Create Ansible provisioner

[lukehoersten]

I'd like to use Terraform to build infrastructure then configure it with Ansible, similar to the Chef provisioner.

[donovanmuller]

+1

[martineg]

+1
(is https://github.com/adammck/terraform-inventory an alternative?)

[lukehoersten]

terraform-inventory just isn't as clean as the Terraform Chef provisioner and hopefully what a true Ansible provisioner could be.

[tony612]

👍

[IanVS]

Honest question: would there be a benefit to having a built-in Ansible provisioner over-and-above just using local-exec and using the Ansible cli?

[donovanmuller]

@IanVS That is the route I followed initially but Terraform seems to buffer stdout, so once you kick off your Ansible plays you don't see anything until your play is done or has been running enough until the buffer flushes.

I'm hoping support for Ansible would hopefully solve this problem, however if there is a workaround or a fix in Terraform that would solve this, then that would be good enough for me.
Not sure about others reasons behind this?

[nlamirault]

👍

[bborysenko]

👍

[wakwanza]

+1

[kchygoe]

+1

[vikingops]

👍

[jsmartin]

Fix local_exec's buffering of stdout and just call the ansible-playbook command. Couple that with a terraform dynamic inventory script. That's going to be the most flexible.

[IanVS]

Ansible has its own dynamic inventory scripts as well. The advantage to using them rather than Terraform dynamic inventory is that you can continue to run the Ansible playbooks (for updates, upgrades, deployments, etc.) after you have used Terraform to spin up the resources.

[jsmartin]

@IanVS by "terraform dynamic inventory script" I'm referring to an Ansible dynamic inventory script that pulls form Terraform :).

[lukehoersten]

It's not so much about kicking off Ansible as it is about communicating the information Terraform has to Ansible. Ansible dynamic inventory is many times not enough (for example groups are auto-generated from tags etc). Ansible plays however typically use nice group names like "webservers". What would be ideal is something similar to what Vagrant does with Ansible:
http://docs.vagrantup.com/v2/provisioning/ansible.html

So, after running Terraform, Terraform now knows the custom VPC DNS domain names I've given each host. This is not easily known to Ansible. Also, Terraform could generate a static inventory w/ groups of my choosing etc.

This is just what I had in mind and a lot of it comes form Vagrant. Perhaps others are thinking of other features.

[ghost]

It would be great if stdout / wasn't buffered, at least as a stop-gap.

[riccardofreixo]

+1

[dflower-rms]

+1

[d33d33]

+1

[pmastalerz]

👍

[beeradb]

+1

[michaelandersen]

+1

[danieslo]

+1

[kelseyfrancis]

+1

[cad]

+1

[sidick]

+1

[jdoss]

+1

[dereulenspiegel]

+1

[asafdav]

+1

[andor-pierdelacabeza]

@cochransj @alessandro-dibella-rockalltech @visokoo @mr-future @schmitzcc And all the "+1" or ":+1:" posters, previous and to come: Stop Spamming.

If you wanna show support, instead of posting a comment and notifying the 100 people subscribed to it, there's an awesome "Add your reaction" button for each commit and issue, were you can give 'thumbs up' or 'thumbs down' or wathever you feel like giving to this issue. 🤦‍♂️

[rehmanzile]

👍

[stack72]

Hi Friends,

Just an FYI, I opened an issue on a terraform-provisioner-ansible to talk about this. The maintainer of that project is going to be doing some work on it and then he will be looking at, potentially, opening a PR to the core repo

While we'd love to see something like this, we don't currently have any plans to implement this ourselves. Until then, this issue is unlikely to see any movement and remain stale. We're trying to prune the stale issues (that aren't going to be addressed anytime soon) by closing them. Note that we only do this for enhancement requests and not bugs.

Thanks

@stack72

[FlorinAndrei]

@stack72 That issue you're referencing - you've actually closed it. Why reference it here, then?

[stack72]

@FlorinAndrei I am now waiting on the writer of the provisioner

This is classed as something we are not going to be working on ourselves - I am in email talks with the writer

[rcaught]

@stack72 there hasn't been movement on that repo for over a year. Any updates? I would really like to run an Ansible provisioner, but don't feel comfortable when things go this stale.

[rcaught]

Also, I've read the other issue, but this seems like it needs someone just to move the current version (with PR's merged that fix some things) into core. Otherwise we could be sitting here waiting for a rewrite forever.

