Taming Infrastructure Workflow at Scale with Terraform

Taming Infrastructure Workflow at Scale with Terraform

Today’s cloud infrastructure is really complex. What if you could truly make this infrastructure a black box? What if you could mutate this infrastructure safely and easily? See how to use Terraform efficiently across hundreds of developers leveraging infrastructure as code and Terraform modules.

As more operations choices are added to your data center, whether through company acquisitions, a growing development team, or general technical debt, managing infrastructure complexity becomes a nightmare. Yet the end goal is still the same — safely deploy your application to your infrastructure. We need to tame our data centers by managing change across systems, enforcing policies, and by establishing a workflow for both developers and operations engineers to build in a collaborative environment.

This talk will discuss the problems faced in managing a modern cloud infrastructure, and how a set of innovative open source tools like Terraform can be used to tame the rising complexity curve. Terraform builds on years of research on graph theory to model the relationships between infrastructure resources so operators can safely manage and change infrastructure resources across bare metal, IaaS, PasS, and SaaS. Terraform models and potentially prevents that simple change with unforeseen consequences so operators don't have to.

Join me as I take you on a journey of using Terraform as we take control of our cloud infrastructure. This goal of this demo driven talk is to showcase how Terraform can help build multi-tier application infrastructure supporting multiple cloud platforms and services.

This talk was given at NDC Oslo 2018. For more details visit: https://ndcoslo.com/talk/taming-infrastructure-workflow-at-scale/

Github repository for the live demo done during the talk: https://github.com/anubhavmishra/terraform-workflow-examples

26896287bc831a13e768cea7efe29632?s=128

Anubhav Mishra

June 13, 2018
Tweet

Transcript

  1. Taming Infrastructure Workflow at Scale With Terraform https://unsplash.com/photos/-a4tzI2fNW8 Photo by

    Rita Morais @anubhavm 
  2. @anubhavm Anubhav Mishra Developer Advocate, HashiCorp

  3. PROVISION, SECURE AND RUN ANY INFRASTRUCTURE Nomad Consul Vault Vagrant

    Packer Terraform Consul Enterprise Terraform Enterprise Vault Enterprise PRODUCT SUITE OSS TOOL SUITE RUN Applications SECURE Application Infrastructure PROVISION Infrastructure FOR INDIVIDUALS FOR TEAMS Nomad Enterprise
  4. Evolution

  5. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !5 ~30

    years ago
  6. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !6 ~20

    years ago
  7. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !7 ~15-20

    years ago
  8. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !8 ~10

    years ago
  9. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !9 VIRTUAL

    MACHINES ~10 years ago
  10. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !10 CONTAINERS

    VIRTUAL MACHINES ~5 years ago
  11. Copyright © 2017 HashiCorp @anubhavm  DATACENTER Evolution !11 CONTAINERS

    VIRTUAL MACHINES ~5 years ago
  12. Copyright © 2017 HashiCorp @anubhavm  DATACENTER DNS Evolution !12

    DATABASE Presently
  13. Copyright © 2017 HashiCorp @anubhavm  DC 1 Evolution !13

    DC 2 Presently
  14. Copyright © 2017 HashiCorp @anubhavm  Evolution !14 Rise in

    Complexity
  15. Workflow Photo by Daniel Apodaca on Unsplash

  16. Copyright © 2017 HashiCorp @anubhavm  Workflow !16 Previously

  17. Copyright © 2017 HashiCorp @anubhavm  Workflow !16 BUY Previously

  18. Copyright © 2017 HashiCorp @anubhavm  Workflow !16 BUY PROVISION

    Previously
  19. Copyright © 2017 HashiCorp @anubhavm  Workflow !16 BUY PROVISION

    UPDATE/DESTROY -/+ Previously
  20. Copyright © 2017 HashiCorp @anubhavm  BUY Workflow !17 PROVISION

    UPDATE/DESTROY -/+ Previously
  21. Copyright © 2017 HashiCorp @anubhavm  BUY Workflow !17 Previously

  22. Copyright © 2017 HashiCorp @anubhavm  Workflow !18 BUY Presently

  23. Copyright © 2017 HashiCorp @anubhavm  Workflow !18 BUY Presently

  24. Copyright © 2017 HashiCorp @anubhavm  Workflow !19 PROVISION UPDATE/DESTROY

    -/+ BUY Presently
  25. Copyright © 2017 HashiCorp @anubhavm  Workflow !19 PROVISION BUY

    Presently
  26. Copyright © 2017 HashiCorp @anubhavm  Workflow !19 PROVISION Presently

  27. Copyright © 2017 HashiCorp @anubhavm  Workflow !19 PROVISION Presently

  28. Copyright © 2017 HashiCorp @anubhavm  PROVISION Workflow !20 Presently

  29. Copyright © 2017 HashiCorp @anubhavm  PROVISION Workflow !20 Presently

  30. Copyright © 2017 HashiCorp @anubhavm  Workflow !21 BUY PROVISION

    UPDATE/DESTROY -/+ Presently
  31. Copyright © 2017 HashiCorp @anubhavm  Workflow !21 UPDATE/DESTROY -/+

    Presently
  32. Copyright © 2017 HashiCorp @anubhavm  Workflow !22 UPDATE/DESTROY -/+

    CLOUD PROVIDER API Presently
  33. Copyright © 2017 HashiCorp @anubhavm  Workflow !23 Presently

  34. Copyright © 2017 HashiCorp @anubhavm  !24 CDW

  35. Copyright © 2017 HashiCorp @anubhavm  !24 CDW

  36. Copyright © 2017 HashiCorp @anubhavm  !24 CDW

  37. Copyright © 2017 HashiCorp @anubhavm  !25 CDW

  38. None
  39. $ ssh ubuntu@server.com
 $ sudo apt-get install default-jre $ echo

    “the oracle way” $ sudo add-apt-repository ppa:webupd8team/java $ sudo apt-get update $ sudo apt-get install oracle-java8-installer $ ./setup-java.sh Terminal
  40. None
  41. None
  42. $ aws usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]

    To see help text, you can run: aws help aws <command> help aws <command> <subcommand> help Terminal
  43. None
  44. None
  45. Why Did We Change? Photo by Maxime Rossignol on Unsplash

  46. Copyright © 2017 HashiCorp @anubhavm  !33 Deliver Applications at

    a Rapid Pace
  47. Copyright © 2017 HashiCorp @anubhavm  !34 Deliver Applications at

    Scale
  48. Copyright © 2017 HashiCorp @anubhavm  !35 Single & Unified

    Workflow for Infrastructure
  49. None
  50. s Copyright © 2017 HashiCorp @anubhavm  Motivation !37 Why

    Terraform?
  51. Copyright © 2017 HashiCorp @anubhavm  Why Terraform? !38 How

    Do We Provision Resources? • Compute (Cloud Servers) • Network (VPCs, ACLs, Firewalls) • Storage (Databases, Object Stores)
  52. Copyright © 2017 HashiCorp @anubhavm  Why Terraform? !39 How

    Do We Manage the Lifecycle of Resources? • Compute (Cloud Servers) • Network (VPCs, ACLs, Firewalls) • Storage (Databases, Object Stores)
  53. Copyright © 2017 HashiCorp @anubhavm  Why Terraform? !40 How

    Do We Enforce Policies Across the Resources? • Compute (Cloud Servers) • Network (VPCs, ACLs, Firewalls) • Storage (Databases, Object Stores)
  54. Copyright © 2017 HashiCorp @anubhavm  Why Terraform? !41 How

    Do We Automate and Share the Configurations? • Compute (Cloud Servers) • Network (VPCs, ACLs, Firewalls) • Storage (Databases, Object Stores)
  55. Goal

  56. Copyright © 2017 HashiCorp @anubhavm  Goal !43 Provide a

    Unified Workflow Using Infrastructure as Code to Iterate Over Infrastructure Safely that is Capable of Provisioning Anything Anywhere.
  57. Copyright © 2017 HashiCorp @anubhavm  !44 Terminal resource "TYPE"

    "NAME" { ATTRIBUTES }
  58. Copyright © 2017 HashiCorp @anubhavm  !45 Terminal resource "azurerm_virtual_machine"

