Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraforming the Cloud

Sebastian Cohnen
July 24, 2015
Technology
0
250

Terraforming the Cloud

Dirk and I talked about our usage of HashiCorp's Terraform at the first AWS Meetup in Cologne on 2015-07-23.

Sebastian Cohnen

July 24, 2015
Tweet

More Decks by Sebastian Cohnen

See All by Sebastian Cohnen
The Life of a Load Generator
tisba
0
800
Load Testing with 1M Users
tisba
2
2.9k
Performance Testing Serverless
tisba
0
110
Performance Testing 101, code.talks commerce 2018 [DE]
tisba
2
410
Why we did not choose Microservices to replace a Legacy System
tisba
1
130
Performance Testing 101 [DE]
tisba
0
100
Load Testing with 1,000,000 Users!
tisba
0
180
code.talks 2016: Last- und Performancetests in der Cloud [DE]
tisba
1
880
FrOSCon 2016: Last- und Performancetests in der Cloud?! [DE]
tisba
0
340

Other Decks in Technology

See All in Technology
Cloud Service Mesh に触れ合う
phaya72
1
230
IPUT App Dev. Co. -Overview 2024/4
iputapp
0
130
web-application-security
matsuihidetoshi
1
190
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
270
コードファーストの考え方。 Amplify Gen2から学ぶAWS次世代のWeb開発体験
yoshiitaka
2
370
.NET Profiler in 2024.
kkamegawa
2
1.5k
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
400
Rustで「プリズモイダル法」を利用して「土量計算」をガチでやる
nokonoko1203
1
310
The AI Revolution Will Not Be Monopolized: Behind the scenes
inesmontani
PRO
1
160
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
150
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
1k
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.4k

Featured

See All Featured
YesSQL, Process and Tooling at Scale
rocio
165
13k
Typedesign – Prime Four
hannesfritz
36
2.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
228
130k
Fantastic passwords and where to find them - at NoRuKo
philnash
39
2.5k
A Tale of Four Properties
chriscoyier
152
22k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
11
1k
The Mythical Team-Month
searls
216
42k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
242
1.2M
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
21
1.9k
Embracing the Ebb and Flow
colly
80
4.2k
Scaling GitHub
holman
457
140k

Transcript

  1. Terraforming the Cloud Terraforming the Cloud

  2. Sebastian StormForger @tisba Dirk Freelancer @railsbros_dirk Who?

  3. Challenges • Increasing complexity • Multiple target environments • Multi/hybrid

    cloud • Evolving infrastructure • Communication & Documentation

  4. Opportunities • Infrastructure (not just servers) on demand • Flexible

    APIs for all infrastructure components • Affordable but powerful hardware and services • Virtualization

  5. Solution SCRIPTING SCRIPTING

  6. #!/bin/bash ec2-authorize \ sg-${SECURITY_GROUP_EC2} \ -P tcp \ -p 22

    \ -s 203.0.113.25/32 ec2-run-instances \ ami-${ID} \ -t ${INSTANCE_TYPE} \ -s subnet-${SUBNET_ID} \ -k my-key-pair \ -g sg-${SECURITY_GROUP_EC2} \ --associate-public-ip-address true

  7. Issues with Scripting • Not declarative • Dynamic runtime •

    Hard to reason about prior to execution • How to deal with API errors, timeouts, …? • What about idempotency, versioning and rollbacks?

  8. Wishlist • Describe entire infrastructure in a declarative way •

    Keep track of changes to the infrastructure • Changing infrastructure is accessible to entire team • Rollback your infrastructure to a previous point

  9. Solutions? Tools? This time for real…

  10. – @bascht “For any (dev)ops related problem HashiCorp most likely

    already has a tool.”
  11. None

  12. – terraform.io “Terraform provides a common configuration to launch infrastructure

    [...]. Once launched, Terraform safely and efficiently changes infrastructure as the configuration is evolved.” Terraform

