Terraform Provider for Ansible

Run Ansible playbooks using Terraform.

resource "ansible_navigator_run" "webservers_example" {
  playbook = <<-EOT
  - name: Example
    hosts: webservers
    tasks:
    - name: Install nginx
      ansible.builtin.package:
        name: nginx
  EOT
  inventory = yamlencode({
    webservers = {
      hosts = {
        a = { ansible_host = "webserver-a.example.com" }
      }
    }
  })
}

data "ansible_navigator_run" "uptime_example" {
  playbook  = <<-EOT
  - name: Example
    hosts: all
  EOT
  inventory = yamlencode({})
  artifact_queries = {
    "uptimes" = {
      jq_filter = <<-EOT
      [.plays[] | select(.name=="Example") | .tasks[] | select(.task=="Gathering Facts") |
      {host: .host, uptime_seconds: .res.ansible_facts.ansible_uptime_seconds }]
      EOT
    }
  }
}

output "uptimes" {
  value = jsondecode(data.ansible_navigator_run.uptime_example.artifact_queries.uptimes.results[0])
}

Features

1. Run Ansible playbooks against Terraform managed infrastructure (without the local-exec provisioner). Eliminates the need for additional scripting or pipeline steps.
2. Construct Ansible inventories using other data sources and resources. Set Ansible host and group variables to values and secrets from other providers.
3. Utilize Ansible execution environments (containers images) to customize and run the Ansible software stack. Isolate Ansible and its related dependencies (Python/System packages, collections, etc) to simplify pipeline and workstation setup.
4. Write jq queries against playbook artifacts. Extract values from the playbook run for use elsewhere in the Terraform configuration. Examples include: Ansible facts, remote file contents, task results -- the possibilities are endless!
5. Control playbook re-run behavior using several "lifecycle" options, including an attribute for running the playbook on resource destruction. Implement conditional plays/tasks with the environment variable ANSIBLE_TF_OPERATION.
6. Connect to hosts securely by specifying SSH private keys and known host entries. No need manage ~/.ssh files or setup ssh-agent in the environment which Terraform runs.

Complete Examples

• AWS
• Libvirt

Support Matrix

Warning

Windows builds of this provider are unlikely to work. Bug reports and PRs are welcome.

Warning

All versions released prior to v1.0.0 are to be considered breaking changes.

Release	Ansible Navigator	Terraform
< v1.0.0	>= 24.7.0	>= 1.7.0

Development Requirements

• Terraform
• Go
• Ansible Navigator
• Docker or Podman

Building The Provider

1. Clone the repository
2. Enter the repository directory
3. Build the provider using the Go install command:

go install

Adding Dependencies

This provider uses Go modules. Please see the Go documentation for the most up to date information about using Go modules.

To add a new dependency github.com/author/dependency to your Terraform provider:

go get github.com/author/dependency
go mod tidy

Then commit the changes to go.mod and go.sum.

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).

To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.

To generate or update documentation, run make docs.

In order to run the full suite of Acceptance tests, run make test/acc.

Note: Acceptance tests create real resources, and often cost money to run.

make test/acc