Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JUG_DA: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

JUG_DA: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

"Infrastructure as Code" ist heutzutage eine wichtige Komponente, um die Erstellung von Cloud-Umgebungen gut strukturieren, versionieren und verwalten zu können. Als eines der führenden Tools für diesen Zweck gilt HashiCorp Terraform. Ich möchte in meinem Vortrag Grundlagen und Konzepte erklären und einen kleinen Einblick geben, was noch alles machbar ist. Seid gespannt auf die tollen Features, die Terraform außer dem stumpfen Auflisten von Ressourcen noch zu bieten hat.

93775dfd8e4f0078d4b724a622d734d7?s=128

Sandra Gerberding
PRO

January 14, 2022
Tweet

Transcript

  1. @stgerberding YATT: Yet another T erraform talk - Grundlagen und

    ein bisschen mehr ... Sandra Gerberding - smartsteuer GmbH
  2. @stgerberding Software-Entwicklerin: Java Web Anwendungen Continuous Integration Software-Architektur T witter:

    
 @stgerberding Blog: 
 http://sandra.gerberding.blog E-Mail: 
 sandra.gerberding@smartsteuer.de Speaker Deck: 
 https://speakerdeck.com/sandrag Sandra Gerberding 2
  3. @stgerberding Was gucken wir uns heute alles an: Was ist

    Infrastructure as Code? Was ist T erraform? Aufbau von T erraform Syntax Expressions Functions Basis Komponenten CLI Befehle Neues Zusammenfassung
  4. @stgerberding Was ist Infrastructure as Code (IaC)? Network Security Server

    Storage Repository
  5. @stgerberding Con fi guration Management Provisioning T ool

  6. @stgerberding Mutable Approach Immutable Approach

  7. @stgerberding Declarative Approach Procedural Approach

  8. @stgerberding Was ist T erraform? … Apply Plan

  9. @stgerberding T erraform Core /CLI Provider-Plugins Provisioner-Plugins Cloud API Client

    Library RPC Golang HTTPS https://registry.terraform.io/providers/hashicorp/aws/latest/docs Aufbau T erraform
  10. @stgerberding Syntax T erraform Argumente HCL Syntax .tf Blöcke identifier

    = expression type [label] { Block body [arguments/blocks ] } UTF-8 Kommentare # einzeili g // einzeili g /*…*/ mehrzeilig JSON Syntax .tf.json UTF-8 JSON Property JSON Object "identifier": "expression" "identifier": { Object body [properties/objects/arrays ] } Kommentare "//": "This …" JSON Array "identifier": [ Object body [properties/objects/arrays ] ]
  11. @stgerberding Expressions "true" converts to true / "5" converts to

    5 // Type conversio n "Hello, ${var.name}!" // String interpolatio n [for o in var.list : o.id] // for expressio n var.list[*].id // splat expressio n var.dbname != "" ? var.dbname : "default-dbname" // conditional expressio n
  12. @stgerberding resource_prefix = join("-", [var.project, var.stage] ) substr("hello world", 1,

    4) // ell o concat(["a", ""], ["b", "c"] ) contains(["a", "b", "c"], "a") // tru e base64decode("SGVsbG8gV29ybGQ=") // Hello Worl d fileexists("${path.module}/hello.txt") Functions
  13. @stgerberding terraform { required_version = ">= 1.0 “ required_providers {

    aws = { source = "hashicorp/aws " version = "~> 3.56.0 " } } } provider "aws" { region = "eu-central-1" profile = "profile-name " } resource "aws_instance" "project-server" { ami = "ami-029c64b3c205e6cce " instance_type = "t4g.micro " tags = { Name = "Default Instance" } } HCL T erraform Beispiel { "terraform": { "required_version": ">= 1.0" , "required_providers": { "aws": { "source": "hashicorp/aws" , "version": "~> 3.56.0 " } } } , "provider": { "aws": { "region": "eu-central-1" , "profile": "profile-name " }} , "resource": { "aws_instance": { "project-server": { "ami": "ami-029c64b3c205e6cce" , "instance_type": "t4g.micro" , "tags": { "Name": "Default Instance " } } } } } JSON T erraform Beispiel
  14. @stgerberding Resources resource "aws_instance" "project-server" { ami = "ami-029c64b3c205e6cce "

    instance_type = "t4g.micro " } <Resource_type>.<Name>.<Attribute> foobar = aws_instance.project-server.i d De fi nition Benutzung
  15. @stgerberding Input Variables variable "image_id" { type = strin g

    description = "The id of the machine image (AMI) to use for the server. " default = "ami-029c64b3c205e6cce " validation { condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami- " error_message = "The image_id value must be a valid AMI id, starting with \"ami-\". " } } De fi nition Benutzung foobar = var.image_i d
  16. @stgerberding Auswertung-Hierarchie Überschreibt • Environment Variablen • terraform.tfvars Datei •

    terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le
  17. @stgerberding Auswertung-Hierarchie >export TF_VAR_image_id=ami-abc12 3 • Environment Variablen • terraform.tfvars

    Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le
  18. @stgerberding Auswertung-Hierarchie region = "us-east-2 " project = "workshop "

    stage = "testing " image_id = "ami-029c64b3c205e6cce " • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le { "region": „us-east-2" , "project": "workshop" , "stage": "testing" , "image_id“: "ami-029c64b3c205e6cce " }
  19. @stgerberding Auswertung-Hierarchie >terraform apply -var-file="testing.tfvars " >terraform apply -var="image_id=ami-abc123 "

    • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le
  20. @stgerberding Output Values output "ec2_instance_public_ip" { value = aws_instance.project-server.public_i p

    } De fi nition module.<MODULE NAME>.<OUTPUT NAME> Benutzung Apply complete! Resources: 1 added, 0 changed, 0 destroyed . Outputs : hostname = terraform.example.co m private_ip = 10.5.4.8 2 public_ip = 94.237.45.22 1 foobar = module.my-module.ec2_instance_public_i p
  21. @stgerberding Locale Values locals { /*------------------------------------------------------------- - RDS (database )

    --------------------------------------------------------------* / rds_instance_allocated_storage = var.stage == "dev" ? 5 : 1 0 rds_instance_class = var.stage == "dev" ? "db.t3.micro" : „db.t2.micro " rds_database_name = var.stage == "dev" ? "projectdevdb" : "projectproddb " rds_database_user_name = "dbuser " rds_database_backup_retetion_period = 1 4 rds_database_deletion_protection = var.stage == "dev" ? false : tru e } De fi nition name = local.rds_database_nam e Benutzung
  22. @stgerberding Modules Root Module Database Module Server Module Network Module

    etc. Module Output Value Input Variables Input Variables Input Variables Input Variables
  23. @stgerberding Verzeichnisse und Dateien

  24. @stgerberding Modules module "network" { source = "./modules/network" base_cidr_block =

    "10.0.0.0/8" } module "database" { source = "./modules/database" database_name = "myDatabase" vpc_id = module.network.vpc_id subnet_ids = module.network.subnet_ids } module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 } T erraform Registry main.tf main.tf
  25. @stgerberding > terraform init > terraform plan > terraform apply

    > terraform destroy T erraform CLI https://www.terraform.io/docs/cli/commands/index.html > terraform Liste aller verfügbaren Befehle > terraform init -help Inline Hilfe Initialisiert das Arbeitsverzeichnis Erstellung eines Ausführungsplans Ausführung des Ausführungsplans Zerstörung der entfernten Objekte T erraform CLI
  26. @stgerberding > terraform output > terraform import T erraform CLI

    https://www.terraform.io/docs/cli/commands/index.html > terraform console Ausführen von Ausdrücken zum T esten > terraform validate Validiert die Kon fi gurationsdateien Anzeigen des Outputs Importieren bestehender Ressourcen … > terraform fmt Formatieren
  27. @stgerberding T erraform CLI Work fl ow > terraform fm

    t > terraform ini t > terraform validat e > terraform plan -var-file=variables.tfvar s > terraform apply -var-file=variables.tfvars
  28. @stgerberding $ terraform plan [19:44:37 ] Terraform used the selected

    providers to generate the following execution plan. Resource actions are indicated with the following symbols : + creat e ~ update in plac e Terraform will perform the following actions : # module.project-stage-db.aws_db_subnet_group.db_subnet_group will be create d + resource "aws_db_subnet_group" "db_subnet_group" { + arn = (known after apply ) + description = "Managed by Terraform " + id = (known after apply ) + name = "project-stage " + name_prefix = (known after apply ) . . . # module.project-stage-db.aws_security_group.db-security-group will be create d ~ resource "aws_security_group" "db-security-group" { arn = (known after apply ) ~ description = "test“ -> "Firewall rules for accessing the database. " . . . Plan: 3 to add, 1 to change, 0 to destroy . ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── ───────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now .
  29. @stgerberding Verzeichnisse und Dateien

  30. @stgerberding T erraT est https://terratest.gruntwork.io/

  31. @stgerberding Ausblick T erraform CDK (beta)

  32. @stgerberding Zusammenfassung

  33. @stgerberding Vielen Danke für Eure Aufmerksamkeit! @stgerberding 
 http://sandra.gerberding.blog 


    sandra.gerberding@smartsteuer.de 
 https://speakerdeck.com/sandrag