![]() Ansible and Ansible VaultĪnsible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.Īnsible vault is a tool commonly used with Ansible to store encrypted variables that can be accessed by Ansible. Packer is commonly used with a Provisioner such as Ansible to run commands, install and configure an application, etc. In fact, when building images, Packer is able to use tools like Chef or Puppet to install software onto the image. Packer does not replace configuration management like Chef or Puppet. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel. Packer is an open source tool for creating identical machine images for multiple platforms from a single source configuration. To quote Packer’s documentation, packer is: In this case we are using HashiCorp’s Packer to create multiple AMIs and run an Ansible playbook and role on it. You’ll also want to clean the git repository to follow along: A GitHub profile with your public SSH keys added.Then we deploy the VPN (and other AWS resources) using Terraform then configure Pritunl: The packer commands are ran by a script in the repository called build.sh Then we create the second AMI, which has Pritunl installed and partially configured: The first user is accessing the web UI on Port 443 and the second is connecting to the VPN.īelow are diagrams which describe the process of building the AMIs and deploying the VPN on AWS using Terraform. ![]() ![]() There are two users in the diagram below. While HTTP is allowed from all IPs, it redirects to HTTPs so I don’t believe that this is much of an issue. 0.0.0.0/0 -> TCP 80 (required for LetsEncrypt cert generation).The security group allows the following ingress traffic by default: If high availability is desired, you could create an Autoscaling Group containing Pritunl nodes spanning across mutlitple Availability Zones and have two MongoDB hosts instead of everything on a single node. If your requirements for a VPN contain high availability, then you may want to look elsewhere as this blog post covers a single node deployment. This is the primary reason why it is not highly available. Pritunl requires a paid subscription for clusters so this is limited to a single node. This deployment is not highly available and not suitable in a production environment. There are a few things to note about the example deployment: How it worksīelow is a diagram of the AWS resources for an example single-node deployment of Pritunl on AWS. With this we can achieve near fully-automated, reproducible deployments of Pritunl VPN on AWS. In this blog post I’ll be going over how I automated the deployment and configuration of a VPN to AWS achieving Infrastructure As Code using Terraform, Packer, Ansible and Amazon Machine Images (AMIs). When deploying software or infrastructure in the cloud it is a best practice to secure access behind a VPN. Deploying the infrastructure on AWS using Terraform. ![]() Configuring the Ansible playbooks and roles.Creating an Ansible Vault and variables. ![]() If you don’t wish to read the entire blog post you can take a look in the GitHub repository. This article is meant to demonstrate one possible way of integrating Packer, Ansible, Terraform and Pritunl (an open-source enterprise VPN) to deploy a VPN on AWS.īefore we continue, all the sources used in this blog post are available in this GitHub repository. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |