extend previous setup to support ansible as a second stage

compscidr · Mar 23, 2021 · 8d11338 · 8d11338
1 parent 8c4b4a7
commit 8d11338
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -1,25 +1,35 @@
 # Infrastructure as Code
 
+## Preqreqs:
+- terraform 0.13.1 on the local deploy machine
+
+Terraform is used to deploy resources on digital ocean. Then once the resources
+are deployed, ansible is used to configure them.
+
 Most of this was created from this guide:
 https://www.digitalocean.com/community/tutorials/how-to-use-terraform-with-digitalocean#step-4-%E2%80%94-using-terraform-to-create-the-nginx-server
 
 Everything is made to work via setting two environment variables. The DO_PAT
 is the digital ocean API token. The pvt_key is set to the key which should be
 rolled out to the deployed resources.
 
-## Commands:
+## Terraform Commands:
 To plan:
-`terraform plan -var "do_token=${DO_PAT}" -var "pvt_key=$HOME/.ssh/id_rsa"`
+`terraform plan -var "do_token=${DO_PAT}" -var "pvt_key=$HOME/.ssh/id_rsa" -var "pub_key=$HOME/.ssh/id_rsa.pub"`
 
 To apply:
-`terraform apply -var "do_token=${DO_PAT}" -var "pvt_key=$HOME/.ssh/id_rsa"`
+`terraform apply -var "do_token=${DO_PAT}" -var "pvt_key=$HOME/.ssh/id_rsa" -var "pub_key=$HOME/.ssh/id_rsa.pub"`
 
 To show state:
 `terraform show terraform.tfstate`
 
 To destroy:
 `terraform plan -destroy -out=terraform.tfplan \
       -var "do_token=${DO_PAT}" \
-      -var "pvt_key=$HOME/.ssh/id_rsa" \`
+      -var "pvt_key=$HOME/.ssh/id_rsa" \
+      -var "pub_key=$HOME/.ssh/id_rsa.pub"`
 
 to make the destroy plan and `terraform apply terraform.tfplan`
+
+## Ansible
+https://www.digitalocean.com/community/tutorials/how-to-use-ansible-with-terraform-for-configuration-management
diff --git a/compute-1.tf b/compute-1.tf
@@ -1,18 +1,36 @@
-resource "digitalocean_droplet" "compute-1" {
+resource "digitalocean_droplet" "compute" {
+  count = 1
   image = "ubuntu-20-10-x64"
-  name = "compute-1"
+  name = "compute-${count.index}"
   region = "sfo2"
   size = "s-1vcpu-1gb"
   private_networking = true
   ssh_keys = [
     data.digitalocean_ssh_key.terraform.id
   ]
 
-  connection {
-    host = self.ipv4_address
-    user = "root"
-    type = "ssh"
-    private_key = file(var.pvt_key)
-    timeout = "2m"
+  provisioner "remote-exec" {
+    inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"]
+
+    connection {
+      host = self.ipv4_address
+      user = "root"
+      type = "ssh"
+      private_key = file(var.pvt_key)
+      timeout = "2m"
+    }
+  }
+
+  # todo: enable this when we have local ansible and ansible galaxy setup
+  # along with the ansible docker role
+  # provisioner "local-exec" {
+  #  command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -i '${self.ipv4_address},' --private-key ${var.pvt_key} -e 'pub_key=${var.pub_key}' apache-install.yml"
+  # }
+}
+
+output "droplet_ip_addresses" {
+  value = {
+    for droplet in digitalocean_droplet.compute:
+    droplet.name => droplet.ipv4_address
   }
 }
diff --git a/provider.tf b/provider.tf
@@ -9,6 +9,7 @@ terraform {
 
 variable "do_token" {}
 variable "pvt_key" {}
+variable "pub_key" {}
 
 provider "digitalocean" {
   token = var.do_token