Build, provision & deploy in the Cloud with Packer, Ansible & Terraform – PHPUK 2018

By Thijs Feryn
Build, provision & deploy
in the Cloud with
Packer, Ansible & Terraform
PHP UK CONFERENCE

View Slide

I’m so sick of Cloud!

View Slide

View Slide

Automation

View Slide

Many platforms

View Slide

View Slide

✓ Less lock-in
✓ Faster deployments
✓ Better scalability
✓ Better reproducibility
✓ Less human error
✓ Lower cost
✓ Operational stability
Goals

View Slide

Hi, I’m Thijs

View Slide

I’m
@ThijsFeryn
on Twitter

View Slide

I’m an
Evangelist
At

View Slide

View Slide

185 17
11 4

View Slide

https://joind.in/talk/ae063

View Slide

Build Provision Orchestrate

View Slide

App code Bake image
Build

View Slide

View Slide

App code
Provision
Bake image Pour “sauce”
Build

View Slide

View Slide

App code
Provision Orchestrate
Bake image Pour “sauce” Serve
Build

View Slide

View Slide

Infrastructure as code

View Slide

Disposable stacks

View Slide

Reproducible environments

View Slide

View Slide

✓ Alicloud ECS
✓ Amazon EC2
✓ Azure
✓ CloudStack
✓ DigitalOcean
✓ Docker
✓ File
✓ Google Cloud
✓ Hyper-V
✓ LXC
✓ LXD
✓ Null
✓ 1&1
✓ OpenStack
✓ Oracle OCI
✓ Parallels
✓ ProfitBricks
✓ QEMU
✓ Triton
✓ VirtualBox
✓ VMware
✓ Custom
Packer builders

View Slide

View Slide

{
"builders": [
{
"type": "openstack",
"identity_endpoint": "https://osp.combell.com:5000/v3",
"tenant_name": "",
"username": "",
"password": "",
"image_name": "thijsferyn_{{isotime \"2006_01_02__03_04_05\"}}",
"source_image": "1b9fe43e-4cf2-4986-b7f2-51f5706b120b",
"ssh_username": "debian",
"domain_name" : "default",
"flavor": "m1.medium",
"networks": ["a1175c54-cb12-436d-ac7b-d327499dc39b"],
"floating_ip_pool" : "public"
}
],
"provisioners": [
{
"type": "shell",
"inline": ["apt-get update","apt-get install -y nginx"]
}
]
}

View Slide

View Slide

{
"builders": [
{
"type": "amazon-ebs",
"access_key": "",
"secret_key": "",
"region": "eu-west-2",
"instance_type": "t2.micro",
"ssh_username": "admin",
"associate_public_ip_address": true,
"subnet_id": “subnet-11d3d56a",
"source_ami": "ami-e1e8f085",
"ami_name": "thijsferyn_{{isotime \"2006_01_02__03_04_05\"}}"
}
],
"provisioners": [
{
"type": "shell",
"inline": ["apt-get update","apt-get install -y nginx"]
}
]
}

View Slide

$ packer build packer.json

View Slide

Packer
build
Cloud API
Boot VM using
source image
Take VM
snapshot
Image
registry
Store VM
snapshot as
new image
Shell
provisioning
run
Tear
down
VM

View Slide

$ aws ec2 describe-images --owners=self --query "Images[*].
{ID:ImageId,Name:Name,Status:State}" --output=table
+--------------+-----------------------------------+-------------+
+--------------+-----------------------------------+-------------+
| ami-82ccd6e6| thijsferyn_2018_01_31__02_26_27 | available |
+--------------+-----------------------------------+-------------+

View Slide

View Slide

Configuration
management
system

View Slide

View Slide

✓ Written in Python
✓ Agentless
✓ Standalone
✓ SSH-based
✓ Runs playbook (yml files)
✓ Groups playbook in roles
✓ Install software
✓ Configure your server
Ansible

View Slide

---
- hosts: all
vars:
code_folders:
- "web"
become: true
tasks:
- name: update apt cache
apt: update_cache=yes cache_valid_time=86400
- name: install required packages
apt: name={{ item }} state=present
with_items:
- vim
- curl
- nginx
- php7.0-fpm
- rsync
- name: create /var/www/html/ folder
file:
path: /var/www/html/
state: directory
mode: 0755
owner: www-data
playbook.yml

