@stgerberding YATT: Yet another T erraform talk - Grundlagen und ein bisschen mehr ... Sandra Gerberding - smartsteuer GmbH

@stgerberding Software-Entwicklerin: Java Web Anwendungen Continuous Integration Software-Architektur T witter: 
 @stgerberding Blog: 
 http://sandra.gerberding.blog E-Mail: 
 sandra.gerberding@smartsteuer.de Speaker Deck: 
 https://speakerdeck.com/sandrag Sandra Gerberding 2

@stgerberding Was gucken wir uns heute alles an: Was ist Infrastructure as Code? Was ist T erraform? Aufbau von T erraform Syntax Basis Komponenten Expressions Functions CLI Befehle Neues Zusammenfassung

@stgerberding Was ist Infrastructure as Code (IaC)? Network Security Server Storage Repository

@stgerberding Was ist T erraform? … Apply Plan

@stgerberding T erraform Core /CLI Provider-Plugins Provisioner-Plugins Cloud API Client Library RPC Golang HTTPS https://registry.terraform.io/providers/hashicorp/aws/latest/docs Aufbau T erraform

@stgerberding Syntax T erraform Argumente HCL Syntax .tf Blöcke identifier = expression type [label] { Block body [arguments/blocks ] } UTF-8 Kommentare # einzeili g // einzeili g /*…*/ mehrzeilig JSON Syntax .tf.json UTF-8 JSON Property JSON Object "identifier": "expression" "identifier": { Object body [properties/objects/arrays ] } Kommentare "//": "This …" JSON Array "identifier": [ Object body [properties/objects/arrays ] ]

@stgerberding terraform { required_version = ">= 1.0 “ required_providers { aws = { source = "hashicorp/aws " version = "~> 3.56.0 " } } } provider "aws" { region = "eu-central-1" profile = "profile-name " } resource "aws_instance" "project-server" { ami = "ami-029c64b3c205e6cce " instance_type = „t4g.micro " tags = { Name = "Default VPC " } } HCL T erraform Beispiel { "terraform": { "required_version": ">= 1.0" , "required_providers": { "aws": { "source": "hashicorp/aws" , "version": "~> 3.56.0 " } } } , "provider": { "aws": { "region": "eu-central-1" , "profile": "profile-name " }} , "resource": { "aws_instance": { "project-server": { "ami": "ami-029c64b3c205e6cce" , "instance_type": "t4g.micro" , "tags": { "Name": "Default VPC " } } } } } JSON T erraform Beispiel

@stgerberding Resources resource "aws_instance" "project-server" { ami = "ami-029c64b3c205e6cce " instance_type = „t4g.micro " } .. foobar = aws_instance.project-server.i d De fi nition Benutzung

@stgerberding Input Variables variable "image_id" { type = strin g description = "The id of the machine image (AMI) to use for the server. " default = "ami-029c64b3c205e6cce " validation { condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami- " error_message = "The image_id value must be a valid AMI id, starting with \"ami-\". " } } De fi nition Benutzung foobar = var.image_i d

@stgerberding Auswertung-Hierarchie Überschreibt • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le

@stgerberding Auswertung-Hierarchie >export TF_VAR_image_id=ami-abc12 3 • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le

@stgerberding Auswertung-Hierarchie region = "us-east-2 " project = "workshop " stage = "testing " image_id = "ami-029c64b3c205e6cce " • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le { "region": „us-east-2" , "project": „workshop" , "stage": „testing" , "image_id“: "ami-029c64b3c205e6cce " }

@stgerberding Auswertung-Hierarchie >terraform apply -var-file="testing.tfvars " >terraform apply -var="image_id=ami-abc123 " • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le

@stgerberding Output Values output "ec2_instance_public_ip" { value = aws_instance.project-server.public_i p } De fi nition module.. Benutzung Apply complete! Resources: 1 added, 0 changed, 0 destroyed . Outputs : hostname = terraform.example.co m private_ip = 10.5.4.8 2 public_ip = 94.237.45.22 1 foobar = module.my-module.ec2_instance_public_i p

