When your organization is moving to cloud, the infrastructure layer transitions from running dedicated servers at limited scale to a dynamic environment, where you can easily adjust to growing demand by spinning up thousands of servers and scaling them down when not in use.
The future of DevOps is infrastructure as code. Infrastructure as code supports the growth of infrastructure and provisioning requests. It treats infrastructure as software: code that can be re-used, tested, automated and version controlled. HashiCorp Terraform adopts infrastructure as code throughout its tool to prevent configuration drift, manage immutable infrastructure and much more!
Join this webinar to learn why Infrastructure as Code is the answer to managing large scale, distributed systems and service-oriented architectures. We will cover key use cases, a demo of how to use Infrastructure as Code to provision your infrastructure and more:
Agenda:
Intro to Infrastructure as Code: Challenges & Use cases
Writing Infrastructure as Code with Terraform
Collaborating with Teams on Infrastructure
8. Goals
▪ Unify the view of resources
▪ Support the modern data center (IaaS, PaaS, SaaS)
▪ Expose a way for individuals and teams to safely and predictably change
infrastructure
▪ Provide a workflow that is technology agnostic
▪ Manage anything with an API
8
9. Initial Challenges
▪ Need to learn to code
▪ Can’t automate a resource
▪ Can’t track changes
▪ Don’t know change impact
▪ Need to revert a change
9
10. Scaling Challenges
▪ Multiple environments for infrastructure
▪ Duplicate code
▪ “Ball of Mud” configuration
▪ Too many working on code
▪ Dry run doesn’t reflect change impact
▪ Upgrades are disruptive
10
12. Initial Challenges
▪ Need to learn to code
▪ Can’t automate a resource
▪ Can’t track changes
▪ Don’t know change impact
▪ Need to revert a change
12
13. Need to
learn to
code?
CODE EDITOR
resource "google_compute_instance" "default" {
name = "test"
machine_type = "n1-standard-1"
zone = "us-central1-a"
tags = ["foo", "bar"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
// omitted for clarity
}
13
14. Need to learn to code?
▪ HashiCorp Configuration Language
▪ Language describes intent
▪ Declarative (I declare, therefore I am.)
▪ Handles logic of calling APIs in proper order
14
terraform.io/docs/configuration/syntax.html
19. Can't track changes?
▪ Track state of existing infrastructure resources
▪ State updates when changes applied
IMPORTANT NOTE
▪ Non-Terraform resources not automatically added
▪ Configuration not automatically generated
▪ Manual changes get overwritten
19
terraform.io/docs/state/index.html
20. Don't know
change
impact?
TERMINAL
> terraform plan
Terraform will perform the following
actions:
# aws_vpc.app_vpc will be created
+ resource "aws_vpc" "app_vpc" {
+ arn = (known after apply)
+ cidr_block = “10.128.0.0/25"
// omitted for clarity
}
Plan: 1 to add, 0 to change, 0 to destroy.
20
22. TERMINAL
+ resource will be created
- resource will be destroyed
~ resource will be updated in-place
-/+ resources will be destroyed and re-created
22
23. Need to
revert a
change?
CODE EDITOR
terraform {
backend "remote" {
organization = “<tf cloud org>"
workspaces {
name = “<tf cloud workspace>”
}
}
}
23
24. Need to revert a change?
▪ Version control working configuration
▪ Remote state and if possible, versioned
▪ Update to previous working version
▪ Add toggle for easier revert
IMPORTANT NOTE
▪ More like “roll forward”
24
terraform.io/docs/backends/index.html
26. Scaling Challenges
▪ Multiple environments for infrastructure
▪ Duplicate code
▪ “Ball of Mud” configuration
▪ Too many working on code
▪ Dry run doesn’t reflect change impact
▪ Upgrades are disruptive
26
28. Workspaces
▪ Each workspace isolates state
▪ Map environment to workspace prevents state contamination
IMPORTANT NOTE
▪ More functionality for Terraform Cloud
▪ Manages state, access control, runs, etc.
28
terraform.io/docs/state/workspaces.html
29. TERMINAL
> cd dev
> terraform workspace dev
> terraform init
> terraform plan
> terraform apply
29
31. ▪ Use modules
▪ Divide resource
types into
different files
▪ Other sources
– Version Control
(submodules)
– Module registry
TERMINAL
hello_world
├── base // can be separately maintained
│ ├── network
│ │ ├── subnets.tf
│ │ └── vpc.tf
│ ├── kubernetes
│ │ └── cluster.tf
│ ├── database
│ │ └── database.tf
│ └── app
│ └── app.tf
├── dev
│ └── main.tf
└── prod
└── main.tf
31
32. When building
modules…
▪ Set provider
version in
consumer
▪ Version with
tagging
CODE EDITOR
provider "aws" {
region = var.region
version = "~> 2.41"
}
module "elb" {
source = "terraform-aws-modules/elb/aws"
version = "2.3.0"
health_check = var.health_check
listener = var.listener
// omitted for clarity
}
output "dns" {
value = module.elb.this_elb_dns_name
}
32
terraform.io/docs/configuration/modules.html
37. Establish Collaboration Patterns
▪ Adopt a software development pattern
▪ Put it in a CI pipeline
▪ Apply and audit changes based on code push
▪ Lock state during changes to prevent overrides
37
terraform.io/docs/state/locking.html
38. Dry run
doesn’t
reflect
change
impact?
TERMINAL
> kitchen test
-----> Starting Kitchen (v2.3.3)
…
Waiting for SSH service on
54.93.35.169:22, retrying in 3 seconds
Waiting for SSH service on
54.93.35.169:22, retrying in 3 seconds
Waiting for SSH service on
54.93.35.169:22, retrying in 3 seconds
Waiting for SSH service on
54.93.35.169:22, retrying in 3 seconds
Waiting for SSH service on
54.93.35.169:22, retrying in 3 seconds
38
41. Upgrades
are
disruptive?
TERMINAL
> terraform-0.7.13 apply
Terraform doesn't allow running any
operations against a state
that was written by a future Terraform
version. The state is
reporting it is written by Terraform
'0.8.8'.
Please run at least that version of
Terraform to continue
41
42. 42
0.8 0.9 0.10 0.11 0.12
CHANGELOG
Upgrade Guide
Template files & string
interpolation changes
AWS provider attribute
deprecations
CHANGELOG
Upgrade Guide
Migrating to Backends
Deprecate Remote for
Backend Configuration
State Locking
AWS provider changes
may trigger recreation
Providers separated as
plugins from core
repository & versioned
Interactive approval for
apply (breaks
pipelines, add -auto-
approve flag)
CHANGELOG
Upgrade Guide
Changes to module
inheritance of providers
Always use splat (*)
operator for count
references
CHANGELOG
Upgrade Guide
CHANGELOG
Upgrade Guide
Adds rich type system to a
previously string-typed
system
Includes automated upgrade
tool (with caveats)
AWS Provider CHANGELOG
AWS v2 Upgrade Guide
speakerdeck.com/joatmon08/the-semi-ultimate-terraform-upgrade-guide
43. Ease Upgrade Path by…
▪ Pinning provider versions
▪ Using known functions and not creative hacks
▪ Decoupling configuration across providers (i.e., separate Kubernetes
from GCP)
▪ Avoid provisioners or complicated lifecycle customizations
43
hashicorp.com/resources/closing-keynote-terraform-at-google
44. Resources
▪ Terraform Cloud | app.terraform.io/signup/account
▪ Learn Terraform | learn.hashicorp.com/terraform
▪ Community Forum | discuss.hashicorp.com
44