Terraform as Fast as Possible

November 13, 2020
terraform hashicorp AFAP

Terraform is a cloud infrastructure management tools from Hashicorp that can help you manage:

  • IaaS VMs on hypervisors or cloud providers, as well as virtual networks
  • PaaS think Heroku-like deployement solutions, docker…
  • SaaS to some extend, like creating a repository in a VCS

Terraform is separated into 3 products:

  • Terraform CLI the actual tool
  • Terraform Enterprise a licensed packaged edition with all you need to operate as a Terraform
  • Terraform Cloud a SaaS offering of TF Enterprise

We will focus on the CLI tool. Documentation is available at https://www.terraform.io/docs/cli-index.html.

Install

Reference doc here: https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform

All Linux

Download the binary from https://www.terraform.io/downloads.html and put it in your path.

Debian

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform

Fedora

sudo dnf install -y dnf-plugins-core
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
sudo dnf install terraform

Install autocomplete for bash/zsh: terraform -install-autocomplete.

Use

AWS guide here https://learn.hashicorp.com/collections/terraform/aws-get-started

Commands

  • terraform init download the dependencies for the providers from all the *.tf files in the local folder
  • terraform plan read all the *.tf files, get the current infrastructure state and display a plan
  • terraform apply execute the stored plan
  • terraform destroy remove infrastructure
  • terraform output read the JSON state file and extract some information (jq glorified)
  • terraform show display the formatted state file
  • terraform import get all data from a provider in the state file, writing the actual configuration is left to the user

Configuration format

Very basic example, see more details in the doc.

# in a anything.tf file
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 2.70"
    }
  }
}

variable "aws_region" {
    default = "us-west-2"
}

provider "aws" {
  profile = "aws-profile-name-in-.aws-credentials"
  region  = var.aws_region
}

# here aws_instance is the ressource type and example is the name (which is local only)
resource "aws_instance" "example" {
  ami           = "ami-830c94e3"
  instance_type = "t2.micro"
}

Variables

The configuration format can be templated and modified by a set of input variables, and it can also result in output variables as a byproduct.

Meta-arguments (looping and dependency)

  • depends_on, for specifying hidden dependencies
  • count, for creating multiple resource instances according to a count
  • for_each, to create multiple instances according to a map, or set of strings
  • provider, for selecting a non-default provider configuration
  • lifecycle, for lifecycle customizations
  • provisioner and connection, for taking extra actions after resource creation

More details here.

Teamwork

Lockfile and state

Terraform support remote storage (name backends) to store state and acquire lock on the infrastructure before executing. The main one is obviously Consul, but etcd, s3, k8s and almost anything supporting a predefined REST API (http). See https://www.terraform.io/docs/backends.

The remote backend is a special backend capable not only of state & locking, but also actually acting as a proxy executing the terraform CLI commands.

Files and version control

.tf file are usually versioned in a git repo. They can be separated as modules (which is a kind of plugin) to be reused, with templating depending on input variables. Modules can then be published to a repository.