Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. It uses a declarative configuration file to describe infrastructure and allows incremental changes through a plan and apply process. The document provides an overview of Terraform and demonstrates how to set up a Google Cloud Platform project and deploy a virtual machine instance on GCP using Terraform. It also shows how to output the instance's IP address, upgrade the instance's machine type, attach additional disks, and manage multiple instances with disks using variables and counts.

1. Managing GCP Projects
with Terraform
GDG DevFest Pisa 0.1
Giovanni Toraldo @gionn
cloudesire.com

2. About me
Giovanni Toraldo
Open Source Enthusiast, Java
coder, writer of the OpenNebula
book, lead developer &
co-founder at @Cloudesire,
shooting 2 euro coin at 36
meters with crossbow
2

3. Monetization & Brokering
Platform for immediate
SaaSification and automated
distribution of business
applications and services.
3

4. 4

5. Infrastructure as code?
Design, implement, and deploy applications infrastructure with
known software best practices:
● Code versioning
● Code reuse (modularization/abstraction)
● Code sharing
In order to achieve:
● Repeatability
● Speed
● Reliability
5

6. Cloud services are
easy?
Complexity is
increasing
Composition is a
must
Velocity is the key
of success
6

7. 7

8. What is Terraform?
Terraform is a tool for building, changing, and versioning
infrastructure safely and efficiently.
● Declarative approach
○ Infrastructure is described using a high-level configuration syntax
● Incremental changes
○ Automatically discover the steps required from current to desired
infrastructure state
● Execution plan
○ See what Terraform will do when you apply configuration
● Dependency graph
○ automatically decide the order in which action are executed
● Automation
8

9. What is NOT Terraform?
● Configuration management tool
○ You still need Puppet, Chef, Ansible to manage
software on VM
● Cloud abstraction layer
○ Doesn’t expose any API, just a CLI mean to be used
by humans
○ Doesn’t hide the inner characteristics of each cloud
provider via abstraction
● A solution to your lack of cloud knowledge
9

10. Use cases
● Manage production environments by ops
● Manage disposable test/qa environments by dev
● Multi-tier (complex) infrastructures
● Setup demo environments
● Multi-cloud deployment
10

11. Install Terraform
Terraform is distributed as a single
Go binary without external
dependencies.
Download, unpack, execute.
● cd /tmp
● wget <url>
● unzip <file> || tar xvf <file>
● sudo mv terraform /usr/local/bin
● sudo chmod +x
/usr/local/bin/terraform
11

12. Create a Google Cloud Platform account
12

13. Create a new Google Cloud project
13

14. Navigate to Compute Engine to activate
14

15. Create Service account key and download
15

16. Create a new project
Just create an empty folder with a file auth.tf:
// Configure the Google Cloud provider
provider "google" {
credentials = "${file("account.json")}"
project = "terraform-test-197317"
region = "europe-west1 "
}
And run:
$ terraform init
16

17. Initialize terraform project
And run:
$ terraform init
17

18. Apply changes to infrastructure
Plan command to evaluate changes
Apply command to modify infrastructure
18

19. Terraform project files structure
There isn’t any enforcement on how to arrange resources inside a
terraform project:
● All .tf files in the current folder are automatically sources and
merged together in memory
$ ls -la
total 108
drwxr-xr-x 4 gionn dev 4096 mar 8 15:47 .
drwxr-xr-x 3 gionn dev 4096 mar 7 18:03 ..
drwxr-xr-x 7 gionn dev 4096 mar 8 15:47 .git
drwxr-xr-x 3 gionn dev 4096 mar 7 18:22 .terraform
-rw-r--r-- 1 gionn dev 2333 mar 7 18:18 account.json
-rw-r--r-- 1 gionn dev 175 mar 7 18:19 auth.tf
-rw-r--r-- 1 gionn dev 406 mar 8 15:46 vm.tf
19

20. Create a new VM
20

21. Plan output
$ terraform plan
Refreshing Terraform state in-memory prior to
plan...
The refreshed state will be used to calculate
this plan, but will not be persisted to local
or remote state storage.
---------------------------------------------
An execution plan has been generated and is
shown below.
21

