Scaling with Terraform

s Copyright © 2018 HashiCorp Hello! !2 Clint Shryock Lead
Terraform Engineer Hello I'm Clint, long time Terraform developer SEGUE >> Today I'll be talking about…

s Copyright © 2018 HashiCorp Scaling with Terraform !3 The
Journey from Startup to Enterprise <<Title>> Story from first user, first team, all the way up to full adoption

Copyright © 2018 HashiCorp Scaling with Terraform ▪Intro ▪What is
Terraform ▪4 Stages of Adoption ▪Stage Next !4 The Journey from Startup to Enterprise 4 Part structure to this talk Then we’ll look at things to come

Terraform ▪4 Stages of Adoption ▪Stage Next !5 The Journey from Startup to Enterprise Introduction done, let’s move on

s Copyright © 2018 HashiCorp What is Terraform? !6 Quick
refresher on what Terraform is and how it fits into the HashiCorp ecosystem To help understand Terraforms mission, we first explain HashiCorp’s mission

Copyright © 2018 HashiCorp Scaling with Terraform !7 The Journey
from Startup to Enterprise SEGUE>> To do that…

from Startup to Enterprise At HashiCorp we’ve developed a suite of unix like tools Each providing a specific set of functionality

from Startup to Enterprise Our tools can loosely be put in 2 categories, Provisioning and Runtime tools

from Startup to Enterprise Terraform is one of the Provisioning tools SEGUE:: Terraforms mission statement: Write, Plan, and Create Infrastructure as Code

from Startup to Enterprise See? Says so right there ^ Terraform is a command line tool With Terraform you: Write declarative configuration with HCL Terraform uses that configuration to generate plans of change, to safely create infrastructure to match SEGUE:: To do that, HashiCorp Engineers and the Open Source community have created numerous Providers

from Startup to Enterprise This is a very small subset • Support for each is distinct and unique, as opposed to generic • Easily compose multiple tiers/services in configuration (IaaS to PaaS to SaaS) • With Terraform you get a single, consistent workflow, for many clouds

Terraform ▪4 Stages of Adoption ▪Stage Next !13 The Journey from Startup to Enterprise Now we know what Terraform is and does

Terraform ▪4 Stages of Adoption ▪Stage Next !14 The Journey from Startup to Enterprise That part done [[SEGUE]] let’s move on

s Copyright © 2018 HashiCorp 4 Stages of Adoption !15
So, there are 4 stages

Terraform ▪4 Stages of Adoption ▪Stage 1: ▪Stage 2: ▪Stage 3: ▪Stage 4: ▪Stage Next !16 The Journey from Startup to Enterprise Says so right there ^ SEGUE:: The first stage I’m sure we all know well

Copyright © 2018 HashiCorp Scaling with Terraform !18 Manual Stage
▪Web Consoles ▪Single environment(s) ▪Mutable Infrastructure ▪Infrastructure as Code Using web consoles heavily: point-and-click, using each console separately • May have some custom scripting with CLIs Single environments: Twin Environments or Sibling environments: common ancestry but they can vary in detail a lot Mutable: canonical example is provisioning and instance to serve a role, it’s manually configured over SSH. These are sometimes called “pet servers”, you give them a name and you become emotionally attached to them [[SEGUE]]: And then finally you have Infra as code…wait

▪Web Consoles ▪Single environment(s) ▪Mutable Infrastructure ▪Infrastructure as Code No, no infrastructure as code yet.

▪Web Consoles ▪Single environment(s) ▪Mutable Infrastructure ▪Infrastructure as Code ops.txt Ops.txt: • I've done this! • It is the text file of truth with all information • Or worse, it's all in your head SEGUE: Let’s look at how we’re using Terraform at this stage…

▪ … We’re not There is no Terraform usage in Manual stage. Why is this a stage? SEGUE:: Because “Not using any Terraform is the first step to using a lot of Terraform”

▪Not using any Terraform is the first step to using a lot of Terraform It says so right there ^ In the journey of using and adopting Terraform this is a common starting point, whether you're a startup or massive Enterprise, you established infrastructure or just getting started

s Copyright © 2018 HashiCorp !23 Challenges Using Terraform or
not, managing infrastructure has both technical and operational complexities These complexities present challenges for you as you grow SEGUE:: Let’s look at our current challenges

- Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing Technological complexities (RED) Reproducibility - Can we duplicate this for testing, development? (RED) Change management - How are changes applied? How do you know what all needs change? (RED) Architecture - How did we do this in the first place? What do our apps require? Has anyone every simply forgot your application used a piece of infrastructure? Organizational complexities Auditing: Who did what, when? Consistency: things like naming conventions , but also practices Knowledge: How are things done here, what are the conventions, how do I find out? SEGUE: If I were to give each of these challenges a status

- Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing I would mark them all as RED. None of these challenges are being met, or if they are, not in an ideal way Now, in theory you could setup your infrastructure perfectly, it never changes, and you’re done! In reality things change a lot, and discomfort in these areas is a sign of growth. SEGUE:: So That's the manual stage. It’s red

Terraform ▪4 Stages of Adoption ▪Stage 1: Manual ▪Stage 2: ▪Stage 3: ▪Stage 4: ▪Stage Next !26 The Journey from Startup to Enterprise SEGUE:: It's fine for starting out

Terraform ▪4 Stages of Adoption ▪Stage 1: Manual ▪Stage 2: ▪Stage 3: ▪Stage 4: ▪Stage Next !27 The Journey from Startup to Enterprise I imagine everyone here knows it's not ideal. SEGUE:: So let’s grow, let’s adopt Terraform and enter…

s Copyright © 2018 HashiCorp !28 Semi-automated Stage To the
semi-automated stage

Copyright © 2018 HashiCorp Scaling with Terraform !29 Semi-automated Stage
▪Adopting Infrastructure as Code ▪Machine images ▪Web Consoles Infrastructure as code: - Process of managing and provisioning infrastructure through machine-readable definition files Machine images - Investigating / starting immutable infrastructure - Docker, Lambda functions, Disk Images, all the things Packer makes SEGUE: Most importantly at this stage we...

▪Adopting Infrastructure as Code ▪Machine images ▪Web Consoles ▪Introduce Terraform! •Configuration! •Automation! •iteration! Introduce Terraform! You can tell this is all very exciting because of the exclamation points

▪Modeling Infrastructure with Configuration ▪Automation: Plan, Apply, Iterate At this stage, the 2 main features of Terraform we’re using are infrastructure as code to declaring how infrastructure should be And once we’ve declared it, we’re automating the creation and modification in a consistent, safe, and reproducible way

- Modeling Infrastructure with Configuration To model, we use HCL, a Human friendly and powerful language Declare **Resources** and **properties**

- Modeling Infrastructure with Configuration We use powerful language constructs, the simple example of COUNT here, to add power and flexibility to our descriptive language We establish relationships with **Interpolation** SEGUE: all this is read and interpreted by Terraform and used to make a graph

- Modeling Infrastructure with Configuration DAG, I’m not going to go much more into detail because the graph itself isn’t the point. The point is we’re declaring our infrastructure, and Terraform reasons about how to make it SEGUE: Using this graph, knowing what’s our current state is, we can then make automation plans

- Automation: Plan, Apply, Iterate

- Automation: Plan, Apply, Iterate Safely applying just those changes. Creating infrastructure in an automated manner. These are things we didn’t have in the manual stage, or simply couldn’t do responsibly SEGUE: So now we’re designing our infrastructure and automating it’s creation

s Copyright © 2018 HashiCorp !37 Challenges Let’s revisit those
challenges

- Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing

- Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing We’ve upgraded our status! Technical complexities: (ORANGE) Reproducibility: config file, plan files (ORANGE) Change management: Automated, consistent workflow across Providers Organizational complexities: (ORANGE) Consistency: IaC using variables, interpolation (ORANGE) Knowledge sharing: configuration stored on file, applied consistently SEGUE:: Things are much better at this stage. We’ve improved a lot, but what are the next challenges?

- New Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations As Armon said, there’s no free lunch, the semi-automated stage introduces some new things Tech: - Where is "our" state file Org: - External things may remain - Who’s running this thing? When?

