Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Terraform
Search
Andy Gale
October 08, 2014
Technology
0
990
Terraform
Lightening introduction to Terraform given at PHPSW on 8th October
Andy Gale
October 08, 2014
Tweet
Share
More Decks by Andy Gale
See All by Andy Gale
TekCurious
andygale
0
69
Mitigating DDOS Attacks with Terraform
andygale
0
710
Container Security
andygale
0
430
Nobody likes you Jenkins
andygale
2
830
PHP Migrations with Phinx
andygale
1
1.9k
Test-Driven Infrastructure
andygale
2
490
Chef and Docker
andygale
3
440
Auto-scaling PHP applications using Chef and AWS
andygale
2
1.1k
Testing Javascript
andygale
9
1.4k
Other Decks in Technology
See All in Technology
APIとはなにか
mikanichinose
0
110
LINE Developersプロダクト(LIFF/LINE Login)におけるフロントエンド開発
lycorptech_jp
PRO
0
150
クレカ・銀行連携機能における “状態”との向き合い方 / SmartBank Engineer LT Event
smartbank
2
100
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
330
1等無人航空機操縦士一発試験 合格までの道のり ドローンミートアップ@大阪 2024/12/18
excdinc
0
180
Wantedly での Datadog 活用事例
bgpat
2
690
.NET 9 のパフォーマンス改善
nenonaninu
0
1.3k
GitHub Copilot のテクニック集/GitHub Copilot Techniques
rayuron
39
16k
KnowledgeBaseDocuments APIでベクトルインデックス管理を自動化する
iidaxs
1
280
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
200
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
550
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.9k
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
Music & Morning Musume
bryan
46
6.2k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.4k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.3k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
How To Stay Up To Date on Web Technology
chriscoyier
789
250k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.3k
How GitHub (no longer) Works
holman
311
140k
Transcript
Terraform Andy Gale DevOps Consultancy
About me Andy Gale Web Consultant Hello Future http://hellofutu.re !
@andygale @hellofutur3 DevOps Consultancy
Infrastructure as code • AWS ec2 instances • Digital Ocean
droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy
Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS
• DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy
Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy
Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =
"ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy
Terraform AWS security group example # Security group for web
server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy
Terraform AWS security group example $ terraform plan ! +
aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy
Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:
Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
# Security group for web server ! resource "aws_security_group" "hello_web"
{ name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy
$ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for
web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do
$ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:
Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration
Adding an instance DevOps Consultancy
Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"
{} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy
Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =
".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy
resource "aws_instance" "web" { ! connection { user = "ubuntu"
key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance
# Security group for web server ! resource "aws_security_group" "hello_web"
{ name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy
$ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group
for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration
resource "aws_instance" "web" { ! connection { user = "ubuntu"
key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef
Packer • Terraform works well with AMIs generated by Packer
• http://www.packer.io/ DevOps Consultancy
Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC
• Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do