How to pass terraform outputs variables into ansible as vars_files?

Question

I am provisioning AWS infrastructure using terraform and want to pass variables such as aws_subnet_id and aws_security_id into ansible playbook usi

Answer 1

terraform outputs are an option, or you can just use something like:

provisioner "local-exec" {
  command = "ANSIBLE_HOST_KEY_CHECKING=\"False\" ansible-playbook -u ${var.ssh_user} --private-key=\"~/.ssh/id_rsa\" --extra-vars='{"aws_subnet_id": ${aws_terraform_variable_here}, "aws_security_id": ${aws_terraform_variable_here} }' -i '${azurerm_public_ip.pnic.ip_address},' ansible/deploy-with-ansible.yml"
}

or you can do a sed thing ... as a local provisioner to update the var file..

or you can use terraform outputs.... your preference....

Answer 2

I highly recommend this script. It works well and is maintained by Cisco and will give you more flexibility.

https://github.com/CiscoCloud/terraform.py

Answer 3

I use Terraform local_file to create an Ansible vars_file. I add a tf_ prefix to the variable names to make it clear that they originate in Terraform:

# Export Terraform variable values to an Ansible var_file
resource "local_file" "tf_ansible_vars_file_new" {
  content = <<-DOC
    # Ansible vars_file containing variable values from Terraform.
    # Generated by Terraform mgmt configuration.

    tf_environment: ${var.environment}
    tf_gitlab_backup_bucket_name: ${aws_s3_bucket.gitlab_backup.bucket}
    DOC
  filename = "./tf_ansible_vars_file.yml"
}

Run terraform apply to create Ansible var_file tf_ansible_vars_file.yml containing Terraform variable values:

# Ansible vars_file containing variable values from Terraform.
# Generated by Terraform mgmt configuration.

tf_environment: "mgmt"
tf_gitlab_backup_bucket_name: "project-mgmt-gitlab-backup"

Add tf_ansible_vars_file.yml to your Ansible playbook:

  vars_files:
    - ../terraform/mgmt/tf_ansible_vars_file.yml

Now, in Ansible the variables defined in this file will contain values from Terraform.

Obviously, this means that you must run Terraform before Ansible. But it won't be so obvious to all your Ansible users. Add assertions to your Ansible playbook to help the user figure out what to do if a tf_ variable is missing:

- name: Check mandatory variables imported from Terraform
  assert:
    that:
      - tf_environment is defined
      - tf_gitlab_backup_bucket_name is defined
    fail_msg: "tf_* variable usually defined in '../terraform/mgmt/tf_ansible_vars_file.yml' is missing"

UPDATE: An earlier version of this answer used a Terraform template. Experience shows that the template file is error prone and adds unnecessarily complexity. So I moved the template file to the content of the local_file.

Answer 4

Use terraform outputs - https://www.terraform.io/intro/getting-started/outputs.html (it is not clear if you are using it already)

Then using command like terraform output ip, you can then use those values in your scripts to generate or populate other files like inventory files or vars_file.

Another option is to use terraform templates and render your files like inventory files from terraform itself and then use it from Ansible.