WJAX-2020: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

@stgerberding
YATT: Yet another T
erraform talk -
Grundlagen und ein bisschen mehr ...
Sandra Gerberding - smartsteuer GmbH

View Slide

@stgerberding
Software-Entwicklerin:

Java Web Anwendungen

Continuous Integration

Software-Architektur

T
witter:
 
@stgerberding

Blog:
 
http://sandra.gerberding.blog

E-Mail:
 
[email protected]

Speaker Deck:
 
https://speakerdeck.com/sandrag
Sandra Gerberding
2

View Slide

@stgerberding
Was gucken wir uns heute alles an:
Was ist Infrastructure as Code?

Was ist T
erraform?

Aufbau von T
erraform

Syntax

Basis Komponenten

Expressions

Functions

CLI Befehle

Neues

Zusammenfassung

View Slide

@stgerberding
Was ist Infrastructure as Code (IaC)?
Network Security Server Storage
Repository

View Slide

@stgerberding
Was ist T
erraform?
…
Apply
Plan

View Slide

@stgerberding
T
erraform
Core /CLI
Provider-Plugins

Provisioner-Plugins
Cloud API
Client Library
RPC
Golang
HTTPS
https://registry.terraform.io/providers/hashicorp/aws/latest/docs
Aufbau T
erraform

View Slide

@stgerberding
Syntax T
erraform
Argumente
HCL

Syntax
.tf
Blöcke
identifier = expression
type [label]
{

Block body [arguments/blocks
]

}
UTF-8
Kommentare # einzeili
g

// einzeili
g

/*…*/ mehrzeilig
JSON

Syntax
.tf.json
UTF-8
JSON Property
JSON Object
"identifier": "expression"
"identifier": {
Object body

[properties/objects/arrays
]

}
Kommentare "//": "This …"
JSON Array
"identifier": [
Object body

[properties/objects/arrays
]

]

View Slide

@stgerberding
terraform
{

required_version = ">= 1.0
“

required_providers {
aws =
{

source = "hashicorp/aws
"

version = "~> 3.56.0
"

}

}

}

provider "aws"
{

region = "eu-central-1"
profile = "profile-name
"

}

resource "aws_instance" "project-server"
{

ami = "ami-029c64b3c205e6cce
"

instance_type = „t4g.micro
"

tags =
{

Name = "Default VPC
"

}
}

HCL T
erraform Beispiel
{

"terraform":
{

"required_version": ">= 1.0"
,

"required_providers":
{

"aws":
{

"source": "hashicorp/aws"
,

"version": "~> 3.56.0
"

}

}

}
,

"provider":
{

"aws":
{

"region": "eu-central-1"
,

"profile": "profile-name
"

}}
,

"resource":
{

"aws_instance":
{

"project-server":
{

"ami": "ami-029c64b3c205e6cce"
,

"instance_type": "t4g.micro"
,

"tags":
{

"Name": "Default VPC
"

}

}

}

}

}
JSON T
erraform Beispiel

View Slide

@stgerberding
Resources
resource "aws_instance" "project-server"
{

ami = "ami-029c64b3c205e6cce
"

instance_type = „t4g.micro
"

}
..
foobar = aws_instance.project-server.i
d

De
fi
nition
Benutzung

View Slide

@stgerberding
Input Variables
variable "image_id"
{

type = strin
g

description = "The id of the machine image (AMI) to use for the server.
"

default = "ami-029c64b3c205e6cce
"

validation
{

condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-
"

error_message = "The image_id value must be a valid AMI id, starting with \"ami-\".
"

}

}

De
fi
nition
Benutzung
foobar = var.image_i
d

View Slide

@stgerberding
Auswertung-Hierarchie
Überschreibt
• Environment Variablen

• terraform.tfvars Datei

• terraform.tfvars.json

• *.auto.tfvars / *.auto.tfvars.json

• -var / -var-
fi
le

View Slide

@stgerberding
>export TF_VAR_image_id=ami-abc12
3





• -var / -var-
fi
le

View Slide

@stgerberding
region = "us-east-2
"

project = "workshop
"

stage = "testing
"

image_id = "ami-029c64b3c205e6cce
"





• -var / -var-
fi
le
{

"region": „us-east-2"
,

"project": „workshop"
,

"stage": „testing"
,

"image_id“: "ami-029c64b3c205e6cce
"

}

View Slide

@stgerberding
>terraform apply -var-file="testing.tfvars
"

>terraform apply -var="image_id=ami-abc123
"





• -var / -var-
fi
le

View Slide

@stgerberding
Output Values
output "ec2_instance_public_ip"
{

value = aws_instance.project-server.public_i
p

}

De
fi
nition
module..
Benutzung
Apply complete! Resources: 1 added, 0 changed, 0 destroyed
.

