Ansible and Terraform - a powerful duo

Ansible and Terraform - a powerful duo

Ansible is automation everything IT

If you have maybe 1-5 servers in your setup managing them individually should still be pretty easy. Now think about managing 200+ servers. If you had to login to them all individually that would just not be feasible.

This is something we have dealt with for a long time. In Windows Server environments we use Group Policy to solve many of these issues. You could use that or use Ansible for instance to push out configuration to your servers.

Ansible does not just enable you to automate deployments and configuration on multiple servers it will also allow you to manage routers and switches as well. So it is not limited to server automation but networking as well making it even more powerful.

One control station to rule them all

You can make one adjustment or one change at the control station and have the machine push out configuration to your nodes. Maybe you want to update DNS settings - update your control station and it will use SSH to connect to and update all the nodes.

Agentless and poweful

What makes Ansible to powerful is that you do not need any SCCM to push out and install any agents on the servers operating systems or anything it will use tools that are at your disposal out of the box. It will use SSH to connect to your machines and distribute your configuration this way, making the solution agentless.

Ansible uses a push model

You push commands and configurations from your control or master to your worker nodes, not the other way around. You write configuration and push it to clients using SSH.

Manage inventory with Ansible

When you want to push configuration to your nodes you will use hosts or inventory files that contains the lists of nodes you are working with, usually a list of IP-addresses. You can use simple .ini files or for more complex deployments it is recommended to use .yaml files.

Recommendations for building your inventory files with Ansible

When building your inventory of files it is recommended to slot them into logical groupings. For example you could divide groups into application servers, web servers and databases for instance.

Ansible and Terraform - demo

Anyone who follows me or has been to this website before knows I am all about automation. So what if we pair Terraform that can automate infrastructure with Ansible that can automate configuration? We should have a pretty neat setup. I have prepared a demo and a repository with some starter code that you can find HERE

  • Clone the repository and ensure you are logged in to the correct Azure Subscription
  • Deploy the solution
terraform init
terraform apply -auto-approve
(Supply password, remember this for later)
  • Once the deployment is complete, take note of the public IP from control_pip = IP
  • I have prepared the control server with a custom script extension (CSE) where it will already have installed Ansible for us, if you want to know more about using the CSE review my earlier post here
  • SSH into the control node by running ssh adminuser@<public_ip>

Test the solution

Now that we have everything deployed and you are connected to your control node we will create our inventory and configuration file.

Inside the repository you cloned I have a configuration folder with the contents you need that you can copy. I will use vi to create and edit the files on the control node but you can use whichever text editor you prefer.

  • Create ansible directory
  • Create inventory and configuration file with the contents specified from the repo, ensure you fill out the password you used to deploy the solution
  • Test a deploy to our nodes
mkdir ansible_demo && cd ansible_demo
vi ansible.cfg
vi inventory.ini
ansible-inventory -i inventory.ini --list
ansible myhosts -m ping -i inventory.ini --ask-pass

If successful you should see something similar to this

We used a modul that is called ping which is very basic and does just that, it pings our nodes to see if we will get a response. Since we turned off host_key_checking in our ansible.cfg (do not do that in PROD) we amend our command with --ask-pass so out control can access the nodes.

We can create much more complex configuration other than ping which we may demo here in the future but just imagine this towatds 200+ servers - pretty powerful right?

Just to showcase this I can change my switch to -a "sudo apt-get update" to update both my nodes packages

Clean up

To remove everything simply exit out of your SSH session and run terraform destroy -auto-approve, you will need to supply the VM password again.

Once that is completed you are done.

References

Leverage custom script extension post deployment tasks in Azure
The custom script extension is an extension you can apply on your virtual machine or virtual machine scale set that can download and execute scripts inside your operating system. This is beneficial if you have some post deployment tasks that you want achieved once the VM is deployed. For example
GitHub - carlzxc71/azure-ansible-lab
Contribute to carlzxc71/azure-ansible-lab development by creating an account on GitHub.

About me

About me
If you have landed on my page you will have already understood my passion for tech, but obviously there is more to life than that. Here I will try and outline a few of my other hobbies. Strength training I am a person who loves to move around and challenge