Objective
Provision a Hashicorp vault with PKI backend in Digital Ocean
Prerequisites
Terraform installed
Digital Ocean account created
Digital Ocean API key obtained
Digital Ocean SSH public key uploaded with fingerprint obtained
Ansible installed
My use case notes
I used homebrew on a Mac so many utilities can be installed using that method.
I did install Terraform manually as the Homebrew version was behind.
brew update
brew install ansible
brew install terraform-inventory
References
Terraform
https://www.digitalocean.com/community/tutorials/how-to-use-terraform-with-digitalocean
https://github.com/hashicorp/terraform/tree/master/examples/digitalocean
Vault
Ansible
https://github.com/adammck/terraform-inventory
Digital Ocean
https://developers.digitalocean.com/documentation/v2/
Usage Summary
Copy secret.tf.example to secret.tf
Update the values in all caps with your specific information
All tasks are performed with working directory as root of this repo
Provision Digital Ocean instances
terraform get # gather any modules (even if local)
terraform get -update # update modules
terraform plan # check what changes will be made
terraform apply # actually make those changes
terraform show # display current state of provisioned instances
Connect to remote nodes
ssh root@YOUR_IP -i PATH_TO_YOUR_KEY
Ansible Usage
ansible-playbook -i /usr/local/bin/terraform-inventory playbook.yml \
--user=root --private-key=~/.ssh/id_rsa