Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WJAX-2020: YATT: Yet another Terraform talk - G...

WJAX-2020: YATT: Yet another Terraform talk - Grundlagen und ein bisschen mehr

"Infrastructure as Code" ist heutzutage eine wichtige Komponente, um die Erstellung von Cloud-Umgebungen gut strukturieren, versionieren und verwalten zu können. Als eines der führenden Tools für diesen Zweck gilt HashiCorp Terraform. Ich möchte in meinem Vortrag Grundlagen und Konzepte erklären und einen kleinen Einblick geben, was noch alles machbar ist. Seid gespannt auf die tollen Features, die Terraform außer dem stumpfen Auflisten von Ressourcen noch zu bieten hat.

Sandra Warmbrunn

November 12, 2021
Tweet

More Decks by Sandra Warmbrunn

Other Decks in Programming

Transcript

  1. @stgerberding YATT: Yet another T erraform talk - Grundlagen und

    ein bisschen mehr ... Sandra Gerberding - smartsteuer GmbH
  2. @stgerberding Software-Entwicklerin: Java Web Anwendungen Continuous Integration Software-Architektur T witter:

    
 @stgerberding Blog: 
 http://sandra.gerberding.blog E-Mail: 
 [email protected] Speaker Deck: 
 https://speakerdeck.com/sandrag Sandra Gerberding 2
  3. @stgerberding Was gucken wir uns heute alles an: Was ist

    Infrastructure as Code? Was ist T erraform? Aufbau von T erraform Syntax Basis Komponenten Expressions Functions CLI Befehle Neues Zusammenfassung
  4. @stgerberding T erraform Core /CLI Provider-Plugins Provisioner-Plugins Cloud API Client

    Library RPC Golang HTTPS https://registry.terraform.io/providers/hashicorp/aws/latest/docs Aufbau T erraform
  5. @stgerberding Syntax T erraform Argumente HCL Syntax .tf Blöcke identifier

    = expression type [label] { Block body [arguments/blocks ] } UTF-8 Kommentare # einzeili g // einzeili g /*…*/ mehrzeilig JSON Syntax .tf.json UTF-8 JSON Property JSON Object "identifier": "expression" "identifier": { Object body [properties/objects/arrays ] } Kommentare "//": "This …" JSON Array "identifier": [ Object body [properties/objects/arrays ] ]
  6. @stgerberding terraform { required_version = ">= 1.0 “ required_providers {

    aws = { source = "hashicorp/aws " version = "~> 3.56.0 " } } } provider "aws" { region = "eu-central-1" profile = "profile-name " } resource "aws_instance" "project-server" { ami = "ami-029c64b3c205e6cce " instance_type = „t4g.micro " tags = { Name = "Default VPC " } } HCL T erraform Beispiel { "terraform": { "required_version": ">= 1.0" , "required_providers": { "aws": { "source": "hashicorp/aws" , "version": "~> 3.56.0 " } } } , "provider": { "aws": { "region": "eu-central-1" , "profile": "profile-name " }} , "resource": { "aws_instance": { "project-server": { "ami": "ami-029c64b3c205e6cce" , "instance_type": "t4g.micro" , "tags": { "Name": "Default VPC " } } } } } JSON T erraform Beispiel
  7. @stgerberding Resources resource "aws_instance" "project-server" { ami = "ami-029c64b3c205e6cce "

    instance_type = „t4g.micro " } <Resource_type>.<Name>.<Attribute> foobar = aws_instance.project-server.i d De fi nition Benutzung
  8. @stgerberding Input Variables variable "image_id" { type = strin g

    description = "The id of the machine image (AMI) to use for the server. " default = "ami-029c64b3c205e6cce " validation { condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami- " error_message = "The image_id value must be a valid AMI id, starting with \"ami-\". " } } De fi nition Benutzung foobar = var.image_i d
  9. @stgerberding Auswertung-Hierarchie Überschreibt • Environment Variablen • terraform.tfvars Datei •

    terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le
  10. @stgerberding Auswertung-Hierarchie >export TF_VAR_image_id=ami-abc12 3 • Environment Variablen • terraform.tfvars

    Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le
  11. @stgerberding Auswertung-Hierarchie region = "us-east-2 " project = "workshop "

    stage = "testing " image_id = "ami-029c64b3c205e6cce " • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le { "region": „us-east-2" , "project": „workshop" , "stage": „testing" , "image_id“: "ami-029c64b3c205e6cce " }
  12. @stgerberding Auswertung-Hierarchie >terraform apply -var-file="testing.tfvars " >terraform apply -var="image_id=ami-abc123 "

