Upon completion of this blog series you will know how to deploy sipXcom in AWS DevOps style

Since some of our users and our QA department are using AWS to run and test sipXcom deployments we decided to write a series of blogs on how to automatically deploy and configure sipXcom on Amazon Web Services.

Our sipXcom/Uniteme hardware agnostic software design is a perfect match for DevOps style of creating/configuring and terminating machines on demand.

To do so we will use the build-in modules of Ansible that can access AWS API’s to create, configure and terminate EC2 instances.

We will use documentation from Ansible’s website, you can find examples here: http://docs.ansible.com/ansible/guide_aws.html

We also relied on some of Linux academy’s social media channels to obtain knowledge.

Part 1 – Learn how to Provision a minimal CentOS machine with Ansible-AWS, used to create our own sipXcom based AMI

In the first blog entry, we will use AWS API’s and Ansible EC2 module to create a base CentOS 6.7 image. Now we will further prepare for the installation of sipXcom.

This will be at an intermediary level where basic knowledge of AWS and Ansible are prerequisites.

First, let’s create a folder where we will add our project files:

mkdir Ansible_AWS_SipXcom
cd Ansible_AWS_SipXcom

Step 1. Create an AWS IAM role to be used by Ansible

Under the upper right screen of your AWS console, under your profile click on the Security Credentials.


From the left side tab select Users menu and create a new user. In our case this is called “devops”. You would want to assign permissions for this user, in our Proof of Concept we will give him unlimited powers.

Next, create an access key. This is very important and you need to make sure you save these credentials in a safe place.


Step 2. Preparing Ansible

Next we will copy those credentials into configuration files that we will use inside the Ansible playbook. First let’s create a folder called “files”.

mkdir files

cd files




-rw-r--r--. 1 mcostache 101 Aug 30 20:45 awscreds.yml

-rw-r--r--. 1 mcostache 198 Aug 30 20:56 info.yml

File awscreds.yml should contain your own credentials and the region you would like to use when launching your server.

cat awscreds.yml
aws_key: Ds5dm--**********
aws_id: AKIA--********* 
aws_region: eu-west-1

File info.yml will contain base ami we want to use and other AWS related information like machine size and security-group used:

cat info.yml
standard_ami: ami-edb9069e
sipxcom_ami: ami-e3f1d694
tiny_instance: t1.micro
free_instance: t2.micro
large_instance: m4.large
ssh_keyname: devops-key
secgroup_id: sg-9a-**********

Defining the above configuration files will help us increase the level of abstraction used in the main playbook.

cd ..
-rw-r--r--. 1 mcostache mcostache  726 Aug 30 21:05 centos_provision.yml
drwxr-xr-x. 2 mcostache mcostache 4096 Aug 31 11:23 files

Let’s take a look at the main playbook by using cat command:

cat centos_provision.yml
- hosts: localhost                #since we will use AWS API’ we will run not need SSH (for now...)
  connection: local 
  remote_user: devops             #AWS IAM user defined 
  gather_facts: no
  - files/awscreds.yml            #credential files
  - files/info.yml                #machine sizing and used AMI 
- name: Basic provisioning of EC2 instance 
     aws_access_key: "{{ aws_id }}"   
     aws_secret_key: "{{ aws_key }}"
     region: "{{ aws_region }}"
     image: "{{ standard_ami }}"
     instance_type: "{{ large_instance }}"
     key_name: "{{ ssh_keyname }}"
     count: 1
     state: present
     group_id: "{{ secgroup_id }}"
     wait: no
     vpc_subnet_id: subnet-********
     assign_public_ip: yes
       Name: centOS_template
    register: ec2info
 - name: Print the results
    debug: var=ec2info

aws_access_key: “{{ aws_id }}” — will use aws_id: AKIA–********** defined in awscreds.yml and so on, you get the point…

Step 3. Run Ansible playbook and configure root access for CentOS image

1. EC2 Ansible modules requires python >= 2.6 and boto. Make sure you have them installed. On my Fedora machine, I’ve used pip install boto command
2. I’ve used instructions from here to enable root access for AMI: http://gurjeet-tech.blogspot.ro/2012/02/allowing-root-access-in-amis.html


ansible-playbook centos_provision.yml

[WARNING]: provided hosts list is empty, only localhost is available

PLAY [localhost] ***************************************************************

TASK [Basic provisioning of EC2 instance] **************************************
changed: [localhost]


PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0

Now let’s get on the AWS console interface under Services-EC2 you should see something like this picture:

We will wait for the job to be finished then we will grab the public IP address assigned to this instance to allow root login

chmod 600 ~/.ssh/devops-key.pem
[mcostache@localhost Ansible_AWS_SipXcom]$ ssh -i ~/.ssh/devops-key.pem centos@
Last login: Wed Aug 31 08:51:46 2016 from

Execute these steps directly from centos user cli:

$ sudo perl -i -pe 's/disable_root: 1/disable_root: 0/' /etc/cloud/cloud.cfg
$ sudo perl -i -pe 's/#PermitRootLogin .*/PermitRootLogin without-password/' /etc/ssh/sshd_config
$ sudo perl -i -pe 's/.*(ssh-rsa .*)/\1/' /root/.ssh/authorized_keys
$ sudo /etc/init.d/sshd reload # optional command

service sshd restart

Now you should be able to ssh as root:

ssh -i ~/.ssh/devops-key.pem root@
Last login: Wed Aug 31 08:51:25 2016 from
[root@ip-10-0-0-214 ~]#

Go to Part 2 of the blog series to Learn how to create a sipXcom-based AMI.