    "web" { storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } } resource "aws_instance" "web" { ami = "ami-b123125" } main.tf
  59. Copyright © 2017 HashiCorp @anubhavm  !46 Terminal resource "azurerm_public_ip"

    "web" { name = "webserver-ip" location = "West US" resource_group_name = "webserver-rg" public_ip_address_allocation = "static" } resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  60. Copyright © 2017 HashiCorp @anubhavm  !47 Terminal resource "azurerm_public_ip"

    "web" { name = "webserver-ip" location = "West US" resource_group_name = "webserver-rg" public_ip_address_allocation = "static" } resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  61. Copyright © 2017 HashiCorp @anubhavm  !48 Terminal resource "cloudflare_page_rule"

    "www" { # ... } resource "fastly_service_v1" "myservice" { name = "myawesometestservice" # ... } main.tf
  62. Copyright © 2017 HashiCorp @anubhavm  !49 Terminal resource "github_membership"

    "membership_for_some_user" { username = "admin" role = "owner" } resource "gitlab_project" "example" { name = "example" description = "My awesome codebase" visibility_level = "public" } main.tf
  63. Copyright © 2017 HashiCorp @anubhavm  !50 ~100 Terraform Providers

  64. Copyright © 2017 HashiCorp @anubhavm  !50

  65. Copyright © 2017 HashiCorp @anubhavm  !50

  66. Copyright © 2017 HashiCorp @anubhavm  !51 CRUD API =

  67. Copyright © 2017 HashiCorp @anubhavm  !52 CRUD API =

  68. Copyright © 2017 HashiCorp @anubhavm  !52 CRUD API =

    Create()
  69. Copyright © 2017 HashiCorp @anubhavm  !52 CRUD API =

    Create() Read()
  70. Copyright © 2017 HashiCorp @anubhavm  !52 CRUD API =

    Create() Read() Update()
  71. Copyright © 2017 HashiCorp @anubhavm  !52 CRUD API =

    Create() Read() Update() Destroy()
  72. Copyright © 2017 HashiCorp @anubhavm  !53 Describe Your Infrastructure

    in Text Files
  73. Copyright © 2017 HashiCorp @anubhavm  !54 Human Friendly Configuration

  74. Copyright © 2017 HashiCorp @anubhavm  !55 Human Friendly Configuration

    <3 JSON
  75. Copyright © 2017 HashiCorp @anubhavm  !56 Store in Any

    VCS
  76. Copyright © 2017 HashiCorp @anubhavm  !57 Track the History

    of Your Infrastructure
  77. PLAN & APPLY

  78. Copyright © 2017 HashiCorp @anubhavm  !59 Terminal resource "azurerm_public_ip"

    "web" { resource_group_name = "webserver-rg" public_ip_address_allocation = "static" } resource "azurerm_network_interface" "web" { resource_group_name = "webserver-rg" ip_configuration { ..... public_ip_address_id = "${azurerm_public_ip.web.id}" } } resource "azurerm_virtual_machine" "web" { count = 1 network_interface_ids = ["${azurerm_network_interface.web.id}"] storage_image_reference { offer = "UbuntuServer" ..... } } resource "dnsimple_record" "web" { domain = "example.com" name = "webs" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  79. Copyright © 2017 HashiCorp @anubhavm  !60 Terminal resource "azurerm_public_ip"

    "web" { resource_group_name = "webserver-rg" public_ip_address_allocation = "static" } resource "azurerm_network_interface" "web" { resource_group_name = "webserver-rg" ip_configuration { ..... public_ip_address_id = "${azurerm_public_ip.web.id}" } } resource "azurerm_virtual_machine" "web" { count = 1 network_interface_ids = ["${azurerm_network_interface.web.id}"] storage_image_reference { offer = "UbuntuServer" ..... } } resource "dnsimple_record" "web" { domain = "example.com" name = "webs" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  80. Copyright © 2017 HashiCorp @anubhavm  !61 Terminal $ terraform

    plan main.tf
  81. Copyright © 2017 HashiCorp @anubhavm  !62 “Shows You What

    Will Happen Before It Actually Happens” TERRAFORM PLAN Anubhav Mishra NDC Oslo 2018
  82. Copyright © 2017 HashiCorp @anubhavm  !63 Terminal + azurerm_public_ip.web