View Slide

- name: create /var/www/html/ folder
file:
path: /var/www/html/
state: directory
mode: 0755
owner: www-data
- name: Copy code
synchronize:
src: ../{{ item }}
dest: /var/www/html
delete: yes
recursive: yes
group: no
owner: no
perms: no
with_items: "{{code_folders}}"
- name: Chown code to www-data
file:
path: /var/www/html/{{ item }}
group: www-data
owner: www-data
mode: u=rwx,g=r,o=r
recurse: yes
playbook.yml

View Slide

Organize
your
playbooks

View Slide

.
!"" files
# $"" db.sql
!"" host_vars
# $"" default.yml
!"" group_vars
# $"" all.yml
!"" inventory
!"" playbook.yml
!"" roles
# $"" my-role
# !"" defaults
# # $"" main.yml
# !"" handlers
# # $"" main.yml
# !"" meta
# # $"" main.yml
# !"" tasks
# # $"" main.yml
# !"" templates
# # $"" template.j2
# $"" vars
# $"" vars.yml
!"" tasks
# !"" task1.yml
# !"" task2.yml
$"" templates
$"" template.j2

View Slide

---
- hosts: all
tasks:
- include_tasks: task1.yml
- include_tasks: task2.yml
roles:
- my-role

View Slide

$ ansible-playbook playbook.yml

View Slide

{
"builders": [
{
"type": "openstack",
"identity_endpoint": "https://osp.combell.com:5000/v3",
"tenant_name": "18324-1",
"username": "18324",
"password": "",
"image_name": "MyBuild-{{isotime \"2006-01-02 03:04:05\"}}",
}
],
"provisioners": [
{
"type": "ansible",
"playbook_file": "./ansible/playbook.yml"
}
]
}

View Slide

$ ansible-playbook --extra-vars packer_build_name=openstack
packer_builder_type=openstack -i /var/folders/j7/
kpxjpxq92vs_t97gg6tqtttm0000gn/T/packer-provisioner-
ansible972172074 /Users/thijsferyn/Dropbox/Sites/openstack/
packer-ansible-terraform/ansible/playbook.yml --private-key /
var/folders/j7/kpxjpxq92vs_t97gg6tqtttm0000gn/T/ansible-
key333617975

View Slide

Packer
build
Cloud API
Boot VM using
source image
Take VM
snapshot
Image
registry
Store VM
snapshot as
new image
Ansible
provisioning
run
Tear
down
VM

View Slide

"image_name": "MyBuild-{{isotime \"2006-01-02 03:04:05\"}}",
}
],
"provisioners": [
{
"type": "ansible",
"playbook_file": "./ansible/playbook.yml"
}
],
"post-processors": [
{
"type": "manifest",
"output": "manifest.json"
}
]
}

View Slide

Store build
results
Packer
build
Cloud API
Boot VM using
source image
Take VM
snapshot
Image
registry
Store VM
snapshot as
new image
Ansible
provisioning
run
Tear
down
VM
manifest.json

View Slide

{
"builds": [
{
"name": "amazon-ebs",
"builder_type": "amazon-ebs",
"build_time": 1517408990,
"files": null,
"artifact_id": "eu-west-2:ami-82ccd6e6",
"packer_run_uuid": "ba98283c-08ca-a9fc-ab10-e49502ce4ab6"
},
{
"name": "openstack",
"builder_type": "openstack",
"build_time": 1509053610,
"files": null,
"artifact_id": "ef90ad1c-ed64-4ae0-8283-e446e95c33e6",
"packer_run_uuid": "b6000539-f3e6-85dd-2733-9fb3ae443e9f"
}
],
"last_run_uuid": "b6000539-f3e6-85dd-2733-9fb3ae443e9f"
}

View Slide

$ cat manifest.json | \
jq '.builds[-1].artifact_id'

View Slide

View Slide

Deploy
the VM
image

View Slide

Orchestration

View Slide

✓ Launch virtual network
✓ Boot up webservers
✓ Configure firewalls
✓ Assign loadbalancers
✓ Create DNS-records
✓ Assign SSH keys
✓ Create autoscaling group
Orchestration

View Slide

✓ CloudFormation (AWS)
✓ Heat (OpenStack)
✓ Resource manager (Azure)
Vendor-specific orchestration tools

