Tweet
Tweet

Slide 1

Slide 1 text

AWS Meetup Munich Using Terraform with AWS

Slide 2

Slide 2 text

Seth Vargo Director of Evangelism, HashiCorp @sethvargo

Slide 3

Slide 3 text

Agenda 1. Introduction to Terraform 2. Infrastructure as Code 3. Variables, outputs, and meta-parameters 4. State 5. Modules

Slide 4

Slide 4 text

Introduction

Slide 5

Slide 5 text

Terraform Provisions Infrastructure Resources

Slide 6

Slide 6 text

Terraform's Goals Unify the view of resources using infrastructure as code Support the modern data center (IaaS, PaaS, SaaS) Expose a way to safely and predictably change infrastructure Provide a workflow that is technology agnostic

Slide 7

Slide 7 text

Terraform vs. Other Tools Provides a high-level abstraction of infrastructure (IaC) Allows for composition and combination Supports parallel management of resources (graph, fast) Separates planning from execution (dry-run)

Slide 8

Slide 8 text

Glossary

Slide 9

Slide 9 text

Glossary Provider A provider is an abstraction of the API/service provider such as AWS, GCP, DNSimple, or Fastly. Providers typically require some sort of configuration data such as an API key or credential file.

Slide 10

Slide 10 text

Glossary Resource A resource represents a component of a provider such as an "AWS instance", "DNSimple Record", or "Fastly service". Resources have both arguments (inputs) and attributes (outputs) which are specific to the resource. Resources also have meta-parameters such as count and lifecycle.

Slide 11

Slide 11 text

Glossary (Resource) Argument An argument is an input or configuration option to a resource. An AWS EC2 instance accepts ami as an input parameter. This makes ami an argument to the aws_instance resource.

Slide 12

Slide 12 text

Glossary (Resource) Attribute An attribute is an output or computed value available only after resource creation. An AWS EC2 instance provides public_ip as an output parameter. This makes public_ip an attribute to the aws_instance resource. This makes sense, because an instance's IP address is assigned during creation.

Slide 13

Slide 13 text

Glossary Graph The graph is the internal structure for Terraform's resource dependencies and order. The graph implements a directed acyclic graph (DAG) which allows Terraform to optimize for parallelism while adhering to dependency ordering. It is possible to generate the graph as a DOT file for human viewing.

Slide 14

Slide 14 text

Glossary (Remote/Local) State Terraform stores the last-known arguments and attributes for all resources. These contents known as "state" can be stored locally as a JSON file (local state) or stored in a remote shared location like Atlas (remote state).

Slide 15

Slide 15 text

Glossary Module A module is a self-contained package of Terraform configurations. Modules are like abstract classes that are imported into other Terraform configurations. Parallels: Chef Cookbook, Puppet Module, Ruby gem

Slide 16

Slide 16 text

Glossary Variable A variable is a user or machine-supplied input in Terraform configurations. Variables can be supplied via environment variables, CLI flags, or variable files. Combined with modules, variables help make Terraform flexible, sharable, and extensible.

Slide 17

Slide 17 text

Glossary Interpolation Terraform includes a built-in syntax for referencing attributes of other resources. This technique is called interpolation. Terraform also provides built-in functions for performing string manipulations, evaluating math operations, and doing list comprehensions.

Slide 18

Slide 18 text

Glossary HashiCorp Configuration Language (HCL) Terraform's syntax and interpolation are part of an open source language and specification called HCL.

Slide 19

Slide 19 text

Infrastructure as Code

Slide 20

Slide 20 text

Infrastructure as Code Provide a codified workflow to create infrastructure Expose a workflow for managing updates to existing infrastructure Integrate with application code workflows (Git, SCM, Code Review) Provide modular, sharable components for separation of concerns

Slide 21

Slide 21 text

Infrastructure as Code (Terraform) Human-readable configuration (HCL) is designed for human consumption so users can quickly interpret and understand their infrastructure configuration. HCL is fully JSON-compatible for machine-generated configurations.

Slide 22

Slide 22 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf

Slide 23

Slide 23 text

Infrastructure as Code (Terraform) Configuration format is very VCS friendly with support for multi- line lists, trailing commas, and auto-formatting.

