可以使用 Terraform 用的 Ansible 认证内容集合(v1.0.0)
总结
看到 Terraform 用的 Ansible 认证内容收藏集合(v1.0.0)现在可用,所以我试了一下。
情报链接
- twitter
我很高兴地宣布,Terraform 用的 Ansible 认证内容集现在可供使用。现已成为 Ansible Automation Platform 订阅计划的一部分,并可以在 Automation Hub 上使用。
- redhat
- github
引入
$ ansible-galaxy collection install cloud.terraform
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/cloud-terraform-1.0.0.tar.gz to /home/vagrant/.ansible/tmp/ansible-local-29742d9psx0sz/tmpulp0lvx7/cloud-terraform-1.0.0-_hacx70x
Installing 'cloud.terraform:1.0.0' to '/home/vagrant/.ansible/collections/ansible_collections/cloud/terraform'
cloud.terraform:1.0.0 was installed successfully
導入的文件樹結構
$ tree ~/.ansible/collections/ansible_collections/
/home/vagrant/.ansible/collections/ansible_collections/
|-- cloud
| `-- terraform
| |-- CHANGELOG.rst
| |-- FILES.json
| |-- LICENSE
| |-- MANIFEST.json
| |-- README.md
| |-- changelogs
| | |-- changelog.yaml
| | |-- config.yaml
| | `-- fragments
| | `-- 0001-initial.yml
| |-- docs
| | `-- docsite
| | `-- links.yml
| |-- meta
| | `-- runtime.yml
| |-- plugins
| | |-- module_utils
| | | `-- version.py
| | `-- modules
| | |-- terraform.py
| | `-- terraform_output.py
| |-- requirements.txt
| |-- requirements.yml
| |-- roles
| | |-- git_plan
| | | |-- README.md
| | | |-- meta
| | | | `-- argument_specs.yml
| | | `-- tasks
| | | `-- main.yml
| | `-- inventory_from_outputs
| | |-- README.md
| | |-- meta
| | | `-- argument_specs.yml
| | `-- tasks
| | `-- main.yml
| |-- test-requirements.txt
| `-- tests
| |-- integration
| | `-- targets
| | |-- action_groups
| | | |-- files
| | | | `-- nothing.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- aws
| | | |-- files
| | | | `-- cloud.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- azure
| | | |-- files
| | | | `-- cloud.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- complex_variables
| | | |-- files
| | | | |-- main.tf
| | | | `-- variables.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- gcp
| | | |-- files
| | | | `-- cloud.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- list_vars_passthrough
| | | |-- files
| | | | `-- main.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- local
| | | |-- files
| | | | `-- write_file.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- provider_upgrade
| | | |-- tasks
| | | | |-- main.yml
| | | | `-- test_provider_upgrade.yml
| | | |-- templates
| | | | `-- main.tf.j2
| | | `-- vars
| | | `-- main.yml
| | |-- state_planned
| | | |-- files
| | | | `-- write_file.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- terraform_output
| | | |-- files
| | | | `-- outputs.tf
| | | `-- tasks
| | | `-- main.yml
| | |-- test_git_plan
| | | |-- files
| | | | `-- write_file.tf
| | | `-- tasks
| | | `-- main.yml
| | `-- test_inventory_from_outputs
| | |-- files
| | | `-- create_inventory.tf
| | `-- tasks
| | `-- main.yml
| `-- unit
| |-- compat
| | |-- __init__.py
| | |-- builtins.py
| | |-- mock.py
| | `-- unittest.py
| `-- plugins
| `-- modules
| |-- cloud
| | `-- misc
| | `-- test_terraform.py
| `-- utils.py
`-- cloud.terraform-1.0.0.info
`-- GALAXY.yml
64 directories, 56 files
在以下的环境中进行试验。
环境
-
- Red Hat Enterprise Linux 8.5 (Ootpa)
-
- ansible-6.3.0-1.el8.noarch
-
- ansible-core-2.13.3-1.el8.x86_64
- Terraform v1.3.6 on linux_amd64
玩法手册例子
---
- hosts: localhost
gather_facts: false
vars:
project_dir: terraform/ # 最後の/が必要
tasks:
- name: Basic deploy of a service
cloud.terraform.terraform:
project_path: "{{ project_dir }}"
state: present
force_init: true
output "test" {
value = "Hello Terraform!"
