Provisioning VMs using Terraform and Ansible
Back in April, I wrote a summary post about the project I had been working on to migrate to a new k3s cluster from the original Rancher Kubernetes cluster that I created in 2020. My intention was to continue that series and detail each part of that project. Unfortunately, I ran into some technical problems which meant that not only did the cluster get shutdown, but I didn’t have time to even look at it.
It’s been six months since my last update. Wow, I knew it had been some time, but that’s obviously way longer than I expected. I’ve had plenty to say and plenty of updates, but I was waiting for a specific event. Let’s take a step back so I can explain: Six months ago I ran into an issue where LDAP broke after a TLS certificate expired. It expired because it was not set up to renew automatically.
Since beginning this project, I have been slowly building up my (private) Ansible repository on Github. This repository is pulled into AWX where there are a series of jobs that run daily. The idea behind those daily jobs is to automate configuration and administration tasks such as installing the latest software and OS updates. I have also extended this capability to enhance my Kubernetes knowledge from building my workloads using the Rancher web interface to building manifest templates and deploying them using Ansible.
I looked up recently and realized that it had been almost 9 months since I posted an update here. It’s not that I have been idle, quite the contrary. The vision which originally sparked this project has continued to evolve. Too fast, unfortunately, because before I couldn’t take the time to document what I’ve done I’ve moved on to the next thing. This is especially disappointing because I’ve lost count of the number times I’ve come back to previous posts to refresh my memory about how I did something in the early days of this project.
Since the last update, I have been working to set up a basic way to automate common configuration and management tasks with Ansible. The basic Ansible setup uses a primary controller host with the Ansible software installed which has access to the various nodes to managed via Secure Shell (SSH). The managed hosts have minimal requirements. Namely they need to be able to receive incoming SSH connections, contain a Python interpreter to execute the commands, and usually an authentication mechanism such as SSH keys to allow logins without typing in a password.