View Slide

View Slide

✓ Infrastructure As Code
✓ Plan, graph, execute
✓ State management
✓ Multiple providers
✓ Incremental changes
✓ Interacts with Cloud vendor APIs
Terraform

View Slide

✓ Alicloud
✓ Archive
✓ Arukas
✓ AWS
✓ Bitbucket
✓ CenturyLinkCloud
✓ Chef
✓ Circonus
✓ Cloudflare
✓ CloudStack
✓ Cobbler
✓ Consul
✓ Datadog
✓ DigitalOcean
✓ DNS
✓ DNSMadeEasy
✓ DNSimple
✓ Docker
✓ Dyn
✓ External
✓ Fastly
✓ GitHub
✓ Gitlab
✓ Google Cloud
✓ Grafana
✓ Heroku
✓ HTTP
✓ Icinga2
✓ Ignition
✓ InfluxDB
✓ Kubernetes
✓ Librato
✓ Local
✓ Logentries
✓ LogicMonitor
✓ Mailgun
✓ Microsoft Azure
✓ Microsoft Azure
(Legacy ASM)
✓ MySQL
✓ New Relic
✓ Nomad
✓ NS1
✓ 1&1
✓ Oracle Public Cloud
✓ OpenStack
✓ OpsGenie
✓ OVH
✓ Packet
✓ PagerDuty
✓ PostgreSQL
✓ PowerDNS
✓ ProfitBricks
✓ RabbitMQ
✓ Rancher
✓ Random
✓ Rundeck
✓ Scaleway
✓ SoftLayer
✓ StatusCake
✓ Spotinst
✓ Template
✓ Terraform
✓ Terraform Enterprise
✓ TLS
✓ Triton
✓ UltraDNS
✓ Vault
✓ VMware vCloud
Director
✓ VMware vSphere
Terraform providers

View Slide

main.tf

View Slide

variable "ami" {
type = "string"
default = "ami-e1e8f085" #Stock Debian Stretch
}
resource "aws_instance" "web" {
ami = "${var.ami}"
instance_type = "t2.micro"
security_groups = ["Web"]
tags {
Name = "web"
}
}
data "aws_route53_zone" "web" {
name = "aws.combell.com."
}
resource "aws_route53_record" "web" {
zone_id = "${data.aws_route53_zone.web.zone_id}"
name = "thijsferyn-web.${data.aws_route53_zone.web.name}"
type = "A"
ttl = "60"
records = ["${aws_instance.web.public_ip}"]
}
output "public_ip" {
value = "${aws_instance.web.public_ip}"
}
output "hostname" {
value = "${aws_route53_record.web.name}"
}

View Slide

$ terraform init

View Slide

$ terraform init
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "aws" (1.8.0)...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.aws: version = "~> 1.8"
Terraform has been successfully initialized!

View Slide

$ terraform plan

View Slide

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.aws_route53_zone.web: Refreshing state...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

View Slide

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_instance.web
id:
ami: "ami-e1e8f085"
associate_public_ip_address:
availability_zone:
ebs_block_device.#:
ephemeral_block_device.#:
instance_state:
instance_type: "t2.micro"
ipv6_address_count:
ipv6_addresses.#:
key_name:
network_interface.#:
network_interface_id:
placement_group:
primary_network_interface_id:
private_dns:
private_ip:
public_dns:
public_ip:
root_block_device.#:
security_groups.#: "1"
security_groups.2661672386: "Web"
source_dest_check: "true"
subnet_id:
tags.%: "1"
tags.Name: "web"
tenancy:
volume_tags.%:
vpc_security_group_ids.#:

View Slide

+ aws_route53_record.web
id:
fqdn:
name: "thijsferyn-web.aws.combell.com"
records.#:
ttl: "60"
type: "A"
zone_id: "Z3K2HG3W48B0MR"
Plan: 2 to add, 0 to change, 0 to destroy.

