At the 14th Ansible Meetup in Zurich, I gave a talk on integrating Ansible and Terraform. The session focused on the challenges of provisioning infrastructure, the strengths of each tool, and how to effectively make them work together.
The Core Challenge
While Ansible is a powerful configuration managment solution, using it for pure cloud infrastructure provisioning comes with hurdles. It lacks resource dependencies, doesn’t maintain an infrastructure state, and its declarative nature means running a “check mode” on infrastructure that doesn’t exist yet will simply fail. (There is an upcoming talk about a terraform plan implementation for Ansible - stay tuned)
Terraform, on the other hand, is built precisely for this. It maintains state, understands dependencies, and teaches you to treat your infrastructure as replaceable cattle 🐄 rather than pets 🐈. However, using Terraform’s provisioners (like local-exec) to handle configuration management should always be a last resort.
The Integration
The ideal workflow is using Terraform to provision the infrastructure and Ansible to configure the software on top of it. During the talk, I explored the just released Ansible provider for Terraform.
While certain features, like triggering playbooks directly from Terraform, still have some inconsistencies, the provider absolutely shines when it comes to inventory management. By creating ansible_host objects in Terraform, you can use the dynamic inventory plugin to allow Ansible to read directly from the Terraform state file. This eliminates the need for complex filtering and seamlessly hands off the newly created infrastructure to Ansible for the final configuration.
Demo & Source Code
During the session, I walked through a practical example of spinning up disposable Ubuntu virtual machines on AWS, attaching public IPs, and configuring Cloudflare DNS records.
You can find the complete code to replicate the setup in the repository:
Demo Repository on GitLab
Watch the Full Video
Download Presentation Slides