It's a very common practice to have a set of initial commands executed right after bootstrap, even before the proper configuration management system such as Chef or Ansible takes responsibility. It can include immediate full updating of the OS, initial registration on discovery systems such as Consul, or initial addition of local DNS servers. It really shouldn't go farther than delivering a system in a slightly more advanced and expected state for the next configuration system to take over. Under no circumstance should it replace a proper configuration management tool.
In this recipe, we'll launch a CentOS 7.2 system, then fully update it so it's as secure as possible, install EPEL so we have a greater library of available packages, add the Puppet Labs Yum repository and install a Puppet agent, and add a different name server so our system is ready for the next step (which we won't cover here, as it's probably executing Puppet code).
To step through this recipe, you will need the following:
Before diving into the provisioning part, let's start by describing a classic CentOS 7.2 AMI in instances.tf
:
resource "aws_instance" "centos" { ami = "${lookup(var.aws_centos_ami, var.aws_region)}" instance_type = "${var.aws_instance_type}" key_name = "${aws_key_pair.admin_key.key_name}" security_groups = ["${aws_security_group.base_security_group.name}"] associate_public_ip_address = true tags { Name = "CentOS" } }
The variables in the variables.tf
file are as follows:
variable "aws_centos_ami" { type = "map" default = { eu-west-1 = "ami-7abd0209" us-east-1 = "ami-6d1c2007" } } variable "aws_instance_type" { default = "t2.micro" description = "Instance Type" }
Now, what are our immediate objectives for this system?:
sudo yum install -y
sudo yum install epel-release -y
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
sudo yum install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm -y
sudo yum install puppet-agent -y
sudo /opt/puppetlabs/bin/puppet agent --version
Let's add those commands inside a remote-exec
provisioner inside our aws_instance
resource, changing the default username to centos
:
provisioner "remote-exec" { inline = [ "echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf", "sudo yum update -y", "sudo yum install epel-release -y", "sudo yum install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm -y", "sudo yum install puppet-agent -y", "sudo /opt/puppetlabs/bin/puppet agent --version" ] connection { user = "centos" } }
When you terraform apply
this, you'll end up with a fully updated CentOS 7.2 system, with EPEL available, a custom DNS server added and Puppet agent installed.
Ready for the next stage of deployment with Puppet!
18.223.195.29