Terraform
1. Terraform
- is a tool that allows you to automate your interactions with services like AWS and record the state, giving you the ability to place your infrastructure in source control. Terraform abstract out the interaction with various infrastructure services (AWS, Digital Ocean, OpenStack and provides a unified configuration format for it.
2. Files
-.tf files are all combined to provide the full configuration. This gives us a handy way to break the configuration up into thematic sections.
-.tfstate and .tfstate.backup holds the last-known state of the infrastructure, you'll want to store this, too.
-.tfvars contain values for the declared variables, typically called: terraform.tfvars
-fundamentals of the Terraform configuration syntax
* structure of Terraform configuration is called HashiCopr Configuration Language (HCL)
* It aims to be both readble and editable for humans, as well as machine-friendly
* Terraform can also understand JSON configuration
* The syntax allows for hierarchies of sections, such as "resource" and "variable"
* Sections are similar to maps as they build variable lists, but look visibly better
* use sections to make your syntax visually clearer and more readable
-Reference guide to the HCL language
* start single line comments with
#comment
* wrap multi-line comments with
/*and*/
* assign values with the syntax of
'key=value'
* strings are double quotes
"string" - can insert new values when wrapped in ${}
-Using JSON in Terraform
3. Commands
terraform plan -var-file terraform.tf.vars // to see what Terraform will do
terraform apply -var-file terraform.tf.vars // to bring up the infrastructure we'll run
terraform destroy -var-file terraform.tf.vars // to destroy it
4. Resources
5. Providers
6. Variables
7. Outputting Attributes
8. Exercies
9. Terraform dependecies
https://medium.com/boltops/gentle-introduction-to-how-aws-ecs-works-with-example-tutorial-cea3d27ce63d
10. Terraform - universal tool for everything with an API
-Google G Suite
-Dropbox files and access
-New Relic metrics
-Datadog users and metrics
-jira issues
-Minecraft, or even order Domino's pizza
-All Terraform providers - https://www.terraform.io/docs/providers/index.html
11. Terraform modules
-Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group
a) resource modules
-for example github.com/terraform-aws-modules
-create resources in a very flexible configuration
-open-source
-no business logic
b) infrastructure modules
-consist of resource modules
-enforce tags and company standards (encryption, naming)
-use preprocessors, jsonnet, cookiecutter
c) frequent issues with modules
-Terraform modules can't be re-used, because they are very specific
d) traits of good Terraform modules:
1. Documentation and examples
2. Feature rich
3. Sane deafults
4. Clean code
5. Test
more: http://bit.ly/common-traits-in-terraform-modules
12 . Do & donts
a) donts
-providers in modules - should be put as high as it possible
* exception : logical providers (template, random, local, http, external)
-provisioner
*avoid provisioner in all resources, even in ec2 resoures
* hard to scale
Solution #1
resource "aws_instance" "first" {
ami = "ami-12345678"
instance_type = "t3.small"
user_data = "aws s3 cp ... & ansible-playbook ..."
}
Solution #2 - autoscaling group
resource "aws_launch_configuration" "second" {
ami = "ami-12345678"
instance_type = "t3.small"
user_data = "aws s3 cp ... & ansible-playbook ..."
}
b) do
-null_resource provisioner
resource "null_resource" "first"{
provisioner "local-exec" {
command = "aws ec2 ..."
when = "create"
}
}
13. Module orchestration
a) all-in-one
#terraform.tfvars
region = "eu-west-1"
# main.tf
provider "aws" {
region = "${var.region}"
}
module "vpc" {}
module "alb" {}
module "application" {}
module "security_group_alb" {}
module "security_group_app" {}
module "security_group_microservice" {}
module "microservice_1" {}
Good:
-declare variables ans outputs in fewer places
Bad:
-Large blast radius
-Everything is blocked at once
-impossible to specify dependencies between modules (depends_on)
Use cases:
-undefined project scope
-fast prototyping and initial development phase
-small number of resources & developers
-thightly connected resources
b) 1-in-1
vpc
main.tf
outputs.tf
terraform.tfvars
variables.tf
alb
main.tf
outputs.tf
terraform.tfvars
variables.tf
application
main.tf
outputs.tf
terraform.tfvars
variables.tf
microservice_1
main.tf
outputs.tf
terraform.tfvars
variables.tf
Good:
-smaller radius
-posisible to join invocation
-easier and faster to work with
Bad:
-Declare varaibles and outputs in more places
Use cases:
-defined project scope
-different types of developers involved
-code reuse in encouraged (across organization and enviorments)
-use terragrount
14. Terraform 0.12
- HCL2 - simiplified syntax
- loops ("for")
- dynamic blocks ("for_each")
- correct conditional operators (... ? ... : ...)