    ..... + azurerm_network_interface.web ..... + azurerm_virtual_machine.webserver ..... + dnsimple_record.hello id: <computed> domain: "example.com" domain_id: <computed> hostname: <computed> name: "test" priority: <computed> ttl: "3600" type: "A" value: "${azurerm_public_ip.web.ip_address}" shell
  83. Copyright © 2017 HashiCorp @anubhavm  !64 Terminal + azurerm_public_ip.web

    ..... + azurerm_network_interface.web ..... + azurerm_virtual_machine.webserver ..... + dnsimple_record.hello id: <computed> domain: "example.com" domain_id: <computed> hostname: <computed> name: "test" priority: <computed> ttl: "3600" type: "A" value: "${azurerm_public_ip.web.ip_address}" shell
  84. Copyright © 2017 HashiCorp @anubhavm  !65 Terminal + azurerm_public_ip.web

    ..... + azurerm_network_interface.web ..... + azurerm_virtual_machine.webserver ..... + dnsimple_record.hello id: <computed> domain: "example.com" domain_id: <computed> hostname: <computed> name: "test" priority: <computed> ttl: "3600" type: "A" value: "${azurerm_public_ip.web.ip_address}" shell
  85. Copyright © 2017 HashiCorp @anubhavm  !66 Terminal + azurerm_public_ip.web

    ..... + azurerm_network_interface.web ..... + azurerm_virtual_machine.webserver ..... + dnsimple_record.hello id: <computed> domain: "example.com" domain_id: <computed> hostname: <computed> name: "test" priority: <computed> ttl: "3600" type: "A" value: "${azurerm_public_ip.web.ip_address}" shell
  86. Copyright © 2017 HashiCorp @anubhavm  !67 Terminal $ terraform

    apply shell
  87. Copyright © 2017 HashiCorp @anubhavm  !68 Previously?????

  88. None
  89. None
  90. State

  91. Copyright © 2017 HashiCorp @anubhavm  !71 Map of Real

    World Resources to Your Configuration. TERRAFORM STATE
  92. Copyright © 2017 HashiCorp @anubhavm  !72 Terminal { "version":

    3, "terraform_version": "0.11.5", "serial": 4, "lineage": "af985fb6-6e75-66bc-984a-7635ea4249c7", "modules": [ { "path": [ "root" ], "outputs": {}, "resources": { "azurerm_resource_group.default": { "type": "azurerm_resource_group", "depends_on": [], "primary": { "id": "", }, }, "deposed": [], "provider": "provider.azurerm" } }, "depends_on": [] }, terraform.tfstate
  93. Copyright © 2017 HashiCorp @anubhavm  !73 Terminal { "version":

    3, "terraform_version": "0.11.5", "serial": 4, "lineage": "af985fb6-6e75-66bc-984a-7635ea4249c7", "modules": [ { "path": [ "root" ], "outputs": {}, "resources": { "azurerm_resource_group.default": { "type": "azurerm_resource_group", "depends_on": [], "primary": { "id": "", }, }, "deposed": [], "provider": "provider.azurerm" } }, "depends_on": [] }, terraform.tfstate
  94. Copyright © 2017 HashiCorp @anubhavm  !73 Terminal { "version":

    3, "terraform_version": "0.11.5", "serial": 4, "lineage": "af985fb6-6e75-66bc-984a-7635ea4249c7", "modules": [ { "path": [ "root" ], "outputs": {}, "resources": { "azurerm_resource_group.default": { "type": "azurerm_resource_group", "depends_on": [], "primary": { "id": "", }, }, "deposed": [], "provider": "provider.azurerm" } }, "depends_on": [] }, terraform.tfstate
  95. Copyright © 2017 HashiCorp @anubhavm  !73 Terminal { "version":

    3, "terraform_version": "0.11.5", "serial": 4, "lineage": "af985fb6-6e75-66bc-984a-7635ea4249c7", "modules": [ { "path": [ "root" ], "outputs": {}, "resources": { "azurerm_resource_group.default": { "type": "azurerm_resource_group", "depends_on": [], "primary": { "id": "", }, }, "deposed": [], "provider": "provider.azurerm" } }, "depends_on": [] }, terraform.tfstate Storage: file, consul, azurerm, s3, gcs, etc.
  96. None
  97. None
  98. Collaboration Photo by rawpixel on Unsplash

