Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Scale 16x: Terraform all the Things

168 views

Published on

Many companies continue to manaully create and manage their cloud infrastructure via web consoles. Documenting these procedures is challenging, especially since the interfaces are always evolving. Reviewing the changes is also difficult, and it often involves having a coworker watching over your shoulder. Rolling back a bad change requires deleting your current work and attemtping to manually re-create the old infrastructure from memory. Scaling or deploying the infrastructure to new environments also often involves manually re-creating it.

Hashicorp's Terraform allows for the management of infrastructure as code. While a growing number of groups have started to utilize this tool, most are only just beginning to scratch the surface of its potential. Yes, Terraform can be used to create and manage resources in AWS and other cloud providers. However, thanks to an ever growing number of providers, it can manage resources in many other popular cloud services. At Yelp, we use Terraform to manage our AWS resources, DNS records in NS1, CDN configuration in Fastly and Cloudflare, and our charts and dashboards in SignalFx.

This setup provides us with the ability to maintain our infrastructure as code in a version control system that can be put through standard code review flows. If we discover an issue, we can revert to an older, working commit and restore our infrastructure to that point in time. Documentation can include code snippets that can be easily copied/pasted in an error free manner. Finally, resources managed by one Terraform provider can benefit from and utilize information from resources managed by another provider. This means that launching a new AWS EC2 instance can automatically update the necessary DNS records in NS1, and then create a dashboard filled with customized charts designed to monitor the instance.

Published in: Technology
  • Be the first to comment

Scale 16x: Terraform all the Things

  1. 1. Nathan Handler nhandler@yelp.com / @nathanhandler Terraform all the Things
  2. 2. ● Nathan Handler ● Yelp Site Reliability Engineer ● nhandler@yelp.com / @nathanhandler Who am I?
  3. 3. Yelp’s Mission Connecting people with great local businesses.
  4. 4. The Old Way
  5. 5. aws ec2 run-instances --image-id ami-abcd1234 --count 1 --instance-type t2.micro --key-name demokey --security-group-ids sg-1a2b3c4d --subnet-id subnet-d4c3b2a1 --iam-instance-profile Name=MyInstanceProfile --tag-specifications 'ResourceType=instance,Tags=[ {Key=Environment,Value=Production}]' --region us-west-1
  6. 6. github.com/wallix/awless
  7. 7. Tools should not dictate your Processes
  8. 8. ● Version Control ● Reviewable ● Utilizes existing APIs/SDKs ● No single vendor lock-in What are we looking for?
  9. 9. provider "aws" { access_key = "ACCESS_KEY_HERE" secret_key = "SECRET_KEY_HERE" region = "us-east-1" } resource "aws_instance" "example" { ami = "ami-2757f631" instance_type = "t2.micro" }
  10. 10. Why not CloudFormation?
  11. 11. Why not CloudFormation?
  12. 12. What about {Chef, Puppet, Ansible, …}? Terrafor m Configuration Management
  13. 13. Traps, Tips, and Gotchas
  14. 14. Scare Factor
  15. 15. AWS
  16. 16. NS1
  17. 17. resource "ns1_zone" "tld" { zone = "terraform.example" } resource "ns1_record" "www" { zone = "${ns1_zone.tld.zone}" domain = "www.${ns1_zone.tld.zone}" type = "CNAME" ttl = 60 answers = { answer = "sub1.${ns1_zone.tld.zone}" } answers = { answer = "sub2.${ns1_zone.tld.zone}" } filters = { filter = "select_first_n" config = { N = 1 } } }
  18. 18. SignalFx
  19. 19. variable "regions" { default = ["regionA", "regionB", "regionC", "regionD"] } resource "signalform_detector" "application_delay" { count = "${length(var.regions)}" name = "max delay - ${var.regions[count.index]}" description = "delay in region - ${var.regions[count.index]}" program_text = <<-EOF filters = filter("region","${var.regions[count.index]}") signal = data("app.delay", filter=filters).max() detect("Processing old messages 5m", when(signal > 60, "5m")) EOF rule { description = "Max delay > 60s for 5m" severity = "Critical" detect_label = "Processing old messages since 5m" notifications = ["Email,foo-alerts@bar.com"] } } resource "signalform_dashboard" "queue_length_dashboard" { name = "Queue Length Dashboard" time_range = "-1h" variable { property = "region" alias = "region" values = ["regionA"] values_suggested = "${var.regions}" value_required = true restricted_suggestions = true } chart { chart_id = "${signalform_list_chart.queue_length.id}" width = 6 row = 1 } } resource "signalform_list_chart" "queue_length" { name = "queue length" program_text = <<-EOF filters = filter("device", "dm-0") data("iostat.queue_length", filter=filters).mean().publish() EOF color_by = "Dimension" refresh_interval = 60 sort_by = "-value" }
  20. 20. Discovering Dynamic Resources
  21. 21. Fastly / Cloudflare
  22. 22. resource "fastly_service_v1" "demo" { name = "demofastly" domain { name = "demo.notexample.com" comment = "demo" } backend { address = "127.0.0.1" name = "localhost" port = 80 } force_destroy = true vcl { name = "my_custom_main_vcl" content = "${file("${path.module}/my_custom_main.vcl")}" main = true } vcl { name = "my_custom_library_vcl" content = "${file("${path.module}/my_custom_library.vcl")}" } }
  23. 23. resource "cloudflare_record" "foobar" { domain = "${var.cloudflare_domain}" name = "terraform" value = "192.168.0.11" type = "A" ttl = 3600 }
  24. 24. State Management
  25. 25. Remote State
  26. 26. Locking
  27. 27. Makefile Wrapper
  28. 28. Access Keys
  29. 29. Permissions
  30. 30. Modules
  31. 31. Outputs
  32. 32. What do Outputs look like?
  33. 33. Rolling Back
  34. 34. Automatic Applications
  35. 35. Generated Terraform Code
  36. 36. Perfect World
  37. 37. Questions?
  38. 38. www.yelp.com/careers/ We're Hiring!
  39. 39. @YelpEngineering fb.com/YelpEngineers engineeringblog.yelp.com github.com/yelp

×