Dive into DevOps | March, Building with Terraform, Volodymyr Tsap
Download as PPTX, PDF0 likes408 views
This document is a presentation on using Terraform to manage infrastructure as code. It introduces Terraform and explains why it is useful compared to other configuration management tools. It provides examples of defining AWS resources like EC2 instances, Auto Scaling groups, and load balancers in Terraform code. It also demonstrates passing variables, using modules, and rolling out updates. The presentation emphasizes how Terraform allows defining infrastructure in a declarative way and improves reproducibility of environments.
![Sample 2. Parametrizing with Variables
terraform.tfvars
# String
region = "eu-central-1"
# List
vpc_security_group_ids= [ "sg-84e649ed", "sg-90ea45fa" ]
# Map
instance_type = {
production = "t2.micro"
development = "m3.medium"
}](https://image.slidesharecdn.com/buildingwithterraform-180319121438/85/Dive-into-DevOps-March-Building-with-Terraform-Volodymyr-Tsap-21-320.jpg)
![Sample 2. Map of Lists
# Map of Lists
vpc_security_group_ids_map = {
eu-central-1 = [ "sg-84e649ed", "sg-90ea45fa" ]
eu-west-1 = [ "sg-1d4ab664", "sg-90ea45fa" ]
}](https://image.slidesharecdn.com/buildingwithterraform-180319121438/85/Dive-into-DevOps-March-Building-with-Terraform-Volodymyr-Tsap-22-320.jpg)
![Sample 2. Parametrizing with Variables.
# Define the instance
resource "aws_instance" "test-ec2instance" {
ami = "${data.aws_ami.ubuntu.id}"
vpc_security_group_ids = [ "${var.vpc_security_group_ids[1]}" ]
instance_type = "${lookup(var.instance_type, var.environment)}"
count = 2
}](https://image.slidesharecdn.com/buildingwithterraform-180319121438/85/Dive-into-DevOps-March-Building-with-Terraform-Volodymyr-Tsap-23-320.jpg)
![Sample 4. Templates
data "template_file" "init" {
template = "${file("files/init.tpl")}"
count = "${length(var.instance_suffix)}"
vars {
dbendpoint="${aws_db_instance.db-instance.username}"
instancehostname="provectus-
${var.instance_suffix[count.index]"
}
}
files/init.tpl:
#!/bin/bash
echo ${instancehostname} > /etc/hostname](https://image.slidesharecdn.com/buildingwithterraform-180319121438/85/Dive-into-DevOps-March-Building-with-Terraform-Volodymyr-Tsap-29-320.jpg)
![Sample 4. Create multiple resources
terraform.tfvars:
# Define instance suffix
instance_suffix = ["blue","green"]
instance.tf:
resource "aws_instance" "provectus-instance" {
ami = "${data.aws_ami.provectus-ami.id}"
name="provectus-${var.instance_suffix[count.index]}-
${count.index}
…
# Nubmer of instances
count = "${length(var.instance_suffix)}"
}](https://image.slidesharecdn.com/buildingwithterraform-180319121438/85/Dive-into-DevOps-March-Building-with-Terraform-Volodymyr-Tsap-30-320.jpg)
Dive into DevOps | March, Building with Terraform, Volodymyr Tsap
- 1. Building with Terraform Volodymyr Tsap Provectus DevOps Meetup 2018
- 2. About Author 15 years supporting Linux for money 8 years as a CTO in own company SHALB.com 10 years Enterprise Business Applications and SDK’s support at Genesys
- 3. Introducing Terraform ● Infrastructure as a code tool ● Environment orchestration ● Reproducible stacks ● Same workflow for all providers
- 4. Configuration management in numbers * https://devops-survey.io/DevopsSurveyResults2017.pdf
- 5. But why we need extra tool beside: Ansible, Chef, Puppet, SaltStack?
- 6. Configuration Management vs. Orchestration Conf Manager tools Orchestration tools Steps to get the stack state Install software Manage config files Adjust OS parameters Manage firewalls Describe desired stack state Create and map EC2, ELB, SG Manage cloud-specific services Manage security groups
- 7. Procedural vs. Declarative code style Ansible # Add 5 more - ec2: count: 5 image: aws-ami Instance_type: t2.micro Terraform # Make sure that we have 5 resource "aws_instance" "ec2ins" { count = 5 ami = "aws-ami" instance_type = "t2.micro" }
- 8. Terraform is best for: ● Multi-tier applications ● Self-service infrastructure ● Production, development, and testing environments ● Continuous delivery
- 10. Sample of Supported Providers
- 11. Setting an Environment To use with AWS
- 12. Download Binary. Install. Add AWS keys That's All!
- 14. Syntax Highlight. Provider Definition
- 15. Syntax Highlight. Resource Definition
- 17. Defining our first instance ## Define provider provider "aws" { region = "eu-central-1" } ## Get instance AMI data "aws_ami" "ubuntu" { most_recent = true filter { name = "name" values = ["ubuntu/images/hvm-ssd/ubuntu-*-16.04-amd64-server-*" } } # Define the instance resource "aws_instance" "test-ec2instance" { ami = "${data.aws_ami.ubuntu.id}" instance_type = "t2.micro" }
- 18. Init Terraform and plan execution
- 19. Apply and launch our first instance
- 20. Sample 1. Graphing Sample Instance
- 21. Sample 2. Parametrizing with Variables terraform.tfvars # String region = "eu-central-1" # List vpc_security_group_ids= [ "sg-84e649ed", "sg-90ea45fa" ] # Map instance_type = { production = "t2.micro" development = "m3.medium" }
- 22. Sample 2. Map of Lists # Map of Lists vpc_security_group_ids_map = { eu-central-1 = [ "sg-84e649ed", "sg-90ea45fa" ] eu-west-1 = [ "sg-1d4ab664", "sg-90ea45fa" ] }
- 23. Sample 2. Parametrizing with Variables. # Define the instance resource "aws_instance" "test-ec2instance" { ami = "${data.aws_ami.ubuntu.id}" vpc_security_group_ids = [ "${var.vpc_security_group_ids[1]}" ] instance_type = "${lookup(var.instance_type, var.environment)}" count = 2 }
- 24. Sample 2. Instance Graph
- 25. Sample 3. Build custom image using Packer ● Configure AMI using Packer xp-ami- packer.json ● Install required software to our AMI provision- ami.sh ● Build new AMI ● Attach to terraform
- 26. Sample 3. Provisioners resource "aws_instance" "provectus-instance" { provisioner "file" { content = "$(provectus-{count.index + 1}}" destination = "/etc/hostname" } provisioner "remote-exec" { script = "files/bootstrap_ansible.sh" } #AWS user_data user_data = <<EOF #!/bin/bash hostname provectus${count.index + 1} && hostname > /etc/hostname EOF }
- 27. Sample 3. Create RDS and config DB Endpoint resource "aws_db_instance" "db-instance" { allocated_storage = 10 engine = "mysql" engine_version = "5.7.17" instance_class = "db.t2.micro" name = "wisehandsdb" username = "root" password = "dfe6iWTjxOgeY" # Passing to app config sed -i 's/mysql-database-endpoint/${aws_db_instance.db- instance.username}:${aws_db_instance.db- instance.password}@${aws_db_instance.db- instance.endpoint}/${aws_db_instance.db-instance.name}/g' /home/ubuntu/wisehands.me/conf/application.conf
- 28. Sample 3. Graphing Stack
- 29. Sample 4. Templates data "template_file" "init" { template = "${file("files/init.tpl")}" count = "${length(var.instance_suffix)}" vars { dbendpoint="${aws_db_instance.db-instance.username}" instancehostname="provectus- ${var.instance_suffix[count.index]" } } files/init.tpl: #!/bin/bash echo ${instancehostname} > /etc/hostname
- 30. Sample 4. Create multiple resources terraform.tfvars: # Define instance suffix instance_suffix = ["blue","green"] instance.tf: resource "aws_instance" "provectus-instance" { ami = "${data.aws_ami.provectus-ami.id}" name="provectus-${var.instance_suffix[count.index]}- ${count.index} … # Nubmer of instances count = "${length(var.instance_suffix)}" }
- 31. Sample 4. Adding IAM profile # Define a policy resource "aws_iam_policy" "ec2-ro-policy" # STS AssumeRole Data data "aws_iam_policy_document" "instance-assume-role-policy" # Add EC2 instance role resource "aws_iam_role" "ec2-instance-role" # Attach policy to role resource "aws_iam_policy_attachment" "ec2-policy-attachment" # Create instance profile and attach the role resource "aws_iam_instance_profile" "ec2-instance-profile"
- 32. Sample 4. Graphing an Environment
- 33. Sample 5. Building VPC. Define Variables vpc_cidr = { production = "10.10.0.0/16" development = "10.3.0.0/16" default_subnet_cidr_block = { production = "10.10.0.0/22" development = "10.3.0.0/22" default_db_subnet_cidr_block = { … } default_subnet_availability_zone = { … } default_db_subnet_availability_zone = { … } production = "eu-central-1b" development = "eu-west-1b" }
- 34. Sample 5. Building a Module
- 35. Sample 5. Launch Conf, ASG, Metrics # Creating launch configuration resource "aws_launch_configuration" "launch-provectus" # Add Auto Scaling Group resource "aws_autoscaling_group" "asg-provectus" # Autoscale policy resource "aws_autoscaling_policy" "scale_in_provectus" # Autoscale Alarm Metrics resource "aws_cloudwatch_metric_alarm" metric_alarm_cpu_high_provectus"
- 36. Sample 5. LoadBalancers, DNS, Certificates ● Define a Load Balancer ● Create Route53 record ● Add Certificates via ACM ● Attach Cert to ELB ● Attach Route53 record to ELB
- 37. Sample 5. Finishing the Stack Zoom: http://auth.shalb.com/sample5.png
- 38. Appendix A. Performing a rolling update # Set the lifecycle for launch configuration and ASG lifecycle { create_before_destroy = true } # The launch configuration omit name definition # allowing the terraform to set it # ASG interpolates the LC name into its name so any changes # force a replacement of the ASG. name = "asg-${aws_launch_configuration.launch- provectus.name}” # Define the minimum node capacity per group wait_for_elb_capacity = “${var.instance_count_provectus_min}”
- 39. Terraform Hints ● Terraforming ● External data sources ● HTTP Data Source ● AWS Service Limits ● Delegate outputs via remote state ● .tfstate diff versioning via s3 snapshots ● erraform best practices
- 40. Terraform Drawbacks ● A big effort to import large infrastructure ● Plans could fail, even valid ones ● There is no rollback ● Eventual consistency because of async ● No manual intervention allowed
- 41. Terraform Summary ● DRY IaaC ● It’s Simple and human friendly ● Fast prototyping, quick implementation ● Cool for teamwork ● The next step in infrastructure management
- 42. Thank you! Volodymyr Tsap Co-founder/CTO at SHALB.com Email: voa@shalb.com Skype: volodymyr.tsap Linkedin: voatsap Facebook: volodymyr.tsap https://github.com/voatsap/provectus