This repository is a quickstart to get a single 1GB 1vCPU Droplet up and running on DigitalOcean using Terraform and Ansible. You can use it as a jumping off point to build out your infrastructure.
The setup here riffs on this really cool project that shows you how to use Terraform and Ansible to provision two DO Droplets and a Load Balancer, with Nginx installed on both servers. Check it out!
This repo is specifically designed to mirror the functionality of DO's recommended Ubuntu 18.04 server setup instructions. So it's a great starting point if you want to work with DO tutorial prerequisites!
Make sure that you enter your own information into terraform.tfvars
. For this file, you'll need:
- An SSH key on your local computer that's associated with your DigitalOcean account. To get the fingerprint of this key, run:
ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub | awk '{print $2}'
- A personal access token.
Here's how to use this repo.
Clone it:
$ git clone https://github.com/katjuell/do-terraform-ansible.git do_setup
Move to the directory:
$ cd do_setup
Add your SSH fingerpint and DigitalOcean access token to terraform.tfvars
:
$ vi terraform.tfvars
do_token = "" #fill this in with your own information
ssh_fingerprint = "" #fill this in with your own information
If you want to change the size of the resources in terraform.tf
you should feel free. Also feel free to rename your Droplet — test
isn't very descriptive:
...
# create smallest droplet
resource "digitalocean_droplet" "test" {
image = "ubuntu-18-04-x64"
name = "test"
region = "nyc3"
size = "s-1vcpu-1gb"
ssh_keys = ["${var.ssh_fingerprint}"]
}
...
In ansible.yml
, you'll also want to create a username other than sammy
:
...
- name: create user 'sammy'
user:
name: sammy
append: yes
state: present
createhome: yes
shell: /bin/bash
- name: allow 'sammy' to have passwordless sudo
lineinfile:
dest: /etc/sudoers
line: 'sammy ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- name: set up authorized keys for 'sammy' user
authorized_key: user=sammy key="{{item}}"
with_file:
- ~/.ssh/id_rsa.pub
...
You are ready to start!
Initialize Terraform:
$ terraform init
Test the plan for provisioning your infrastructure:
$ terraform plan
Create your server:
$ terraform apply
Run the playbook to create your user and configure your firewall with UFW:
$ ansible-playbook -i inventory ansible.yml
Your terraform.tfstate
file will have your IP address; you can also get it from the DO Control Panel.
SSH into your server as your non-root user, and change your password:
$ sudo passwd sammy
You are good to go!
When you are ready to take everything down, type:
terraform destroy