community.general.terraform module – Manages a Terraform deployment (and plans)

Note

This module is part of the community.general collection (version 4.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.terraform.

Synopsis

  • Provides support for deploying resources with Terraform and pulling resource information back into Ansible.

Requirements

The below requirements are needed on the host that executes this module.

  • terraform

Parameters

Parameter

Comments

backend_config

dictionary

A group of key-values to provide at init stage to the -backend-config parameter.

backend_config_files

list / elements=path

added in 0.2.0 of community.general

The path to a configuration file to provide at init state to the -backend-config parameter. This can accept a list of paths to multiple configuration files.

binary_path

path

The path of a terraform binary to use, relative to the ‘service_path’ unless you supply an absolute path.

check_destroy

boolean

added in 3.3.0 of community.general

Apply only when no resources are destroyed. Note that this only prevents “destroy” actions, but not “destroy and re-create” actions. This option is ignored when state=absent.

Choices:

  • no ← (default)

  • yes

force_init

boolean

To avoid duplicating infra, if a state file can’t be found this will force a terraform init. Generally, this should be turned off unless you intend to provision an entirely new Terraform deployment.

Choices:

  • no ← (default)

  • yes

init_reconfigure

boolean

added in 1.3.0 of community.general

Forces backend reconfiguration during init.

Choices:

  • no ← (default)

  • yes

lock

boolean

Enable statefile locking, if you use a service that accepts locks (such as S3+DynamoDB) to store your statefile.

Choices:

  • no

  • yes ← (default)

lock_timeout

integer

How long to maintain the lock on the statefile, if you use a service that accepts locks (such as S3+DynamoDB).

overwrite_init

boolean

added in 3.2.0 of community.general

Run init even if .terraform/terraform.tfstate already exists in project_path.

Choices:

  • no

  • yes ← (default)

parallelism

integer

added in 3.8.0 of community.general

Restrict concurrent operations when Terraform applies the plan.

plan_file

path

The path to an existing Terraform plan file to apply. If this is not specified, Ansible will build a new TF plan and execute it. Note that this option is required if ‘state’ has the ‘planned’ value.

plugin_paths

list / elements=path

added in 3.0.0 of community.general

List of paths containing Terraform plugin executable files.

Plugin executables can be downloaded from https://releases.hashicorp.com/.

When set, the plugin discovery and auto-download behavior of Terraform is disabled.

The directory structure in the plugin path can be tricky. The Terraform docs https://learn.hashicorp.com/tutorials/terraform/automate-terraform#pre-installed-plugins show a simple directory of files, but actually, the directory structure has to follow the same structure you would see if Terraform auto-downloaded the plugins. See the examples below for a tree output of an example plugin directory.

project_path

path / required

The path to the root of the Terraform directory with the vars.tf/main.tf/etc to use.

provider_upgrade

boolean

added in 4.8.0 of community.general

Allows Terraform init to upgrade providers to versions specified in the project’s version constraints.

Choices:

  • no ← (default)

  • yes

purge_workspace

boolean

Only works with state = absent

If true, the workspace will be deleted after the “terraform destroy” action.

The ‘default’ workspace will not be deleted.

Choices:

  • no ← (default)

  • yes

state

string

Goal state of given stage/project

Choices:

  • planned

  • present ← (default)

  • absent

state_file

path

The path to an existing Terraform state file to use when building plan. If this is not specified, the default terraform.tfstate will be used.

This option is ignored when plan is specified.

targets

list / elements=string

A list of specific resources to target in this plan/application. The resources selected here will also auto-include any dependencies.

variables

dictionary

A group of key-values to override template variables or those in variables files.

variables_files

aliases: variables_file

list / elements=path

The path to a variables file for Terraform to fill into the TF configurations. This can accept a list of paths to multiple variables files.

Up until Ansible 2.9, this option was usable as variables_file.

workspace

string

The terraform workspace to work with.

Default: “default”

Notes

Note

  • To just run a terraform plan, use check mode.

Examples

- name: Basic deploy of a service
  community.general.terraform:
    project_path: '{{ project_dir }}'
    state: present

- name: Define the backend configuration at init
  community.general.terraform:
    project_path: 'project/'
    state: "{{ state }}"
    force_init: true
    backend_config:
      region: "eu-west-1"
      bucket: "some-bucket"
      key: "random.tfstate"

- name: Define the backend configuration with one or more files at init
  community.general.terraform:
    project_path: 'project/'
    state: "{{ state }}"
    force_init: true
    backend_config_files:
      - /path/to/backend_config_file_1
      - /path/to/backend_config_file_2

- name: Disable plugin discovery and auto-download by setting plugin_paths
  community.general.terraform:
    project_path: 'project/'
    state: "{{ state }}"
    force_init: true
    plugin_paths:
      - /path/to/plugins_dir_1
      - /path/to/plugins_dir_2

### Example directory structure for plugin_paths example
# $ tree /path/to/plugins_dir_1
# /path/to/plugins_dir_1/
# └── registry.terraform.io
#     └── hashicorp
#         └── vsphere
#             ├── 1.24.0
#             │   └── linux_amd64
#             │       └── terraform-provider-vsphere_v1.24.0_x4
#             └── 1.26.0
#                 └── linux_amd64
#                     └── terraform-provider-vsphere_v1.26.0_x4

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

command

string

Full terraform command built by this module, in case you want to re-run the command outside the module or debug a problem.

Returned: always

Sample: “terraform apply …”

outputs

complex

A dictionary of all the TF outputs by their assigned name. Use .outputs.MyOutputName.value to access the value.

Returned: on success

Sample: “{\”bukkit_arn\”: {\”sensitive\”: false, \”type\”: \”string\”, \”value\”: \”arn:aws:s3:::tf-test-bukkit\”}”

sensitive

boolean

Whether Terraform has marked this value as sensitive

Returned: always

type

string

The type of the value (string, int, etc)

Returned: always

value

string

The value of the output as interpolated by Terraform

Returned: always

stdout

string

Full terraform command stdout, in case you want to display it or examine the event log

Returned: always

Sample: “”

Authors

  • Ryan Scott Brown (@ryansb)