Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Terraform
Search
Andy Gale
October 08, 2014
Technology
0
960
Terraform
Lightening introduction to Terraform given at PHPSW on 8th October
Andy Gale
October 08, 2014
Tweet
Share
More Decks by Andy Gale
See All by Andy Gale
TekCurious
andygale
0
67
Mitigating DDOS Attacks with Terraform
andygale
0
660
Container Security
andygale
0
380
Nobody likes you Jenkins
andygale
2
740
PHP Migrations with Phinx
andygale
1
1.8k
Test-Driven Infrastructure
andygale
2
440
Chef and Docker
andygale
3
400
Auto-scaling PHP applications using Chef and AWS
andygale
2
1.1k
Testing Javascript
andygale
9
1.4k
Other Decks in Technology
See All in Technology
年間一億円削減した時系列データベースのアーキテクチャ改善~不確実性の高いプロジェクトへの挑戦~
lycorptech_jp
PRO
3
2.9k
Classmethod流のPlatform Engineering / classmethod-platform-engineering-devio2024
tomoki10
0
470
What is DRE? - Road to SRE NEXT@広島
chanyou0311
3
630
ソフトウェアエンジニアリングの知見を活かして データ基盤をいい感じにする on Snowflake [MIERUNE BBQ #10]
mtpooh
2
150
Flutter研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
160
Matterport を使ってクラスメソッド各拠点のバーチャルオフィスツアーを作成してみた
wakatsuki
0
160
AWSでRAGを作る法方
sonoda_mj
1
140
Classmethod Odyssey 登壇資料
yamahiro
0
390
DevIO2024_レガシー運用からの脱却 -クラウド活用の実践事例とベストプラクティス-
jun2882
0
210
テスト・設計研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
AOAI Dev Day LLMシステム開発 Tips集
hirosatogamo
15
3.7k
LLMアプリケーションの評価の実践と課題 ~PharmaXにおける今後の展望~
pharma_x_tech
2
160
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
291
20k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
121
18k
How GitHub Uses GitHub to Build GitHub
holman
471
290k
Building an army of robots
kneath
301
42k
Designing on Purpose - Digital PM Summit 2013
jponch
113
6.6k
Docker and Python
trallard
37
2.9k
Principles of Awesome APIs and How to Build Them.
keavy
124
16k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
90
47k
GraphQLとの向き合い方2022年版
quramy
36
13k
No one is an island. Learnings from fostering a developers community.
thoeni
17
2.8k
The Language of Interfaces
destraynor
151
23k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
245
1.2M
Transcript
Terraform Andy Gale DevOps Consultancy
About me Andy Gale Web Consultant Hello Future http://hellofutu.re !
@andygale @hellofutur3 DevOps Consultancy
Infrastructure as code • AWS ec2 instances • Digital Ocean
droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy
Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS
• DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy
Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy
Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =
"ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy
Terraform AWS security group example # Security group for web
server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy
Terraform AWS security group example $ terraform plan ! +
aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy
Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:
Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
# Security group for web server ! resource "aws_security_group" "hello_web"
{ name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy
$ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for
web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do
$ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:
Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration
Adding an instance DevOps Consultancy
Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"
{} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy
Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =
".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy
resource "aws_instance" "web" { ! connection { user = "ubuntu"
key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance
# Security group for web server ! resource "aws_security_group" "hello_web"
{ name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy
$ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group
for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration
resource "aws_instance" "web" { ! connection { user = "ubuntu"
key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef
Packer • Terraform works well with AMIs generated by Packer
• http://www.packer.io/ DevOps Consultancy
Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC
• Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do