}
[defaults]
verbosity = 1
stdout_callback = ansible.posix.debug
在ansible-galaxy集合安装ansible.posix的过程中,引入了ansible.posix.debug模块。
执行Playbook
首次
$ ansible-playbook site.yml
Using /home/vagrant/repo/terraform-collection-test/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: An error occurred while calling ansible.utils.display.initialize_locale (unsupported locale setting). This may result in incorrectly calculated text widths that can cause Display
to print incorrect line lengths
PLAY [localhost] *****************************************************************************************************************************************************************************
TASK [Basic deploy of a service] *************************************************************************************************************************************************************
changed: [localhost] => {
"changed": true,
"command": "/usr/bin/terraform apply -no-color -input=false -auto-approve -lock=true /tmp/tmph6h9tryt.tfplan",
"outputs": {
"test": {
"sensitive": false,
"type": "string",
"value": "Hello Terraform!"
}
},
"state": "present",
"workspace": "default"
}
STDOUT:
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
test = "Hello Terraform!"
PLAY RECAP ***********************************************************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
按原意结果已经获得。
在 /tmp 目录下会创建类似于 /tmp/tmph6h9tryt.tfplan 的 tfplan 文件。
```
只需要一个选项,以下是对上述内容的中文本地化改写:
$ tree -a .
.
├── ansible.cfg
├── site.yml
└── terraform
├── output.tf
└── terraform.tfstate
一个目录,五个文件
今回はバックエンドを構成していないので、terraform.tfstateファイルが作成されている。
```json:./terraform/terraform.tfstate
{
"version": 4,
"terraform_version": "1.3.6",
"serial": 1,
"lineage": "32d997f1-7e25-9783-9ce9-c7d753ee5086",
"outputs": {
"test": {
"value": "Hello Terraform!",
"type": "string"
}
},
"resources": [],
"check_results": null
}
第二次
$ ansible-playbook site.yml
Using /home/vagrant/repo/terraform-collection-test/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: An error occurred while calling ansible.utils.display.initialize_locale (unsupported locale setting). This may result in incorrectly calculated text widths that can cause Display
to print incorrect line lengths
PLAY [localhost] *****************************************************************************************************************************************************************************
TASK [Basic deploy of a service] *************************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"command": "/usr/bin/terraform apply -no-color -input=false -auto-approve -lock=true /tmp/tmpfnyqh4yc.tfplan",
"outputs": {
"test": {
"sensitive": false,
"type": "string",
"value": "Hello Terraform!"
}
},
"state": "present",
"workspace": "default"
}
STDOUT:
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
PLAY RECAP ***********************************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
在注册表变量中提取的内容中包括 outputs,但由于没有任何更改,所以在 STDOUT 中不包含 outputs。
当删除 terraform.tfstate 并执行时,STDOUT 将显示 outputs。
参考资料: ansible-doc cloud.terraform.terraform
$ ansible-doc cloud.terraform.terraform
Using /home/hiro/repo/terraform-ansible/ansible.cfg as config file
> CLOUD.TERRAFORM.TERRAFORM (/home/hiro/.ansible/collections/ansible_collections/cloud/terraform/plugins/modules/terraform.py)
Provides support for deploying resources with Terraform and
pulling resource information back into Ansible.
OPTIONS (= is mandatory):
- backend_config
A group of key-values to provide at init stage to the
-backend-config parameter.
"default": !!null "null"
"type": "dict"
added in: version 1.0.0 of cloud.terraform
- backend_config_files
The path to a configuration file to provide at init state to
the -backend-config parameter. This can accept a list of paths
to multiple configuration files.
