Using puppet with terraform

Question

I want to create an AWS instance using Terraform and run a Puppet module inside it. I have tried many modules from github and nothing seems to work. Has anyone tried this?

Answer 1

The way you basically have to do this is install puppet locally with a remote-exec provisioner and then either do an apply or agent execution. First, setup your instance resource like this:

resource "aws_instance" "instance_name" {
  ...

  provisioner "remote-exec" {
    script = "puppet.sh"
  }
}

Swap out aws_instance for a different cloud provider if/when not using AWS (Azure, DO, GCE, etc.) Then, use the script to install Puppet, execute apply or the agent, and then uninstall Puppet (if you are not activelly managing the instance afterward, which you likely would not be in the cloud).

#!/bin/sh
# debian family example; swap out 'apt' and package names where necessary
# prep puppet
sudo apt-get update && sudo apt-get install ruby -y
sudo gem install --no-document puppet
# apply puppet
sudo puppet apply manifest.pp
# remove puppet
sudo gem uninstall -aIx
sudo apt-get remove ruby -y
sudo apt-get autoremove -y

There are some variations on this. For example, you can curl against your Puppet Master or subscribe to the Puppetlabs package repository to install Puppet AIO. You can also do puppet agent -t afterward instead of a puppet apply. This may be preferable as transferring your modules over to be used with apply can be onerous.

Answer 2

For a similar use case but using ansible instead of puppet, we use null_resource along with local-exec.

resource "null_resource" "lvm_housekeeping" {
  triggers {
    ebs_volume_ids = "${join(",", aws_volume_attachment.instance_ebs_attachment.*.volume_id)}"
  }

  provisioner "local-exec" {
    command = "ANSIBLE_CONFIG=$HOME/'${var.ansible_repo_location}'/ansible.cfg ansible-playbook -u ec2-user -e target=all -i '${join(",",aws_instance.my_instance.*.private_ip)}, ' $HOME/'${var.ansible_repo_location}'/main.yml"

    on_failure = "continue"
  }
}