Assignment 2: A small Ansible playbook (or Terraform plan) walkthrough

Goal: Read, explain, and (for the Ansible path) dry-run a small piece of IaC so you can describe exactly what it does before it touches anything. This builds the habit of "preview, then apply."

Where: On your own machine or the Jumpbox. Neither Ansible nor Terraform is deployed in the lab, so this is a standalone learning exercise — you can install the chosen tool locally, or do the read-and-explain parts without installing anything. Pick one track: A (Ansible) or B (Terraform).

Tasks

Track A — Ansible (recommended)

Create inventory.ini with one group [local] containing localhost ansible_connection=local (so you can run safely against your own machine, no SSH needed).
Create a playbook site.yml that targets local and has at least three tasks using built-in modules, for example:
- ansible.builtin.file — ensure a directory /tmp/ansible-demo exists (state: directory).
- ansible.builtin.copy — write a small file into that directory with some content:.
- ansible.builtin.debug — print a message.
Dry-run first: ansible-playbook -i inventory.ini site.yml --check. Read the output. Note which tasks report changed.
Run for real: ansible-playbook -i inventory.ini site.yml. Read the PLAY RECAP.
Run it again unchanged. Record the changed= count from the second run.
Write 4-6 sentences explaining: what each task does, why the second run shows a different changed count from the first, and what "idempotent" means here.

Track B — Terraform (read & plan, no cloud account needed)

Create main.tf using the built-in local_file resource (the hashicorp/local provider — no cloud account, no credentials):

resource "local_file" "hello" {
  filename = "${path.module}/hello.txt"
  content  = "Provisioned by Terraform\n"
}

Run terraform init, then terraform plan. Read the plan; identify the + create line.
Run terraform apply and confirm hello.txt appears. Open terraform.tfstate and find where the resource is recorded.
Run terraform plan again with no changes — note that it reports "No changes."
Run terraform destroy and confirm the file is removed.
Write 4-6 sentences explaining: what the plan showed before apply, what the state file is for, and why the second plan reported no changes.

Deliverable

The files for your chosen track (inventory.ini + site.yml, or main.tf) plus a short WALKTHROUGH.md containing your 4-6 sentence explanation and a pasted copy of the key command output (the recap or the plan). Commit everything to Git.

Acceptance criteria — you're done when:

You completed one full track (A or B), files included.
(Track A) The playbook has at least three tasks using built-in modules and runs successfully.
(Track A) You ran --check first, then a real run, then a second real run, and recorded both changed counts.
(Track B) terraform plan was run and read before apply; you located the resource in terraform.tfstate; you ran destroy.
WALKTHROUGH.md explains, in your own words, what the preview showed and why the second run was a no-op (idempotency / no changes).
WALKTHROUGH.md includes pasted command output (PLAY RECAP or the plan).
Everything is committed to Git with meaningful messages.
No secrets, real passwords, or private keys appear in any file (<REDACTED> if you must show shape).

Hints

Track A is friendlier if you've never touched these tools — ansible_connection=local means it runs on your own box with no SSH setup.
Install hints: Ansible via pipx install ansible or your package manager; Terraform from the official HashiCorp downloads page.
The whole point is the preview: --check (Ansible) and plan (Terraform) both tell you what would happen. Always look before you leap.
A second, unchanged run doing "nothing" is success, not failure — that's idempotency proving itself (Chapters 1 and 3).
Re-read Chapter 3 (Ansible recap output) or Chapter 2 (Terraform plan/state) for the exact terms.

blocked for >~30 min after re-reading the lessons? Bring what you've tried to your mentor.