Ansible, Terraform and your first infrastructure

# Ansible, Terraform and your first infrastructure ###### `research` `devops` `provisioning` `aws` `ansible` `terraform` *Hello @everyone, how is this going ? Today, on this blog i happily for exprience with AWS cloud and work with it, So go check and provisioning with me about Terraform, Ansible and AWS* ## Introduce something interesting about AWS, Terraform and Ansible :incoming_envelope: ![](https://hackmd.io/_uploads/HyhVB8ffp.png) - Terraform and ansible is ones of the best ever tools, which i have to used for my work. That is do the incredible things and jobs, so DevOps and SysOps maybe need to learning and applied this involve into work, best kind ever - So with Terraform, It is kind of IaC platform and you can look more thing about detailing of it in this [blog](https://hackmd.io/7M0GBhCARJuyWJLxN_vCdQ) - But `Ansible`, Is it the **same as like** `Terraform` or **not** ? That will be many type of questions about that. So with me Ansible, like **IaC** tools - "absolutely sure" but that more kind than this, with `Ansible` you can do setup one or more machine in onetime remotely just with your code, If compare with `Terraform` that will not **equivalent** because it do such different, so how is that it different, Go to more detail in below. Suppercool :cool: ![](https://hackmd.io/_uploads/H1B7dLGfp.png) - And yeah, Go to pro with `AWS` is incredible thing which everyone in this industry will and should learn about that. `AWS` is the one of biggest platforms about Cloud, `AWS` is the best way for you service like secure, fastly, safety, easily to use, ... - So how to combine three to one, you will learn this in downbelow, that need to understand with 2 of IaC, How you can setup your service in AWS. ## Behind this blog :sun_behind_cloud: ![](https://hackmd.io/_uploads/rJo1FUGfT.png) *So with blog, i will share about how to use Ansible and Terraform for making the basically infrastructure in AWS. How it can connection and what kind of difficult which you meet and how to resolve that.* ## Step to setup :roller_coaster: ### Prequirement before you go - WSL or Linux Environmnement for Running (Ansible Compile Error in Windows Machine) - Machine need `python3` and `pip3` installed before installing `Ansible` tools - Install `Ansible` for your machine to running the process referenced with [`Ansible`](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html). Just with `pip3 install ansible ansible-lint` - Install `aws-cli` for purpose connect your ansible with AWS Cloud via this secret things #!/bin/bash curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install - Feel free your requirements when installing ansible pluggin via [`ansible-galaxy`](https://galaxy.ansible.com/ui/), that will be provided you many pluggins for multiple purpose of provisioning and managing cloud resources by ansible. - You need to having AWS account - Free tier for example. With *free-tier*, you just need to have credit or debit card with 1$ to verify and you will have it. Go check detail about the free tier on this [link](https://aws.amazon.com/vi/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=*all&awsf.Free%20Tier%20Categories=*all) - ***Optionally***, you can configure some **extensions** for easily working with ansible on `VSCode - IDK another have include or not !` * [`redhat.ansible`](https://marketplace.visualstudio.com/items?itemName=redhat.ansible) --> That things for detection with you what pluggin work with * [`ansible-lint`](https://github.com/ansible/ansible-lint) --> You can also download `ansible-lint` by `pip3 install ansible-lint` ### Go to detail and analysis what you want *If you complete the list of work above, you are ready to go this step. Free free and try :coffee:* 1. Create your aws token and access key - Try for find the bestway to verify your account with Ansible - Important. Link: [Creating access keys for the root user - **This is not recommended**](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user_manage_add-key.html) - Fistly, you need to calm mind for doing this job. Because it will not protected your account, but also that easily step for doing such thing with AWS. But have more way you can verify that. Find more than in these link: - [Create Access And Secret Keys In AWS](https://k21academy.com/amazon-web-services/create-access-and-secret-keys-in-aws/) - [Keeping your secrets out of Ansible Playbooks](https://steampunk.si/blog/aws-credentials-safety/) - [Set up the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html) ![](https://hackmd.io/_uploads/BkHvyDGza.png) - Secondly, the topic is not diggest inside the aws cloud, but you need to remmembering about doing not to expose your credentials to another. That is not secure for your account - remmember that. Try the best way for suitable with your situation. 