@stgerberding Locale Values locals { /*------------------------------------------------------------- - RDS (database ) --------------------------------------------------------------* / rds_instance_allocated_storage = var.stage == "dev" ? 5 : 1 0 rds_instance_class = var.stage == "dev" ? "db.t3.micro" : "db.t3.micro " rds_database_name = var.stage == "dev" ? "projectdevdb" : "projectproddb " rds_database_user_name = "dbuser " rds_database_backup_retetion_period = 1 4 rds_database_deletion_protection = var.stage == "dev" ? false : tru e } De fi nition name = local.rds_database_nam e Benutzung

@stgerberding Modules Root Module Database Module Server Module Network Module etc. Module Output Value Input Variables Input Variables Input Variables Input Variables

@stgerberding Modules module "network" { source = "./modules/network" base_cidr_block = "10.0.0.0/8" } module "consul_cluster" { source = "./modules/aws-consul-cluster" vpc_id = module.network.vpc_id subnet_ids = module.network.subnet_ids } module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 } T erraform Registry

@stgerberding Expressions "true" converts to true / "5" converts to 5 // Type conversio n "Hello, ${var.name}!" // String interpolatio n [for o in var.list : o.id] // for expressio n var.list[*].id // splat expressio n var.dbname != "" ? var.dbname : "default-dbname" // conditional expressio n

@stgerberding resource_prefix = join("-", [var.project, var.stage] ) substr("hello world", 1, 4) // ell o concat(["a", ""], ["b", "c"] ) contains(["a", "b", "c"], "a") // tru e base64decode("SGVsbG8gV29ybGQ=") // Hello Worl d fileexists("${path.module}/hello.txt") Functions

@stgerberding > terraform init > terraform plan > terraform apply > terraform destroy T erraform CLI https://www.terraform.io/docs/cli/commands/index.html > terraform Liste aller verfügbaren Befehle > terraform init -help Inline Hilfe Initialisiert das Arbeitsverzeichnis Erstellung eines Ausführungsplans Ausführung des Ausführungsplans Zerstörung der entfernten Objekte T erraform CLI

@stgerberding > terraform output > terraform import T erraform CLI https://www.terraform.io/docs/cli/commands/index.html > terraform console Ausführen von Ausdrücken zum T esten > terraform validate Validiert die Kon fi gurationsdateien Anzeigen des Outputs Importieren bestehender Ressourcen … > terraform fmt Formatieren

@stgerberding T erraform CLI Work fl ow > terraform fm t > terraform ini t > terraform validat e > terraform plan -var-file=variables.tfvar s > terraform apply -var-file=variables.tfvars

@stgerberding $ terraform plan [19:44:37 ] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols : + creat e ~ update in plac e Terraform will perform the following actions : # module.project-stage-db.aws_db_subnet_group.db_subnet_group will be create d + resource "aws_db_subnet_group" "db_subnet_group" { + arn = (known after apply ) + description = "Managed by Terraform " + id = (known after apply ) + name = "project-stage " + name_prefix = (known after apply ) . . . # module.project-stage-db.aws_security_group.db-security-group will be create d ~ resource "aws_security_group" "db-security-group" { arn = (known after apply ) ~ description = "test“ -> "Firewall rules for accessing the database. " . . . Plan: 3 to add, 1 to change, 0 to destroy . ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── ───────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now .

@stgerberding Verzeichnisse und Dateien

@stgerberding Ausblick T erraform CDK (beta) T ypscript / Python / Java / C# / Go T erraT est

@stgerberding Zusammenfassung

@stgerberding Vielen Danke für Eure Aufmerksamkeit! @stgerberding 
 http://sandra.gerberding.blog 
 sandra.gerberding@smartsteuer.de 
 https://speakerdeck.com/sandrag