#UDIA Infrastructure

Infrastructure as Code (IaC) configuration for developer operations. Using the Cybera Rapid Access Cloud provided OpenStack infrastructure.


  • Terraform - infrastructure as code provisioning tool.
  • Ansible - server administration and automation toolkit.
terraform --version
# Terraform v0.14.8
# + provider registry.terraform.io/terraform-provider-openstack/openstack v1.39.0
ansible --version
# ansible 2.10.6
#   config file = /etc/ansible/ansible.cfg
#   configured module search path = ['/home/alexander/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
#   ansible python module location = /home/alexander/sandbox/src/git.udia.ca/alex/udia-infra/env/lib/python3.7/site-packages/ansible
#   executable location = /home/alexander/sandbox/src/git.udia.ca/alex/udia-infra/env/bin/ansible
#   python version = 3.7.3 (default, Jul 25 2020, 13:03:44) [GCC 8.3.0]

#Getting started

Spin up the infrastructure using terraform:

# set environment variables and credentials
source alexanderwwong@gmail.com-Edmonton-openrc.sh
terraform validate
terraform plan -out tfplan
terraform apply tfplan
terraform show

Verify that you can ssh into the provisioned instance ssh helium. (using an .ssh/config entry)

Run the ansible playbook.

ansible-galaxy collection install devsec.hardening
ansible-galaxy collection install nginxinc.nginx_core
# https://github.com/nginxinc/ansible-role-nginx-config/issues/93 v0.3 > 0.4 syntax

# post terraform ansible playbook
ansible-playbook -i hosts.ini --tags initialize-os --timeout 60 helium.yml
ansible-playbook -i hosts.ini --tags initialize-nginx --timeout 60 helium.yml
ansible-playbook -i hosts.ini --tags nginx --timeout 60 helium.yml
# for the courageous
ansible-playbook -i hosts.ini --tags harden --timeout 60 helium.yml


GNU Affero General Public License