22. Plan output
+ create
Terraform will perform the following actions:
+ google_compute_instance.default
id: <computed>
boot_disk.0.initialize_params.0.image:
"debian-cloud/debian-8"
cpu_platform: <computed>
instance_id: <computed>
label_fingerprint: <computed>
machine_type: "n1-standard-1"
metadata.%: "1"
metadata.ssh-keys: "debian:ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDDnX70/3FB4j7UvewR3T...
22

23. Plan output
Plan: 1 to add, 0 to change, 0 to destroy.
-------------------------------------------------
-
Note: You didn't specify an "-out" parameter to
save this plan, so Terraform can't guarantee that
exactly these actions will be performed if
"terraform apply" is subsequently run.
23

24. Apply output
$ terraform apply
An execution plan has been generated and is shown
below.
Resource actions are indicated with the following
symbols:
+ create
Terraform will perform the following actions:
+ google_compute_instance.default
24

25. Apply output
Summary of the actions to perform, waiting for confirmation
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described
above.
Only 'yes' will be accepted to approve.
Enter a value: ___
25

26. After an apply successful operation
State is persisted to terraform.tfstate:
26

27. 27

28. terraform.tfstate
A state file is required in order to:
● Map managed resources to terraform resources
● Persist additional metadata
● Cache, useful for large infrastructures
JSON structure that can be modified (bugs happens) or inspected
(custom integrations).
State should be persistent and shared among developers.
28

29. Terraform.tfstate sharing and locking
For solo developers or small teams: just commit to GIT.
For bigger teams, tfstate locking is required.
Multiple backends supported:
● Google cloud storage
● S3
● Consul
● Etcd
● Terraform enterprise
29

30. Terraform.tfstate sample output
{
"version": 3,
"terraform_version": "0.11.3",
"serial": 2,
"lineage": "d495f1c0-3c8b-45c2-bda2-f40d28382f30",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
"google_compute_instance.default": {
"type": "google_compute_instance",
"depends_on": [],
"primary": {
"id": "test-vm",
"attributes": {
"attached_disk.#": "0",
"boot_disk.#": "1",
"boot_disk.0.auto_delete": "true",
"boot_disk.0.device_name": "persistent-disk-0",
"boot_disk.0.disk_encryption_key_raw": "",
"boot_disk.0.disk_encryption_key_sha256": "",
30

31. Terraform.tfstate: where is the IP address?
"network_interface.#": "1",
"network_interface.0.access_config.#": "1",
"network_interface.0.access_config.0.assigned_nat_ip":
"104.155.126.70",
"network_interface.0.access_config.0.nat_ip": "104.155.126.70",
"network_interface.0.address": "10.132.0.2",
"network_interface.0.alias_ip_range.#": "0",
"network_interface.0.name": "nic0",
"network_interface.0.network":
"https://www.googleapis.com/compute/v1/projects/terraform-test-19731
7/global/networks/default",
"network_interface.0.network_ip": "10.132.0.2",
"network_interface.0.subnetwork":
"https://www.googleapis.com/compute/v1/projects/terraform-test-19731
7/regions/europe-west1/subnetworks/default",
"network_interface.0.subnetwork_project":
"terraform-test-197317",
"project": "terraform-test-197317",
31

32. Automatically print VM ip address
Add to output.tf:
output "ip" {
value = "${google_compute_instance.default.
network_interface.0.access_config.0.nat_ip}"
}
And run terraform apply:
Outputs:
ip = 104.155.126.70
32

33. Change infrastructure example: VM upscale
Just change the terraform attribute machine_type
(and configure allow_stopping_for_update)
Now, when terraform apply is run, terraform discover that the
machine_type of the existing resource doesn’t correspond to the
desiderata.
33

34. 34

35. 35

36. Attach a new data disk
We’ll create a new data disk resource, and reference it insiude the
instance resource.
36

37. 37

38. 38

39. 39

40. 40
Manage multiple instances with disks
● Define a variable resource
○ Set a default
● Define unique resource names to avoid conflicts
○ Leverage count.index variable
● Reference a difference disk for each instance
○ Use count.index variable as disk reference
● Override variable value via environment variable
○ TF_VAR_my_counter

41. 41

42. 42
github.com/
gionn/terraform-example

43. Questions?
43