Terraform Module to Setup Ansible Tower in AWS

Automation is everywhere. Ansible Tower is one of the prominent tools for configuration management. This article will focus on using Terraform to automate installing Ansible Tower over AWS.

Both Ansible and Ansible Tower provide businesses with a wide variety of choices for configuration management. However, the two products should not be confused with one another. Ansible is a powerful tool for configuration management; nevertheless, those IT managers who are not comfortable with command-line tools may find it intimidating to use.

The command-line interface that Ansible provides makes it possible for IT teams to carry out a wide variety of configuration management tasks. By providing administrators with an automated and repeatable approach for deploying settings, the application does away with the necessity of ad hoc scripts and manual infrastructure management. Tower, on the other hand, offers increased usability as well as centralised control of administrative tasks.

Ansible Tower is an extension that adds additional management tools and seeks to solve this problem by adding a graphical user interface. It also extends the capabilities of Ansible. Ansible Tower additionally provides functions that are essential for the implementation of large-scale information technology in businesses. This provides accurate and safe access to the Ansible environment for individual and group users. It does this by including advanced settings for role-based access control, also known as RBAC. This makes things more secure and keeps a record of everything that goes on. These access control features are made possible by Ansible Tower's use of Active Directory and Lightweight Directory Access Protocol.

Furthermore, Ansible Tower is a centralized platform for managing an environment's host inventory, logging activity, and running Ansible playbooks. In addition, the Ansible Tower dashboard offers a unified view of the health and state of the deployment and provides information on the present execution of Ansible jobs.

HashiCorp, the parent organisation, defines it as, "Terraform is an infrastructure as code (IaC) tool that allows you to build, change, and version infrastructure safely and efficiently. This includes both low-level components like compute instances, storage, and networking, as well as high-level components like DNS entries and SaaS features."

- Infrastructure-as-Code
- Multi-cloud deployment and management
- Managing Kubernetes
- Integration with existing CI/CD workflows
- Managing virtual machine images
- Managing network infrastructure

Terraform also provides CDKTF (Cloud Development Kit for Terraform) to manage infrastructure using programming languages such as Java, Python, Go, C# and TypeScript.

- The Terraform environment is brought up to speed using the terraform init command (on a local level). In most cases, the init command is only used once throughout each session.
- After comparing the current state of Terraform and the existing state of the cloud, the terraform plan command develops and shows an execution plan. The deployment will not be affected in any way by this (read-only).
- The terraform apply command is the one that puts the plan into action.
- When we use terraform destroy, all of the resources that are controlled by this environment's terraform parameters will be removed.

The configuration files for Terraform are a collection of files that have the file extensions.tf and if.json. These files are used to define the infrastructure for Terraform. Terraform leverages a declarative approach for designing infrastructure. You are able to indicate the state you want the configuration file to be in by using configuration files. The parameters and values that indicate the desired state of the resources that make up your infrastructure are included in configuration files.

- Configuration file (files with the extension *.tf): This is where we describe the provider and resources that will be deployed, as well as the kind of resources and any resource-specific attributes.
- Variable declaration file (either variables.tf or variables.json): In this section, the input variables required to deliver resources are specified.
- Variable definition files (terraform.tfvars): In this step, values are given to the variables that were input.
- State file (also known as terraform.tfstate): When running Terraform for the first time, a state file is automatically produced. It stores information pertaining to the managed infrastructure that we have.

Teraform base Resources,

Variables.tf

variable ports { type = list(number) 

variable instance_type { type = string}

variable access_key { type = string }

variable secret_key { type = string }

variable region { type = string }

variable vpc_id {type = string}

variable ansible_tower_tar_URL {type = string}

variable image_name { type = string}

provider.tf

provider "aws"

  {region     = "${var.region}"

  access_key = "${var.access_key}"

  secret_key = "${var.secret_key}"

terraform.tfvars

ports = [25672, 15672, 4369, 5432, 443, 80, 22] instance_type = "t2.micro" region = "ap-south-1" vpc_id = "" access_key = "" secret_key = "" image_name = "RHEL_HA-8.4.0_HVM-*-x86_64-2-Hourly2-GP2" ansible_tower_tar_URL=

https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz

instance.tf

//AMI Image ID data "aws_ami" "RHEL" { most_recent = true owners = ["309956199498"] filter

{ name = "name"

values = ["${var.image_name}"]

filter { name = "root-device-type" values = ["ebs"] 

filter { name = "virtualization-type" values = ["hvm"]

// Creating EC2 instance resource "aws_instance" "RHEL-instance"

{ ami = "${data.aws_ami.RHEL.id}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.RHEL-key.key_name}"

security_groups = ["custom-sg"]

tags = { Name = "RHEL-TF" }

// Installing Ansible Tower on same instance connection { type = "ssh" user = "ec2-user" private_key = file("${path.module}/id_rsa") host = "${self.public_ip}" }

provisioner "file" { source = "ansibleTowerInstallation.sh" destination = "/tmp/ansibleTowerInstallation.sh" }

provisioner "remote-exec" { inline = [ "cd /tmp", "curl -O ${var.ansible_tower_tar_URL}", "tar xvfz /tmp/ansible-tower-*.tar.gz", "sudo sh /tmp/ansibleTowerInstallation.sh", "cd /tmp/ansible-tower-setup-*/", "sudo sh setup.sh", ] }

ssh-key.tf

// Creating SSH key pair

resource "aws_key_pair" "RHEL-key" { key_name = "RHEL-key"

public_key=file("${path.module}/id_rsa.pub") }

security-group.tf

// Creating Security group

resource "aws_security_group" "security-group"

{ name = "custom-sg"

description = "Allow TLS inbound traffic" vpc_id = "${var.vpc_id}"

dynamic "ingress"

{ for_each = var.ports

iterator = port content

{ description = "TLS from VPC"

from_port = port.value

to_port = port.value

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } }

egress

{ from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] }

tags = { Name = "custom-sg" } }

ansibleTowerInstallation.sh

#/bin/bash

sed"s/^admin_password=''/admin_password=redhat/" /tmp/ansible-tower-setup-*/inventory

sed"s/^pg_password=''/pg_password=redhat/" /tmp/ansible-tower-setup-*/inventory-sg"

Now, it’s time to execute

Download all required providers

>>> terraform init

Testing & reviewing configuration

>>> terraform plan

Once verified, applying the configuration

>>> terraform apply

We have successfully setup Ansible Tower in AWS.