$30 off During Our Annual Pro Sale. View Details »

Terraform

Andy Gale
October 08, 2014
Technology
0
860

 Terraform

Lightening introduction to Terraform given at PHPSW on 8th October

Andy Gale

October 08, 2014
Tweet

More Decks by Andy Gale

See All by Andy Gale
TekCurious
andygale
0
19
Mitigating DDOS Attacks with Terraform
andygale
0
300
Container Security
andygale
0
240
Nobody likes you Jenkins
andygale
2
450
PHP Migrations with Phinx
andygale
1
1.5k
Test-Driven Infrastructure
andygale
2
300
Chef and Docker
andygale
3
290
Auto-scaling PHP applications using Chef and AWS
andygale
2
950
Testing Javascript
andygale
9
1.3k

Other Decks in Technology

See All in Technology
S3のマルウェア対策について紹介
cocacola917
0
270
APN AWS Top Engineersが語るAWSの最新セキュリティ
cmusudakeisuke
0
870
バンドルカードの クレジットカード決済システムの 泥臭い運用
hiroakis
6
4.6k
オラクルのブロックチェーンソリューションご紹介 /blockchain
oracle4engineer
PRO
0
990
Souveraineté numérique et logiciel libre: colloque de la SIF 2022
sfermigier
0
270
アジャイル品質のパターンとメトリクス
washizaki
0
230
VPoEとして1年 もっとこうすればよかった3選 / VPoE Retrospective
konifar
6
4.6k
ユーザー理解は、自組織理解から!インナーリサーチのススメ / SDC_okusa
recruitengineers
PRO
0
260
Small Tips to use Bun with WebSocket Server and WebAssembly Modules
mganeko
0
3k
Oracleが提供するマイクロサービス開発基盤 / oracle-microservices-development-platform-overview
oracle4engineer
PRO
1
120
Cloud Native Kafka - 分散データ基盤がクラウドネイティブを目指すということ
hashitokyo
0
150
Redshift ServerlessとProvisioned Cluster のちょっとした違い
mashiike
0
150

Featured

See All Featured
What's new in Ruby 2.0
geeforr
335
30k
Designing the Hi-DPI Web
ddemaree
273
32k
Facilitating Awesome Meetings
lara
33
4.4k
For a Future-Friendly Web
brad_frost
166
7.7k
Stop Working from a Prison Cell
hatefulcrawdad
263
18k
Navigating Team Friction
lara
176
12k
Visualization
eitanlees
126
12k
Agile that works and the tools we love
rasmusluckow
320
19k
The Straight Up "How To Draw Better" Workshop
denniskardys
225
130k
A better future with KSS
kneath
228
16k
Designing Experiences People Love
moore
130
22k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
182
15k

Transcript

  1. Terraform Andy Gale DevOps Consultancy

  2. About me Andy Gale Web Consultant Hello Future http://hellofutu.re !

    @andygale @hellofutur3 DevOps Consultancy

  3. Infrastructure as code • AWS ec2 instances • Digital Ocean

    droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy

  4. Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS

    • DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy

  5. Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy

  6. Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =

    "ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy

  7. Terraform AWS security group example # Security group for web

    server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy

  8. Terraform AWS security group example $ terraform plan ! +

    aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy

  9. Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:

    Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

  10. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy

  11. $ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for

    web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do

  12. $ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:

    Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration

  13. Adding an instance DevOps Consultancy

  14. Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"

    {} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy

  15. Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =

    ".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy

  16. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance

  17. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy

  18. $ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group

    for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration

  19. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef

  20. Packer • Terraform works well with AMIs generated by Packer

    • http://www.packer.io/ DevOps Consultancy

  21. Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC

    • Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do