Building infrastructure with Terraform (Google)
10 likes3,981 views
The document discusses the evolution of infrastructure provisioning, highlighting the transition from manual processes to automated solutions using tools like Terraform. It covers the advantages of using Terraform, such as provider-agnostic capabilities, transparency in resource management, and community support. Additionally, it includes examples and demonstrations of basic applications and advanced features within Terraform, emphasizing its compatibility with a variety of cloud services.
Building infrastructure with Terraform (Google)
- 4. Provisioning of the past ● manual ● Shell, Perl ● extra knowledge required ○ bottleneck for team growth ● pure-ops task ○ devs & ops talking over a wall
- 6. Provisioning today ● Chef, Puppet, Salt, Ansible ● knowledge codified ● de facto serves as documentation ● faster ● less error prone ● brings devs and ops closer
- 8. Hashicorp
- 9. Vagrant ● Virtualbox ● VMWare ● Docker ● AWS ● Google Cloud ● ...
- 10. Terraform ● AWS ● Azure ● Digital Ocean ● Google Cloud ● Docker ● OpenStack ● ...
- 11. Other solutions ● AWS CloudFormation ● Google Deployment Manager ● Heat (OpenStack) ● Puppet Cloud Provisioner ● Ansible ● SaltStack ● ...
- 12. XML
- 13. JSON
- 14. YAML - states: - QC: Quebec - ON: Ontario - BC: British Columbia - YT: Yukon Territory [ { "states": [ { "QC": "Quebec" }, { "true": "Ontario" }, { "BC": "British Columbia" }, { "YT": "Yukon Territory"
- 15. YAML #cloud-config _discovery_url: &ETCD_DISCOVERY_URL url: "https://discovery.etcd.io/5416cf2db" coreos: fleet: <<: *FLEET_METADATA public-ip: $private_ipv4 etcd: <<: *ETCD_DISCOVERY_URL addr: $private_ipv4:4001 peer-addr: $private_ipv4:7001
- 18. jsonnet ● 20% project of Dave Cunningham ● Turing-complete language ● allows building more abstraction layers ● compatible w/ Terraform
- 19. DSL ● referencing ● reusability (DRY) ● human-readability
- 20. Demo 1 Basic two-tier app (POC) https://github.com/radeksimko/terraform-examples/tree/master/google-two-tier-simple
- 21. DSL ● provider ● resource (ID + reference name) ● count attribute ● variable ● output ● provisioner ● Reference: ${TYPE.NAME.ATTRIBUTE} ● Expansion: ${TYPE.NAME.*.ATTRIBUTE}
- 22. Provisioners ● local-exec ● remote-exec ● chef ● …
- 23. Demo 2 Two-tier app (Scalable) https://github.com/radeksimko/terraform-examples/tree/master/google-two-tier-scalable
- 24. DSL - built-in functions ● file(path) ● format("web-%03d", count.index+1) ● formatlist("https://%s:%s/", aws_instance. foo.*.public_dns, var.port) ● lookup(map, key) ● ...
- 25. How does it work?
- 26. Why Terraform? (overview) ● Provider-agnostic ● DSL (yet JSON-compatible)
- 27. Why Terraform? ● open to community ○ missing feature or bug != support ticket
- 28. Why Terraform? ● doesn’t “own” your whole account or resource “type”
- 29. Why Terraform? ● core features ○ aware of dependency graph between resources ○ transparent state (pros/cons) ■ resources import (in the future) ■ detailed plan ■ maintenance & atomicity & sharing in the team
- 30. State ... "google_compute_firewall.consul_admin_node": { "type": "google_compute_firewall", "primary": { "id": "consul-admin-firewall", "attributes": { "allow.#": "1", "allow.803338340.ports.#": "1", "allow.803338340.ports.1685985038": "22", "allow.803338340.protocol": "tcp", "id": "consul-admin-firewall", "name": "consul-admin-firewall", "network": "default", "self_link": "https://www.googleapis.com/compute/v1/projects/skilled-bee-777/global/firewalls/consul- admin-firewall", "source_tags.#": "1", "source_tags.3928264908": "consul-web-ui", "target_tags.#": "1", "target_tags.1747926572": "consul-node" } } }, ...
- 31. State ● terraform.tfstate (default) ● Atlas ● S3 ● Consul ● HTTP ● OpenStack’ Swift
- 32. State - setup terraform remote config -backend=consul -backend-config="address=demo.consul.io:80" -backend-config="path=tf"
- 33. State - referencing resource "terraform_remote_state" "network" { backend = "atlas" config { name = "timeinc/network-prod" } } resource "google_compute_firewall" "default" { network = "${terraform_remote_state.network.network-name}" ...
- 34. Modules module "consul" { source = "github.com/hashicorp/consul/terraform/aws" servers = 3 } variable "servers" { default = 2 } $ terraform get
- 35. Modules ./module/outputs.tf output "ip" { value = "${google_compute_instance.default.public_ip}" } ./main.tf module "consul" { … ${module.consul.ip}
- 37. New provider? ~/.terraformrc: providers { privatecloud = "/path/to/privatecloud" }
- 38. Custom provider? package main import ( "github.com/hashicorp/terraform/plugin" ) func main() { plugin.Serve(new(MyPlugin)) }
- 39. Under the hood - provider ● helper/schema
- 40. What’s next? ● Kubernetes provider ● Google backend service (HTTP LB) ● …
- 41. ↓ SLIDES ↓