Building your infrastructure as one-off thing by clicking in the UI of your chosen cloud provider may be easy, but that isn't scalable nor fun in long-term nor in team. Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

1. Building infrastructure
with Terraform
Radek Simko

2. $ whoami
radeksimko
}
twitter.com/
google.com/+
linkedin.com/in/
github.com/

4. Provisioning of the past
● manual
● Shell, Perl
● extra knowledge required
○ bottleneck for team growth
● pure-ops task
○ devs & ops talking over a wall

6. Provisioning today
● Chef, Puppet, Salt, Ansible
● knowledge codified
● de facto serves as documentation
● faster
● less error prone
● brings devs and ops closer

7. Infrastructure today

8. Hashicorp

9. Vagrant
● Virtualbox
● VMWare
● Docker
● AWS
● Google Cloud
● ...

10. Terraform
● AWS
● Azure
● Digital Ocean
● Google Cloud
● Docker
● OpenStack
● ...

11. Other solutions
● AWS CloudFormation
● Google Deployment Manager
● Heat (OpenStack)
● Puppet Cloud Provisioner
● Ansible
● SaltStack
● ...

12. XML

13. JSON

14. YAML
- states:
- QC: Quebec
- ON: Ontario
- BC: British Columbia
- YT: Yukon Territory
[
{
"states": [
{
"QC": "Quebec"
},
{
"true": "Ontario"
},
{
"BC": "British Columbia"
},
{
"YT": "Yukon Territory"

15. YAML
#cloud-config
_discovery_url: &ETCD_DISCOVERY_URL
url: "https://discovery.etcd.io/5416cf2db"
coreos:
fleet:
<<: *FLEET_METADATA
public-ip: $private_ipv4
etcd:
<<: *ETCD_DISCOVERY_URL
addr: $private_ipv4:4001
peer-addr: $private_ipv4:7001

18. jsonnet
● 20% project of Dave Cunningham
● Turing-complete language
● allows building more abstraction layers
● compatible w/ Terraform

19. DSL
● referencing
● reusability (DRY)
● human-readability

20. Demo 1
Basic two-tier app (POC)
https://github.com/radeksimko/terraform-examples/tree/master/google-two-tier-simple

21. DSL
● provider
● resource (ID + reference name)
● count attribute
● variable
● output
● provisioner
● Reference: ${TYPE.NAME.ATTRIBUTE}
● Expansion: ${TYPE.NAME.*.ATTRIBUTE}

22. Provisioners
● local-exec
● remote-exec
● chef
● …

23. Demo 2
Two-tier app (Scalable)
https://github.com/radeksimko/terraform-examples/tree/master/google-two-tier-scalable

24. DSL - built-in functions
● file(path)
● format("web-%03d", count.index+1)
● formatlist("https://%s:%s/", aws_instance.
foo.*.public_dns, var.port)
● lookup(map, key)
● ...

25. How does it work?

26. Why Terraform? (overview)
● Provider-agnostic
● DSL (yet JSON-compatible)

27. Why Terraform?
● open to community
○ missing feature or bug != support ticket

28. Why Terraform?
● doesn’t “own” your whole account or resource “type”

29. Why Terraform?
● core features
○ aware of dependency graph between resources
○ transparent state (pros/cons)
■ resources import (in the future)
■ detailed plan
■ maintenance & atomicity & sharing in the team

30. State
...
"google_compute_firewall.consul_admin_node": {
"type": "google_compute_firewall",
"primary": {
"id": "consul-admin-firewall",
"attributes": {
"allow.#": "1",
"allow.803338340.ports.#": "1",
"allow.803338340.ports.1685985038": "22",
"allow.803338340.protocol": "tcp",
"id": "consul-admin-firewall",
"name": "consul-admin-firewall",
"network": "default",
"self_link": "https://www.googleapis.com/compute/v1/projects/skilled-bee-777/global/firewalls/consul-
admin-firewall",
"source_tags.#": "1",
"source_tags.3928264908": "consul-web-ui",
"target_tags.#": "1",
"target_tags.1747926572": "consul-node"
}
}
},
...

31. State
● terraform.tfstate (default)
● Atlas
● S3
● Consul
● HTTP
● OpenStack’ Swift

32. State - setup
terraform remote config
-backend=consul
-backend-config="address=demo.consul.io:80"
-backend-config="path=tf"

33. State - referencing
resource "terraform_remote_state" "network" {
backend = "atlas"
config {
name = "timeinc/network-prod"
}
}
resource "google_compute_firewall" "default" {
network = "${terraform_remote_state.network.network-name}"
...

34. Modules
module "consul" {
source = "github.com/hashicorp/consul/terraform/aws"
servers = 3
}
variable "servers" {
default = 2
}
$ terraform get

35. Modules
./module/outputs.tf
output "ip" {
value = "${google_compute_instance.default.public_ip}"
}
./main.tf
module "consul" {
…
${module.consul.ip}

36. Demo 3
Consul cluster
https://github.com/radeksimko/terraform-examples/tree/master/google-consul-module

37. New provider?
~/.terraformrc:
providers {
privatecloud = "/path/to/privatecloud"
}

38. Custom provider?
package main
import (
"github.com/hashicorp/terraform/plugin"
)
func main() {
plugin.Serve(new(MyPlugin))
}

39. Under the hood - provider
● helper/schema

40. What’s next?
● Kubernetes provider
● Google backend service (HTTP LB)
● …

41. ↓ SLIDES ↓

42. $ whoami
radeksimko
}
twitter.com/
google.com/+
linkedin.com/in/
github.com/
slideshare.net/