terraform-aws-icon-node-configuration

Terraform module for running ansible playbooks. Wraps all the flags supported by the ansible-playbook command per docs. Supports running over bastion host along with a couple templating functions to help with some circumstances.

Inventory can be supplied with variables in the following order of precedence:true

• inventory_file - path to inventory file
• inventory_template - path to inventory template to render with inventory_template_vars
• ips - list of IPs to run against
• ip - single ip

More options will be built in the future.

Terraform versions

For Terraform v0.12.0+

Usage

Single host:

resource "aws_instance" "this" {
  ami = data.aws_ami.ubuntu.id
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.this.id]

  key_name = aws_key_pair.this.key_name
  associate_public_ip_address = true
}

module "ansible" {
  source = "../../"
  ip = aws_instance.this.public_ip
  playbook_file_path = var.playbook_file_path
  roles_dir = "../ansible/roles"
  user = "ubuntu"
  private_key_path = var.private_key_path
}

Bastion host:

resource "aws_instance" "bastion" {
  ami = data.aws_ami.ubuntu.id
  instance_type = "t2.small"

  subnet_id = module.vpc.public_subnets[0]
  vpc_security_group_ids = [
    aws_security_group.this.id]

  associate_public_ip_address = true
  key_name = aws_key_pair.this.key_name

  tags = {
    Name = "bastion-${random_pet.this.id}"
  }
}

resource "aws_instance" "private" {
  count = 2

  ami = data.aws_ami.ubuntu.id
  instance_type = "t2.small"

  subnet_id = module.vpc.private_subnets[0]
  vpc_security_group_ids = [
    aws_security_group.this.id]

  key_name = aws_key_pair.this.key_name

  tags = {
    Name = "private-${random_pet.this.id}-${count.index}"
  }
}

module "ansible" {
  source = "../../"

  ips = aws_instance.private.*.private_ip

  playbook_file_path = var.playbook_file_path
  roles_dir = "../ansible/roles"

  bastion_ip = aws_instance.bastion.public_ip
  bastion_user = "ubuntu"

  user = var.user
  private_key_path = var.private_key_path
}

With template:

resource "aws_instance" "this" {
  count = 3
  ami = data.aws_ami.ubuntu.id
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.this.id]

  key_name = aws_key_pair.this.key_name
  associate_public_ip_address = true
}

module "ansible" {
  source = "../../"

  inventory_template = "${path.cwd}/ansible_inventory.tpl"

  inventory_template_vars = {
    host_ip_1 = aws_instance.this.*.public_ip[0]
    hostname_1 = "foo"
    hostname_1_vars = <<-EOT
    stuff = "things"
EOT

    hostname_2 = "bar"
    host_ip_2 = aws_instance.this.*.public_ip[1]
    hostname_3 = "baz"
    host_ip_3 = aws_instance.this.*.public_ip[2]
  }

  playbook_file_path = var.playbook_file_path
  user = "ubuntu"
  private_key_path = var.private_key_path
}

Providers

Name	Version
local	n/a
null	n/a
template	n/a

Inputs

Name	Description	Type	Default	Required
ask_vault_pass	ask for vault password	bool	false	no
bastion_ip	The IP of the bastion host	string	""	no
bastion_user	The bastion user name	string	""	no
become	Become root flag	bool	false	no
become_method	privilege escalation method to use (default=%(default)s)	string	"sudo"	no
become_user	The user to become	string	"root"	no
cidr_block_matches	CIDR blocks to use for the bastion host	list(string)	[ "10...", "17.??..", "192.168..*" ]	no
cleanup	Debugging boolean to leave rendered files after call	bool	false	no
create	Boolean to ignore resource creation	bool	true	no
flush_cache	clear the fact cache for every host in inventory	bool	false	no
force_create	Force apply resources - overrides normal watcher for change in resources to apply.	bool	false	no
force_handlers	run handlers even if a task fails	bool	false	no
forks	specify number of parallel processes to use (default=5)	number	5	no
inventory	Not implemented	map(string)	{}	no
inventory_file	The path to an inventory file	string	""	no
inventory_template	The path to a template to run against	string	""	no
inventory_template_vars	A map of values to render the inventory template with	map(string)	{}	no
ip	The elastic ip address of the node being configured.	string	""	no
ips	A list of IPs to run against	list(string)	n/a	yes
module_depends_on	Any to have module depend on	any	n/a	yes
playbook_file_path	Absolute path to playbook file to configure the node	string	""	no
playbook_template_path	A path to a go templated playbook yml file	string	""	no
playbook_template_vars	A map of variables for the playbook go template	map(string)	{}	no
playbook_vars	Extra vars to include in run	map(any)	{}	no
playbook_vars_file	A path to a json / yaml for extra vars	string	""	no
private_key_path	Path to SSH private key to configure the node	string	n/a	yes
requirements_file_path	The path to a requirements file for ansible galaxy	string	""	no
roles_dir	Absolute path to roles directory to configure the node	string	""	no
scp_extra_args	specify extra arguments to pass to scp only (e.g. -l)	string	""	no
sftp_extra_args	specify extra arguments to pass to sftp only (e.g. -f, -l)	string	""	no
skip_tags	only run plays and tasks whose tags do not match these values	string	""	no
ssh_common_args	specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)	string	""	no
ssh_extra_args	specify extra arguments to pass to ssh only (e.g. -R)	string	"-p 22 -o ConnectTimeout=10 -o ConnectionAttempts=10 -o StrictHostKeyChecking=no -o IdentitiesOnly=yes"	no
start_at_task	start the playbook at the task matching this name	string	""	no
step	one-step-at-a-time: confirm each task before running	bool	false	no
tags	only run plays and tasks tagged with these values	string	""	no
user	The user used to configure the node	string	n/a	yes
vault_id	the vault identity to use	string	""	no
vault_password_file	vault password file	string	""	no
verbose	Boolean to force verbose mode on ansible call	bool	false	no

Outputs

Name	Description
ansible_cfg	n/a
ansible_sh	n/a
ip	n/a
ssh_cfg	n/a
status	n/a

Authors

Module managed by robcxyz and Insight Data Science.

License

Apache 2 Licensed. See LICENSE for full details.