Terraform day1 - class notes
2/16/2022
Infrascture as code (IAC)
Terraform
Recap
- Language Construction
- Ansible Tower
-
google "ansible module list"
cloud module -> creates resources
but why this tool is not used as Infra as a code?
- you are able to create complete environment. you can create,
- s3
- instance
- lambda function
Infra as code
-------------
IAC allow you to,
- create environment
- create resources
- update resource
- destroy resources
One created and decleared, you can perform the same task multiple time, without too much of configuration.
- We want to be stable environment
- Desire state (idempotent - if package is there do not do anything, or if directory is there, don't delete and create)
once create, it should not be changed.
How can we create resources?
- Using aws console -> graphical
- cli -> aws commands => aws s3 create name ...
- cloud-formation
- terraform
AWS APIs [DSL]
----------------
declare methods with params
- method
- params
We will create Resources => APIs => aws/azure/gcp
on ansible
apt:
name: tree
state: latest
apt:
name: tree
state: absent
if you run the following command below, it will keep creating resource. Its hard to manage it.
ec2:
name: test
type: t2.micro
Configuration Management (ansible)
- works only with softwares
- can not work on hardware level, but can install any software
- can not be used as a replacement to IoC tools
Infracture as a Code (IoC - terraform)
----
1. can create/destroy hardware architecture
2. can install sotware while bootstrapping servers
3. should not be used as a replacement to CM tools.
Both of them are complement to each other.
What is Terraform?
- it is an open source infracture as a code softaware created by HashiCorp. It enables uses to define and provision a datacenter infracture using a high level configruation language known as hashicorp cofiguration language or optionally its just a JSON.
- Opensource
- MultiCloud support (AWS, Azure, GCP)
- Easy to use
- Maintains desire state
Architecture
-------------
google "terraform architecture"
====================
rest-API
ec2 => abc
-> next execution should skip
-> already exist.
-> say jenkins has a job andyou want to run
we created end point URL -> Jenkins job + token, you can run through python script, curl command, or thorugh the browser
curl -i http://hostname:port/job/token=423456677
AWS has some resources (APIs)
- terraform calling API to create resources on AWS.
=====================
terraform code
main.tf
Terraform operation
-------------------
4 kinds: terraform lifecycle
init => plan => apply => destroy
Developer -> write code (tf) -> plan -> Apply -> Destroy
- init
- plan (what are you going to create: ec2, lambda function -> 2 resources)
- Apply ( whatever plan you selected, it will be sitting on AWS platform)
- Destroy (Once your requestement is completed, you can destroy your resources
if you have terraform utility, you can create resources same way like ansible.
Terraform
- lcoal machine
- jenkins agent
- VM
- Docker
LAB
- Create an aws (terraform) instance - t2.micro
google - terraform setup
1. install package
2. Verify the installation
$ terraform --help
# terraform
command not found
go to installation and get the step
# sudo a-t=get
sudo apt-get install -y gnugp software-properties-comman curl
# curl -fsFL <url>
apt-add-reposityt
# update and install terraform
ap-get update && sid apt-get install terraform
# which terraform
/usr/bin/terraform
# terraform --help
now, we can get help here with the command
main comands
init
validate
plan
apply and
destroy
other commands
console
fmt
get
graph
omport
login/logout
output
show
....
We want to create resource now.
learn.hashicorp.com/terraform
get started ...
To work with AWS, set up the following
1. Install aws cli
$ apt install awscli
2. Set up account
$ aws configure # go to aws console and delete the old key and create new access key/secret key
you have to seecify region output type (json)
# cd .aws; ls -ltr
# cat credentials
This is where you credentials are stored.
# aws s3 ls
3. Install/set up terraform
# mkdir eg; cd eg
# vi main.tr
# providers define here
terraform
required_providers {
aws = {
source = "hashicorp/aws"
version = "-> 3.27"
}
}
provider "aws" {
profile = "default"
region = "us-west-2"
}
# resource declaration
resources "aws_instance" "app-server" {
ani = "ami-82c94e3"
instance_type = "t2.micro"
tags = {
Name = "ExampleAppServerInstance"
}
}
# cat ~/.aws/config
[defailt]
region = us-west-2
output = json
google aws resource instance creation
resource : aws_instance
Once you write your code, run the command below,
# terraform init
- initializing provider plugins
- required plugins pulled.
it wil show what it is going to do, what resource its going to create.
# terrafrom plan
at the botton of the page, it gives you suggestion to use -out option to save this plan.
# terraform plan -out eg.plan
saving the plan file into eg.plan
now, we can run this plan towards the terraform
# ls -ltr ; cat eg.plan # its a binary file. can't read it.
# terrafrom apply ex.plan
apply complete. resources: 1 added, 0 changed, 0 destroyed
go to aws console and you should be able to see the instance is being created
# ls -ltr
# cat terraform.tfstate
Try again
what happens if you run,
# terraform plan --out eg.plan
refreshing ..
No changes, your infracture matches the configuration.
# tf apply eg.plan
apply complete. Resources: 0 added, - changed, 0 destroyed.
do not try to apply directly. first plan and apply
lets modify
# main.tf
change instance_type = "t2.micro
change tag to demo
# terraform plan --out eg.plan
refreshting
plan: 0 to add, 1 to change, 0 to destroy
# tf apply ex.plan
not adding, deleting the resource, only changing
now, lets change the region to us-west-1
# vi main.tf
it will deletes the original resource and re-created on another region.
# tf plan -out eg.plan
plan: 1 to add, 0 to change, 0 to destroy
# tf apply eg.plan
error: error launching source instance: invalidMIID. not found
The reason it, we change in provider level
can we declare the
vi main.tf
go to different region and go to amis and get the id from there.
ami = "ami-0123333"
# tf plan
# tf apply
# tf destroy # it will destroy all the resource on that specific region.
Note: maintain terraform.tfstate file.
# tf destroy
no resource found..
in this case, you have to go to other region and manually delete
or modify the main.tf file and run
modify the ami value and
# tf plan -out eg.plan
# tf apply eg.plan
# tf destroy --auto-approve
# ls -ltr
terraform.tfstate
this file is on local system. you need to keep it on a sfe location.
if it is modified, it will be recreated.
you better stored in a central location.
for that case, we choose storage location like google drive.
s3 or blob
google for backend terraform
select available backends
- local
- remote
- azure
- etcd
- gcs
- http
- s3
...
lets take s3 example
terraform {
backend "s3" {
bucket = "mybuck.." # got to s3 -> create "mybuck.."
key = "dev" # it will create there
region = "us-west-2" # specify the region
}
}
by default it will be publically accessible. make private if needed *** verify
# tf plan -out dev.plan
it complains that you have to run tf init.
reason: initial configuration of the required backend "S3"
it is a new resource, so we have to initialize
# tf init
# tf plan -out dev.plan
plan: 1 to add, 0 to change, 0 to destroy
# tf apply dev.plan
now, tc file willbe stored in s3 bucket.
# tf destroy
definining multiple resources..
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
tomorrow,
- what is variables
- tfvars
Q. how to use k8s, docker, azure?
google, read the docs ..
run the following job, read, write and understand ...
https://github.com/qfitsolutions/aws-terraform-course/blob/master/EC2withJenkins/ec2_jenkins.tf
read about what is elk
===============================