terraform-aap - Demo for installing and configuring AAP using Terraform and IaC

Quick start

Before you begin, you will need the following information:

An offline token for downloading the AAP installation bundle. One can be generated on the Red Hat Customer Portal.
An Automation Hub token for downloading content from the Red Hat Automation Hub. One can be generated on the Automation Hub
An AWS access key and secret key, used by terraform to create the AAP infrastructure on AWS.

Clone the repo and cd into the repo directory
Create an Ansible vault file
- cp vars/vault.yml.example vars/vault.yml
- ansible-vault encrypt vars/vault.yml
- ansible-vault edit vars/vault.yml, and modify the vault variable defaults per the comments in the file
Create the vars/terraform_aap.yml file
- cp vars/terraform_aap.yml.example vars/terraform_aap.yml
- Change the 'terraform_build_name' variable. This build name will be used when cloning the terraform infra repo.
- Change the 'terraform_aws_region' variable if a different AWS region is desired.
- Change the 'terraform_state_aws_bucket' variable to a unique S3 bucket name. This bucket will be created in the AWS region specified.
Create the vars/aap_setup.yml file
- cp vars/aap_setup.yml.example vars/aap_setup.yml
Set the AWS-related shell environment variables
- export AWS_ACCESS_KEY_ID="my-aws-access-key"
- export AWS_SECRET_ACCESS_KEY="my-aws-secret-key"
Set the Automation Hub shell environment variable
- export ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN="automation-hub-token"
- Token can be generated at https://console.redhat.com/ansible/automation-hub/token
ansible-galaxy collection install -r collections/requirements.yml
ansible-galaxy role install -r roles/requirements.yml
Install the python boto3 requirement for amazon.aws pip3 install --user boto3
Install terraform

ansible-playbook terraform-aap-on-aws.yml
Optionally, ansible-playbook stig-controllers.yml to apply the RHEL STIG to the controller node(s)
ansible-playbook install-aap.yml --ask-vault-pass

Work in progress