Ansible and Terraform - a powerful duo

Ansible is automation everything IT
If you have maybe 1-5 servers in your setup managing them individually should still be pretty easy. Now think about managing 200+ servers. If you had to login to them all individually that would just not be feasible.
This is something we have dealt with for a long time. In Windows Server environments we use Group Policy to solve many of these issues. You could use that or use Ansible for instance to push out configuration to your servers.
Ansible does not just enable you to automate deployments and configuration on multiple servers it will also allow you to manage routers and switches as well. So it is not limited to server automation but networking as well making it even more powerful.
One control station to rule them all
You can make one adjustment or one change at the control station and have the machine push out configuration to your nodes. Maybe you want to update DNS settings - update your control station and it will use SSH to connect to and update all the nodes.
Agentless and poweful
What makes Ansible to powerful is that you do not need any SCCM to push out and install any agents on the servers operating systems or anything it will use tools that are at your disposal out of the box. It will use SSH to connect to your machines and distribute your configuration this way, making the solution agentless.
Ansible uses a push model
You push commands and configurations from your control or master to your worker nodes, not the other way around. You write configuration and push it to clients using SSH.
Manage inventory with Ansible
When you want to push configuration to your nodes you will use hosts or inventory files that contains the lists of nodes you are working with, usually a list of IP-addresses. You can use simple .ini
files or for more complex deployments it is recommended to use .yaml
files.
Recommendations for building your inventory files with Ansible
When building your inventory of files it is recommended to slot them into logical groupings. For example you could divide groups into application servers, web servers and databases for instance.
Ansible and Terraform - demo
Anyone who follows me or has been to this website before knows I am all about automation. So what if we pair Terraform that can automate infrastructure with Ansible that can automate configuration? We should have a pretty neat setup. I have prepared a demo and a repository with some starter code that you can find HERE
- Clone the repository and ensure you are logged in to the correct Azure Subscription

- Deploy the solution
terraform init
terraform apply -auto-approve
(Supply password, remember this for later)

- Once the deployment is complete, take note of the public IP from
control_pip = IP

- I have prepared the control server with a custom script extension (CSE) where it will already have installed Ansible for us, if you want to know more about using the CSE review my earlier post here
- SSH into the control node by running
ssh adminuser@<public_ip>
Test the solution
Now that we have everything deployed and you are connected to your control node we will create our inventory and configuration file.
Inside the repository you cloned I have a configuration
folder with the contents you need that you can copy. I will use vi to create and edit the files on the control node but you can use whichever text editor you prefer.
- Create ansible directory
- Create inventory and configuration file with the contents specified from the repo, ensure you fill out the password you used to deploy the solution
- Test a deploy to our nodes
mkdir ansible_demo && cd ansible_demo
vi ansible.cfg
vi inventory.ini
ansible-inventory -i inventory.ini --list
ansible myhosts -m ping -i inventory.ini --ask-pass
If successful you should see something similar to this

We used a modul that is called ping
which is very basic and does just that, it pings our nodes to see if we will get a response. Since we turned off host_key_checking
in our ansible.cfg
(do not do that in PROD) we amend our command with --ask-pass
so out control can access the nodes.
We can create much more complex configuration other than ping
which we may demo here in the future but just imagine this towatds 200+ servers - pretty powerful right?
Just to showcase this I can change my switch to -a "sudo apt-get update"
to update both my nodes packages

Clean up
To remove everything simply exit
out of your SSH session and run terraform destroy -auto-approve
, you will need to supply the VM password again.
Once that is completed you are done.
References

About me