- extended types of variables
- templates in values
- links between resources are supported (depends_on everywhere)
- more - https://www.hashicorp.com/blog/announcing-terraform-0-1-2-beta
- is a tool that allows you to automate your interactions with services like AWS and record the state, giving you the ability to place your infrastructure in source control. Terraform abstract out the interaction with various infrastructure services (AWS, Digital Ocean, OpenStack and provides a unified configuration format for it.
2. Files
-.tf files are all combined to provide the full configuration. This gives us a handy way to break the configuration up into thematic sections.
-.tfstate and .tfstate.backup holds the last-known state of the infrastructure, you'll want to store this, too.
-.tfvars contain values for the declared variables, typically called: terraform.tfvars
-fundamentals of the Terraform configuration syntax
* structure of Terraform configuration is called HashiCopr Configuration Language (HCL)
* It aims to be both readble and editable for humans, as well as machine-friendly
* Terraform can also understand JSON configuration
* The syntax allows for hierarchies of sections, such as "resource" and "variable"
* Sections are similar to maps as they build variable lists, but look visibly better
* use sections to make your syntax visually clearer and more readable
-Reference guide to the HCL language
* start single line comments with
#comment
* wrap multi-line comments with
/*and*/
* assign values with the syntax of
'key=value'
* strings are double quotes
"string" - can insert new values when wrapped in ${}
-Using JSON in Terraform
3. Commands
terraform plan -var-file terraform.tf.vars // to see what Terraform will do
terraform apply -var-file terraform.tf.vars // to bring up the infrastructure we'll run
terraform destroy -var-file terraform.tf.vars // to destroy it
4. Resources
5. Providers
6. Variables
7. Outputting Attributes
8. Exercies
9. Terraform dependecies
https://medium.com/boltops/gentle-introduction-to-how-aws-ecs-works-with-example-tutorial-cea3d27ce63d
10. Terraform - universal tool for everything with an API
-Google G Suite
-Dropbox files and access
-New Relic metrics
-Datadog users and metrics
-jira issues
-Minecraft, or even order Domino's pizza
-All Terraform providers - https://www.terraform.io/docs/providers/index.html
11. Terraform modules
-Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group
a) resource modules
-for example github.com/terraform-aws-modules
-create resources in a very flexible configuration
-open-source
-no business logic
b) infrastructure modules
-consist of resource modules
-enforce tags and company standards (encryption, naming)
-use preprocessors, jsonnet, cookiecutter
c) frequent issues with modules
-Terraform modules can't be re-used, because they are very specific
d) traits of good Terraform modules:
1. Documentation and examples
2. Feature rich
3. Sane deafults
4. Clean code
5. Test
more: http://bit.ly/common-traits-in-terraform-modules
12 . Do & donts
a) donts
-providers in modules - should be put as high as it possible
* exception : logical providers (template, random, local, http, external)
-provisioner
*avoid provisioner in all resources, even in ec2 resoures
* hard to scale
Solution #1
resource "aws_instance" "first" {
ami = "ami-12345678"
instance_type = "t3.small"
user_data = "aws s3 cp ... & ansible-playbook ..."
}
Solution #2 - autoscaling group
resource "aws_launch_configuration" "second" {
ami = "ami-12345678"
instance_type = "t3.small"
user_data = "aws s3 cp ... & ansible-playbook ..."
}
b) do
-null_resource provisioner
resource "null_resource" "first"{
provisioner "local-exec" {
command = "aws ec2 ..."
when = "create"
}
}
13. Module orchestration
a) all-in-one
#terraform.tfvars
region = "eu-west-1"
# main.tf
provider "aws" {
region = "${var.region}"
}
module "vpc" {}
module "alb" {}
module "application" {}
module "security_group_alb" {}
module "security_group_app" {}
module "security_group_microservice" {}
module "microservice_1" {}
Good:
-declare variables ans outputs in fewer places
Bad:
-Large blast radius
-Everything is blocked at once
-impossible to specify dependencies between modules (depends_on)
Use cases:
-undefined project scope
-fast prototyping and initial development phase
-small number of resources & developers
-thightly connected resources
b) 1-in-1
vpc
main.tf
outputs.tf
terraform.tfvars
variables.tf
alb
main.tf
outputs.tf
terraform.tfvars
variables.tf
application
main.tf
outputs.tf
terraform.tfvars
variables.tf
microservice_1
main.tf
outputs.tf
terraform.tfvars
variables.tf
Good:
-smaller radius
-posisible to join invocation
-easier and faster to work with
Bad:
-Declare varaibles and outputs in more places
Use cases:
-defined project scope
-different types of developers involved
-code reuse in encouraged (across organization and enviorments)
-use terragrount
14. Terraform 0.12
- HCL2 - simiplified syntax
- loops ("for")
- dynamic blocks ("for_each")
- correct conditional operators (... ? ... : ...)
- extended types of variables
- templates in values
- links between resources are supported (depends_on everywhere)
- more - https://www.hashicorp.com/blog/announcing-terraform-0-1-2-beta
Komentarze
Prześlij komentarz