"default": !!null "null"
"elements": "path"
"type": "list"
added in: version 1.0.0 of cloud.terraform
- binary_path
The path of a terraform binary to use.
"default": !!null "null"
"type": "path"
added in: version 1.0.0 of cloud.terraform
- check_destroy
Apply only when no resources are destroyed. Note that this
only prevents "destroy" actions, but not "destroy and re-
create" actions. This option is ignored when `state=absent'.
"default": !!bool "false"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- complex_vars
Enable/disable capability to handle complex variable
structures for `terraform'.
If `true' the `variables' also accepts dictionaries, lists,
and booleans to be passed to `terraform'. Strings that are
passed are correctly quoted.
When disabled, supports only simple variables (strings,
integers, and floats), and passes them on unquoted.
"default": !!bool "false"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- force_init
To avoid duplicating infra, if a state file can't be found
this will force a `terraform init'. Generally, this should be
turned off unless you intend to provision an entirely new
Terraform deployment.
"default": !!bool "false"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- init_reconfigure
Forces backend reconfiguration during init.
"default": !!bool "false"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- lock
Enable statefile locking, if you use a service that accepts
locks (such as S3+DynamoDB) to store your statefile.
"default": !!bool "true"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- lock_timeout
How long to maintain the lock on the statefile, if you use a
service that accepts locks (such as S3+DynamoDB).
"default": !!null "null"
"type": "int"
added in: version 1.0.0 of cloud.terraform
- overwrite_init
Run init even if `.terraform/terraform.tfstate' already exists
in `project_path'.
"default": !!bool "true"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- parallelism
Restrict concurrent operations when Terraform applies the
plan.
"default": !!null "null"
"type": "int"
added in: version 1.0.0 of cloud.terraform
- plan_file
The path to an existing Terraform plan file to apply. If this
is not specified, Ansible will build a new TF plan and execute
it.
Note that this option is required if 'state' has the 'planned'
value. In this case, the plan file is only generated, but not
applied.
"default": !!null "null"
"type": "path"
added in: version 1.0.0 of cloud.terraform
- plugin_paths
List of paths containing Terraform plugin executable files.
Plugin executables can be downloaded from
https://releases.hashicorp.com/.
When set, the plugin discovery and auto-download behavior of
Terraform is disabled.
The directory structure in the plugin path can be tricky. The
Terraform docs
https://learn.hashicorp.com/tutorials/terraform/automate-
terraform#pre-installed-plugins show a simple directory of
files, but actually, the directory structure has to follow the
same structure you would see if Terraform auto-downloaded the
plugins. See the examples below for a tree output of an
example plugin directory.
"default": !!null "null"
"elements": "path"
"type": "list"
added in: version 1.0.0 of cloud.terraform
= project_path
The path to the root of the Terraform directory with the
vars.tf/main.tf/etc to use.
"type": "path"
added in: version 1.0.0 of cloud.terraform
- provider_upgrade
Allows Terraform init to upgrade providers to versions
specified in the project's version constraints.
"default": !!bool "false"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- purge_workspace
Only works with state = absent
If true, the workspace will be deleted after the "terraform
destroy" action.
The 'default' workspace will not be deleted.
"default": !!bool "false"
"type": "bool"
added in: version 1.0.0 of cloud.terraform
- state
Goal state of given stage/project.
Option `planned` is deprecated. Its function is equivalent to
running the module in check mode.
choices: ["present", "absent", "planned"]
"default": "present"
"type": "str"
added in: version 1.0.0 of cloud.terraform
- state_file
The path to an existing Terraform state file to use when
building plan. If this is not specified, the default
`terraform.tfstate' will be used.
This option is ignored when plan is specified.
"default": !!null "null"
"type": "path"
added in: version 1.0.0 of cloud.terraform
- targets
A list of specific resources to target in this
plan/application. The resources selected here will also auto-
include any dependencies.
"default": !!null "null"
"elements": "str"
"type": "list"
added in: version 1.0.0 of cloud.terraform
- variables
A group of key-values pairs to override template variables or
those in variables files. By default, only string and number
values are allowed, which are passed on unquoted.