View Slide

$ terraform apply

View Slide

$ terraform plan -out=bla
$ terraform apply bla

View Slide

View Slide

$ terraform output
hostname = thijsferyn-web.aws.combell.com
public_ip = 35.178.38.182

View Slide

$ terraform output -json
{
"hostname": {
"sensitive": false,
"type": "string",
"value": "thijsferyn-web.aws.combell.com"
},
"public_ip": {
"sensitive": false,
"type": "string",
"value": "35.178.38.182"
}
}

View Slide

$ terraform show

View Slide

$ terraform show
aws_instance.web:
id = i-0333e97ea6bdbc5ae
ami = ami-e1e8f085
associate_public_ip_address = true
availability_zone = eu-west-2a
disable_api_termination = false
ebs_block_device.# = 0
ebs_optimized = false
ephemeral_block_device.# = 0
iam_instance_profile =
instance_state = running
instance_type = t2.micro
ipv6_addresses.# = 0
key_name =
monitoring = false
network_interface.# = 0
network_interface_id = eni-c62e7193
placement_group =
primary_network_interface_id = eni-c62e7193
private_dns = ip-172-31-19-7.eu-west-2.compute.internal

View Slide

network_interface_id = eni-c62e7193
placement_group =
primary_network_interface_id = eni-c62e7193
private_dns = ip-172-31-19-7.eu-west-2.compute.internal
private_ip = 172.31.19.7
public_dns = ec2-35-178-38-182.eu-west-2.compute.amazonaws.com
public_ip = 35.178.38.182
root_block_device.# = 1
root_block_device.0.delete_on_termination = true
root_block_device.0.iops = 100
root_block_device.0.volume_id = vol-0b9364527ec09549e
root_block_device.0.volume_size = 8
root_block_device.0.volume_type = gp2
security_groups.# = 1
security_groups.763657905 = Web
source_dest_check = true
subnet_id = subnet-11d3d56a
tags.% = 1
tags.Name = web
tenancy = default
volume_tags.% = 0
vpc_security_group_ids.# = 0

View Slide

aws_route53_record.web:
id = Z3K2HG3W48B0MR_thijsferyn-web.aws.combell.com._A
fqdn = thijsferyn-web.aws.combell.com
health_check_id =
name = thijsferyn-web.aws.combell.com
records.# = 1
records.1088376871 = 35.178.38.182
set_identifier =
ttl = 60
type = A
zone_id = Z3K2HG3W48B0MR
data.aws_route53_zone.web:
id = Z3K2HG3W48B0MR
caller_reference = F7596F57-9ADE-9B0D-8F53-53DF42E03DB3
comment =
name = aws.combell.com.
private_zone = false
resource_record_set_count = 3
zone_id = Z3K2HG3W48B0MR
Outputs:
hostname = thijsferyn-web.aws.combell.com
public_ip = 35.178.38.182

View Slide

State

View Slide

State
backend Terraform Cloud API

View Slide

terraform.tfstate
terraform.tfstate.backup

View Slide

JSON data

View Slide

✓ Artifactory
✓ Azurerm
✓ Consul
✓ Etcd
✓ Gcs
✓ HTTP
✓ Manta
✓ S3
✓ Swift
✓ Terraform
Enterprise
Remote state

View Slide

Changes

View Slide

$ terraform plan -var 'ami=ami-20ccd644'

View Slide

~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
-/+ aws_instance.web (new resource required)
id: "i-0333e97ea6bdbc5ae" => (forces new
resource)
ami: "ami-e1e8f085" => "ami-20ccd644" (forces new
resource)
associate_public_ip_address: "true" =>
availability_zone: "eu-west-2a" =>
ebs_block_device.#: "0" =>
ephemeral_block_device.#: "0" =>
instance_state: "running" =>
instance_type: "t2.micro" => "t2.micro"
ipv6_address_count: "" =>
ipv6_addresses.#: "0" =>
key_name: "" =>
network_interface.#: "0" =>
network_interface_id: "eni-c62e7193" =>
placement_group: "" =>
primary_network_interface_id: "eni-c62e7193" =>
private_dns: "ip-172-31-19-7.eu-west-2.compute.internal" =>

private_ip: "172.31.19.7" =>

View Slide

key_name: "" =>
network_interface.#: "0" =>
network_interface_id: "eni-c62e7193" =>
placement_group: "" =>
primary_network_interface_id: "eni-c62e7193" =>
private_dns: "ip-172-31-19-7.eu-west-2.compute.internal" =>

private_ip: "172.31.19.7" =>
public_dns: "ec2-35-178-38-182.eu-
west-2.compute.amazonaws.com" =>
public_ip: "35.178.38.182" =>
root_block_device.#: "1" =>
security_groups.#: "1" => "1"
security_groups.763657905: "Web" => "Web"
source_dest_check: "true" => "true"
subnet_id: "subnet-11d3d56a" =>
tags.%: "1" => "1"
tags.Name: "web" => "web"
tenancy: "default" =>
volume_tags.%: "0" =>
vpc_security_group_ids.#: "0" =>
~ aws_route53_record.web
records.#: "" =>
Plan: 1 to add, 1 to change, 1 to destroy.

