SysOps/DevOps Poznań MeetUp #5
Mikołaj Młodzikowski
[email protected] # whoami
- My name is Miko, my interests are: lingustics, travels and programing
- I’m going to start soon my career as a Build Automation Engineer, previously Java Developer and DevOps
[email protected] # uname -a
- This presentations is focused on popularizing IaC approach using terraform as an example
- Terraform will be broadly presented as a tool with mostly easy examples
- Presentation is full of links, sources and referals so if you are interested in the topic - check out later the presentation online
[email protected] # terraform plan -out=introduction
- Infrastructure as Code - short summary
- Terraform features specification
- HCL together with “${interpolation}”
- Modules and community tools
- Snippets!
IaC Approach
📖 Wikipedia definiton:
Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
A good starting article about IaC from thorntech
Pros
Operations:
- Infrastructure is self-documentating by its code
- Configuration can become part of Continuous Configuration Automation
- Keeping IaC inside VCS: changes tracking, easier rollbacks and reviewing process
💰 Buisness 💰:
- costs and risk reduction towards faster execution
Cons
- Mixing manual and automated setup leads to many problems
- High learning curve
- Some lacks in the documentations - both in tools and providers API
Facts about terraform
- Is declarative -> tell what you want
- Uses push configuration method
- Communication is JSON based
- Is extendable by plugins written in Golang
Digest of the providers set
- Clouds: AWS, GCP, Azure, Alibaba, DigitalOcean, Heroku, OpenStack
- Monitors: Datadog, Grafana, Icinga, New Relic, PagerDuty
- Software: Docker, Nomad, Consul, Vault, Chef, Kubernetes
- Networks: Cloudflare, DNS Servers, HTTP Requests
- Databases, scripts, archives, vcs, many more…
Terraform features
- Importing exsiting resources into your tfstate
- Mixing providers in one configuration
- Displaying plans before apply
- Data sources (immutable) and resources (mutable)
- Validating configuration and standard formatter
- Taint - marking resources for recreation
- Generating dependencies graph
HCL && “${interpolation}”
- HCL is compromise between human-friendly and machine-friendly configurations
- HCL is fusion of complete programing languages and data structure languages
- HCL is JSON-compatible - you can generate JSON and run it as HCL
- HCL supports comments and <<EOF syntax for multiline strings.
Exact specification on the language can be found in the Hashicorps repository
Data types
// vars:
“${var.aws_account_number}” //(0.11)
var.aws_account_number // (0.12)
// lists:
“${var.aws_account_number[count.index]}”
// maps:
“${var.aws_account_number[‘client1’]}”
Loops
// looping (0.11): creating ++like loops
resource instance {
count = 3
name = “instance-${count.index}”
}
// looping (0.12): templating
%{ for instance in aws_instance.example ~}
server ${instance.id}
%{ endfor }
Logical statements
//if
resource aws_vpc vpc {
count = “${var.create_vpc}”
// In HCL true/false is mapped to 1 and 0
}
//if-else
// comprassions and boolean logic: == != > < >= <=
resource aws_vpc vpc {
subnet = “${
var.env == “production” ?
var.prod_subnet : var.dev_subnet
}”
}
Refrences
resource aws_ec2_instance manager {
name = “swarm-manager”
}
resource aws_ec2_instance workers {
counte = 3
name = “swarm-worker-${count.index}”
}
module docker_swarm swarm {
manager_ip = “${aws_ec2_instance.manager.ipv4}”
workers_ips = “${aws_ec2_instance.workers.*.ipv4}”
}
Referencing modules
// module file
resource s3_bucket data {
name = “${var.name}”
}
output policy_ref {
value = “${s3_bucket.policy.json}”
}
//main.tf
module bucket {
name = “my-bucket”
}
resource aws_s3_bucket copy {
name = “copy-of-my-bucket”
policy = “${module.bucket.policy_ref.value}”
}
Functions
- Math functions: floor, abs, log, pow, max, signum, ${2 + 2}
- String functions: base64, concat, chomp, format, indent, join, lower
- Data types operations: chunklist, element, map, list, jsonencode, keys, sort, slice
- System calls: dirname, file, timestamp
All interpolations can be found in the docs.
What are terraform modules
- Modules are blackbox configuration in which only some set of parameters is provided in aim to create more complex infrastructure behind the scenes.
- Modules usually have a set of outputs which can be referenced in your terraform file.
Using modules
- First source is official terraform registry
- You can also find terraform modules on git repositories. There are plenty of them.
- If you don’t feel satisfied you can always create your own modules and reference them as local files
- Module is normal terraform project with: main.tf, variables.tf and optional outputs.
Terraform extensions
- Terragrunt - used for applying DRY ideology in your projects for e.g. if you have same configuration for three envs
- Terratest - go library which helps in writting http requests/api calls/ssh connetcions to test your infrastructure.
- Terraform dynamic inventory for ansible.
Terraform extensions
- VS Code plugin for terraform with syntax highligthing. There are also other plugins with snippets for AWS/Azure and generic HCL blocks.
- Terraform linter as addition to terraform fmt.
- Terraform landscape to help producing prettier output for terraform.
Thank you!
online @ https://mlodzikowski.pl/presentations/terraform
repo with snippets @ https://github.com/mkjmdski/terraform-examples
Sources and helpful links to study terraform:
- Jakub Jańczak article pointing terraform cons
- Alexander Savchuk post on CCA
- Pavan Belagatti’s analyze on popularity of terraform
- Two articles about terraform on AWS: provisioning AWS by Manisha Sahasrabudhe and terraform ECS cluster by Tom Trahan
More helpful links
- Hashicrop webinars on YT
- Introduction to terraform from Gruntwork.io which created terragrunt and terratest.
- Terraform training with 8 exercises from beginner to advanced.
- About loops and logic in terraform