Notes on combining terraform and ansible together

Reading time: about 1 minute

Ansible communicates rather well with EC2 for inventory using the recommended python script. But:

Terraform diff update works pretty well to orchestrate cloud environments, but it still seems green enough that I need to hold its hand for certain things.

Terragrunt tries but doesn’t help the matter by adding 49 lines of boilerplate to each file, handicapping the Terraform DSL, and dividing your configuration up. I am suspicious that Terraform is deliberately handicapping the Terragrunt project with odd constraints on the DSL.

In order to get Ansible to successfully process a Terraformed EC2 instance, I’m switching ansible playbooks on EC2 tags:

- name: Bootstrap
  hosts: tag_bootstrap_true
  become: true
  gather_facts: no

I’d like to write a “please bootstrap me, Ansible” tag with Terraform and clear it with Ansible but Terraform will just add it back in the next time it runs.

This userdata script removes the need for most of the bootstrapping for Ansible:

sudo apt-get update
sudo apt-get -y install python-simplejson python-pip libpq-dev
pip install psycopg2

However the first run of ansible against the server must be performed with a specified username:

$ ansible-playbook roles/base/tasks/*.yml --user=ubuntu

So the workflow is this:

Date: 2018-Feb-21
Tags: ansible terraform terragrunt
Previous: Importing old content from around the web
Next: Secret secrets