Packer, Terraform & Jenkins

Transcript

1. Packer, Terraform & Jenkins IaC & CD for small stacks

   Simon McCartney Twitter: @simonmcc

2. Background: Isn’t this a solved problem?

3. Background: Don’t containers solve everything?

4. Goal 1: Traceable Images • What was this image built

   from? • Project, branch, SHA, clean, dirty • Store it inside the image and externally via tags

5. Goal 2: Testable Images • Validate that an image is

   good • Chef’s InSpec for os/infra • App/Service specific testing

6. Goal 3: Self Contained • Monorepo FTW, single pipeline •

   Minimal Jenkins Plugins • Sanity wrappers for Terraform & Packer • Terraform for the app • Terraform for the build environment

7. Packer Wrapper – build.sh •Modeled on base & app AMI

   – overkill for this POC •Expose git SHA & clean/dirty state to packer for including in tags etc (‘cos CLI building should still be possible!) •Only build base/app AMI when necessary

8. tfw •Terraform wrapper •Map git branch to terraform workspace •Map

   git branch to tfvars •Expose git branch & sha to aid tagging & building unique resources (RDS Instance etc)

9. tfw •Configure terraform remote state render backend_config.tf AWS: create s3

   bucket & DynamoDB Azure: create Resource Group & Storage Account

10. Jenkinsfile •Simple master/!master path

11. Tips •Watch out for account or globally unique resources (that’s

    why we expose branch & SHA1 to packer & terraform) •SHA1 for images in this POC is weak – it’s of a git object that “mostly” represents the image build source. •Jenkins aws-credentials & docker agent is broken :(

12. Links •https://github.com/simonmcc/cfgmgmtcmp-2019- iac-ci-cd •https://github.com/jenkins201/jenkins-container •Twitter: @simonmcc •https://www.axon.com

13. We’re hiring! SRE, Remote UK & EU

14. None
15. None
16. None