Infrastructure as Code (IaC) configuration for developer operations. Using the Cybera Rapid Access Cloud provided OpenStack infrastructure.
terraform --version
# Terraform v0.14.8
# + provider registry.terraform.io/terraform-provider-openstack/openstack v1.39.0
ansible --version
# ansible 2.10.6
# config file = /etc/ansible/ansible.cfg
# configured module search path = ['/home/alexander/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
# ansible python module location = /home/alexander/sandbox/src/git.udia.ca/alex/udia-infra/env/lib/python3.7/site-packages/ansible
# executable location = /home/alexander/sandbox/src/git.udia.ca/alex/udia-infra/env/bin/ansible
# python version = 3.7.3 (default, Jul 25 2020, 13:03:44) [GCC 8.3.0]
Spin up the infrastructure using terraform:
# set environment variables and credentials
source alexanderwwong@gmail.com-Edmonton-openrc.sh
terraform validate
terraform plan -out tfplan
terraform apply tfplan
terraform show
Verify that you can ssh into the provisioned instance ssh helium. (using an .ssh/config entry)
Run the ansible playbook.
ansible-galaxy collection install devsec.hardening
ansible-galaxy collection install nginxinc.nginx_core
# https://github.com/nginxinc/ansible-role-nginx-config/issues/93 v0.3 > 0.4 syntax
# post terraform ansible playbook
ansible-playbook -i hosts.ini --tags initialize-os --timeout 60 helium.yml
ansible-playbook -i hosts.ini --tags initialize-nginx --timeout 60 helium.yml
ansible-playbook -i hosts.ini --tags nginx --timeout 60 helium.yml
# for the courageous
ansible-playbook -i hosts.ini --tags harden --timeout 60 helium.yml