lundi 15 janvier 2024

terraform, then ansible

Terraform creates the infra, 
then we want to use ansible to actually configure it...

Different solutions exist to run Terraform, and them ansible:

  • Using Terraform Output as Ansible Inventory :
    https://github.com/adammck/terraform-inventory
     $ terraform-inventory -inventory terraform.tfstate [all] 10.10.1.2 10.10.1.3


  • `local-exec` / `remote-exec` : terraform runs ansible locally 

     ``` provisioner "local-exec" {command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u {var.user} -i '${self.ipv4_address},' --private-key ${var.ssh_private_key} playbook.yml"} ```
    key component here is the ${self.ipv4_address} variable. After provisioning the machine, Terraform knows its IP address. And we need to pass an IP address for Ansible.

     (cf https://www.cprime.com/resources/blog/terraform-and-ansible-tutorial-integrating-terraform-managed-instances-with-ansible-control-nodes )

     

  • using dynamic inventory and cloud providers specific ansible modules 

    •  AWS : https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html 
    •  GCP : https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_inventory.html#ansible-collections-google-cloud-gcp-compute-inventory and so on...



AWS example of the dynamic inventory:


ansible.cfg :
enable_plugins=aws_ec2

aws_ec2.yml (example):
plugin: aws_ec2
regions:
  - "us-east-1"
keyed_groups:
  - key: tags.Name
  - key: tags
    prefix: tag
  - prefix: instance_type
    key: instance_type
  - key: placement.region
    prefix: aws_region
filters:
  instance-state-name : running
  # All instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # All dev and QA hosts
  tag:Environment:
    - dev
    - qa
compose:
  ansible_host: public_ip_address



Good way to test : 
ansible-inventory -i aws_ec2.yml --graph
ansible all –list-hosts



To run a playbook have/generate 4 files : myplaybook.yml, key.pem, aws_ec2.yml (seen before), and ansible.cfg (seen after)


ansible.cfg
[defaults]
inventory=./aws_ec2.yml
host_key_chekcing=false
remote_user=ec2-user
private_key_file=key.pem

[privilege_escalation]
become=true
become_method=sudo
become_user=root


Run 

ansible <group-name> -i aws_ec2.yaml -m ping --private-key=<private-key-name> 

ansible-playbook myplaybook.yml
 (with hosts: _Ansible_TargetNode or whatever you have validated in the output of the inventory)






# sources : 
https://www.cloudthat.com/resources/blog/step-by-step-guide-to-integrate-ansible-dynamic-inventory-plugin-for-aws-ec2-instances#why-ansible-dynamic-inventory-

https://medium.com/geekculture/a-complete-overview-of-ansible-dynamic-inventory-a9ded104df4c



Posted by at
Labels: , , , , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)