Infrastructure as Code Sebastian Grodzicki @ phpCE 2017 !@sebgrodzicki 

$ whoami Sebastian Grodzicki
 • CTO at SHOWROOM • PHP developer for 15+ years • DevOps enthusiast !@sebgrodzicki 

module "stack" {
 source = "github.com/segmentio/stack"
 environment = "demo"
 key_name = "sgrodzicki"
 name = "phpCE"
 } main.tf 

No content

No content

No content

No content

How did we get here? 

Data center evolution DC 

Data center evolution DC 

Data center evolution DC 

Data center evolution DC VM VM VM VM VM VM VM VM VM VM VM VM 

Data center evolution DC VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C VM C C C C C C 

Data center evolution 
 DNS 
 CDN 

Data center evolution PaaS IaaS SaaS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR DC OPS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR SYSADMIN DC OPS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR DC OPS SYSADMIN DC OPS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR DC OPS SYSADMIN DC OPS WEEKS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR DC OPS SYSADMIN DC OPS WEEKS DAYS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR DC OPS SYSADMIN DC OPS WEEKS DAYS DAYS 

Data center evolution ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 VENDOR DC OPS SYSADMIN DC OPS WEEKS DAYS DAYS DAYS 

Cloud computing 

Cloud computing ACQUIRE
 
 
 
 
 
 
 
 
 
 DESTROY
 
 
 
 
 
 
 
 
 
 PROVISION
 
 
 
 
 
 
 
 
 
 UPDATE
 
 
 
 
 
 
 
 
 
 SECONDS SECONDS SECONDS SECONDS 

How do I provision resources? 

How do I manage resource lifecycles? 

How do I balance service providers providing core technology for my datacenter? 

How do I enforce policy across all these resources? 

How do I automate and share those configurations? 

No content

TERRAFORM'S GOAL Provide a single workflow… 

TERRAFORM'S GOAL …with a unified view… 

TERRAFORM'S GOAL …using Infrastructure as Code… 

TERRAFORM'S GOAL …that can be iterated
 and changed safely… 

TERRAFORM'S GOAL …capable of complex
 N-tier applications. 

resource "digitalocean_droplet" "demo" {
 image = "ubuntu-17-10-x64"
 name = "phpCE"
 region = "fra1"
 size = "512mb"
 }
 
 resource "cloudflare_record" "demo" {
 domain = "grodzicki.pl"
 name = "phpce"
 type = "A"
 value = "${digitalocean_droplet.demo.ipv4_address}"
 }
 main.tf 

$ terraform init
 
 Initializing provider plugins...
 - Downloading plugin for provider "digitalocean" (0.1.2)...
 - Downloading plugin for provider "cloudflare" (0.1.0)...
 
 Terraform has been successfully initialized! Terminal 

$ terraform plan
 
 Terraform will perform the following actions:
 
 + cloudflare_record.demo
 id: 
 domain: "grodzicki.pl"
 hostname: 
 name: "phpce"
 proxied: "false"
 ttl: 
 type: "A"
 value: "${digitalocean_droplet.demo.ipv4_address}"
 zone_id: 
 
 + digitalocean_droplet.demo
 id: 
 disk: 
 image: "ubuntu-17-10-x64"
 ipv4_address: 
 ipv4_address_private: 
 ipv6_address: 
 ipv6_address_private: 
 locked: 
 name: "phpCE"
 price_hourly: 
 price_monthly: 
 region: "fra1"
 resize_disk: "true"
 size: "512mb"
 status: 
 vcpus: 
 
 Plan: 2 to add, 0 to change, 0 to destroy. Terminal 

$ terraform apply
 
 digitalocean_droplet.demo: Creating...
 disk: "" => ""
 image: "" => "ubuntu-17-10-x64"
 ipv4_address: "" => ""
 ipv4_address_private: "" => ""
 ipv6_address: "" => ""
 ipv6_address_private: "" => ""
 locked: "" => ""
 name: "" => "phpCE"
 price_hourly: "" => ""
 price_monthly: "" => ""
 region: "" => "fra1"
 resize_disk: "" => "true"
 size: "" => "512mb"
 status: "" => ""
 vcpus: "" => ""
 digitalocean_droplet.demo: Creation complete after 26s (ID: 69048017)
 cloudflare_record.demo: Creating...
 domain: "" => "grodzicki.pl"
 hostname: "" => ""
 name: "" => "phpce"
 proxied: "" => "false"
 ttl: "" => ""
 type: "" => "A"
 value: "" => "207.154.225.151"
 zone_id: "" => ""
 cloudflare_record.demo: Creation complete after 1s (ID: 4a59cffb21560ea257b2567d362fec2b)
 
 Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terminal 

$ terraform destroy
 
 digitalocean_droplet.demo: Refreshing state... (ID: 69048513)
 cloudflare_record.demo: Refreshing state... (ID: c30fe74f5279d0def)
 cloudflare_record.demo: Destroying... (ID: c30fe74f5279d0def)
 cloudflare_record.demo: Destruction complete after 2s
 digitalocean_droplet.demo: Destroying... (ID: 69048513)
 digitalocean_droplet.demo: Destruction complete after 14s
 
 Destroy complete! Resources: 2 destroyed. Terminal 

resource "digitalocean_droplet" "demo" {
 image = "ubuntu-17-10-x64"
 name = "phpCE"
 region = "fra1"
 - size = "512mb"
 + size = "1gb"
 }
 
 resource "cloudflare_record" "demo" {
 domain = "grodzicki.pl"
 name = "phpce"
 type = "A"
 value = "${digitalocean_droplet.demo.ipv4_address}"
 }
 main.tf 

$ terraform plan
 
 Resource actions are indicated with the following symbols:
 ~ update in-place
 
 Terraform will perform the following actions:
 
 ~ digitalocean_droplet.demo
 size: "512mb" => "1gb"
 
 Plan: 0 to add, 1 to change, 0 to destroy. Terminal 

$ terraform apply
 
 digitalocean_droplet.demo: Modifying... (ID: 69048968)
 size: "512mb" => "1gb"
 digitalocean_droplet.demo: Modifications complete after 53s (ID: 69048968)
 
 Apply complete! Resources: 0 added, 1 changed, 0 destroyed. Terminal 

resource "digitalocean_droplet" "demo" {
 - image = "ubuntu-17-10-x64"
 + image = "debian-9-x64"
 name = "phpCE"
 region = "fra1"
 size = "1gb"
 }
 
 resource "cloudflare_record" "demo" {
 domain = "grodzicki.pl"
 name = "phpce"
 type = "A"
 value = "${digitalocean_droplet.demo.ipv4_address}"
 }
 main.tf 

$ terraform plan
 
 Resource actions are indicated with the following symbols:
 ~ update in-place
 -/+ destroy and then create replacement
 
 Terraform will perform the following actions:
 ~ cloudflare_record.demo
 value: "46.101.143.229" => "${digitalocean_droplet.demo.ipv4_address}"
 
 -/+ digitalocean_droplet.demo (new resource required)
 id: "69048968" => (forces new resource)
 disk: "30" => 
 image: "ubuntu-17-10-x64" => "debian-9-x64" (forces new resource)
 ipv4_address: "46.101.143.229" => 
 ipv4_address_private: "" => 
 ipv6_address: "" => 
 ipv6_address_private: "" => 
 locked: "false" => 
 name: "phpCE" => "phpCE"
 price_hourly: "0.01488" => 
 price_monthly: "10" => 
 region: "fra1" => "fra1"
 resize_disk: "true" => "true"
 size: "1gb" => "1gb"
 status: "active" => 
 vcpus: "1" => 
 
 Plan: 1 to add, 1 to change, 1 to destroy. Terminal 

$ terraform apply
 
 digitalocean_droplet.demo: Destroying... (ID: 69056095)
 digitalocean_droplet.demo: Destruction complete after 12s
 digitalocean_droplet.demo: Creating...
 disk: "" => ""
 image: "" => "debian-9-x64"
 ipv4_address: "" => ""
 ipv4_address_private: "" => ""
 ipv6_address: "" => ""
 ipv6_address_private: "" => ""
 locked: "" => ""
 name: "" => "phpCE"
 price_hourly: "" => ""
 price_monthly: "" => ""
 region: "" => "fra1"
 resize_disk: "" => "true"
 size: "" => "1gb"
 status: "" => ""
 vcpus: "" => ""
 digitalocean_droplet.demo: Creation complete after 47s (ID: 69056200)
 
 cloudflare_record.demo: Modifying... (ID: 7a5ad9e5a510eb3a87606bbacf2ccbec)
 value: "207.154.230.75" => "165.227.146.145"
 cloudflare_record.demo: Modifications complete after 3s (ID: 7a5ad9e5a510eb3a87606bbacf2ccbec)
 