Terraform ▪4 Stages of Adoption ▪Stage 1: Manual ▪Stage 2: Semi-automated Stage ▪Stage 3: ▪Stage 4: ▪Stage Next !41 The Journey from Startup to Enterprise So that’s the Semi Automated Stage. We’re automating and managing change consistently

Terraform ▪4 Stages of Adoption ▪Stage 1: Manual ▪Stage 2: Semi-automated Stage ▪Stage 3: ▪Stage 4: ▪Stage Next !42 The Journey from Startup to Enterprise SEGUE:: We’re still scaling up, so let’s look at the next stage and those new challenges

s Copyright © 2018 HashiCorp !43 Infrastructure as Code Stage
The infrastructure as code stage

Copyright © 2018 HashiCorp Scaling with Terraform !44 Infrastructure as
Code Stage ▪ Organizational adoption ▪ Multiple Environments ▪ Collaboration ▪ Version Control Organizational: - Diminishing Web consoles usage, scripts, CLI, or other external processes Environments: - Near perfect reproduction of environments Collaboration: - multiple people now contributing to the infrastructure Version Control: - recording state in version control

Code Stage ▪ Modules ▪ Workspaces ▪ Managed state With Terraform at this stage we start seeing

Code Stage - Modules ▪Packaged Components ▪Inputs and Outputs • Self-contained Terraform configurations packaged as a group (VPC setup et.al) • Inputs and outputs like a regular Terraform Resource • Shareable: local file, VCS, S3 SEGUE:: Easy to write

Code Stage - Modules $ tree ex-mod/ . ├── README.md ├── main.tf ├── variables.tf ├── outputs.tf Easy structure

Code Stage - Modules # main.tf module “ex-mod" { source = “github.com/example/..“ version = "0.3.5" } output “mod-version” { value = “${module.ex-mod.address}” } In/Out: use as another resource with interpolation Common architectures are now reproducible, standardized, and consistent SEGUE:: on to workspaces

Code Stage - Workspaces ▪Configuration + Environment ▪Same configuration, separate state files Workspaces in Terraform are defined as configuration + environment (dev, staging, production) - workspace is a CLI command managing multiple ~identical environments - Different local/remote state file - SEGUE::Can use in configurations

Code Stage - Workspaces Use the example from before, count = 3

Code Stage - Workspaces allow easy feature branch development style Tight coupling of state and config SEGUE:: the last bit we’re introducing here Managed State

Code Stage - Managed State ▪Version control ▪Remote state At this stage we’re managing our generated state files. Version control systems to track the changes to state. Terraform records state is JSON format State file becomes like any other file in VCS: auditing possible SEGUE:: the other option is remote state

Code Stage - Workspaces With Remote State, terraform CLI command behave as normal, but communicate with a remote store for all operations. Can be versioned - Terraform Enterprise - Consul - AzureRM Storage - Google Cloud Storage - S3 SEGUE:: We’ve leveled up on our Terraform usage

s Copyright © 2018 HashiCorp !54 Challenges It’s time to
reflect

- Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations This is where we left off SEGUE:: After moving to the Infrastructure as Code stage, we’ve upgraded our status

Code Stage - Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations Technical complexities: (GREEN) Reproducibility: Modules / Workspaces (GREEN) Change management: Workspaces / Modules (ORANGE) Architecture: designing things, vetting them in environments (ORANGE) State management: VCS/Remote Organizational complexities: (ORANGE) Auditing: VCS, Assembly required (GREEN) Consistency: consistent environments with modules and workspaces (GREEN) Knowledge sharing: configs in VCS, modules, self documenting (ORANGE) Operations: Managing more env with same tools, safer

Code Stage - Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations I asked Armon again and he said there’s still no free lunch

Code Stage - New Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations Operations Governance Secrets As we grow and continue to adopt IaC, some new issues will pop up (NEW)(RED) Operations - Where is this thing running? Who's running this thing? Bottleneck (NEW)(RED) Secrets - Organizational complexities: (NEW)(RED) Governance: Policies and Permissions As we scale, these new issues arise

Terraform ▪4 Stages of Adoption ▪Stage 1: Manual ▪Stage 2: Semi-automated Stage ▪Stage 3: Infrastructure as Code Stage ▪Stage 4: ▪Stage Next !59 The Journey from Startup to Enterprise That’s the Infrastructure as Code Stage