Support complex variable structures (lists, dictionaries,
numbers, and booleans) to reflect terraform variable syntax
when `complex_vars=true'.
Ansible integers or floats are mapped to terraform numbers.
Ansible strings are mapped to terraform strings.
Ansible dictionaries are mapped to terraform objects.
Ansible lists are mapped to terraform lists.
Ansible booleans are mapped to terraform booleans.
*Note* passwords passed as variables will be visible in the
log output. Make sure to use `no_log=true' in production!
"default": !!null "null"
"type": "dict"
added in: version 1.0.0 of cloud.terraform
- variables_files
The path to a variables file for Terraform to fill into the TF
configurations. This can accept a list of paths to multiple
variables files.
Up until Ansible 2.9, this option was usable as
`variables_file'.
aliases: ["variables_file"]
"default": !!null "null"
"elements": "path"
"type": "list"
added in: version 1.0.0 of cloud.terraform
- workspace
The terraform workspace to work with.
"default": "default"
"type": "str"
added in: version 1.0.0 of cloud.terraform
NOTES:
* To just run a `terraform plan', use check mode.
REQUIREMENTS: terraform
AUTHOR: Ryan Scott Brown (@ryansb)
EXAMPLES:
- name: Basic deploy of a service
cloud.terraform.terraform:
project_path: '{{ project_dir }}'
state: present
- name: Define the backend configuration at init
cloud.terraform.terraform:
project_path: 'project/'
state: "{{ state }}"
force_init: true
backend_config:
region: "eu-west-1"
bucket: "some-bucket"
key: "random.tfstate"
- name: Define the backend configuration with one or more files at init
cloud.terraform.terraform:
project_path: 'project/'
state: "{{ state }}"
force_init: true
backend_config_files:
- /path/to/backend_config_file_1
- /path/to/backend_config_file_2
- name: Disable plugin discovery and auto-download by setting plugin_paths
cloud.terraform.terraform:
project_path: 'project/'
state: "{{ state }}"
force_init: true
plugin_paths:
- /path/to/plugins_dir_1
- /path/to/plugins_dir_2
- name: Complex variables example
cloud.terraform.terraform:
project_path: '{{ project_dir }}'
state: present
camplex_vars: true
variables:
vm_name: "{{ inventory_hostname }}"
vm_vcpus: 2
vm_mem: 2048
vm_additional_disks:
- label: "Third Disk"
size: 40
thin_provisioned: true
unit_number: 2
- label: "Fourth Disk"
size: 22
thin_provisioned: true
unit_number: 3
force_init: true
### Example directory structure for plugin_paths example
# $ tree /path/to/plugins_dir_1
# /path/to/plugins_dir_1/
# └── registry.terraform.io
# └── hashicorp
# └── vsphere
# ├── 1.24.0
# │ └── linux_amd64
# │ └── terraform-provider-vsphere_v1.24.0_x4
# └── 1.26.0
# └── linux_amd64
# └── terraform-provider-vsphere_v1.26.0_x4
RETURN VALUES:
- command
Full `terraform' command built by this module, in case you
want to re-run the command outside the module or debug a
problem.
"returned": "always"
"sample": "terraform apply ..."
"type": "str"
- outputs
A dictionary of all the TF outputs by their assigned name. Use
`.outputs.MyOutputName.value' to access the value.
"returned": "on success"
"sample": "{\"bukkit_arn\": {\"sensitive\": false, \"type\": \"string\", \"value\"\
: \"arn:aws:s3:::tf-test-bukkit\"}"
"type": "complex"
CONTAINS:
- sensitive
Whether Terraform has marked this value as sensitive
"returned": "always"
"type": "bool"
- type
The type of the value (string, int, etc)
"returned": "always"
"type": "str"
- value
The value of the output as interpolated by Terraform
"returned": "always"
"type": "str"
- stdout
Full `terraform' command stdout, in case you want to display
it or examine the event log
"returned": "always"
"sample": ""
"type": "str"