View Slide

$ terraform apply -var 'ami=ami-20ccd644'

View Slide

Downtime

View Slide

High availability plan

View Slide

Workspaces

View Slide

One Terraform project
Multiple workspaces
State per workspace
Multiple environments

View Slide

Blue
Green

View Slide

Workspace 1 Workspace 2
Internet
Entry
point
BLUE
GREEN

View Slide

$ terraform init
$ terraform workspace new wsp1
$ terraform workspace new wsp2
$ terraform workspace select wsp1
$ terraform plan
$ terraform apply
$ terraform workspace select wsp2
$ terraform plan
$ terraform apply

View Slide

.
!"" main.tf
!"" terraform.tfstate
!"" terraform.tfstate.backup
$"" terraform.tfstate.d
!"" wsp1
$"" wsp2

View Slide

variable "ami" {
type = "string"
}
ami = "${var.ami}"
tags {
Name = "web-${terraform.workspace}"
}
}
value = "${aws_instance.web.public_ip}"
}
Remove DNS
resource
Interpolate
workspace
info

View Slide

variable "ip" {
type = "string"
}
}
type = "A"
ttl = "60"
records = ["${var.ip}"]
}
output "hostname" {
}
Separate
Terraform
project

View Slide

$ terraform apply -var 'ip="35.176.171.168"'

View Slide

DNS round robin

View Slide

variable "ami" {
}
variable "instances" {
default = "2"
}
ami = "${var.ami}"
count = "${var.instances}"
tags {
Name = "web-${format("%02d", count.index+1)}-${terraform.workspace}"
}
}
value = ["${aws_instance.web.*.public_ip}"]
}
Create
multiple
instances at
once

View Slide

variable "ip" {
type = "list"
}
}
type = "A"
ttl = "60"
records = ["${var.ip}"]
}
output "hostname" {
}

View Slide

$ terraform apply -var 'ip=["35.176.171.168","35.177.208.38"]'

View Slide

Rolling
updates

View Slide

Deployment B
Internet
Entry
point
Drain connections
and gradually switch
from deployment A
to deployment B
Deployment A
ROLLING
UPDATES

View Slide

Autoscaling
group

View Slide

Custom AMI
V
P
C
ALB
Private
subnet 1
Private
subnet 2
Public
subnet 1
Public
subnet 2
Internet
gateway
Route
table
Target
group
Internet
Launch
config
Autoscaling
group
Metrics
Security
group

View Slide

resource "aws_vpc" "thijsferyn_terraform" {
cidr_block = "10.0.0.0/16"
tags {
Name = "thijsferyn_${terraform.workspace}_terraform"
}
}
resource "aws_subnet" "thijsferyn_terraform_public" {
availability_zone = "eu-west-2a"
vpc_id = "${aws_vpc.thijsferyn_terraform.id}"
cidr_block = "10.0.0.0/24"
tags {
Name = "thijsferyn_terraform_${terraform.workspace}_public"
}
}
resource "aws_subnet" "thijsferyn_terraform_private" {
availability_zone = "eu-west-2a"
cidr_block = "10.0.1.0/24"
tags {
Name = "thijsferyn_terraform_${terraform.workspace}_private"
}
}
Virtual
network

View Slide

resource "aws_security_group" "thijsferyn_terraform" {
name = "thijsferyn-terraform-${terraform.workspace}"
description = "Allow HTTP(S) & SSH"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "thijsferyn_terraform-${terraform.workspace}"
}
}
Firewall

View Slide

data "aws_ami" "thijsferyn_terraform" {
most_recent = true
filter {
name = "name"
values = ["thijsferyn_*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["826481595599"]
}
resource "aws_launch_configuration" "thijsferyn_terraform" {
image_id = "${data.aws_ami.thijsferyn_terraform.id}"
security_groups = ["${aws_security_group.thijsferyn_terraform.id}"]
lifecycle {
create_before_destroy = true
}
}
Prepare
VMs