  13. Setup Staging Environment $ terraform plan -out staging.plan terraform/staging $

    terraform apply staging.plan

  14. Terraform • Describe entire infrastructure in a declarative way •

    Keep track of changes to the infrastructure • Changing infrastructure is accessible to entire team • Rollback your infrastructure to a previous point

  15. Terraform Providers*… Atlas AWS Azure CloudFlare CloudStack Consul DigitalOcean DNSMadeEasy

    DNSimple Docker Google Cloud Heroku Mailgun OpenStack *currently

  16. Terraform AWS Resources aws_app_cookie_stickiness_policy aws_autoscaling_group aws_autoscaling_notification aws_autoscaling_policy aws_cloudwatch_metric_alarm aws_customer_gateway aws_db_instance

    aws_db_parameter_group aws_db_security_group aws_db_subnet_group aws_dynamodb_table aws_ebs_volume aws_ecs_cluster aws_ecs_service aws_ecs_task_definition aws_eip aws_elasticache_cluster
 aws_elasticache_parameter_group aws_elasticache_security_group aws_elasticache_subnet_group aws_elb aws_flow_log aws_iam_access_key aws_iam_group aws_iam_group_policy aws_iam_group_membership aws_iam_instance_profile aws_iam_policy aws_iam_policy_attachment aws_iam_role aws_iam_role_policy aws_iam_server_certificate aws_iam_user aws_iam_user_policy
 aws_instance aws_internet_gateway aws_key_pair aws_kinesis_stream aws_lambda_function aws_launch_configuration aws_lb_cookie_stickiness_policy aws_main_route_table_association aws_network_acl aws_network_interface aws_proxy_protocol_policy aws_route53_delegation_set aws_route53_health_check aws_route53_record aws_route53_zone aws_route53_zone_association aws_route_table aws_s3_bucket aws_security_group aws_security_group_rule aws_sns_topic aws_sns_topic_subscription aws_spot_instance_request aws_sqs_queue aws_subnet aws_volume_attachment aws_vpc aws_vpc_dhcp_options aws_vpc_dhcp_options_association aws_vpc_endpoint aws_vpc_peering aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway

  17. Example Infrastructure

  18. Enterprise Cloud Architecture Plan™ ELB +TLS Certificate +DNS Record EC2

    Instance RDS Instance (with PostgreSQL) Security Group Security Group

  19. What we need… DNS Record aws_route53_record Load Balancer aws_elb TLS

    Certificate aws_iam_server_certificate EC2 Instance aws_instance PostgreSQL Instance aws_db_instance Security Groups aws_security_group ELB +TLS Certificate +DNS Record EC2 Instance RDS Instance (with PostgreSQL)

  20. Configuration Layout resource TYPE NAME { CONFIG ... [count =

    COUNT] [depends_on = [RESOURCE NAME, ...]] [LIFECYCLE] }

  21. resource "aws_iam_server_certificate" "demo" { name = "demo" certificate_body = "${file("certs/demo.cert.pem")}"

    certificate_chain = "${file("certs/demo.ca-bundle.pem")}" private_key = "${file("secrets/demo.pem")}" }

  22. resource "aws_elb" "staging_elb" { depends_on = ["aws_iam_server_certificate.demo"] name = "staging-elb"

    availability_zones = ["eu-central-1a", "eu-central-1b"] listener { instance_port = 80 instance_protocol = "http" lb_port = 443 lb_protocol = "https" ssl_certificate_id = "${aws_iam_server_certificate.demo.arn}" } health_check { target = "HTTP:80/status_check" } security_groups = ["${aws_security_group.staging_elb.id}"] instances = ["${aws_instance.staging_web.id}"] }

  23. resource "aws_instance" "staging_web" { ami = "${lookup(var.staging_amis, var.region)}" instance_type =

    "t2.micro" security_groups = [ "default", "${aws_security_group.staging_web.name}" ] iam_instance_profile = "staging-ec2" tags { Name = "staging_web" Roles = "web,db" Stages = "staging" } }

  24. Q&A Sebastian Cohnen stormforger.com @tisba Dirk Breuer tfcl.de @railsbros_dirk