Outputs
:

hostname = terraform.example.co
m

private_ip = 10.5.4.8
2

public_ip = 94.237.45.22
1

foobar = module.my-module.ec2_instance_public_i
p

View Slide

@stgerberding
Locale Values
locals
{

/*-------------------------------------------------------------
-

RDS (database
)

--------------------------------------------------------------*
/

rds_instance_allocated_storage = var.stage == "dev" ? 5 : 1
0

rds_instance_class = var.stage == "dev" ? "db.t3.micro" : "db.t3.micro
"

rds_database_name = var.stage == "dev" ? "projectdevdb" : "projectproddb
"

rds_database_user_name = "dbuser
"

rds_database_backup_retetion_period = 1
4

rds_database_deletion_protection = var.stage == "dev" ? false : tru
e

}

De
fi
nition
name = local.rds_database_nam
e

Benutzung

View Slide

@stgerberding
Modules
Root Module
Database Module
Server Module
Network Module
etc. Module
Output Value
Input Variables
Input Variables
Input Variables
Input Variables

View Slide

@stgerberding
Modules
module "network"
{

source = "./modules/network"
base_cidr_block = "10.0.0.0/8"
}

module "consul_cluster"
{

source = "./modules/aws-consul-cluster"
vpc_id = module.network.vpc_id
subnet_ids = module.network.subnet_ids
}

module "consul" {
source = "hashicorp/consul/aws"
version = "0.0.5"
servers =
3

}
T
erraform Registry

View Slide

@stgerberding
Expressions
"true" converts to true / "5" converts to 5 // Type conversio
n

"Hello, ${var.name}!" // String interpolatio
n

[for o in var.list : o.id] // for expressio
n

var.list[*].id // splat expressio
n

var.dbname != "" ? var.dbname : "default-dbname" // conditional expressio
n

View Slide

@stgerberding
resource_prefix = join("-", [var.project, var.stage]
)

substr("hello world", 1, 4) // ell
o

concat(["a", ""], ["b", "c"]
)

contains(["a", "b", "c"], "a") // tru
e

base64decode("SGVsbG8gV29ybGQ=") // Hello Worl
d

fileexists("${path.module}/hello.txt")

Functions

View Slide

@stgerberding
> terraform init
> terraform plan
> terraform apply
> terraform destroy
T
erraform CLI
https://www.terraform.io/docs/cli/commands/index.html
> terraform Liste aller verfügbaren Befehle
> terraform init -help Inline Hilfe
Initialisiert das Arbeitsverzeichnis
Erstellung eines Ausführungsplans
Ausführung des Ausführungsplans
Zerstörung der entfernten Objekte
T
erraform CLI

View Slide

@stgerberding
> terraform output
> terraform import
T
erraform CLI
https://www.terraform.io/docs/cli/commands/index.html
> terraform console Ausführen von Ausdrücken zum T
esten
> terraform validate Validiert die Kon
fi
gurationsdateien
Anzeigen des Outputs
Importieren bestehender Ressourcen
…
> terraform fmt Formatieren

View Slide

@stgerberding
T
erraform CLI Work
fl
ow
> terraform fm
t

> terraform ini
t

> terraform validat
e

> terraform plan -var-file=variables.tfvar
s

> terraform apply -var-file=variables.tfvars

View Slide

@stgerberding
$ terraform plan
[19:44:37
]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols
:

+ creat
e

~ update in plac
e

Terraform will perform the following actions
:

# module.project-stage-db.aws_db_subnet_group.db_subnet_group will be create
d

+ resource "aws_db_subnet_group" "db_subnet_group"
{

+ arn = (known after apply
)

+ description = "Managed by Terraform
"

+ id = (known after apply
)

+ name = "project-stage
"

+ name_prefix = (known after apply
)

. . .

# module.project-stage-db.aws_security_group.db-security-group will be create
d

~ resource "aws_security_group" "db-security-group"
{

arn = (known after apply
)

~ description = "test“ -> "Firewall rules for accessing the database.
"

. .
.

Plan: 3 to add, 1 to change, 0 to destroy
.

──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
─────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if
you run "terraform apply" now
.

View Slide

@stgerberding
Verzeichnisse und Dateien

View Slide

@stgerberding
Ausblick T
erraform CDK (beta)
T
ypscript / Python / Java / C# / Go
T
erraT
est

View Slide

@stgerberding
Zusammenfassung

View Slide

@stgerberding
Vielen Danke für Eure Aufmerksamkeit!
@stgerberding
 
http://sandra.gerberding.blog
 
[email protected]
 
https://speakerdeck.com/sandrag

View Slide

WJAX-2020: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

WJAX-2020: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

Sandra Gerberding
PRO

More Decks by Sandra Gerberding

Other Decks in Programming

Featured

Transcript

WJAX-2020: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

WJAX-2020: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

Sandra Gerberding PRO

More Decks by Sandra Gerberding

Other Decks in Programming

Featured

Transcript

Sandra Gerberding
PRO