2. So if you got aws verify and connect your `aws-cli` or `ansible` with your AWS, the after step is more easily, you just need write a code and applied that. Link: [Ansible Concept](https://docs.ansible.com/ansible/latest/getting_started/basic_concepts.html) ![](https://hackmd.io/_uploads/H1DfevfGT.png) - With ansible, you will have something which need to familar with - `playbook` : This is the file which you put the step of your job and task inside for doing that for `local` or `remote` machine - `inventory`: This is folder which you can put your `hosts` file inside , which your define what IP address of remote PC need to be configuration (IDK to much about right construct of Ansible Project :smiley:). But some how ever you can put the ansible var file where you define multiple varible for each of machine. - `ansible.cfg`: This is file which you give a configuration for your ansible, this will help you ignore something annoy warning, accesslist import modules, ... Give a short time to take at [this](https://docs.ansible.com/ansible/latest/reference_appendices/config.html) ![](https://hackmd.io/_uploads/B1oEorQGT.png) - So all that is basically things which you meet them in first time have work with Ansible. Try to find your best version of folder to doing multiple work and configuration with high and performance control - Go on the disgest of what the Ansible doing in this project. That kind a simple like `include both Ansible and Terraform for working with. Ansible will responsibility for doing the configuration and interact with Terraform inside Runner - Make a runner for ansible in AWS` <div align="center"> <img src="https://miro.medium.com/v2/resize:fit:1092/1*x4TscxA6uaN3asAreNg6yw.png"> <strong><em><p style="text-align: center;">Source: <a href="https://medium.com/on-the-cloud/one-click-environment-creation-with-terraform-ansible-in-under-10-6e8d9284f60">One-click environment creation with Terraform & Ansible in under 10' - On The Cloud Kostas Gkountakos</a></p></em></strong> </div> - `Ansible` have role like **3th party tools**, it will do twice job: - Provisioning itself, `ansible-runner` in `AWS Cloud` and you can connect it directly with Authentication `SSH Key`. Ideally, When you doing that job you will control and plan for setting up your `pipeline CI/CD` easier than do it with Terraform. - Ansible will **not have mission** to provision the cloud, So you can interact with Terraform via Terraform install inside Ansible by **copy contents** terraform and **upgrade that into** VM and perform the **Terraform workflow**. * Terraform have role work with provision tool (IaC) for `provisioning` infrastructure with AWS provider 3. This is how full infromation about script, you can double check and find the way to best applied for your choice. You can find more ever about me and repo in this :arrow_right: [**link github**](https://github.com/Xeus-DevOps/aws-ansible-infrastructure) **Ansible**: - Ansible will have options create - destroy runner, that is median thing will connect you and aws cloud, so go through and check it :arrow_right: [ec2-folder](https://github.com/Xeus-DevOps/aws-ansible-infrastructure/tree/master/ansible/ec2) Command: ansible-playbook <which_ansible_file_you_want> \ --tags <which_tag_you_want_to_choice> Tags (Just need only for create Runner): 1. create-ssh-key: Create ssh key with name default or pass for it 2. create-runner: Create Ansible-Runner in cloud using the t2.micro image 3. view-runner: View and upgrade host for run teraform inside that - [terraform-runner-folder](https://github.com/Xeus-DevOps/aws-ansible-infrastructure/tree/master/ansible/terraform-runner) will have options for you install and copy content for terraform and run terraform flow to working with command: ansible-playbook terraform.yaml --extra-vars <key>=<value> --tags <which_tag_you_want_to_choice> Tags: 1. install-terraform: For install terraform tool for Ansible-Runner 2. copy_content: Copy content from local terraform into remove with sync configuration 3. terraform_init_plan: Init and view plan state of terraform before applied (Need --extra-vars) 4. terraform_apply: applied what terraform plan return (Need --extra-vars) 5. terraform_display_destroy: Init and view plan state of destroy process will be occured after destruction (Need --extra-vars) 6. terraform_destroy: Destroy process with destroy plan (Need --extra-vars) **Terraform (This is include in Ansible - Try that for manual if you just only want to use individually)**: - So with terraform be come easily to run, just go to right [env](https://github.com/Xeus-DevOps/aws-ansible-infrastructure/tree/master/terraform/env) and applied terraform work flow - With create or update for your infrastructure 1. terraform init or terraform init --reconfigure (if you want to make sure with new configure which new update like upgrade provider version, ...) 2. terraform plan 3. terraform apply -auto-approve - With destroy for your infrastructure 1. terraform init or terraform init --reconfigure (if you want to make sure with new configure which new update likes upgrade provider version, ...) 2. terraform plan -destroy 3. terraform destroy -auto-approve Your first infrastructure after the provisioning will be ![](https://hackmd.io/_uploads/rJ80sUmfp.png) ## Conclusion - I hope so this new is perfectly for your start with AWS, Ansible and Terraform. Maybe this tool can be your first choice on your career, so hangon and moving to learning more about that - This is basically for your knowledge about AWS cloud, so the hard thing will difficultly to exposure with a first biggest cloud and find hardy way to secure that. Difficult but fun :smiling_face_with_smiling_eyes_and_hand_covering_mouth: ![](https://hackmd.io/_uploads/HJ7XJw7Ma.png)