Monday, July 13, 2020



 This article is only for practicing ansible and aws codecommit.
You might think this is automation drill?.

 In a real situation, codecommit repository will be created with our mouse's click and click, and ssh key and git credential by manually cause necessary codecommit repositories are very limited in most cases.

 Nonetheless, parts of this playbook yaml, such as "creating ssh keys" and "and applying that in local env" could be useful for our automation life.

 1. We should prepare aws-cli and ansible(python3) installation.

*aws cli)

oyj@controller:~$ pip3 install virtualenv --user

oyj@controller:~$ virtualenv anbawscmmit
created virtual environment in 391ms
  creator CPython3Posix(dest=/home/oyj/deploy_aws/anbawscmmit, clear=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/oyj/.local/share/virtualenv)
    added seed packages: pip==20.1.1, setuptools==47.2.0, wheel==0.34.2
  activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator
oyj@controller:~$ source anbawscmmit/bin/activate

oyj@controller:~$ source anbawscmmit/bin/activate
(anbawscmmit) oyj@controller:~$

(anbawscmmit) oyj@controller:~$ pip3 install ansible
Collecting ansible
  Downloading ansible-2.9.10.tar.gz (14.2 MB)
     |████████████████████████████████| 14.2 MB 306 kB/s
Collecting jinja2
  Using cached Jinja2-2.11.2-py2.py3-none-any.whl (125 kB)
Collecting PyYAML

(anbawscmmit) oyj@controller:~$ ansible --version
ansible 2.9.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/oyj/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/oyj/anbawscmmit/lib/python3.6/site-packages/ansible
  executable location = /home/oyj/anbawscmmit/bin/ansible
  python version = 3.6.9 (default, Apr 18 2020, 01:56:04) [GCC 8.4.0]

(anbawscmmit) oyj@controller:~/ansible-aws$ pip3 install boto3
Collecting boto3

#Until now it is ok.

2. Clone github repo , create aws codecommit repository and upload below node sources.

(anbawscmmit) oyj@controller:~/ansible-aws$ ls node_auth
app.js  appspec.yml  core  package.json  package-lock.json  public  routes  scripts  views

(anbawscmmit) oyj@controller:~$ git clone

Receiving objects: 100% (163/163), 13.87 MiB | 6.14 MiB/s, done.
Resolving deltas: 100% (74/74), done.

(anbawscmmit) oyj@controller:~$ cd ansible-aws/
#ansible playbook. All playbook codes are commented.

#As you see below, codecommit user is "cc_user",  ssh_key_name : "codecommit_key"..and so on.

(anbawscmmit) oyj@controller:~/ansible-aws$ cat create_user_cmmitrepo_upload_nodeauth_app.yaml | head -20
- hosts: localhost
  connection: local
  gather_facts: no

    #Codecommit user
    user1: 'cc_user'
    REGION: 'ap-northeast-2'
    SSH_KEY_NAME: 'codecommit_key'
    LOCAL_HOME: "{{ lookup('env','HOME')}}"
    REPO_NAME: 'node_auth'
    SSH_GIT_URL: 'ssh://git-codecommit.{{ REGION }}{{ REPO_NAME }}'
    #STATE: 'absent'
    STATE: 'present' codes..

(anbawscmmit) oyj@controller:~/ansible-aws$ ansible-playbook create_user_cmmitrepo_upload_nodeauth_app.yaml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [localhost] ***********************************************************************************************************

TASK [Detach codecommit full permission to codecommit_user] ****************************************************************
skipping: [localhost] => (item=cc_user)

TASK [Delete cc_user] ******************************************************************************************************
skipping: [localhost] => (item=cc_user)

RUNNING HANDLER [git source commmit and upload to codecommit] **************************************************************
changed: [localhost]

PLAY RECAP *****************************************************************************************************************
localhost                  : ok=12   changed=8    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0  
(anbawscmmit) oyj@controller:~/ansible-aws$

#codecommit user cc_user created with ssh pub key.

#Below repository created.

 #The ssh config for codecommit repo created.
 (anbawscmmit) oyj@controller:~/ansible-aws$ cat ~/.ssh/config
Host git-codecommit.*
IdentityFile /home/oyj/ansible-aws/codecommit_key

 (anbawscmmit) oyj@controller:~/ansible-aws$ aws codecommit get-repository --repository-name node_auth
         "cloneUrlSsh": "ssh://",
        "Arn": "arn:aws:codecommit:ap-northeast-2:494307375889:node_auth"
(anbawscmmit) oyj@controller:/tmp/testcmmit$ git clone
Cloning into 'node_auth'...
Username for '': ^C
(anbawscmmit) oyj@controller:/tmp/testcmmit$ git clone ssh://
Cloning into 'node_auth'...
remote: Counting objects: 31, done.
Receiving objects: 100% (31/31), 53.04 KiB | 6.63 MiB/s, done.
Resolving deltas: 100% (2/2), done.

#push test
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ touch testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ echo "test add file" > testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ git add testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ git commit -m "testing add file to cmmit"
[master 6c43b5e] testing add file to cmmit
 1 file changed, 1 insertion(+)
 create mode 100644 testfile.txt
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ git push
Counting objects: 3, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 285 bytes | 285.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To ssh://
   81ad1a2..6c43b5e  master -> master

#Test with another user.
A)Copy .ssh/config to another user's .ssh/config and change key location.

(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo cp ~/.ssh/config /home/testcmit/.ssh/ -f

(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo cp ~/ansible-aws/codecommit_key /home/testcmit/
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo chown -R testcmit.testcmit /home/testcmit/
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$
#su -
(anbawscmmit) oyj@controller:/tmp/testcmmit/node_auth$ sudo su - testcmit
testcmit@controller:~$ vi ~/.ssh/config
Host git-codecommit.*
IdentityFile /home/testcmit/codecommit_key

#Clone this repo!
testcmit@controller:~$ git clone ssh://

testcmit@controller:~/node_auth$ ls
app.js  appspec.yml  core  package.json  package-lock.json  public  routes  scripts  testfile.txt  views
testcmit@controller:~/node_auth$ cat testfile.txt
test add file

#Well it works!(Apache!)

#Lastly I will delete this codecommit repo with ansible(same playbook but different options)

#With "-e "STATE=absent"" option. We could all codecommit related things all at once.

(anbawscmmit) oyj@controller:~/ansible-aws$ ansible-playbook create_user_cmmitrepo_upload_nodeauth_app.yaml -e "STATE=absent"

TASK [Delete cc_user] ******************************************************************************************************
changed: [localhost] => (item=cc_user)

RUNNING HANDLER [git source commmit and upload to codecommit] **************************************************************
skipping: [localhost]

PLAY RECAP *****************************************************************************************************************
localhost                  : ok=10   changed=5    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0 

 With ansilbe, aws configuration could be very convenient and automatic with just one line command but lots of configuration and file works.

Thanks for reading!