Slide 24

Slide 24 text

resource "aws_instance" "web" { ami = "ami-9a562df2" - instance_type = "t2.micro" + instance_type = "m1.small" } main.tf

Slide 25

Slide 25 text

Infrastructure as Code (Terraform) Reference values from other resources, building the implicit dependency graph.

Slide 26

Slide 26 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } resource "dnsimple_record" "web" { domain = "hashicorp.com" name = "web" ttl = "3600" type = "A" value = "${aws_instance.web.public_ip}" } main.tf

Slide 27

Slide 27 text

Infrastructure as Code (Terraform) Configuration can be in a single file or split across multiple files. Terraform will merge all files in the current working directory which end in .tf or .tf.json.

Slide 28

Slide 28 text

Terminal $ ls main.tf outputs.tf variables.tf

Slide 29

Slide 29 text

Terminal $ ls instances.tf load-balancers.tf shared.tf

Slide 30

Slide 30 text

Terminal $ ls everything.tf

Slide 31

Slide 31 text

Configuration Format

Slide 32

Slide 32 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf

Slide 33

Slide 33 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf resource

Slide 34

Slide 34 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf "aws_instance"

Slide 35

Slide 35 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf "web"

Slide 36

Slide 36 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } resource "aws_instance" "web" { ami = "ami-6b563df1" instance_type = "t2.micro" } main.tf "web"

Slide 37

Slide 37 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } resource "aws_instance" "web-2" { ami = "ami-6b563df1" instance_type = "t2.micro" } main.tf "web"

Slide 38

Slide 38 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } resource "digitalocean_droplet" "web" { ami = "ami-6b563df1" instance_type = "t2.micro" } main.tf "web"

Slide 39

Slide 39 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf ami instance_type

Slide 40

Slide 40 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } main.tf

Slide 41

Slide 41 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } resource "dnsimple_record" "web" { domain = "hashicorp.com" name = "web" ttl = "3600" type = "A" value = "${aws_instance.web.public_ip}" } "${aws_instance.web.public_ip}" main.tf

Slide 42

Slide 42 text

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro" } resource "dnsimple_record" "web" { domain = "hashicorp.com" name = "web" ttl = "3600" type = "A" value = "${aws_instance.web.public_ip}" } # This is a comment main.tf // This is a comment as well

Slide 43

Slide 43 text

Syntax Highlighting Plugins for HCL exist for most major editors If not: - "javascript" if using // comments
 - "ruby" if using # comments Community leans toward # comments

Slide 44

Slide 44 text

Resource Graph

Slide 45

Slide 45 text

Resource Graph The resource graph is an internal representation of all resources and their dependencies. A human-readable graph can be generated using the
 terraform graph command. Can optionally draw cycles (advanced).

Slide 46

Slide 46 text

Demo: Run terraform graph Run the terraform graph command against the sample Terraform configurations.

Slide 47

Slide 47 text

Terraform Graph Useful for visualizing infrastructure and dependencies Builds upon existing visualization technologies and open formats such as DOT

Slide 48

Slide 48 text

Command Line Interface

Slide 49

Slide 49 text

Command Line Interface All interactions with Terraform occur via the CLI. Terraform is a local tool (runs on the current machine).

Slide 50

Slide 50 text

Terminal $ terraform help Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan push Upload this Terraform module to Atlas to run refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation untaint Manually unmark a resource as tainted validate Validates the Terraform files version Prints the Terraform version

Slide 51

Slide 51 text

Terminal $ terraform help Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan push Upload this Terraform module to Atlas to run refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation untaint Manually unmark a resource as tainted validate Validates the Terraform files version Prints the Terraform version

Slide 52

Slide 52 text

Command: terraform plan The plan shows you what will happen You can save plans to guarantee what will happen Plans show reasons for certain actions (such as re-create) Prior to Terraform, users had to guess change ordering, parallelization, and rollout effect

Slide 53

Slide 53 text

Demo: Run terraform plan

Slide 54

Slide 54 text

Command: terraform apply Executes changes in order based on the resource graph Parallelizes changes when possible Handles and recovers transient errors

Slide 55

Slide 55 text

Demo: Run terraform apply

Slide 56

Slide 56 text

Command: terraform apply Updates existing resources when updates are allowed Re-creates existing resources when updates are not allowed

Slide 57

Slide 57 text

Demo: In-place Upate Edit the main Terraform file an add tags to the AWS instance.

