Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraform

Andy Gale
October 08, 2014
Technology
0
990

 Terraform

Lightening introduction to Terraform given at PHPSW on 8th October

Andy Gale

October 08, 2014
Tweet

More Decks by Andy Gale

See All by Andy Gale
TekCurious
andygale
0
69
Mitigating DDOS Attacks with Terraform
andygale
0
720
Container Security
andygale
0
440
Nobody likes you Jenkins
andygale
2
860
PHP Migrations with Phinx
andygale
1
1.9k
Test-Driven Infrastructure
andygale
2
500
Chef and Docker
andygale
3
450
Auto-scaling PHP applications using Chef and AWS
andygale
2
1.1k
Testing Javascript
andygale
9
1.4k

Other Decks in Technology

See All in Technology
Ask! NIKKEI RAG検索技術の深層
hotchpotch
13
2.8k
君はPostScriptなウィンドウシステム 「NeWS」をご存知か?/sunnews
koyhoge
0
720
インフラをつくるとはどういうことなのか、 あるいはPlatform Engineeringについて
nwiizo
5
2.1k
PL900試験から学ぶ Power Platform 基礎知識講座
kumikeyy
0
110
リアルタイム分析データベースで実現する SQLベースのオブザーバビリティ
mikimatsumoto
0
950
FastConnect の冗長性
ocise
1
9.6k
ビジネスと現場活動をつなぐソフトウェアエンジニアリング~とあるスタートアッププロダクトの成長記録より~
mizunori
0
210
スクラムのイテレーションを導入してチームの雰囲気がより良くなった話
eccyun
0
110
オブザーバビリティの観点でみるAWS / AWS from observability perspective
ymotongpoo
7
1k
開発スピードは上がっている…品質はどうする? スピードと品質を両立させるためのプロダクト開発の進め方とは #DevSumi #DevSumiB / Agile And Quality
nihonbuson
1
1.3k
High Performance PHP
cmuench
0
140
株式会社EventHub・エンジニア採用資料
eventhub
0
4.2k

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
114
50k
Music & Morning Musume
bryan
46
6.3k
Site-Speed That Sticks
csswizardry
3
370
RailsConf 2023
tenderlove
29
1k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.4k
Testing 201, or: Great Expectations
jmmastey
41
7.2k
Making Projects Easy
brettharned
116
6k
Statistics for Hackers
jakevdp
797
220k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Git: the NoSQL Database
bkeepers
PRO
427
64k

Transcript

  1. Terraform Andy Gale DevOps Consultancy

  2. About me Andy Gale Web Consultant Hello Future http://hellofutu.re !

    @andygale @hellofutur3 DevOps Consultancy

  3. Infrastructure as code • AWS ec2 instances • Digital Ocean

    droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy

  4. Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS

    • DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy

  5. Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy

  6. Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =

    "ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy

  7. Terraform AWS security group example # Security group for web

    server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy

  8. Terraform AWS security group example $ terraform plan ! +

    aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy

  9. Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:

    Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

  10. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy

  11. $ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for

    web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do

  12. $ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:

    Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration

  13. Adding an instance DevOps Consultancy

  14. Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"

    {} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy

  15. Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =

    ".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy

  16. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance

  17. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy

  18. $ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group

    for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration

  19. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef

  20. Packer • Terraform works well with AMIs generated by Packer

    • http://www.packer.io/ DevOps Consultancy

  21. Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC

    • Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do