By Dinesh Reddy, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
In the previous article, we have explored on starting, stopping, deleting and restarting instance in the specified region, fetching and gathering facts about the instance in the specified region and creating disk and attaching the disk to a specific instance. Now let us have a deep understanding on Ansible to provision a complete Elastic Compute Service (ECS) instance with network access control to connect to the specific instance.
Network access control includes creating a VPC, VSwitch, and security group. Once the instance is provisioned with the network rules, the next step is to attach the storage to the provisioned instance. Therefore let us also have a dive on basic operations in OSS bucket as well.
Let us proceed this article with the basics of VPC to complete the network control rules for provisioning the instance.
A Virtual Private Cloud is a hybrid model of cloud computing in which a private cloud solution is provided within a public cloud provider's infrastructure. A virtual private cloud user can manage network components, including ip addresses, subnets, network gateways and access control policies and custom define components. Generally VPC includes CIDR Block, vrouter and VSwitch. Further for creating a vpc we will be specifying the CIDR Block details below as follows. Additionally we also have a unique default vpc for each zone.
For creation of a vpc we will be giving the CIDR Block details below as follows. We also have a unique default vpc for each and every zone when none is specified.
For creating a VPC, we require CIDR block along with access key and secret key. The playbook below will specify how to create a VPC in Singapore zone.
The image below shows the console before creating a VPC:
The YAML code is as follows:
- name: create vpc
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: present
cidr_block: 192.168.0.0/16
vpc_name: Demo
description: Demo VPC
tasks:
- name: create vpc
ali_vpc:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
cidr_block: '{{ cidr_block }}'
vpc_name: '{{ vpc_name }}'
description: '{{ description }}'
register: result
- debug: var=resultAfter creating the playbook compile the playbook using the below mentioned command.
[root@ogslab3 Alibaba]# ansible-playbook vpc.yml
After creating your VPC, you can check the created using the console:
The VPC creation is not fixed and it can be modified, hence for deleting the VPC mention the state parameter to be absent in the playbook and proceed to execute the code. The playbook for deleting VPC (YAML code) is as follows:
- name: deleting vpc
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: absent
vpc_id: "vpc-t4na5wvzit836tgwunyu6"
tasks:
- name: create vpc
ali_vpc:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
vpc_id: '{{ vpc_id}}'
register: result
- debug: var=resultExecute the playbook with the following command:
[root@ogslab3 Alibaba]# ansible-playbook vpclst.yml
Check the output status of VPC before deleting.
The image below shows the console before deleting the VPC.
The image below shows the console after deleting the VPC.
VSwitch is used to connect different cloud instances in the VPC. For creating a VPC, vswitch is not necessary. Instead we can have the default VSwitch for our convenience.
Default VSwitch is unique for each zone.
For creating a vswitch we require vpc_id and cidr_block.
- name: create a vswitch
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
vpc_id: "vpc-t4nffwrs25fheo1ss1nit"
alicloud_zone: "ap-southeast-1b"
cidr_block: '192.168.0.0/16'
name: 'Demo_VSwitch'
state: present
tasks:
- name: create vswitch
alicloud_vswitch:
alicloud_access_key: "{{ alicloud_access_key }}"
alicloud_secret_key: "{{ alicloud_secret_key }}"
alicloud_region: '{{ alicloud_region }}'
vpc_id: '{{ vpc_id }}'
alicloud_zone: "{{ alicloud_zone }}"
cidr_block: '{{ cidr_block }}'
name: '{{ name }}'
state: '{{ state }}'
register: result
- debug: var=resultYou can execute the playbook is as follows:
[root@ogslab3 Alibaba]# ansible-playbook vswitch.yml
Check the created VSwitch in the console:
The deletion of a VPC can be done by making the parameter 'state', vswitch_id and its corresponding vpc_id to be absent.
