Day-21: Ansible & Terraform Integration

Step-1:

We can now create an AWS EC2 instance named ‘Ansible Controller’ using our AMI image, as you prefer.

step-2:

We can now assign the IAM role based on your needs. For this task, I’ve created roles with full EC2 and full S3 access.

Step-3:

We can connect to the EC2 instance in the AWS console and check if Docker and network tools are installed by running the following commands:

docker ps
docker --version
ifconfig
jq
unzip

Step-4:

We can now install Ansible on the EC2 instance with root user permissions by running these commands:

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

Step-5:

Next, we can go to the following directory and remove the Ansible configuration. Then, we’ll create a new file as needed:

cd /etc/ansible/
rm -rf ansible.cfg
ansible-config init --disabled > ansible.cfg
nano ansible.cfg

Step-6:

Now we can change host_key_checking=false and remote_user=ansibleadmin , private_key_file=/home/ansibleadmin/key.pem

host_key_checking=False
remote_user=ansibleadmin
private_key_file=/home/ansibleadmin/key.pem

Step-7:

Now, we can change the root user to ansibleadmin, create a new key.pem file, copy your private key into it, and set the file permissions to 444:

nano key.pem
chmod 444 key.pem

Now, we can cross-check the /etc/ansible/ansible.cfg file to see if any changes have been made.

Step-8:

Now, we can download Terraform as the root user to the /usr/local/bin directory:

cd /usr/local/bin
root@ip-10-0-3-158:/usr/local/bin#
wget https://releases.hashicorp.com/terraform/1.8.5/terraform_1.8.5_linux_amd64.zip
unzip terraform_1.8.5_linux_amd64.zip
rm -rf terraform_1.8.5_linux_amd64.zip

Step-8:

Now, we can download the Terraform and Ansible files and store them in the ansible-files folder.

Next, we’ll create the ansiblekey.pem file in the /etc/ansible directory and set the correct permissions nano ansiblekey.pem
chmod 600 ansiblekey.pem.

Step-9:

Now, we can apply the Terraform and Ansible configuration files from the ansible-files folder and run the following Terraform commands.

terraform init
terraform validate
terraform fmt
terraform plan --var-file "15.terraform.tfvars"
terraform apply --var-file "15.terraform.tfvars"

Now, we can see that the client servers are successfully configured with Ansible.

Step-10:

We can check if the private servers are reachable using the Ansible inventory file with the following commands:

ansible -i invfile pvt -m ping
ansible -i invfile pub -m ping
ansible -i invfile pvt -m shell -a "df -h"
ansible -i invfile pvt -m shell -a "df -h | grep -i /dev/root"
ansible -i invfile pvt -m shell -a "df -h | grep -i /dev/root" -v
ansible -i invfile pvt -m shell -a "df -h | grep -i /dev/root" -vv
ansible -i invfile pvt -m shell -a "df -h | grep -i /dev/root" -vvv
ansible -i invfile all -m shell -a "df -h | grep -i /dev/root" -vvv
ansible -i invfile server01 -m shell -a "df -h | grep -i /dev/root" -v
ansible -i invfile 'pub:!server01' -m shell -a "df -h | grep -i /dev/root" -v