enabled/)
- Clone website from github to /webapp/main-site
- Restart nginx to load configuratioins
- Install ufw (firewall)
- Start Firewall service
- Setup ufw and enable for reboot
- Enable ssh and http ports
- Disallow password authentication
- Disallow root SSH access
- Collect Public Hostname/Url to access
- Verify website access
And we have 2 handlers in playbook
- Restart ssh
- Show public url
- When we run first
vagrant up
provisioning is run after creating this instance. - When
vagrant provision
is used on a running environment. - When
vagrant reload --provision
is called. (If you have a change in provision script, just edit the yaml file and run this.)
Now, we will switch to the Vagrant project directory (vagrant-web) and create the VM.
# cd vagrant-web
# vagrant up
Wait for vagrant to create instance and provision software/configurations using ansible.
If all goes well, you will see success message as well as a public hostname url in this case. We can access the url from browser and verify the website. (We have already a check inside the playbook to verify url access)
Also you can access the instance using ssh as below.
vagrant ssh
vagrant destroy
This is due to wrong ssh configurations; you need to make sure
- Your .pem key has correct permission and ownership
- You have used correct Security Group (with ssh access) in Vagrantfile
- You have used correct keypair details in Vagrantfile