Terraform ▪4 Stages of Adoption ▪Stage 1: Manual ▪Stage 2: Semi-automated Stage ▪Stage 3: Infrastructure as Code Stage ▪Stage 4: ▪Stage Next !60 The Journey from Startup to Enterprise SEGUE:: Now we move on to our “final” stage

s Copyright © 2018 HashiCorp !61 Collaborative Infrastructure as Code
Stage The Collaborative Infrastructure as Code Stage It’s like the Infrastructure as Code stage, but it’s Collaborative. Says so right there ^

Copyright © 2018 HashiCorp Scaling with Terraform !62 Collaborative Infrastructure
as Code Stage ▪ Centralized ▪ Governance ▪ Enablement At this stage we need a centralized place to apply changes We’ll need governance to approve who can make changes, and where Enable development teams to self-serve and remove the bottle neck on the operations team

as Code Stage ▪ Coordination ▪ Workspaces++ ▪ Registries Here we see a shift in how Terraform is used. In the past stages we were using the command line for our automation. At this stage, it becomes necessary to coordinate our automation SEGUE:: At this stage…

as Code Stage - Coordination We need something Terraform Enterprise.

as Code Stage - Coordination NOT A SALES PITCH NOT A SALES PITCH Terraform Enterprise is the result of working with practitioners and clients that reach this stage. Coordination, governance, enablement, that’s Terraform Enterprise. I’m sure you can bring and use other tools to this Stage, but this is the stage where Terraform Enterprise *lives*, that’s what it *does* My examples use TFE because it excels at these things

as Code Stage - Coordination ▪ VCS Integration ▪ Team based permissions ▪ Terraform runs For coordination, Terraform Enterprise offers ^ Where before we automated creation and modification, we’re now automating the automator SEGUE:: With Terraform Enterprise, you get upgraded workspaces

as Code Stage - Workspaces* Workspaces: (dev, staging, production) • Still represent configuration * environment • Separate remote states • Available as data sources for other teams to consume SEGUE:: You can inspect each workspace individually

as Code Stage - Workspaces* Each has it’s own run history • can manually trigger, approve, discard

as Code Stage - Workspaces* ▪ Independent variables per workspace ▪ Team based permissions ▪ State / Run history • ^^^^ • Variable are encrypted with Vault - this is now where credentials go • Team permissions are by organization and workspace, READ/WRITE/ADMIN • Log of state changes and their sources Still not an upsell or sales pitch, but at large scale of adoption, these features are practically required SEGUE:: now we go to the registry

as Code Stage - Registry Yes, another external HashiCorp product enters the mix - again this is about automating the automator, not up-selling

as Code Stage - Registry ▪ Modules from Vendor / experts ▪ Search, discover ▪ Open Source, public repos ▪ Published API protocol Terraform Registry enables self-service • Collection of published modules maintained by Vendors • Teams can easily search / discover the components they need • All are free and open source A limitation here is private modules. SEGUE:: You can implement your own with the API protocol. Or….

as Code Stage - Registry You can simply use the private registry built in to Terraform Enterprise

as Code Stage - Coordination STILL NOT A SALES PITCH Still not a sales pitch. Says so right there ^ Builtin private registry is just the best example SEGUE:: Now that I’m done *NOT* sales pitching

Code Stage - Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations Operations Governance Secrets

as Code Stage - Challenges Technical Operational Reproducibility Auditing Change Management Consistency Architecture Knowledge Sharing State Management Operations Operations Governance Secrets Of course everything is green now! What kind of talk would end without green everything • Centralized System with coordination and team/workspace permissions • Consistent and safe iteration and management of infrastructure • Modules and registry offer Self-Service to teams • Encrypted Secrets backed by Vault • Audit: run logs, pull request history, state history • Team based permissions

Copyright © 2018 HashiCorp Scaling with Terraform 78 Stage next
▪ New, Improved plugin interfaces ▪ HCL 2 ▪ Continued Providers growth and enablement Terraform Open Source ▪ Sentinel: Policy as Code ▪ Enhanced Remote Backends ▪ Configuration Designer* ▪ Promotions Workflow* Terraform Enterprise *coming soon…

Scaling with Terraform

Scaling with Terraform

More Decks by Clint Shryock

Other Decks in Technology

Featured

Transcript