Installing Apache through Ansible

Question

I am attempting to install Apache on an EC2 instance through Ansible. My playbook looks like this:

# Configure and deploy Apache
- hosts: localhost
  connection: local
  remote_user: ec2-user
  gather_facts: false
  roles:
    - ec2_apache
    - apache

The 'ec2_apache' role provisions an EC2 instance and the first task within the apache/main.yml looks like this:

- name: confirm using the latest Apache server
  become: yes
  become_method: sudo
  yum: 
    name: httpd 
    state: latest

However, I am getting the following error:

"module_stderr": "sudo: a password is required\n"

I did take a look at: How to switch a user per task or set of tasks? but it did not seem to resolve my problem.

Because the configuration of the Ec2 instance is in one role and the installation of Apache is in another, did I hork up the security in some way?

Answer 1

The issue you've got is that your playbook that runs both roles is targeting localhost so your Apache role is trying to run sudo yum install httpd locally rather than on the target EC2 instance.

As the ec2 module docs example shows you need to use the add_host module to add your new EC2 instance(s) to a group that you can then target with a further play.

So your playbook might look something like this:

# Configure and deploy Apache
- name: provision instance for Apache
  hosts: localhost
  connection: local
  remote_user: ec2-user
  gather_facts: false
  roles:
    - ec2_apache

- name: install Apache
  hosts: launched
  remote_user: ec2-user
  roles:
    - apache

And then, as per the example in the ec2 module docs, just do something like this in your ec2_apache role:

- name: Launch instance
  ec2:
     key_name: "{{ keypair }}"
     group: "{{ security_group }}"
     instance_type: "{{ instance_type }}"
     image: "{{ image }}"
     wait: true
     region: "{{ region }}"
     vpc_subnet_id: subnet-29e63245
     assign_public_ip: yes
  register: ec2

- name: Add new instance to host group
  add_host: hostname={{ item.public_ip }} groupname=launched
  with_items: ec2.instances

- name: Wait for SSH to come up
  wait_for: host={{ item.public_dns_name }} port=22 delay=60 timeout=320 state=started
  with_items: ec2.instances

As an aside you can see quickly that your ec2_apache role is actually pretty generic and you could turn this into a generic ec2_provision role that all sorts of other things could use, helping you re-use your code.

Answer 2

This is what I did to install apache. Based on @ydaetskcoR suggestion, all I added was connection: local to fix the following problems.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).", "unreachable": true}

See code below

---
- name: Install Apache and other packages
  hosts: localhost
  become: yes
  connection: local
  gather_facts: false

  tasks:
  - name: Install a list of packages with a list variable
    yum:
      name: "{{ packages }}"
      state: latest
    vars:
      packages:
      - httpd
      - httpd-tools
      - nginx
    register: result

you also have to run your code as follows: -K stands for --ask-become-pass

ansible-playbook -i hosts.ini startapache.yml -K -vvv

Answer 3

Are you sure you are using ansible correctly and are you provindig a password for sudo on the remote host?

Just use --ask-become-pass when you execute the playbook. You should be prompted for the password.