  99. None
  100. Copyright © 2017 HashiCorp @anubhavm  !77

  101. Copyright © 2017 HashiCorp @anubhavm  !78 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  102. Copyright © 2017 HashiCorp @anubhavm  !79 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  103. Copyright © 2017 HashiCorp @anubhavm  !79 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  104. Copyright © 2017 HashiCorp @anubhavm  !79 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  105. Copyright © 2017 HashiCorp @anubhavm  !79 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  106. Copyright © 2017 HashiCorp @anubhavm  !79 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  107. Copyright © 2017 HashiCorp @anubhavm  !80 OPERATIONS ENGINEER SOFTWARE

    ENGINEER
  108. Modules

  109. Copyright © 2017 HashiCorp @anubhavm  !82 Terminal resource "azurerm_public_ip"

    "web" { ..... } resource "azurerm_network_interface" "web" { ip_configuration { ..... public_ip_address_id = "${azurerm_public_ip.web.id}" } } resource "azurerm_virtual_machine" "web" { count = 1 network_interface_ids = ["${azurerm_network_interface.web.id}"] storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } } resource "dnsimple_record" "web" { domain = "example.com" name = "test" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  110. Copyright © 2017 HashiCorp @anubhavm  !83 Terminal resource "azurerm_public_ip"

    "web" { ..... } resource "azurerm_network_interface" "web" { ip_configuration { ..... public_ip_address_id = "${azurerm_public_ip.web.id}" } } resource "azurerm_virtual_machine" "web" { count = "${var.count}" network_interface_ids = ["${azurerm_network_interface.web.id}"] storage_image_reference { publisher = "Canonical" offer = "${var.os_name}" sku = "${var.sku}" version = "latest" } } resource "dnsimple_record" "web" { domain = "example.com" name = "test" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  111. Copyright © 2017 HashiCorp @anubhavm  !84 Terminal resource "azurerm_public_ip"

    "web" { ..... } resource "azurerm_network_interface" "web" { ip_configuration { ..... public_ip_address_id = "${azurerm_public_ip.web.id}" } } resource "azurerm_virtual_machine" "web" { count = "${var.count}" network_interface_ids = ["${azurerm_network_interface.web.id}"] storage_image_reference { publisher = "Canonical" offer = "${var.os_name}" sku = “${var.sku}" version = "latest" } } resource "dnsimple_record" "web" { domain = "example.com" name = "test" value = "${azurerm_public_ip.web.ip_address}" type = "A" } main.tf
  112. Copyright © 2017 HashiCorp @anubhavm  !85 Terminal module "webserver"

    { source = "mishracorp/webserver" count = 10 os_name = "UbuntuServer" } main.tf
  113. Copyright © 2017 HashiCorp @anubhavm  !86

  114. Copyright © 2017 HashiCorp @anubhavm  !87 Terminal module "webserver"

    { source = "mishracorp/webserver" count = 10 os_name = "UbuntuServer" } main.tf
  115. Copyright © 2017 HashiCorp @anubhavm  !88 Terminal module "webserver"

    { source = "mishracorp/webserver" count = 10 os_name = "UbuntuServer" } main.tf OPERATIONS ENGINEER
  116. Copyright © 2017 HashiCorp @anubhavm  !89 Terminal module "webserver"

    { source = "mishracorp/webserver" count = 10 os_name = "UbuntuServer" } main.tf OPERATIONS ENGINEER SOFTWARE ENGINEER
  117. Copyright © 2017 HashiCorp @anubhavm  !90 Terminal module "webserver"

    { source = "mishracorp/webserver" count = 10 os_name = "UbuntuServer" } main.tf OPERATIONS ENGINEER SOFTWARE ENGINEER WEBSERVERS
  118. INFRASTRUCTURE WORKFLOW FOR THE CLOUD

  119. s Copyright © 2017 HashiCorp @anubhavm  !92 DEMO

  120. www.hashicorp.com FOR EVERYONE, EVERYWHERE Thank You! I have stickers! Ask

    me anything. @anubhavm Anubhav Mishra