Terraform + Ansible : Automating configuration in Infrastructure

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone this is your host himal and today we are going to understand exactly how we can integrate terraform with ansible these are two different tools and uh why we want to integrate them listen stand with the basic example you can have a house which you can build and you need the furniture for that now the thing is both the vendors one who is building the house and the other who is building the furniture they have the capability to do both the things but the thing is we choose the vendor which have the best hands-on experience and providing the stuff so same story goes with terraform and uncivilized film both are masters in their field terraform on one hand deals with the infrastructure provisioning while ansible on the other hand is majorly in the orchestration and configuration management terraform starts with its communication with the api based structure communicating with the api of the cloud providers while ansible on the other hand communicates on basis of ssh layer then terraform mainly configures cloud infrastructure like aws as your etc while ansible majorly configures different type of servers like linux and windows etc terraform is writing style is a bit of a declarative type that it majorly deals with initial state and the last state that is more interested in providing you the final output while if you uh speak about ansible that is more on of a procedural type of stuff that it used to complete each and every task in a sequence or an order in order to achieve the final state but at the end of the day both are doing their task so rather than doing a computation we can combine both the tools and can have a single-handed solution that can handle everything and for that terraform has provided provisionals if we read the literal definition given by terraform for provisioners they can be used to model specific actions on the local machine on a remote machine in order to prepare servers or other infrastructure objects for a service if this definition is not making sense you can simply understand that if you're a windows person you can do analogy with the pass cli or powershell if you are a linux person just consider it as a simple shell based commands for aws person it can be compared with the aws cli for ansible it is a ad hoc and for puppet it can be a bolt well terraform is calling is a provisioner it it is considered as a last resort because this is something which you don't find in the resources the best practices use the resources to deploy the infrastructure and to do other things but if you cannot or if you need some extra hand you can run some command-based stuff as well with the help of provisionals i hope this is making sense as of now let's understand more on basis of a practical demo so in order to explain it um i have it in a git code let's first uh download from my gate repository you can always refer this good repository at him in one terraform learning now moving towards our linux host so that we can test all that stuff you simply need to have a git binary installed in your system and do a git clone and the repository name now it's cloned then uh posted inside the repository and the application section automation for us now just to make things easier and differentiate exactly uh what variations we can provide i have it in two methods so let's see them one by one so go to method one and see the files over there so this is your key file uh before doing that let's first initiate initialize the terraform directory so that you won't have to wait a lot okay so it's done um we basically uh initialize the plugin on the help the help of the provided os df where we mentioned exactly which plugins we need to download then again we have the main file instance.tf so let's see exactly what is written inside it understand it more further it simply consists of ec2 resource it's a simple source definition that will take an emi id and then since type then in which availability zone you want to deploy your ec2 and a simple key name if you scroll up you can see the key is also present over here in order to make sure that my instances can be easily connectable then we have a simple tag now we proceed towards a provisional section just make just to understand that the progressive section is a part of your resource only so it won't go out of the resource it will work for this resource only so it contains of two parts the one is remote exit and the second is the local exec it's wrong to save part basically it's two type of deployment strategies which is follow the remote exec is more of a local type the local type 2 the instance which is deployed so it is used to deploy the local commands on your ec2 instance don't confuse with the name the remote simply means that is remote to the terraform machine not remote to the pc2 so it will be local to your ec2 and will run whatever commands you want to do for example i want to set a host name for my ec2 instance then it will take some connection strings okay just one thing before that in what type of uh provisionals like in local or in remote your commands passing is a different method wherein the local you can simply pass the command using the command key pair while in the remote one you have to use an inline base method and you can give multiple commands so now pushing towards the connection but here we are defining few other things like what will my host name so my host name will be my aws instance and the resource type which is understandable to terraform and then a public dms so it will connect to the dns name of the machine then the type of the connection the connection type will be sshps then the user which is going to connect that will be easy to hyphen user and exactly the private key which we are going to use this will be the key that is aws exam testing dot pim that i have made for myself you can download the private key of your infrastructure into your machine and test accordingly then we'll proceed towards the next sections of the local exec now the local exact means the commands which are local to my terraform machine so what i'm going to do i'm simply going to first going to fetch the name of the machine and i'm going to write inside the inventory file which will work as my ansible inventory this i have written so that i don't have to manually update my inventory file a little bit of a dynamic thing now my second local executioner provision is dislike it will install apache base packages and it will start the my web server in my output section i have written so that um the output ip address of my machine will be provided the public ip address of myc to provide it and the public dns name of the institute will be visible i hope that is clear to you now this is the key this is your instance file this is the inventory which can if it's not clean as of now let's nullify it to avoid any confusion and that is a simple ansible configuration file it is saying that your inventory file will be any file with the name or directory file inventory then the remote user which is going to connect is easy to hyphen user host key checking is false so that we don't have to put yes or no every time then my private key file location it's inside the current directory and the file name is this and then some privilege based uh methods exactly which user is going to connect which method it's going to perform so that's in the theory part let's uh do all this in action so directory is initialized and let's apply it first do a plan to see that everything is correct okay so plan is fine nothing irrelevant visible to it let's perform the actual rollout so it's first creating the ec2 instance then as per a remote exit it