- name: Delete a vswitch
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
vpc_id: "vpc-t4na5wvzit836tgwunyu6"
vswitch_id: "vsw-t4n5wsorwbf5dnguvppem"
state: absent
tasks:
- name: Delete vswitch
alicloud_vswitch:
alicloud_access_key: "{{ alicloud_access_key }}"
alicloud_secret_key: "{{ alicloud_secret_key }}"
alicloud_region: '{{ alicloud_region }}'
vpc_id: '{{ vpc_id }}'
vswitch_id: '{{ vswitch_id }}'
state: '{{ state }}'
register: result
- debug: var=resultExecute the playbook as follows:
[root@ogslab3 Alibaba]# ansible-playbook vswitch.yml
Check the output in the console.
A Security group consists of set of rules that define how to handle the incoming (ingress) and outgoing (outgress) traffic or request. The rules which we add to the security group are called security rules. Security groups are used to set network access control for one or more instances. Instances with in the same security group alone can communicate through intranet network and within different groups can't communicate by default. Also we have limitation of 100 security group rules in total for a security group (including inbound and outbound rules).
Let us create a security group in the Singapore region using the group name AliyunSG.
- name: create security group
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
tasks:
- name: create security grp
ali_security_group:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
group_name: 'AliyunSG'Execute the playbook as follows:
[root@ogslab3 Alibaba]# ansible-playbook sg.yml
Console before execution:
After execution, we have a new group created with AliyunSG name.
Deleting the security group can be done by changing the state to be absent and mentioning the group_id as well.
- name: delete security group
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
group_id: sg-t4ngnkqimz75l6rxzh94
state: absent
tasks:
- name: delete security grp
ali_security_group:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
group_id: '{{ group_id }}'
state: '{{ state }}'
register: delete result
- debug: var=delete resultExecuting the playbook is as follows:
[root@ogslab3 Alibaba]# ansible-playbook sgd.yml
Before deleting the AliyunSG group.
After deleting the group.
Object Storage Service is a data storage service in which data is uploaded as an object to bucket. We can create a Bucket and upload objects into it and also share the objects. oss consists of only the objects such as images, pdf's, word files and other storage in this. It is highly reliable, cost effective and has good security measures and easy of use as well.
Object storage service enables you to store the large amount of data into the cloud with highest reliability.
For creating an OSS bucket, we require below parameters and set the permission to be as follows.
- name: create oss bucket
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: present
bucket: 'bucketogs'
permission: private
tasks:
- name: create oss bucket
alicloud_bucket:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
bucket: '{{ bucket }}'
permission: '{{ permission }}'
register: result
- debug: var=resultExecute the playbook as follows:
[root@ogslab3 Alibaba]# ansible-playbook bucket.yml
New bucket 'bucketogs' is created at the console:
For deleting an existing bucket we have to make changes in the state, permission and add bucket name to the code as well.
- name: Delete oss bucket
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: absent
bucket: 'ogsbucket'
permission: private
tasks:
- name: create oss bucket
alicloud_bucket:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
bucket: '{{ bucket }}'
permission: '{{ permission }}'
register: result
- debug: var=resultExecuting the playbook is as follows:
[root@ogslab3 Alibaba]# ansible-playbook deletebucket.yml
To obtain details about the existing bucket and we have the below code.
- name: Fetch oss bucket
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAI5tcS3ErsKjIT"
alicloud_secret_key: "rVgR0Xnpk9dQIcvqDJFbL8ZdfRzeu0"
alicloud_region: "ap-southeast-1"
state: absent
bucket: 'bucketogs'
permission: private
tasks:
- name: Fetch oss bucket
alicloud_bucket:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
state: '{{ state }}'
bucket: '{{ bucket }}'
permission: '{{ permission }}'
register: result
- debug: var=resultExecute the playbook as follows:
[root@ogslab3 Alibaba]# ansible-playbook bucketnew.yml
Output in console:
Give the mode to be listed in the code and specify the bucket name to view the objects in Bucket.