Slide 58

Slide 58 text

Variables, Outputs, & Meta Parameters

Slide 59

Slide 59 text

Variables Define the parameterization of Terraform configurations Can have defaults, be provided with a variables file, asked for at execution, or overridden via the CLI Values can be strings or maps Must be defined before used

Slide 60

Slide 60 text

variable "aws_access_key" {} provider "aws" { access_key = "..." secret_key = "..." region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-50759d3d" instance_type = "t2.micro" } main.tf

Slide 61

Slide 61 text

Variables Variables are available in the interpolation syntax.

Slide 62

Slide 62 text

variable "aws_access_key" {} variable "aws_secret_key" {} variable "aws_region" { default = "us-east-1" } provider "aws" { access_key = "${var.aws_access_key}" secret_key = "..." region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-50759d3d" instance_type = "t2.micro" } main.tf

Slide 63

Slide 63 text

Demo: Show tfvars file Reads from tfvars by default Prompts for input if not provided

Slide 64

Slide 64 text

Outputs define values that will be highlighted to the user when Terraform applies. Outputs can be queried using the terraform output command. Outputs

Slide 65

Slide 65 text

variable "aws_access_key" {} provider "aws" { access_key = "..." secret_key = "..." region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-50759d3d" instance_type = "t2.micro" } output "public_ip" { value = "${aws_instance.web.public_ip}" } main.tf

Slide 66

Slide 66 text

Demo: Query Output Use the terraform output command to for all outputs. Use the terraform output command to query for a single output.

Slide 67

Slide 67 text

Meta-Parameters Meta-parameters allow for higher-level control flow and lifecycle management in Terraform.

Slide 68

Slide 68 text

Meta-Parameters Count The count attribute allows for N number of identical resources to be created. This removes the need for complex variable iteration with "for" or "while" loops.

Slide 69

Slide 69 text

Meta-Parameters Depends On The depends_on attribute allows for declaration of explicit dependencies. This is useful where interpolation is not required, but explicit ordering is desired.

Slide 70

Slide 70 text

Meta-Parameters Lifecycle The lifecycle attribute allow explicit configuration of resource lifecycle such as preventing destruction or ignoring property chanegs. This is an advanced option and is not recommended for users who are getting started with Terraform.

Slide 71

Slide 71 text

Demo: Change count Increase the count parameter on the AWS instance to two (5). Run terraform plan and verify the output. Run terraform apply to apply the changes.

Slide 72

Slide 72 text

State

Slide 73

Slide 73 text

Terraform stores the state of your managed infrastructure from the last time Terraform was run. Terraform uses this state to create plans and make changes to your infrastructure. It is critical that this state is maintained appropriately so future runs operate as expected. State

Slide 74

Slide 74 text

Terminal $ cat terraform.tfstate { "version": 1, "serial": 14, "modules": [ { "path": [ "root" ], "outputs": { "public_ip": "54.164.13.128" }, "resources": { "aws_instance.example": { "type": "aws_instance", "primary": { "id": "i-d829670c", "attributes": {

Slide 75

Slide 75 text

Local State State is stored locally on one machine in JSON format Generally acceptable for individuals and small teams Does not scale to large teams Resolving JSON git-diffs is hard

Slide 76

Slide 76 text

Remote State State is stored on a shared remote source such as Atlas or Consul Remote storage is responsible for handling merging and locking Unnecessary overhead for small teams Best-suited for large or distributed teams

Slide 77

Slide 77 text

Transitioning from Local to Remote Transitioning is a one-time operation After configured, Terraform will no longer store local state

Slide 78

Slide 78 text

Modules

Slide 79

Slide 79 text

Modules Portable Terraform configurations (packages) Allow separation of concerns and responsibilities among teams Parallels: Chef Cookbook, Puppet Module, Ruby gem

Slide 80

Slide 80 text

Modules Spoiler Alert! Modules are just Terraform configurations inside a folder - there's nothing special about them.

Slide 81

Slide 81 text

Modules Variables => Arguments Outputs => Attributes Configuration is sandbox/blackbox

Slide 82

Slide 82 text

Demo: Consul Module Suppose I want an entire Consul cluster, but I know nothing about best practices for setting up Consul.

Slide 83

Slide 83 text

Questions & More Information Terraform Guides & Docs
 terraform.io Terraform OSS (Golang)
 github.com/hashicorp/terraform Best Practices Repo
 github.com/hashicorp/best-practices