is first trying to communicate with the ec2 now it's taking the dynamic name which is generated by amazon for it and trying to perform further connection now it's taking the different key base parameters username password etc and will trying to keep on making the connection unless the machine is ready and it's able to connect now once it's able to connect at this point it is trying to run some local commands like uh it's trying to install yum uh it is getting some errors at this point maybe because of some permission issues with the keys or something like that so let's let's try to see exactly what is the permission of a key it speaks for for me let's change the permission [Music] so that it's only root readable and then again perform a deployment i mean the meat and the resource is recreated let's check a flow diagram exactly how we are dealing with all that stuff so this is my client machine where uh terraform is installed i'm going from the terraform binary and it's communicating with my uh cloud-based api exactly it can be aws or anything so it's first communicating with the cloud api and different and on the basis of the resource which we have defined it will roll out a resource for you so we called the ec to resource so it deployed an ec2 instance for us now once dc2 instance is deployed terraform will invoke the probationary section so provisional though i have not shown in this diagram but provisional can either run some local commands based on the ansible playbooks you can provide provide according to your performance standard and perform the automation or the configuration management on ec2 or it can also run some remote commands directly on the ec2 in order to achieve some of the stuff required now back to our machine we can see it's still trying to communicate the machine is created but terraform is still trying to perform a remote connection so now i can see at this point it is able to connect and with the help of the local exec and with our ansible stuff it's trying to communicate and deploy the perform the actual configuration management here i have using a dock-based command you can run your playbook so it will take the time depending on how much time the young command will take to run to complete the stuff so if we scroll up it has successfully uh installed the yum package and started the apache web server for us so how we want to test that if this is working or not click this dynamic name or the ip of the machine and go to your browser just paste it over here so default web page of red hat should be present yes now if you put some stuff inside the web.html the things will be more clear to you so just go back and let's try to communicate with the name okay we are inside the machine and let's try to write some of the stuff sorry my bad index.html okay so one thing we can see that uh my ec2 name is also renamed from inside and let's go again on our web browser to see yes the changes are visible so my web server is working fine as of now this is one of this one form of the strategy which we performed now exit the machine [Music] and move to method two see what's heading over there for us so for this i'm using some of my if you viewed my previous videos i use the user data thing provided by easy to so in this strategy i use that thing as film so first do a terraform in it so this track is also initialized based on the plugins present in the providers.tf now start looking the actual data form code so this section also contains instances df here we are again going to deploy an aws ec2 resource for the ami instance id zone and the key file this time we are providing user data through the file this this function basically and the file is installed command to message we will have a look in that as well in a few minutes and this is the name of my ec2 machines now proceeding towards the provisioner section this time we are not use the remote section but instead only local section so what this local execution is doing on the local terraform machine first it's fetching the details of your ec2 machine and put it inside the dynamic inventory then this section is just fail safe because in few occasions i noticed that the machine is created by terraform but still it was not accessible so the code fails or just giving an additional sleep um we can change the sleep to less value as well even if you skip that part that hardly make any difference and after that we will use again our ansible code to do the required configuration management the thing that the initial remote exit which this time we are dealing with uh the handling with the help of the user base uh user data so let's see exactly what is inside the install dot sh install command message so now this time it's uh in a pre-prep it's trying to first create initial environment for us so it's creating an user for us providing the pseudo access to that user then creating directory stuff then this is the ownership for that uh directory then file and this is my simple key of my machine which is going to communicate in my case my same machine is acting as the reform as well as ansible note so the authorized keys of this is not authorized the rsa keys of my same machine will be copied inside that so the same key copy that so that i can communicate easily on the host then uh setting that required ownership and permission on my case so this thing is handled by the user data staff of ec2 that's all just nullified one more thing just avoid any confusion then let's see how the ansible.cfg file is changed over here like previous location that's again looking into the inventory file directory the remote user this time we are not going to use the easy to iphone user rather than we are going to use the user which we have created sensible test and the host key checking is false since we already copied the key on the ec2 we do not need the password or any other private key of that so that's all the theory part let's rock and roll just one more thing before that we want again the same errors so let's say for plan first and see if we are receiving any errors it's fine now let's perform the actual deployment so we can see that uh firstly my host name fetching inside the inventory is performed by the local exec then a simple fail safe sleep command so it may wait for these many seconds for that time i'm pausing the video so it's just going to end sleep cycle and then going to perform the next command so now it's proceeding with the ansible thing so that based on the user data which we have created previously that is fine all of our communication should be good and the ec2 should be deployed with the correct things in case any of your permissions or ownerships are wrong while providing the previous data it will fail and you might get some extra errors so looking on the logs it looked like sensible is able to communicate properly and able to deploy the things for us and just have a look on the new machine now am i able to communicate with it with a different user yes i'm able to and it's retaining its names as i have not provided any name based command over here so that's fine for me let's see on the browser level as well whether it's able to provide the web page department page yes it's able to provide the default page as well so that's all from my end on this provisional thing do read this thing i'll add this page link as well in the notes section so that you can have a deeper look share with your friends and do do let me know exactly about your feedbacks if you want any improvements or how the things are for you thank you very much have a nice day

Info

Channel: technotes of Hemant

Views: 2,869

Rating: 5 out of 5

Keywords:

Id: DeNflzdjxVM

Channel Id: undefined

Length: 21min 5sec (1265 seconds)

Published: Sun Apr 18 2021