 Apply complete! Resources: 1 added, 1 changed, 1 destroyed. Terminal 

Human-friendly configuration JSON-compatible for non-humans 

VCS-friendly format 

Entire infrastructure as code 

70+ providers AWS Bitbucket Chef Cloudflare Consul Datadog DigitalOcean DNSimple Docker Dyn Fastly GitHub Google Cloud Grafana Heroku Kubernetes Logentries MySQL New Relic Nomad NS1 OpenStack OVH Rancher Scaleway SoftLayer VMware 

resource "github_team" "backend" {
 name = "backend"
 }
 
 resource "github_team_membership" "sebastian" {
 team_id = "${github_team.backend.id}"
 username = "sgrodzicki"
 } main.tf 

$ terraform plan
 
 Resource actions are indicated with the following symbols:
 + create
 
 Terraform will perform the following actions:
 
 + github_team.backend
 id: 
 name: "backend"
 privacy: "secret"
 
 + github_team_membership.sebastian
 id: 
 role: "member"
 team_id: "${github_team.backend.id}"
 username: "sgrodzicki"
 
 Plan: 2 to add, 0 to change, 0 to destroy. Terminal 

$ terraform apply
 
 github_team.backend: Creating...
 name: "" => "backend"
 privacy: "" => "secret"
 github_team.backend: Creation complete after 1s (ID: 2541906)
 
 github_team_membership.sebastian: Creating...
 role: "" => "member"
 team_id: "" => "2541906"
 username: "" => "sgrodzicki"
 github_team_membership.sebastian: Creation complete after 1s (ID: 2541906:sgrodzicki)
 
 Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terminal 

resource "github_repository" "phpce" {
 name = "phpce"
 description = "phpCE 2017"
 } main.tf 

$ terraform plan
 
 Resource actions are indicated with the following symbols:
 + create
 
 Terraform will perform the following actions:
 
 + github_repository.phpce
 id: 
 allow_merge_commit: "true"
 allow_rebase_merge: "true"
 allow_squash_merge: "true"
 default_branch: 
 description: "phpCE 2017"
 full_name: 
 git_clone_url: 
 http_clone_url: 
 name: "phpce"
 ssh_clone_url: 
 svn_url: 
 
 Plan: 1 to add, 0 to change, 0 to destroy. Terminal 

$ terraform apply
 
 github_repository.phpce: Creating...
 allow_merge_commit: "" => "true"
 allow_rebase_merge: "" => "true"
 allow_squash_merge: "" => "true"
 default_branch: "" => ""
 description: "" => "phpCE 2017"
 full_name: "" => ""
 git_clone_url: "" => ""
 http_clone_url: "" => ""
 name: "" => "phpce"
 ssh_clone_url: "" => ""
 svn_url: "" => ""
 
 github_repository.phpce: Creation complete after 1s (ID: phpce)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Terminal 

Demo 

$ terraform console Interactive console
 for Terraform interpolations 

$ terraform fmt Rewrites config files
 to canonical format 

$ terraform graph Create a visual graph
 of Terraform resources 

$ terraform graph cloudflare_record.demo digitalocean_droplet.demo provider.cloudflare provider.digitalocean [root] meta.count-boundary (count boundary fixup) [root] provider.cloudflare (close) [root] provider.digitalocean (close) [root] root 

$ terraform import Import existing infrastructure
 into Terraform 

$ terraform output Read an output from a state file 

$ terraform state list (List resources in the state) mv (Move an item in the state) pull (Pull current state and output to stdout) push (Update remote state from a local state file) rm (Remove an item from the state) show (Show a resource in the state) 

module "stack" {
 source = "github.com/segmentio/stack"
 environment = "demo"
 key_name = "sgrodzicki"
 name = "phpCE"
 } main.tf 

Terraform Website 

Terraform Documentation 

Terraform Module Registry 

Questions? joind.in/talk/49431 

THANK YOU! joind.in/talk/49431