- name: listing bucket objects
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
mode: list
bucket: bucketogs
tasks:
- name: listing bucket objects
alicloud_bucket_object:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
mode: '{{ mode }}'
bucket: '{{ bucket }}'
register: result
- debug: var=resultExecute the playbook as follows:
[ansible@ogslab3 Alibaba]# ansible-playbook oss.yml
On the console, we have sample file at the bucketogs.
Let see how to delete objects in a bucket. We have the delete operation done by giving the mode to be as delete in the code and specify the object name to delete it.
- name: Deleting bucket objects
hosts: localhost
connection: local
vars:
alicloud_access_key: "LTAInSSyrlHBRo7X"
alicloud_secret_key: "EWUCzq8qqfGMtjLJfK7gh8gjFKSZGG"
alicloud_region: "ap-southeast-1"
mode: delete
bucket: bucketogs
object: 'NEW ACESS KEY.txt'
tasks:
- name: Deleting bucket objects
alicloud_bucket_object:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
mode: '{{ mode }}'
bucket: '{{ bucket }}'
object: '{{ object }}'
register: result
- debug: var=resultExecute the playbook as follows:
[ansible@ogslab3 Alibaba]# ansible-playbook oss.yml
We have all the files before deleting.
After deleting the file, there is no New Acess Key.txt file.
Alibaba Cloud Elastic Compute Service (ECS) helps to power your cloud applications using fast memory and Intel CPU inturn to achieve faster results with low latency. All ECS instances come with denial of service attacks protection to secure data from malware attacks. With the associated resources created for the instance, we will look into the complete ECS provisioning as below,
- name: basic provisioning example
hosts: localhost
vars:
alicloud_access_key: LTAIzpw8uK7VVWmM
alicloud_secret_key: jPuJzWHKP3QZewpXEe0NA3TDVisSSR
alicloud_region: ap-southeast-1
image: ubuntu_16_0402_64_20G_alibase_20180409.vhd
instance_type: ecs.t5-lc2m1.nano
assign_public_ip: True
max_bandwidth_out: 10
host_name: myhost
password: MyPassword@10
system_disk_category: cloud_efficiency
system_disk_size: 100
internet_charge_type: PayByTraffic
security_groups: ["sg-t4n50q981ove2azth8ys"]
force: True
tasks:
- name: launch ECS instance in VPC network
ali_instance:
alicloud_access_key: '{{ alicloud_access_key }}'
alicloud_secret_key: '{{ alicloud_secret_key }}'
alicloud_region: '{{ alicloud_region }}'
image: '{{ image }}'
system_disk_category: '{{ system_disk_category }}'
system_disk_size: '{{ system_disk_size }}'
instance_type: '{{ instance_type }}
assign_public_ip: '{{ assign_public_ip }}'
security_groups: '{{ security_groups }}'
internet_charge_type: '{{ internet_charge_type }}'
max_bandwidth_out: '{{ max_bandwidth_out }}'
instance_tags:
Name: created_one
host_name: '{{ host_name }}'
password: '{{ password }}'
ignore_errors: yesOutput in the Console:
Running status of the instance:
That's it! We have seen how to create a VPC, VSwitch, security group, and OSS bucket through Ansible. Finally, we provisioned an ECS instance automatically through Ansible.
2,599 posts | 762 followers
FollowAlibaba Clouder - December 17, 2018
iilness - March 17, 2020
Alibaba Clouder - September 7, 2020
Alibaba Cloud Community - June 12, 2023
Alibaba Clouder - October 12, 2019
JDP - July 31, 2020
2,599 posts | 762 followers
Follow
ECS(Elastic Compute Service)
Elastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn More
VPC
A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.
Learn More
OSS(Object Storage Service)
An encrypted and secure cloud storage service which stores, processes and accesses massive amounts of data from anywhere in the world
Learn MoreMore Posts by Alibaba Clouder