    • Environment Variablen • terraform.tfvars Datei • terraform.tfvars.json • *.auto.tfvars / *.auto.tfvars.json • -var / -var- fi le
  13. @stgerberding Output Values output "ec2_instance_public_ip" { value = aws_instance.project-server.public_i p

    } De fi nition module.<MODULE NAME>.<OUTPUT NAME> Benutzung Apply complete! Resources: 1 added, 0 changed, 0 destroyed . Outputs : hostname = terraform.example.co m private_ip = 10.5.4.8 2 public_ip = 94.237.45.22 1 foobar = module.my-module.ec2_instance_public_i p
  14. @stgerberding Locale Values locals { /*------------------------------------------------------------- - RDS (database )

    --------------------------------------------------------------* / rds_instance_allocated_storage = var.stage == "dev" ? 5 : 1 0 rds_instance_class = var.stage == "dev" ? "db.t3.micro" : "db.t3.micro " rds_database_name = var.stage == "dev" ? "projectdevdb" : "projectproddb " rds_database_user_name = "dbuser " rds_database_backup_retetion_period = 1 4 rds_database_deletion_protection = var.stage == "dev" ? false : tru e } De fi nition name = local.rds_database_nam e Benutzung
  15. @stgerberding Modules Root Module Database Module Server Module Network Module

    etc. Module Output Value Input Variables Input Variables Input Variables Input Variables
  16. @stgerberding Modules module "network" { source = "./modules/network" base_cidr_block =

    "10.0.0.0/8" } module "consul_cluster" { source = "./modules/aws-consul-cluster" vpc_id = module.network.vpc_id subnet_ids = module.network.subnet_ids } module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 } T erraform Registry
  17. @stgerberding Expressions "true" converts to true / "5" converts to

    5 // Type conversio n "Hello, ${var.name}!" // String interpolatio n [for o in var.list : o.id] // for expressio n var.list[*].id // splat expressio n var.dbname != "" ? var.dbname : "default-dbname" // conditional expressio n
  18. @stgerberding resource_prefix = join("-", [var.project, var.stage] ) substr("hello world", 1,

    4) // ell o concat(["a", ""], ["b", "c"] ) contains(["a", "b", "c"], "a") // tru e base64decode("SGVsbG8gV29ybGQ=") // Hello Worl d fileexists("${path.module}/hello.txt") Functions
  19. @stgerberding > terraform init > terraform plan > terraform apply

    > terraform destroy T erraform CLI https://www.terraform.io/docs/cli/commands/index.html > terraform Liste aller verfügbaren Befehle > terraform init -help Inline Hilfe Initialisiert das Arbeitsverzeichnis Erstellung eines Ausführungsplans Ausführung des Ausführungsplans Zerstörung der entfernten Objekte T erraform CLI
  20. @stgerberding > terraform output > terraform import T erraform CLI

    https://www.terraform.io/docs/cli/commands/index.html > terraform console Ausführen von Ausdrücken zum T esten > terraform validate Validiert die Kon fi gurationsdateien Anzeigen des Outputs Importieren bestehender Ressourcen … > terraform fmt Formatieren
  21. @stgerberding T erraform CLI Work fl ow > terraform fm

    t > terraform ini t > terraform validat e > terraform plan -var-file=variables.tfvar s > terraform apply -var-file=variables.tfvars
  22. @stgerberding $ terraform plan [19:44:37 ] Terraform used the selected

    providers to generate the following execution plan. Resource actions are indicated with the following symbols : + creat e ~ update in plac e Terraform will perform the following actions : # module.project-stage-db.aws_db_subnet_group.db_subnet_group will be create d + resource "aws_db_subnet_group" "db_subnet_group" { + arn = (known after apply ) + description = "Managed by Terraform " + id = (known after apply ) + name = "project-stage " + name_prefix = (known after apply ) . . . # module.project-stage-db.aws_security_group.db-security-group will be create d ~ resource "aws_security_group" "db-security-group" { arn = (known after apply ) ~ description = "test“ -> "Firewall rules for accessing the database. " . . . Plan: 3 to add, 1 to change, 0 to destroy . ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── ───────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now .