[stack72]

Hi @rcaught

I totally understand your concerns - as you can see, I did ask the question over there and the owner said he was going to do it. Unfortunately, I don't really feel as though it's my place to pick someone's code and move it to Terraform core - we haven't written it and don't own it

I am hopeful this will get resolved though

Thanks

Paul

[nealabh]

Hi all

was looking for some similar kind of a solution for provisioning azure VMs
something like this worked well for me.

provisioner "local-exec" {
command = <<EOD
cat <> azure_hosts
${element(azurerm_public_ip.mh..ip_address, count.index)}
EOF
EOD
}
}
resource "null_resource" "ansible" {
triggers {
host_ip = "${element(azurerm_public_ip.mh..ip_address, count.index)}"
}
provisioner "local-exec" {
command = "sleep 1m && ansible-playbook -i azure_hosts deploy.yml"
}
}

creating a null resource helped me generate an un-buffered output.

what do you guys think on this?

[wjam]

It seems like the provisioner that's been linked here is only designed to run Ansible on the machine that has been created rather than running from the machine that is running Terraform. Wouldn't a better approach be similar to how Packer already does this?

Packer accomplishes this by for the ansible provisioner (Ansible runs on the machine running packer) by proxying the commands through an in-memory SSH server to the remote instance, thus reusing already configured connection.

For ansible-local (Ansible runs on the machine that has just been created), it's just a case of copying up a bunch of files and then running the Ansible command.

[radekg]

I've created this recently, this runs ansible on the provisioned host: https://github.com/radekg/terraform-provisioner-ansible.
The local one will be ready over the weekend or so. I'd be happy to contribute into the core, if anyone would be interested.

Edit: But I do understand the feature creep story, in such case, just a heads up. The plugin linked above works fine with terraform 0.11.x.

[radekg]

I've added the local mode to the https://github.com/radekg/terraform-provisioner-ansible. Currently with a few caveats but the first version is there: https://github.com/radekg/terraform-provisioner-ansible#running-in-local-mode.

[monokal]

Why did this ticket get closed? I find it odd that we have a Chef Provisioner but no supported Ansible Provisioner with so much interest being shown. local-exec isn't a nice or reliable method of executing Ansible.

[jullianoacqio]

+1

[devops-rob]

I agree with @monokal completely. Ansible and terraform are a marriage made in heaven! To not have native provisioner support for it or a willingness to introduce such a provisioner is beyond me. I use terrafrom because it makes deployment and management tasks easy, until we get to the ansible bit so reading some of the comments, I can understand why some people have opted to use ansible modules instead but then again, it's not ideal either. There seems to be a huge demand for such a provisoner looking at this thread so for me it's a no-brainer but somehow this has been closed :-/

[radekg]

Looking at the comments above, I'd love to repeat, happy to see https://github.com/radekg/terraform-provisioner-ansible contributed to the core. There are definitely a bunch of features to be implemented (the biggest one being Windows support) but it is more or less complete. It supports local and remote deployments, quite well tested on non-Windows deployments at this moment in time.

[monokal]

Can you open a PR then so there's at least a chance of it being reviewed?

…

On Sat, 2 Jun 2018, 11:12 pm Rad Gruchalski, ***@***.***> wrote: Looking at the comments above, I'd love to repeat, happy to see https://github.com/radekg/terraform-provisioner-ansible contributed to the core. There are definitely a bunch of features to be implemented (the biggest one being Windows support) but it is more or less complete. It supports local and remote deployments, quite well tested on non-Windows deployments at this moment in time. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2661 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AE6NkhgsDFGFMEDW4Fr4DQE_GvpTPHDxks5t4w3PgaJpZM4FUw5N> .

[bkmeneguello]

What are the criterions to add a feature to core? Maintenance? I think @radekg ansible provisioner is amazing and if promoted to core it would be amazing.

[radekg]

The https://github.com/radekg/terraform-provisioner-ansible is now available via Terraform Module Registry. Not sure if this is the correct distribution path but I was not able to think of anything better.

I'm not sure if the file naming in prebuilt releases will cause a problem when Terraform resolves the provisioner (I would assume it might be a problem). Please let me know if that is a problem, indeed.

Edit: it turned out that the released files naming was an issue. I have documented this in the readme and supplied a shell script to fetch and deploy a version of the provisioner: https://github.com/radekg/terraform-provisioner-ansible#installation.

[nwipfli]

Just tested the v.1.0.0 and it is working great. Very useful provisioner.

[radekg]

I have released version 2.0.0 of the Ansible provisioner:

• https://github.com/radekg/terraform-provisioner-ansible/releases/tag/v2.0.0
• https://registry.terraform.io/modules/radekg/ansible/provisioner/2.0.0

2.0.0 is not a drop-in replacement. Changes are documented: https://github.com/radekg/terraform-provisioner-ansible#breaking-changes. I have also provided some examples: https://github.com/radekg/terraform-provisioner-ansible/tree/master/examples.

Additionally, I have created a pull request for terraform. #19021 reflects the the commit radekg/terraform-provisioner-ansible@47d9435 (radekg@fac2403). The intent is to contribute the provisioner to Terraform.

[dmitrypol]

+1. Would be great to have official support.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.