Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraform

Andy Gale
October 08, 2014
Technology
0
930

 Terraform

Lightening introduction to Terraform given at PHPSW on 8th October

Andy Gale

October 08, 2014
Tweet

More Decks by Andy Gale

See All by Andy Gale
TekCurious
andygale
0
55
Mitigating DDOS Attacks with Terraform
andygale
0
620
Container Security
andygale
0
350
Nobody likes you Jenkins
andygale
2
660
PHP Migrations with Phinx
andygale
1
1.7k
Test-Driven Infrastructure
andygale
2
410
Chef and Docker
andygale
3
370
Auto-scaling PHP applications using Chef and AWS
andygale
2
1.1k
Testing Javascript
andygale
9
1.3k

Other Decks in Technology

See All in Technology
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
240
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
750
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
VS CodeでAWSを操作しよう
smt7174
7
1.6k
リテール金融(キャッシュレス・ネット銀行・ネット証券)の競争環境と経済圏
8maki
0
690
Reducing Cross-Zone Egress at Spotify with Custom gRPC Load Balancing Recap
koh_naga
0
200
オーナーシップを持つ領域を明確にする
konifar
13
3.1k
ユーザーストーリーのレビューを自動化したみたの
bun913
1
420
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
900
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
300
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k

Featured

See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
Designing the Hi-DPI Web
ddemaree
276
33k
Debugging Ruby Performance
tmm1
70
11k
Into the Great Unknown - MozCon
thekraken
10
990
Fireside Chat
paigeccino
21
2.6k
A designer walks into a library…
pauljervisheath
200
23k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
RailsConf 2023
tenderlove
4
540
Docker and Python
trallard
34
2.7k
The Illustrated Children's Guide to Kubernetes
chrisshort
31
46k

Transcript

  1. Terraform Andy Gale DevOps Consultancy

  2. About me Andy Gale Web Consultant Hello Future http://hellofutu.re !

    @andygale @hellofutur3 DevOps Consultancy

  3. Infrastructure as code • AWS ec2 instances • Digital Ocean

    droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy

  4. Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS

    • DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy

  5. Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy

  6. Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =

    "ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy

  7. Terraform AWS security group example # Security group for web

    server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy

  8. Terraform AWS security group example $ terraform plan ! +

    aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy

  9. Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:

    Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

  10. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy

  11. $ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for

    web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do

  12. $ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:

    Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration

  13. Adding an instance DevOps Consultancy

  14. Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"

    {} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy

  15. Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =

    ".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy

  16. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance

  17. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy

  18. $ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group

    for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration

  19. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef

  20. Packer • Terraform works well with AMIs generated by Packer

    • http://www.packer.io/ DevOps Consultancy

  21. Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC

    • Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do