Howdy?
This article is only for practicing ansible and aws codecommit.
You might think this is automation drill?.
In a real situation, codecommit repository will be created with our mouse's click and click, and ssh key and git credential by manually cause necessary codecommit repositories are very limited in most cases.
Nonetheless, parts of this playbook yaml, such as "creating ssh keys" and "and applying that in local env" could be useful for our automation life.
1. We should prepare aws-cli and ansible(python3) installation.
*aws cli)
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
*ansible)
oyj@controller:~$ pip3 install virtualenv --user
oyj@controller:~$ virtualenv anbawscmmit
created virtual environment CPython3.6.9.final.0-64 in 391ms
creator CPython3Posix(dest=/home/oyj/deploy_aws/anbawscmmit, clear=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/oyj/.local/share/virtualenv)
added seed packages: pip==20.1.1, setuptools==47.2.0, wheel==0.34.2
activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator
oyj@controller:~$ source anbawscmmit/bin/activate
oyj@controller:~$ source anbawscmmit/bin/activate
(anbawscmmit) oyj@controller:~$
(anbawscmmit) oyj@controller:~$ pip3 install ansible
Collecting ansible
Downloading ansible-2.9.10.tar.gz (14.2 MB)
|████████████████████████████████| 14.2 MB 306 kB/s
Collecting jinja2
Using cached Jinja2-2.11.2-py2.py3-none-any.whl (125 kB)
Collecting PyYAML
....
(anbawscmmit) oyj@controller:~$ ansible --version
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/oyj/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/oyj/anbawscmmit/lib/python3.6/site-packages/ansible
executable location = /home/oyj/anbawscmmit/bin/ansible
python version = 3.6.9 (default, Apr 18 2020, 01:56:04) [GCC 8.4.0]
(anbawscmmit) oyj@controller:~/ansible-aws$ pip3 install boto3
Collecting boto3
#Until now it is ok.
2. Clone github repo , create aws codecommit repository and upload below node sources.
(anbawscmmit) oyj@controller:~/ansible-aws$ ls node_auth
app.js appspec.yml core package.json package-lock.json public routes scripts views
(anbawscmmit) oyj@controller:~$ git clone https://github.com/ohyoungjooung2/ansible-aws.git
Receiving objects: 100% (163/163), 13.87 MiB | 6.14 MiB/s, done.
Resolving deltas: 100% (74/74), done.
(anbawscmmit) oyj@controller:~$ cd ansible-aws/
#ansible playbook. All playbook codes are commented.
#As you see below, codecommit user is "cc_user", ssh_key_name : "codecommit_key"..and so on.
(anbawscmmit) oyj@controller:~/ansible-aws$ cat create_user_cmmitrepo_upload_nodeauth_app.yaml | head -20
---
- hosts: localhost
connection: local
gather_facts: no
vars:
#Codecommit user
user1: 'cc_user'
REGION: 'ap-northeast-2'
SSH_KEY_NAME: 'codecommit_key'
LOCAL_HOME: "{{ lookup('env','HOME')}}"
REPO_NAME: 'node_auth'
SSH_GIT_URL: 'ssh://git-codecommit.{{ REGION }}.amazonaws.com/v1/repos/{{ REPO_NAME }}'
#STATE: 'absent'
STATE: 'present'
.......rest codes..
(anbawscmmit) oyj@controller:~/ansible-aws$ ansible-playbook create_user_cmmitrepo_upload_nodeauth_app.yaml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ***********************************************************************************************************
TASK [Detach codecommit full permission to codecommit_user] ****************************************************************
skipping: [localhost] => (item=cc_user)
TASK [Delete cc_user] ******************************************************************************************************
skipping: [localhost] => (item=cc_user)
RUNNING HANDLER [git source commmit and upload to codecommit] **************************************************************
changed: [localhost]
PLAY RECAP *****************************************************************************************************************
localhost : ok=12 changed=8 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
#OK!
(anbawscmmit) oyj@controller:~/ansible-aws$
#codecommit user cc_user created with ssh pub key.
#Below repository created.
#The ssh config for codecommit repo created.
(anbawscmmit) oyj@controller:~/ansible-aws$ cat ~/.ssh/config
Host git-codecommit.*.amazonaws.com
User APKAXGFYD7MIQPBPIHOG
IdentityFile /home/oyj/ansible-aws/codecommit_key
#Test
(anbawscmmit) oyj@controller:~/ansible-aws$ aws codecommit get-repository --repository-name node_auth
{
"cloneUrlSsh": "ssh://git-codecommit.ap-northeast-2.amazonaws.com/v1/repos/node_auth",
"Arn": "arn:aws:codecommit:ap-northeast-2:494307375889:node_auth"
}
}
(anbawscmmit) oyj@controller:/tmp/testcmmit$ git clone https://git-codecommit.ap-northeast-2.amazonaws.com/v1/repos/node_auth
Cloning into 'node_auth'...
Username for 'https://git-codecommit.ap-northeast-2.amazonaws.com': ^C
(anbawscmmit) oyj@controller:/tmp/testcmmit$ git clone ssh://git-codecommit.ap-northeast-2.amazonaws.com/v1/repos/node_auth
Cloning into 'node_auth'...
remote: Counting objects: 31, done.
Receiving objects: 100% (31/31), 53.04 KiB | 6.63 MiB/s, done.
Resolving deltas: 100% (2/2), done.
#push test
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ touch testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ echo "test add file" > testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ git add testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ git commit -m "testing add file to cmmit"
[master 6c43b5e] testing add file to cmmit
1 file changed, 1 insertion(+)
create mode 100644 testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ git push
Counting objects: 3, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 285 bytes | 285.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To ssh://git-codecommit.ap-northeast-2.amazonaws.com/v1/repos/node_auth
81ad1a2..6c43b5e master -> master
#Test with another user.
A)Copy .ssh/config to another user's .ssh/config and change key location.
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo cp ~/.ssh/config /home/testcmit/.ssh/ -f
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo cp ~/ansible-aws/codecommit_key /home/testcmit/
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo chown -R testcmit.testcmit /home/testcmit/
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$
#su -
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo su - testcmit
testcmit@controller:~$ vi ~/.ssh/config
Host git-codecommit.*.amazonaws.com
User APKAXGFYD7MIQPBPIHOG
IdentityFile /home/testcmit/codecommit_key
#Clone this repo!
testcmit@controller:~$ git clone ssh://git-codecommit.ap-northeast-2.amazonaws.com/v1/repos/node_auth
testcmit@controller:~/node_auth$ ls
app.js appspec.yml core package.json package-lock.json public routes scripts testfile.txt views
testcmit@controller:~/node_auth$ cat testfile.txt
test add file
#Well it works!(Apache!)
#Lastly I will delete this codecommit repo with ansible(same playbook but different options)
#With "-e "STATE=absent"" option. We could all codecommit related things all at once.
(anbawscmmit) oyj@controller:~/ansible-aws$ ansible-playbook create_user_cmmitrepo_upload_nodeauth_app.yaml -e "STATE=absent"
TASK [Delete cc_user] ******************************************************************************************************
changed: [localhost] => (item=cc_user)
RUNNING HANDLER [git source commmit and upload to codecommit] **************************************************************
skipping: [localhost]
PLAY RECAP *****************************************************************************************************************
localhost : ok=10 changed=5 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0
Conclusion)
With ansilbe, aws configuration could be very convenient and automatic with just one line command but lots of configuration and file works.
Thanks for reading!