Using Terraform with Ansible to Integrate LDAP

This project spins up a Google Cloud Centos7 instance with Terraform and connects to a preexisting LDAP server using Ansible. This way you can have a ready to go instance without extra, automatable steps. You can view my project on GitHub here. To run it on your own machine you need to create a Google Platform account, configure it on your machine, and fill in your custom environmental variables. Then you can simply run a script and the rest is done for you!

Set up Your Google Cloud Platform

To run my project, you need to have or create a Google Cloud Platform account. You can sign up for a free tier account with a $300 credit here.

After you have set up your account, go to your Google Cloud Console here. Create a new project or select an existing one.

Once this is complete, go to your computer’s terminal.

For Ubuntu

Install Google Cloud SDK with the following command. You will then need to source your bashrc with the last command.

curl https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.bash | bash

. ~/.bashrc

For RHEL

To install Google Cloud SDK you first need to add a repo. Run the following command and then vim into the repo you just created to add the gpgcheck, repo_gpgcheck, and the gpgkey. From there you can simply install the package.

yum-config-manager –add-repo https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64

your repo should be identical to this

After configuring the repo you can simply run yum install -y google-cloud-sdk and you are ready to move onto the next step!

Configure Environment and Custom Variables

To set up your environment run gcloud init. You will then have to fill in many prompts asking you to confirm credentials from Google Cloud and also pick some optional variables. The optional ones may or my not be filled based on your preference.

a gcloud init run

From this point you are ready to simply download my project from my GitHub here.

To run this script first you must add your own variables. Navigate to terraform/terraform.tfvars.orig and replace the values with your own Google Cloud Platform details. Save the file with the changes as terraform/terraform.tfvars. Then navigate to ansible/vars/ansible_vars.yml.orig, add your own LDAP connection details, and save the file as ansible/vars/ansible_var.yml.

From here you are ready to spin up your own Centos7 machines configured with a preexisting LDAP server by running ./run.sh

Ansible Quick Start

Get up and running with Ansible in 10 minutes or less! This should not be seen as a comprehensive guide but rather a quick start to get you running Ansible. For this guide we will be running against an Ubuntu system, however the steps are very similar for RHEL as well. You do need to have another server’s ip address or you can use your own local host.

First, we should install the proper packages through a Personal Package Archive. To do this run

  • sudo apt-get install -y software-properties-common ssh
  • sudo apt-add-repository –yes –update ppa:ansible/ansible
  • sudo apt-get install -y ansible

Check the install with ansible –version and you should see the version and below it a config file is listed with the path /etc/ansible/ansible.cfg. You will want to sudo vim /etc/ansible/ansible.cfg. While in vim, uncomment the lines inventory and sudo_user as pictured below then save the changes.

/etc/ansible/ansible.cfg

Ansible is run against nodes that we identify in the hosts file. To set up a basic hosts file first we will save a copy of the sample hosts file and then create our own.

  • sudo mv /etc/ansible/hosts /etc/ansible/hosts.original
  • vim /etc/ansible/hosts

Inside this file we need to add the ip address of the client you want to run ansible on. You can also run this against your own local host.

Now let’s make our playbook. Run sudo vim /etc/ansible/playbook.yml and copy the below into the file. Save and exit.

/etc/ansible/hosts

We now need to create a roles directory and a directory for our basic job. Run sudo mkdir -p /roles/basic/tasks and then sudo vim /etc/ansible/roles/basic/tasks/main.yml and copy the following simple command.

/etc/ansible/roles/basic/tasks/main.yml

To run the command simple use ansible-playbook -u [user on client]  /etc/ansible/playbook.yml. You should get confirmation that it has successfully run and you can check to make sure /tmp/ansible exists on your client. As you develop with Ansible further, you should not be working in the /etc directory.