View Slide

resource "aws_lb" "thijsferyn_terraform" {
internal = false
security_groups = ["${aws_security_group.thijsferyn_terraform.id}"]
subnets = ["${aws_subnet.thijsferyn_terraform_public.*.id}","$
{aws_subnet.thijsferyn_terraform_public2.*.id}"]
}
resource "aws_lb_listener" "thijsferyn_terraform" {
load_balancer_arn = "${aws_lb.thijsferyn_terraform.arn}"
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = "${aws_lb_target_group.thijsferyn_terraform.arn}"
type = "forward"
}
}
resource "aws_lb_target_group" "thijsferyn_terraform" {
port = 80
protocol = "HTTP"
}
Load
balancing

View Slide

resource "aws_autoscaling_group" "thijsferyn_terraform" {
availability_zones = ["eu-west-2a"]
name = "thijsferyn-terraform-${terraform.workspace}-$
{aws_launch_configuration.thijsferyn_terraform.name}"
max_size = 10
min_size = 3
launch_configuration = "${aws_launch_configuration.thijsferyn_terraform.name}"
target_group_arns = ["${aws_lb_target_group.thijsferyn_terraform.id}"]
health_check_grace_period = 10
health_check_type = "ELB"
vpc_zone_identifier = ["${aws_subnet.thijsferyn_terraform_private.id}"]
default_cooldown = 60
depends_on = ["aws_launch_configuration.thijsferyn_terraform"]
lifecycle {
create_before_destroy = true
}
tag {
key = "Name"
value = "thijsferyn-terraform-${terraform.workspace}-$
{aws_launch_configuration.thijsferyn_terraform.name}"
propagate_at_launch = true
}
}
Autoscaling
group

View Slide

resource "aws_autoscaling_policy" "thijsferyn_terraform_high" {
name = "thijsferyn-terraform-${terraform.workspace}-high"
scaling_adjustment = 1
adjustment_type = "ChangeInCapacity"
cooldown = 10
autoscaling_group_name = "${aws_autoscaling_group.thijsferyn_terraform.name}"
}
resource "aws_autoscaling_policy" "thijsferyn_terraform_low" {
name = "thijsferyn-terraform-${terraform.workspace}low"
scaling_adjustment = -1
adjustment_type = "ChangeInCapacity"
cooldown = 10
autoscaling_group_name = "${aws_autoscaling_group.thijsferyn_terraform.name}"
}
Scale up
scale down

View Slide

resource "aws_cloudwatch_metric_alarm" "thijsferyn_terraform_high" {
alarm_name = "thijsferyn-terraform-${terraform.workspace}-high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = "RequestCountPerTarget"
namespace = "AWS/ApplicationELB"
period = "60"
statistic = "Sum"
threshold = "20"
dimensions {
TargetGroup = "${aws_lb_target_group.thijsferyn_terraform.name}"
LoadBalancer = "${aws_lb.thijsferyn_terraform.name}"
}
alarm_description = "More than 20 requests per target causes scaleout"
alarm_actions = ["${aws_autoscaling_policy.thijsferyn_terraform_high.arn}"]
}
High
water mark

View Slide

$ terraform plan
$ terraform apply

View Slide

$ terraform graph | dot -Tpng > graph.png

View Slide

View Slide

✓ vars.tf
✓ output.tf
✓ secgroup.tf
✓ keypair.tf
✓ compute.tf
✓ network.tf
✓ provider.tf
Organize Terraform files

View Slide

Modules

View Slide

!"" autoscaling
# !"" README.MD
# !"" main.tf
# !"" outputs.tf
# $"" variables.tf
!"" dns
# !"" README.MD
# !"" main.tf
# !"" outputs.tf
# $"" variables.tf
!"" launch
# !"" README.MD
# !"" main.tf
# !"" outputs.tf
# $"" variables.tf
!"" loadbalancing
# !"" README.MD
# !"" main.tf
# !"" outputs.tf
# $"" variables.tf
!"" main.tf
!"" networking
# !"" README.MD
# !"" main.tf
# !"" outputs.tf
# $"" variables.tf

View Slide

variable "zone_name" {
default = "aws.combell.com."
}
variable "record_name" {
default = ""
}
variable "records" {
type = "list"
}
output "dns_endpoint" {
value = "${aws_route53_record.thijsferyn_terraform_aws_combell_com.fqdn}"
}
data "aws_route53_zone" "thijsferyn_terraform_aws_combell_com" {
name = "${var.zone_name}"
}
resource "aws_route53_record" "thijsferyn_terraform_aws_combell_com" {
zone_id = "${data.aws_route53_zone.thijsferyn_terraform_aws_combell_com.zone_id}"
name = "${var.record_name == "" ? "thijsferyn-terraform${terraform.workspace ==
"default" ? "" : "-${terraform.workspace}"}": var.record_name}.$
{data.aws_route53_zone.thijsferyn_terraform_aws_combell_com.name}"
type = "CNAME"
ttl = "60"
records = ["${var.records}"]
}
Variables.tf
module input
args
Output.tf
module
output
Main.tf
processing

View Slide

module "dns" {
source = "./dns"
record_name = "www"
records = ["bla.domain.com"]
}
value = "${module.dns.dns_endpoint}"
}
Root
Terraform
file

View Slide

module "networking" {
source = "./networking"
}
module "loadbalancing" {
source = "./loadbalancing"
security_groups = ["${module.networking.security_group_id}"]
vpc_id = "${module.networking.vpc_id}"
subnets = ["${module.networking.subnet_public1_id}","${module.networking.subnet_public2_id}"]
}
module "launch" {
source = "./launch"
instance_type = "t2.small"
security_groups = ["${module.networking.security_group_id}"]
}
module "autoscaling" {
source = "./autoscaling"
target_group = "${module.loadbalancing.target_group_name}"
loadbalancer = "${module.loadbalancing.loadbalancer_name}"
min_size = "4"
subnets = ["${module.networking.subnet_private1_id}","${module.networking.subnet_private2_id}"]
launch_configuration = "${module.launch.launch_configuration_name}"
target_group_arn = "${module.loadbalancing.target_group_id}"
}
module "dns" {
source = "./dns"
records = ["${module.loadbalancing.dns_name}"]
}
value = "${module.dns.dns_endpoint}"
}

View Slide

https://registry.terraform.io

View Slide

View Slide

module "consul" {
source = "hashicorp/consul/aws"
}

View Slide

$ terraform init

View Slide

Downloading modules...
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "aws" (1.9.0)...
- Downloading plugin for provider "template" (1.0.0)...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.aws: version = "~> 1.9"
* provider.template: version = "~> 1.0"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

View Slide

module “example" {
source = "github.com/hashicorp/example"
}
module "consul" {
source = "git::https://hashicorp.com/consul.git"
}
module "ami" {
source = "git::ssh://[email protected]/owner/repo.git"
}

View Slide

✓Local files
✓Terraform Registry
✓GitHub
✓Bitbucket
✓Generic Git Repo
✓Mercurial
✓HTTP
✓S3 buckets

View Slide

Remote state

View Slide

View Slide

$ consul agent -data-dir=/tmp/consul \
-server -ui -dev

View Slide

terraform {
backend "consul" {
address = "127.0.0.1:8500"
path = "example/terraform_state"
}
}

View Slide

$ terraform apply
Error locking state: Error acquiring the state lock:
resource temporarily unavailable
Lock Info:
ID: d2c36deb-32c0-ecc7-b1f1-10068c2ed93b
Path: terraform.tfstate
Operation: OperationTypeApply
Who: [email protected]
Version: 0.10.7
Created: 2018-02-02 16:03:17.005327423 +0000 UTC
Info:
Terraform acquires a state lock to protect the state
from being written
by multiple users at the same time. Please resolve
the issue above and try
again. For most commands, you can disable locking
with the "-lock=false"
flag, but this is not recommended.

View Slide

data "terraform_remote_state" "web" {
backend = "consul"
config {
address = "127.0.0.1:8500"
path = "thijsferyn/terraform/production"
}
}
}
type = "A"
ttl = "60"
records = ["${data.terraform_remote_state.web.public_ip}"]
}
output "hostname" {
}

View Slide

Instead of using CLI
variables, we can use
remote state to
communicate between
Terraform projects

View Slide

Hybrid Cloud?

View Slide

https://feryn.eu
https://twitter.com/ThijsFeryn
https://instagram.com/ThijsFeryn

View Slide

https://joind.in/talk/ae063

View Slide

View Slide

Build, provision & deploy in the Cloud with Packer, Ansible & Terraform – PHPUK 2018

Build, provision & deploy in the Cloud with Packer, Ansible & Terraform – PHPUK 2018

Thijs Feryn

More Decks by Thijs Feryn

Other Decks in Technology

Featured

Transcript