GitHub - silazare/terraform-ansible: Terraform with Ansible usage examples

Terraform with Ansible examples

Project Structure

.
├── README.md
├── ansible
├── ansible-provisioner-remote
├── terraform-dynamic
└── terraform-inline

Digital Ocean prerequisites

Create SSH key and add public part to Digital Ocean SSH keys

ssh-keygen -t rsa -f ~/.ssh/someuser -C someuser -P ""

Create API token and Space API secrets for backend

GCP prerequisites

Create SSH key and add public part to GCP VM metadata

ssh-keygen -t rsa -f ~/.ssh/tfuser -C tfuser -P ""

Configure gcloud settings at ~/.config/gcloud/configurations/config_default
Test manual VM creation

gcloud compute instances create \
--boot-disk-size=10GB \
--image-family=centos-7 \
--image-project=centos-cloud \
--machine-type=g1-small \
--tags webserver \
--restart-on-failure \
--zone=europe-west1-b webserver

gcloud compute instances list

ssh tfuser@$(gcloud compute instances list | awk '{print $5}' | tail -1) -i ~/.ssh/tfuser

gcloud compute instances delete --zone=europe-west1-b webserver

Create service account with needed permissions and save key file in safe place, export it before terraform run:

export GOOGLE_CLOUD_KEYFILE_JSON={{path_to_key.json}}

Terraform prerequisites

terraform >= 0.12
Terraform Cloud account with access token (https://app.terraform.io)
terraform-inventory plugin >=0.9
terraform-provisioner-ansible >=2.3.0

Terraform providers starting guide

https://www.terraform.io/docs/providers/google/getting_started.html https://www.terraform.io/docs/providers/do/index.html

Ansible prerequisites

Ansible >= 2.7.10
geerlingguy.nginx role is used with a little template customization
simple webserver role is used for testing static http site:
1. static html could be downloaded from GoogleDrive tables format or your direct link (google_drive variable set true or false)
2. docs_direct_url variable is getting from vault and .vault_pass file should be located at the ansible folder

Inline inventory

GCP provider
Terraform Cloud remote backend
1 webserver instance is being provisioned
Ansible executed as Terraform local-provisioner after terraform apply

Initialize providers:

cd terraform-inline
terraform init

Working in direct mode:

terraform plan
terraform apply -auto-approve

<HTTP at displayed webserver_nat_ip>

terraform destroy -force

Working with plan files:

terraform plan -out=apply.tfplan
terraform apply apply.tfplan

<HTTP at displayed webserver_nat_ip>

terraform plan -destroy -out=destroy.tfplan
terraform apply destroy.tfplan

rm -f *.tfplan

Dynamic inventory

Inventory script was changed for Terraform v0.12 However it is not working with GCP currently

GCP provider
Terraform Cloud remote backend
3 webservers with 1 LoadBalancer
Ansible executed separately with custom dynamic inventory pulling from Terraform tfstate
Terraform dynamic inventory is being used from - https://github.com/nbering/terraform-inventory

cd terraform-dynamic
terraform init
terraform plan
terraform apply -auto-approve

cd ../ansible
ansible-playbook provision_dynamic.yml --vault-password-file .vault_pass

<HTTP at displayed loadbalancer_nat_ip>

terraform destroy -force

Terraform-inventory

Script cannot fetch correct inventory from tfstate, fetch hosts/groups as vars

GCP provider
GCP service account key file
Terraform Cloud remote backend
3 webservers with 1 LoadBalancer
Ansible executed separately with Terraform-inventory

cd terraform-dynamic
export GOOGLE_CLOUD_KEYFILE_JSON={{path_to_key.json}}
terraform init
terraform plan
terraform apply -auto-approve

ansible-playbook --inventory-file=$(which terraform-inventory) ../ansible/provision_tf_inventory.yml --vault-password-file ../ansible/.vault_pass

<HTTP at LoadBalancer IP>

terraform destroy -force

Ansible-provisioner

Need to fix hosts interpolation for Local execution

Digital Ocean provider
AWS S3 remote backend
1 webserver instance is being provisioned (Remote execution)
3 webserver instances and 1 LB is being provisioned (Local execution)
Ansible executed as 3rd party provisioner

Provisioner installation steps:

curl -sL \
  https://raw.githubusercontent.com/radekg/terraform-provisioner-ansible/master/bin/deploy-release.sh \
  --output deploy-release.sh

chmod +x deploy-release.sh
./deploy-release.sh -v 2.3.0
rm deploy-release.sh

Remote execution:

cd ansible-provisioner-remote
terraform init
terraform plan
terraform apply -auto-approve

<HTTP at Droplet Public IP>

terraform destroy -force

Local execution:

cd ansible-provisioner-local
terraform init
terraform plan
terraform apply -auto-approve

<HTTP at Load Balancer IP>

terraform destroy -force

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Terraform with Ansible examples

Project Structure

Digital Ocean prerequisites

GCP prerequisites

Terraform prerequisites

Terraform providers starting guide

Ansible prerequisites

Inline inventory

Dynamic inventory

Terraform-inventory

Ansible-provisioner

Provisioner installation steps:

Remote execution:

Local execution:

About

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
ansible-provisioner-local		ansible-provisioner-local
ansible-provisioner-remote		ansible-provisioner-remote
ansible		ansible
terraform-dynamic		terraform-dynamic
terraform-inline		terraform-inline
.gitignore		.gitignore
README.md		README.md

silazare/terraform-ansible

Folders and files

Latest commit

History

Repository files navigation

Terraform with Ansible examples

Project Structure

Digital Ocean prerequisites

GCP prerequisites

Terraform prerequisites

Terraform providers starting guide

Ansible prerequisites

Inline inventory

Dynamic inventory

Terraform-inventory

Ansible-provisioner

Provisioner installation steps:

Remote execution:

Local execution:

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages