Terraform introduction

Who is this workshop for?
2
Everyone whom deploy infrastructure in-house or cloud based
environments. This is a beginner’s workshop
You will need to have an AWS account set up already with Terraform
v0.9.3 installed. You will also need to have git install to download the
workshop material.
https://www.terraform.io
https://github.com/jasonvance/terraform-introduction
https://aws.amazon.com/account/

Who am I?
I am Jason Vance, Sr. Site Reliability Engineer for Accela, Inc.
Graphic Designer turned System Administrator turned Engineer.
You can find me at @jasonsvance
3

What is
Infrastructure as
Code (IaC)?
IaC grew as a response to the difficulty
posed from two pieces of disruptive
technology – utility computing and
second-generation web frameworks.
4

IaC isn't just
automation
IaC is a CORE DevOps practice
5

What IaC enables you to do:
■ Manage infrastructure via
source control
■ Apply testing to
infrastructure
■ Avoid written
documentation of
infrastructure
■ Enable collaboration
6

Mutable
Infrastructure
vs.
Immutable
Infrastructure
7

“Declarative knowledge
involves knowing THAT
something is the case.
Procedural knowledge
involves knowing HOW to do
something.
11

Client/Server
Architecture
vs.
Client-Only
Architecture
12

Terraform
syntax, internals,
and patterns
15

HCL
The HashiCorp configuration language.
https://github.com/hashicorp/hcl
16

Purpose of Terraform State
Mapping to the Real World
Terraform requires some sort of
database to map Terraform
config to the real world.
Metadata
Terraform needs to store more
than just resource mappings.
Terraform must keep track of
metadata such as dependencies.
Performance
In addition to basic mapping,
Terraform stores a cache of the
attribute values for all resources
in the state. This is the most
optional feature of Terraform
state and is done only as a
performance improvement.
Syncing
The primary motivation people
have for using remote state files
is in an attempt to improve using
Terraform with teams. State files
can easily result in conflicts when
two people modify infrastructure
at the same time.
18

Interpolation Syntax
Variables
Strings
Maps
Lists
Conditionals
The support operators are:
Equality: == and !=
Numerical comparison: >, <, >=, <=
Boolean logic: &&, ||, unary !
Functions
Examples:
concat(list1, list2, ...)
length(list)
log(x, base)
Math
"${2 * 4 + 3 * 3}" # computes to 17
"${3 * 3 + 2 * 4}" # computes to 17
"${2 * (4 + 3) * 3}" # computes to 42.
21

Set up AWS Provider (main.tf)
provider "aws" {
region = "us-east-1"
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
29

Set up your key pair (main.tf)
resource "aws_key_pair" "site_key" {
key_name = "id_rsa_slcdevopsdays"
public_key = "${var.public_key}"
lifecycle { create_before_destroy = false }
}
30

Set up aws_instance (main.tf)
resource "aws_instance" "single_server" {
count = 1
ami = "ami-500d8546"
instance_type = "t2.micro"
tags {
Name = "Hello-Word-${count.index}"
}
}
31

Add variables (vars.tf)
variable "access_key" {default = ""}
variable "secret_key" {default = ""}
variable "public_key" {default = ""}
32

Deploy a web server
resource "aws_instance" "web_server" {
ami = "ami-2d39803a"
count = 1
user_data = <<-EOF
#!/bin/bash
echo "Hello, Salt Lake City DevOps Days!" > index.html
nohup busybox httpd -f -p 80 &
EOF
tags {
Name = "single-webserver"
}
}
36

Let’s open a Security Group
resource "aws_security_group" "web_server_sg" {
name = "web_server_sg"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
37

Get the Public IP Address
output "public_ip" {
value = "${aws_instance.web_server.public_ip}"
}
38

Deploy a cluster
of servers
41

Create a Launch Configuration
resource "aws_launch_configuration" "web_server_lc" {
image_id = "ami-2d39803a"
security_groups = ["${aws_security_group.web_server_sg.name}"]
user_data = <<-EOF
#!/bin/bash
echo "Hello, Salt Lake City DevOps Days!" > index.html
nohup busybox httpd -f -p 80 &
EOF
lifecycle {
create_before_destroy = true
}
}
42

Add create_before_destry to the Security Group
resource "aws_security_group" "web_server_sg" {
name = "web_server_sg"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
43

Create the Auto Scaling Group
resource "aws_autoscaling_group" "web_server_asg" {
launch_configuration = "${aws_launch_configuration.web_server_lc.id}"
availability_zones = ["${data.aws_availability_zones.all.names}"]
min_size = 2
max_size = 10
tag {
key = "Name"
value = "terraform-asg-example"
propagate_at_launch = true
}
}
data "aws_availability_zones" "all" {}
44

Add an ELB
resource "aws_elb" "web_server_elb" {
name = "terraform-elb-example"
security_groups = ["${aws_security_group.web_server_sg.id}"]
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
interval = 30
target = "HTTP:80/"
}
listener {
lb_port = 80
lb_protocol = "http"
instance_port = "80"
instance_protocol = "http"
}
}
48

Update ASG
resource "aws_autoscaling_group" "web_server_asg" {
launch_configuration = "${aws_launch_configuration.web_server_lc.id}"
load_balancers = ["${aws_elb.web_server_elb.name}"]
health_check_type = "ELB"
min_size = 2
max_size = 10
tag {
key = "Name"
value = "terraform-asg-example"
propagate_at_launch = true
}
}
49

Output ELB DNS Name
output "elb_dns_name" {
value = "${aws_elb.web_server_elb.dns_name}"
}
50

(Bonus Time Permitting)
Deploy Public/Private VPC with Bastion
53

Let’s Walk Through
the Code:
54

Let’s Walk Through
the Code:
56

57
Thanks!
Any questions?
Find me at @jasonsvance
vance.jason@gmail.com

Terraform introduction

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Terraform introduction

Ähnlich wie Terraform introduction (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Terraform introduction