Fix: Ansible did not properly deploy with root user

- userdata now creates "ubuntu" user with sudo permissions (like AWS has)
- ansible module now uses "become" instead of relying on root user

Update: TFvars file has been updated with new instructions about setting region

ansible.tf

@@ -41,8 +41,9 @@ module "ansible" {
   source           = "github.com/insight-infrastructure/terraform-ansible-playbook.git?ref=v0.15.0"
   create           = var.create
   ip               = var.create_eip ? join("", alicloud_eip.this.*.ip_address) : join("", alicloud_instance.this.*.public_ip)
-  user             = "root"
-  private_key_path = var.private_key_path
+  user             = "ubuntu"
+  private_key_path = pathexpand(var.private_key_path)
+  become           = true
 
   bastion_ip   = var.bastion_ip
   bastion_user = var.bastion_user

instance.tf

@@ -85,7 +85,8 @@ resource "alicloud_instance" "this" {
 
   system_disk_size = var.root_volume_size
 
-  key_name = var.public_key_path == "" ? var.key_name : alicloud_key_pair.this.*.key_name[0]
+  user_data = templatefile("${path.module}/userdata.sh.tpl", { ssh_key = chomp(file(pathexpand(var.public_key_path))) })
+  key_name  = var.public_key_path == "" ? var.key_name : alicloud_key_pair.this.*.key_name[0]
 
   tags = merge({ Name = local.name_suffix }, var.tags)
 }

terraform.tfvars

@@ -1,3 +1,4 @@
-//region           = "us-east-1"  # See https://www.alibabacloud.com/help/doc-detail/40654.htm
+# To set the region, please set the ALICLOUD_REGION environment variable
+# See https://www.alibabacloud.com/help/doc-detail/40654.htm for valid regions
 //private_key_path = "/path/to/your/key"
 //public_key_path  = "/path/to/your/key.pub"

userdata.sh.tpl

@@ -0,0 +1,6 @@
+#! /bin/sh
+useradd -s /bin/bash -m ubuntu
+echo "ubuntu   ALL=(ALL)        NOPASSWD:ALL" | tee -a /etc/sudoers
+mkdir /home/ubuntu/.ssh
+touch /home/ubuntu/.ssh/authorized_keys
+echo "${ssh_key}" | tee -a /home/ubuntu/.ssh/authorized_keys