Infrastructure automation is the use of technology to perform tasks with a reduced human assistance in order to control the tasks we do day in and day out. There are a lot of tools available in the market which allows us to automate certain tasks. Terraform is such an Infrastructure tool that can be used to automate infrastructure deployments. And Ansible allows automation of configuration management. We can fully automate Infrastructure deployments along with the configuration changes if Terraform is integrated with Ansible. The purpose of this code is to automate LAMP deployment. I will be deploying sample MediaWiki Application for your reference.
GitHub Link :
- You are using Azure for your infrastructure deployment.
- The host machine where this code needs to be run is Linux. Since Ansible can’t be installed on Windows. And WSL isn’t offically supported.
- Terraform module deploys RHEL 8 machine. This can be easily changed using terraform.tfvars file, since we are using variables for this deployment. This is explained in detail later.
- Linux Machine where we will install Terraform, Ansible and Azure CLI.
- Basic familarity with command line interface.
- Root privileges on this host machine.
terraform-resources directory contains the actual terraform and ansible code. terraform-modules directory is used to write or define terraform modules. This means you will be dealing with only terraform-resources folder most of the time. All the files I explain further are under terraform-resources unless otherwise mentioned.
- main.tf -> Main terraform file, that will eventually call required terraform modules defined in module section. You have to configure backend configuration in this file.
- terraform.tfvars -> Terraform Variable input file. Update all the variable values in the file before initiating the deployment.
- Install_Loop.yml -> Ansible playbook to define the packages we want to be installed. This playbook also has the firewall configuration and rules.
- mysql_secure -> Ansible playbook to setup mysql secure installation and make all the required changes regarding new database, user.
- apacheconfig.yml -> Ansible playbook to make Apache configuration changes. This includes downloading or editing any config files.
- restart_services.yml -> Ansible playbook to restart any service required to ensure changes are implemented.
- We are using Azure BLOB as backend configuration, so you need to ensure the storage account and container mentioned in the backend configuration exists. This is updated under backend section of main.tf file located in terraform-resources directory.
- To ensure this configuration is secure. We are using Key Vault to store all our sensitive information. Since we are using data block to fetch key vault secrets, where we store all our sensitive information. The key vault and the secrets should already exist.
- wiki_pass refers to the secret storing the password for the wiki MySQL user created as part of this process.
- mysql_root_pass refers to the secret storing the password for the root MySQL user created as part of this MySQL secure installation.
- virtual_machine_Usr refers to the secret storing the username for the Virtual Machine user.
- virtual_machine_Passwd refers to the secret storing the password for the Virtual Machine user.
- This deployment is using password authentication. In case you plan on using SSH keys, you need to edit line 67 to 74 on \terraform-modules\virtual_machine\main.tf and uncomment line 74 . I am using Password authentication to demonstrate how data block can be used to securely fetch username and password from keyvault. We can use File function to specify our private key location.
- We are using Terraform modules and variables to ensure this code is scalable. Before you start the deployment you need to update the required values in “terraform.tfvars” file under terraform-resources folder. If you aren’t sure about the expected values. You can hover your mouse on the value to find out the description. Reference image below :
- I have used conditionals in the terraform variables file to ensure we are performing error handling. You can edit or modify these conditionals if you have any specific custom requirements.
- Install_Loop.yaml file contains the list of packages which needs to be installed. If you are planning to install anything additional. Just append the list and loop will take care of the setup.
To run this example, simply follow to steps below:
- First you need to install Terraform and Ansible on your machine. You can use RHEL_Installation.sh or ubuntu_installation.sh located under terraform-resources based on the Linux distro.
- Run ‘az login’ to login Azure Subscription where these resources need to be deployed.
- After the setup, you need to navigate to terraform-resources folder, use :
cd terraform-resources terraform init terraform plan terraform apply
- Terraform init -> It initializes the directory and downloads required provider along with configuring the module.
- Terraform plan -> This helps you verify the code is going to deploy the resources as expected. This also ensures we don’t face any unwanted surprise. This isn’t mandatory, but a recommended step.
- Terraform apply -> This step applies the resources specified in this code. This will ask you to approve this later. We can skip manual approval by using –auto-approve parameter.
Best Practices & Recommendations
- Use Terraform workspaces for easier management of the deployments. This can also help us manage Dev, UAT and Production deployments instead of creating multiple state files\directories. Additionally it helps us follow BlueGreen deployment.
- If you are creating new resources\variables. Ensure naming convention is easily relatable, since we have a lot of variables in this code.
- Use conditionals to avoid unwanted surprises and better error handling.