Infrastructure as Code http://bananacore.com/ en Terraform Tutorial http://bananacore.com/blog/terraform-tutorial <span class="field field--name-title field--type-string field--label-hidden">Terraform Tutorial</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/17" typeof="schema:Person" property="schema:name" datatype="">Jose Daniel</span></span> <span class="field field--name-created field--type-created field--label-hidden">Thu, 09/10/2020 - 16:10</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="container block block-layout-builder block-field-blocknodeblogbody"> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><h2>Introduction</h2> <p>Terraform is an open-source infrastructure as code software tool, it allows you to manage and automate the infrastructure of the application. Terraform uses declarative language, it means we don't have to define every step of the control flow, but it focuses in what end result we want and Terraform will find a way of how to execute it. </p> <p>Infrastructure as code (IaC) is the management and provisionment of infrastructure (networks, virtual machines, load balancers, and connection topology) through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. This makes a valued tool for many DevOps engineers.</p> <p>Terraform can manage a lot of cloud infrastructure providers such as Amazon Web Services, Microsoft Azure, IBM Cloud, Google Cloud Platform, DigitalOcean, Linode, Oracle Cloud Infrastructure and also in-house solutions.</p> <h2>Installation</h2> <p>Terraform can be installed in Linux, Mac or Windows. The available downloads for the operative system can be found here https://www.terraform.io/downloads.html. The installation is very simple, in this case for CentOS/RHEL we have to run a few commands</p> <pre> <code class="language-bash">sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo sudo yum -y install terraform terraform -help</code></pre> <p>We can also run Terraform using Docker</p> <pre> <code class="language-bash">docker pull hashicorp/terraform docker run -it -v $PWD:/workspace -w /workspace hashicorp/terraform:light validate</code></pre> <p>The -w flag creates the /workspace directory and sets it as the new working directory, overwriting the terraform image’s default. The above example will run the Terraform <strong>validate</strong> command.</p> <h2>Configuration file</h2> <p>The configuration files will contain the descriptions of the infrastructure, these files by convention end with <strong>.tf</strong>. Terraform language uses blocks to represent the configuration of some kind of object, like a resource.</p> <p>The <strong>provider block</strong> configures the named provider, in this case <strong>aws</strong>. The <strong>region attribute</strong> is where the instance will be created, the <strong>code us-east-1</strong> means the instance will be created in US East (N. Virginia).</p> <p>The AWS provider offers several ways of providing credentials for authentication.</p> <p><strong>Static credentials</strong>: these credentials can be provided by adding the user's security credentials <strong>access_key</strong> and <strong>secret_key</strong> in-line in the AWS provider block. This configuration is not recommended, and risks secret leakage should this file ever be committed to a public version control system</p> <pre> <code>provider "aws" { region = "us-east-1" access_key = "ABCDEFGHIJKLMNOP" secret_key = "ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP" }</code></pre> <p><strong>Environment variables</strong>: we can use the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. We can create the variables in the terminal</p> <pre> <code class="language-bash">export AWS_ACCESS_KEY_ID="ABCDEFGHIJKLMNOP" export AWS_SECRET_ACCESS_KEY="ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP"</code></pre> <p><strong>Shared credentials file</strong>: we can use an <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html" rel="nofollow" target="_blank">AWS credentials or configuration file</a> to specify your credentials. We will need to create a file named <strong>~/.aws/credentials</strong> and it will contain</p> <pre> <code>[default] aws_access_key_id=ABCDEFGHIJKLMNOP aws_secret_access_key=ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP</code></pre> <p>The provider block for the environment variables and shared credentials file we will need only to specify the attribute region in the configuration file</p> <pre> <code>provider "aws" { region = "us-east-1" }</code></pre> <p>In the <strong>resource block</strong>, the <strong>ami</strong> attribute is the id of the instance, this instance must be in the same region we added above. The <strong>instance_type</strong> is the type of instance we will create. The final configuration file will look like this example</p> <pre> <code>provider "aws" { region = "us-east-1" } resource "aws_instance" "example" { ami = "ami-1122334455667788" instance_type = "t2.micro" }</code></pre> <p>The first step is to run the command <strong>init</strong> to download the plugin provider</p> <pre> <code class="language-bash">terraform init</code></pre> <p>After we run the command we will see the message <em>Terraform has been successfully initialized!</em>. The next step is to create an <strong>execution plan</strong> using the command <strong>plan</strong>.</p> <pre> <code class="language-bash">terraform plan</code></pre> <p>The Terraform <strong>apply</strong> command is used to build or make changes to reach the desired state of the configuration</p> <pre> <code class="language-bash">terraform apply</code></pre> <p>The command Terraform <strong>destroy</strong> is used to destroy the Terraform-managed infrastructure. It will will delete all resources declared in the configuration file, so in case we need to destroy only some resources we can just delete the specific resource in the file and run <strong>terraform apply</strong> so Terraform will check the state differences and make the changes.</p> <pre> <code class="language-bash">terraform destroy</code></pre> <h2>Conclusion</h2> <p>This was a quick overview of the Terraform fundamentals. You can find more information about providers, resources, data sources, modules, state, variables and documentation in the following links:</p> <ul> <li>AWS Provider: <a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs">https://registry.terraform.io/providers/hashicorp/aws/latest/docs</a> and <a href="https://learn.hashicorp.com/tutorials/terraform/aws-build">https://learn.hashicorp.com/tutorials/terraform/aws-build</a></li> <li>AWS cli configuration files: <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html">https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html</a></li> <li>Terraform Docker container: <a href="https://hub.docker.com/r/hashicorp/terraform/">https://hub.docker.com/r/hashicorp/terraform/</a></li> </ul> </div> </div> <div class="container block block-layout-builder block-field-blocknodeblogfield-tags"> <div class="field field--name-field-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/blog/tag/terraform" hreflang="en">Terraform</a></div> <div class="field__item"><a href="/blog/tag/devops" hreflang="en">DevOps</a></div> <div class="field__item"><a href="/blog/tag/infrastructure-code" hreflang="en">Infrastructure as Code</a></div> <div class="field__item"><a href="/blog/tag/aws" hreflang="en">AWS</a></div> </div> </div> </div> </div> Thu, 10 Sep 2020 22:10:36 +0000 Jose Daniel 105 at http://bananacore.com