Use Terraform to Create a FREE Ansible Lab in AWS

Gineesh Madapparambath

3 years ago

Introduction

When it comes to create an Ansible Lab, you can easily spin-up one using Terraform on AWS, GCP or Azure. Even though we are creating small lab (eg: nodes with 1GB memory etc), still some of the students wants to setup their Ansible Lab on Public Cloud due to various reasons. If you are a person who like to do everything from scratch, then read How to Create a FREE Ansible Lab in Public Cloud (AWS, GCP, Azure). This guide is for same purpose but we will use Terraform to quickly spin up the instances in AWS and configure them to use as Ansible Lab; with a single or few commands.

Other ways to create Quick Ansible Lab to practice.

Read How to Create a FREE Ansible Lab in Public Cloud (AWS, GCP, Azure)
Watch video for How to Setup Lab Vagrant + VirtualBox for Ansible Lab and How to Create Ansible Lab using Vagrant + VirtualBox.

Watch Ansible for Beginners YouTube Playlist

Prerequisites

AWS Account – You can Sign up for AWS Free Tier; Credit Card is needed but it won’t be charged if you are using the free tier services. We need only Free tier services to setup this Lab.
AWS Credential Secrets.
Terraform Installed on your machine

How to Create Ansible Lab using Terraform

This is pretty straightforward but if you do not have the packages installed, yes few additional steps as below.

Step 1. Install Terraform

If you haven’t yet, Download and Install Terraform.

Step 2. Configure AWS Credential

Goto AWS Console – > IAM -> Users -> Add User and select Programmatic access

Add Tags if needed and Create User.

Important: Copy the Access key ID and Secret access key as we need this in next steps.

On your workstation, add new AWS Credentials. If you have already configured other credentials, then add this as new profile; see below file for example.

$ cat ~/.aws/credentials 
[default]
aws_access_key_id=AKIA5WGDZFEXAMPLEKEY
aws_secret_access_key=Wb1v7OXMMYNRlNYXOGK5sPxZEXAMPLEACCESSKEY

[ansible]
aws_access_key_id=AKIA5WGDZFEXAMPLEKEY
aws_secret_access_key=Wb1v7OXMMYNRlNYXOGK5sPxZEXAMPLEACCESSKEY

Also add config file if not exists.

$ cat ~/.aws/config 
[default] 
region=ap-southeast-1 output=json

Remember to use the correct profile name in your terraform script main.tf later; eg: ansible in our case.

Step 3. Create SSH Keys to Access the ec2 instances

If you have existing keys, you can use that; otherwise create new ssh keys.

Warning: Please remember to not to overwrite the existing ssh key pair files; use a new file name if you want to keep the old keys.
If you are using any key files other than ~/.ssh/id_rsa, then remember to update the same in variables.tf as well.

$ ssh-keygen

Step 4. Clone the Repository and create your Ansible Lab

$ git clone https://github.com/ginigangadharan/terraform-iac-usecases
$ cd terraform-aws-ansible-lab

## init terraform
$ terraform init

## verify the resource details before apply
$ terraform plan

## Apply configuration - This step will spin up all necessary resources in your AWS Account
$ terraform apply
.
.
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_key_pair.ec2loginkey: Creating...
aws_security_group.ansible_access: Creating...
.
.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

ansible-engine = <Public IP ADDRESS>
ansible-node-1 = <Public IP ADDRESS>
ansible-node-2 = <Public IP ADDRESS>

How to Access the Lab ?

Terraform will show you the Public IP of ansible-engine (and other instances as above) and you can access using that IP.Host: Public IP of ansible-engine.

SSH Keys are already copied inside all ec2 instances under devops user but still you can access it using credentials if accessing from different machines. (Username: devops, Password: devops)

$ ssh devops@ANSIBLE_ENGINE_IP_ADDRESS
[devops@ansible-engine ~]$

A default ansible.cfg and inventory files are already available to use under home directory (/home/devops/)

## Check Files copied automatically
[devops@ansible-engine ~]$ ls -l
total 8
-rwxr-xr-x 1 devops devops  82 Jun 10 09:04 ansible.cfg
-rwxr-xr-x 1 devops devops 524 Jun 10 09:04 inventory

ansible-engine to ansible-nodes ssh connection is already setup using password in inventory file.

## Verify Instance Access
[devops@ansible-engine ~]$ ansible all -m ping
ansible-engine | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

That’s it; get your hand’s dirty and practice as much as you need.

Step 5. Destroy Lab Once you are Done

As we know, we are dealing with FREE tier, remember to destroy the resources once you finish the lab or practicing for that day.

$ terraform destroy

Do not need to worry, you will get the same lab setup whenever you needed by simply doing a terraform apply command again.

Any questions of comments ? Please ask in comment box.

Also read : How to Create a FREE Ansible Lab in Public Cloud (AWS, GCP, Azure.