Terraform creates the infra,
then we want to use ansible to actually configure it...
Different solutions exist to run Terraform, and them ansible:
- Using Terraform Output as Ansible Inventory :
https://github.com/adammck/terraform-inventory
$ terraform-inventory -inventory terraform.tfstate
[all]
10.10.1.2
10.10.1.3
- `local-exec` / `remote-exec` : terraform runs ansible locally
```
provisioner "local-exec" {command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u {var.user} -i '${self.ipv4_address},' --private-key ${var.ssh_private_key} playbook.yml"}
```
key component here is the ${self.ipv4_address} variable. After provisioning the machine, Terraform knows its IP address. And we need to pass an IP address for Ansible.
(cf https://www.cprime.com/resources/blog/terraform-and-ansible-tutorial-integrating-terraform-managed-instances-with-ansible-control-nodes )
using dynamic inventory and cloud providers specific ansible modules
- AWS : https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html
- GCP : https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_inventory.html#ansible-collections-google-cloud-gcp-compute-inventory
and so on...
AWS example of the dynamic inventory:
ansible.cfg :
enable_plugins=aws_ec2
aws_ec2.yml (example):
plugin: aws_ec2
regions:
- "us-east-1"
keyed_groups:
- key: tags.Name
- key: tags
prefix: tag
- prefix: instance_type
key: instance_type
- key: placement.region
prefix: aws_region
filters: instance-state-name : running
# All instances with their `Environment` tag set to `dev`
tag:Environment: dev
# All dev and QA hosts
tag:Environment:
- dev
- qa
compose:
ansible_host: public_ip_address
Good way to test :
ansible-inventory -i aws_ec2.yml --graph
ansible all –list-hosts
To run a playbook have/generate 4 files : myplaybook.yml, key.pem, aws_ec2.yml (seen before), and ansible.cfg (seen after)
ansible.cfg
[defaults]
inventory=./aws_ec2.yml
host_key_chekcing=false
remote_user=ec2-user
private_key_file=key.pem
[privilege_escalation]
become=true
become_method=sudo
become_user=root
Run
ansible <group-name> -i aws_ec2.yaml -m ping --private-key=<private-key-name>
ansible-playbook myplaybook.yml
(with hosts: _Ansible_TargetNode or whatever you have validated in the output of the inventory)
# sources :
https://www.cloudthat.com/resources/blog/step-by-step-guide-to-integrate-ansible-dynamic-inventory-plugin-for-aws-ec2-instances#why-ansible-dynamic-inventory-
https://medium.com/geekculture/a-complete-overview-of-ansible-dynamic-inventory-a9ded104df4c
