Upcoming SlideShare
Journey to Terraform Enterprise with upgrading v0.10 to v0.12
- 1. Journey to Terraform Enterprise with upgrading v0.10 to v0.12 2019.10.23 Mitchell Hashimoto in Tokyo! HashiCorp Meetup Yu, SUDO / SENTO Team, Recruit Lifestyle
- 2. リクルートライフスタイル ネットビジネス本部 横断インフラグループ SENTOチーム Yu, SUDO
- 3. https://pages.awscloud.com/rs/112-TZM-766/images/J3-03.pdf https://youtu.be/_Y7xGaG3xJU
- 4. 1
- 5. Our team 11 Members 70 Accounts
- 6. 11 Members 70 Accounts 140+ Terraform Workspaces
- 7. 11 Members 70 Accounts 70 Strong Credentials!!
- 8. Members change...but
- 9. Members change...but Can’t revoke everytime!!
- 10. Potential Risk on Governance for Credentials
- 11. 2
- 12. Our Repository is Github Enterprise With IP Whitelist GhE Terraform Cloud CircleCI Travis CI
- 13. GhE Jenkins Private Drone CI SSM Automation
- 14. Can you maintain CI tools for 70+ Accounts? Endless TOIL!! GhE Jenkins Private Drone CI SSM Automation
- 15. 3
- 16. Our Accounts are in-service for Customers, Clients
- 17. 11 Members 70 Accounts 1300+ commits 430+ PRs
- 18. Administering Core components on AWS Avoid misoperation incidents! IAM VPC Peering Security Group Subnets etc.
- 19. We needed a Smart Workflow automatic plan, apply with approval Create Pull Request → terraform plan Merged, Approved → terraform apply
- 20. Credentials Governance Smart WorkflowMaintenance Free CI for Terraform
- 21. Terraform Enterprise Credentials Governance Smart WorkflowMaintenance Free CI for Terraform Cheaper than employ terraform specialist !?
- 22. Terraform Enterprise
- 23. Workspaces based license, 70 Accounts 140+ Terraform Workspaces
- 24. Our Workspaces based on Terraform 0.10.8 upgrade to 0.12.x!! 0.12.x 0.10.8 0.11.x
- 25. Terraform Enterprise + Rewrite All with Terraform 0.12 Workspaces based license upgrade to 0.12.x
- 26. Workspaces Merged in Each Account system ├── dev │ ├── ap-northeast-1/main.tf │ └── global/main.tf └── prd ├── ap-northeast-1/main.tf └── global/main.tf system ├── dev │ └── main.tf └── prd └── main.tf 70 Workspaces
- 27. Modules Re-structured modules ├── cloudtrail ├── cloudwatch_logs ├── config ├── guardduty ├── iam : ├── s3_bucket └── vpc modules ├── account_base ├── audit ├── id_federation ├── log_collection ├── standard_network └── : by Use-cases
- 28. No Credentials, AssumeRole with ExternalID provider.tf profile = "****-terraform" assume_role { role_arn = "arn:aws:iam:: ************:role/terraform-role" session_name = "****-terraform" external_id = "XxxXXxxX" }
- 29. tfstate in Terraform Enterprise settings.tf backend "s3" { bucket = "****-terraform" key = "path/****.tfstate" region = "ap-northeast-1" profile = "****-terraform" } backend "remote" { hostname = "ptfe.hostname" workspaces { name = "****-terraform" } }
- 30. generate new tfstate using import with 800+ lines shell script 0.12.x tfstate 0.10.8 tfstate
- 31. Our Trouble on Terraform Enterprise
- 32. Terraform Enterprise Automated Recovery Recovery from S3 Snapshot into S3 Crash
- 33. Terraform Enterprise Automated Recovery Recovery from S3 Snapshot into S3 Crash
- 34. { "DaemonAuthenticationType": "anonymous", "TlsBootstrapType": "self-signed", "BypassPreflightChecks": true, "ImportSettingsFrom": "/path/to/settings.json", "LicenseFileLocation": "/path/to/license.rli" } misconfiguration of /etc/replicated.conf see https://www.terraform.io/docs/enterprise/install/automating-the-installer.html# online
- 35. After Terraform Enterprise Our Team 1. Execution without Credentials 2. Up-to-date Terraform CI suite 3. Smart Workflow with Approval
- 36. We are hiring! https://engineer.recruit-lifestyle.co.jp/recruiting/
- 37. THANK YOU
Login to see the comments