Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraform

Andy Gale
October 08, 2014
Technology
0
990

 Terraform

Lightening introduction to Terraform given at PHPSW on 8th October

Andy Gale

October 08, 2014
Tweet

More Decks by Andy Gale

See All by Andy Gale
TekCurious
andygale
0
69
Mitigating DDOS Attacks with Terraform
andygale
0
710
Container Security
andygale
0
430
Nobody likes you Jenkins
andygale
2
830
PHP Migrations with Phinx
andygale
1
1.9k
Test-Driven Infrastructure
andygale
2
490
Chef and Docker
andygale
3
440
Auto-scaling PHP applications using Chef and AWS
andygale
2
1.1k
Testing Javascript
andygale
9
1.4k

Other Decks in Technology

See All in Technology
APIとはなにか
mikanichinose
0
110
LINE Developersプロダクト(LIFF/LINE Login)におけるフロントエンド開発
lycorptech_jp
PRO
0
150
クレカ・銀行連携機能における “状態”との向き合い方 / SmartBank Engineer LT Event
smartbank
2
100
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
330
1等無人航空機操縦士一発試験 合格までの道のり ドローンミートアップ@大阪 2024/12/18
excdinc
0
180
Wantedly での Datadog 活用事例
bgpat
2
690
.NET 9 のパフォーマンス改善
nenonaninu
0
1.3k
GitHub Copilot のテクニック集/GitHub Copilot Techniques
rayuron
39
16k
KnowledgeBaseDocuments APIでベクトルインデックス管理を自動化する
iidaxs
1
280
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
200
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
550
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.9k

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
Music & Morning Musume
bryan
46
6.2k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.4k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.3k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
How To Stay Up To Date on Web Technology
chriscoyier
789
250k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.3k
How GitHub (no longer) Works
holman
311
140k

Transcript

  1. Terraform Andy Gale DevOps Consultancy

  2. About me Andy Gale Web Consultant Hello Future http://hellofutu.re !

    @andygale @hellofutur3 DevOps Consultancy

  3. Infrastructure as code • AWS ec2 instances • Digital Ocean

    droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy

  4. Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS

    • DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy

  5. Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy

  6. Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =

    "ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy

  7. Terraform AWS security group example # Security group for web

    server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy

  8. Terraform AWS security group example $ terraform plan ! +

    aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy

  9. Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:

    Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

  10. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy

  11. $ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for

    web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do

  12. $ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:

    Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration

  13. Adding an instance DevOps Consultancy

  14. Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"

    {} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy

  15. Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =

    ".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy

  16. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance

  17. # Security group for web server ! resource "aws_security_group" "hello_web"

    { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy

  18. $ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group

    for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration

  19. resource "aws_instance" "web" { ! connection { user = "ubuntu"

    key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef

  20. Packer • Terraform works well with AMIs generated by Packer

    • http://www.packer.io/ DevOps Consultancy

  21. Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC

    • Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do