Everything as Code with Terraform

Transcript

1. Roman Ness | [email protected] | @romanAsCode Everything as Code with

   Terraform

2. We build so ft ware and provision the necessary infrastructure

   in small incremental releases. Infrastructure is part of the dev cycle

3. Infrastructure as Text 
 != 
 Infrastructure as Code IDE

   support abstraction encapsulation collaboration fun

4. Infrastructure as Code with Terraform • Full Platform independence •

   Manage almost anything with an API and a lifecycle • Use the same paradigms for all infrastructure • Easily import existing infrastructure • Very useful di ff view • Avoids manual steps almost entirely
5. None

6. https://registry.terraform.io/browse/providers

7. Transparent State management graph Generate a Graphviz graph of the

   steps in an operation import Associate existing infrastructure with a Terraform resource refresh Update the state to match remote systems taint Mark a resource instance as not fully functional untaint Remove the 'tainted' state state list List resources in the state state mv Move an item in the state state pull Pull current state and output to stdout state push Update remote state from a local state file state replace-provider Replace provider in the state state rm Remove instances from the state state show Show a resource in the state

8. Don’t hesitate to contribute Terraform is implemented in Go Terraform

   Plugin SDK helps to 
 unify Provider implementations If the API has a Go client most 
 of the heavy li ft ing is done

9. Terraform Modules • Organize, encapsulate and reuse configurations • Enforce

   best practices (across teams) • Modules can be local (subfolder) or remote (registry, github) module source using a remote module

10. Live Coding 1. Provision AWS Account 2. Provision S3 Bucket

    for TF remote state 3. Migrate static website to TF 4. Use custom domain for website 5. Add basic auth to website

11. Live Coding Task

12. Syntax crash course Data Source 
 Can reference a part

    of infrastructure or perform a task and provide data a ft erwards Resource 
 Manages a physical resource Configuration 
 Directory structure of TF files Variable 
 Input for a configuration 


13. Demo Insights • Easily import existing resources in your Terraform

    configuration • Easily integrate Cloudformation stacks in your Terraform configuration • Di ff view o ff ers good control about applied changes • Terraform configs ain’t no rocket science

14. Hashicorp Configuration Language Tailored to write structured configuration that is

    human and machine readable Meta Arguments: depends_on, count, for_each, provider, lifecycle Variables, Locals, Outputs Builtin functions for numerics, strings, 
 collections, dates, hashes, …

15. Pitfalls • Release v1.0 is not reached yet • Dependency

    graph is inferred based on resource/data source references only • No automatic rollback on apply errors • A resource is “always dirty” if the provider state does not match the backend state • A Terraform provider can only be as good as the API it implements

16. Quality of life tooling around Terraform • Manage multiple TF

    versions with https://github.com/asdf-vm/asdf • Set env vars per directory with https://github.com/direnv/direnv • IntelliJ Plugin https://plugins.jetbrains.com/plugin/7808-hashicorp-terraform--hcl- language-support • Setup autocompletion with terraform -install-autocomplete • GNU Make (if you are lazy)

17. Terraform + Make = ❤

18. Terraform use cases @ cosee • Admin & Ops stu

    ff • AWS Accounts • Static website deployments (gitlab.com mirror + netlify) • Keycloak, PagerDuty, Grafana • Cloud Infrastructure • AWS, Open Telekom Cloud, multi-cloud • Inject AWS access key in GitLab-CI

19. Conclusions • Terraform enables us to treat almost all of

    our infrastructure like code • If it has an API and a lifecycle there probably is a Terraform provider for it • If you understand your infrastructure, you could also provision it with Terraform • Terraform is the Git of Infrastructure as Code Want to try out Terraform? 👉 https://learn.hashicorp.com/terraform Roman Neß | [email protected] | @romanAsCode | github.com/RomanNess
20. None