Ansible and Terraform Together
HTML-код
- Опубликовано: 19 авг 2024
- This video will cover how the Ansible Automation Platform and Terraform can be used together to manager your infrastructure
The presenter is Alex Dworjan
Github:
github.com/sha...
github.com/sha...
www.redhat.com...
www.ansible.co...
www.ansible.co...
YEEEESSSS
itd be really nice to have an easy how to on ansible vault.
Great idea! I did a short walkthrough this morning that hopefully will help: ruclips.net/video/MnBV8zLq-_Y/видео.html
i'd like to know where you store values for variables {{pah_pass}}, {{cert_key_file}}, ... and how do you inject them ?
I've created custom credentials within automation controller and assigned them to the Job Template. They are being passed as extra variables via that custom credential
@@alexdworjan Okay thank you ! but I also wanted to know if the "cert_key_file" is the private key for your Execution Environment or the execution node ( so that you can push and pull to git ) ? or what else it should be ?
@@user-uj8qh6hg3r It is the private key for my specific user in github that has been added into my account: docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account. The private key is injected into the Execution Environment at runtime to provide the authentication.
@@alexdworjan Okay perfect ! thanks for explanation
hmmm it's not good idea to orchestrate terraform via ansible. What about plan and validations of changes ? ...
Build that into your Pull Request review process. If you need those steps reviewed by teams, don't use the Ansible survey, only use the gitops approach where teams make changes to the main.tf. Then the code review can include plan to verify any changes prior to approval. There are many different approaches, find the one that fits into your process.
@@alexdworjan ansible is a good tool for config management... But not for infrastructure. Better and safer is use ansible Provider on terraform code.
It's all about using what's best for your team and organization. Since Ansible is being used for config management of all kinds of infrastructure and networking gear plus orchestration (ServiceNow, etc) some customers prefer to use the workflow capabilities of Ansible. In this case, I'm still using Terraform to provision and maintain the state of the infrastructure.
@@alexdworjan hmm, magic tools don't exist... Ansible was written as configuration management, nothing more.. Terraform was created as an infrastructure management... Forcing Anisble to be a tool... It wasn't designed, it's not a good idea. I've been using Terraform and Ansible for many years. Develops roles and modules. Ansible is not a good idea for managing terraforms, there are much better technologies for this.
That's why most just use Ansible to call Terraform, not to manage Terraform. Similar to how you use the Ansible provider to have Terraform call Ansible, you can use the Terraform modules to have Ansible call Terraform. It's really about using the process that's best for you. In your case, it seems best to use Terraform.