Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Terraform + ansible talk

Presentation from Henry Gallo and Steve Paelet at DevOps NYC Meetup on Thursday, February 20, 2020

Understanding the Relationship: Ansible & Terraform

https://www.meetup.com/DevOps-NYC/events/267780085/

  • Be the first to comment

  • Be the first to like this

Terraform + ansible talk

  1. 1. +
  2. 2. What is Terraform? 1. Terraform is an open-source tool for Infrastructure as Code (IaC) 2. Terraform is a declarative language based on HCL (Hashicorp Configuration Language) 3. Terraform is used to provision resources that are defined as code 4. Terraform is written in Go The key advantage of this is that it enables you to manage your infrastructure with the same processes that you use to manage the source code of an application with tools like git.
  3. 3. How do Ansible and Terraform work together?
  4. 4. Overlap between the tools - Ansible can create physical resources - But managing relationships between them can be awkward - E.g. Assigning an EIP to an EC2 instance - And you can configure machines through Terraform - User Data - Takes time for the machine to configure itself on startup. - Separating gives you more options - Packer, etc. - Ansible > Shell - But different tools have different strengths - Use the best tool for each part of the job
  5. 5. Other Tools ● Terraform vs. Cloudformation ○ Cross platform ○ CLI differences - terraform plan, watch progress in console ● Ansible vs. Shell, Chef, Puppet, Salt, etc. ○ Ansible is: agentless, stateless
  6. 6. Terraform Basic Composition ● Providers ● Root modules ● Reusable modules ● Inputs ● Outputs ● Resources
  7. 7. What are providers A provider is responsible for understanding API interactions and exposing resources. Providers generally are an IaaS for example AWS, GCP, Azure etc. Providers serve 4 main purposes ● Create: resourceServerCreate, ● Read: resourceServerRead, ● Update: resourceServerUpdate, ● Delete: resourceServerDelete, Defining a resource provider "aws" { region = "us-east-1" profile = "henry_gallo" }
  8. 8. What are tf Modules? A module is a collection of multiple resources that are used together, it can be considered the base unit of terraform. All terraform configuration should be written in the form of a module. All terraform modules consist of three distinct parts:
  9. 9. What are tf Modules? A module is a collection of multiple resources that are used together, it can be considered the base unit of terraform. All terraform configuration should be written in the form of a module. All terraform modules consist of three distinct parts: ● Input variables to accept values from the caller.
  10. 10. What are tf Modules? A module is a collection of multiple resources that are used together, it can be considered the base unit of terraform. All terraform configuration should be written in the form of a module. All terraform modules consist of three distinct parts: ● Input variables to accept values from the caller. ● Output values to return results to the caller.
  11. 11. What are tf Modules? A module is a collection of multiple resources that are used together, it can be considered the base unit of terraform. All terraform configuration should be written in the form of a module. All terraform modules consist of three distinct parts: ● Input variables to accept values from the caller. ● Output values to return results to the caller. ● Resources to define one or more infrastructure objects that the module will manage.
  12. 12. Types of Modules Root Modules This is the only required element for the standard module structure. Terraform files must exist in the root directory of the repository. This should be the primary entrypoint for the module and is expected to be opinionated. module "firewall_ec2" { security_group_name = "terraform_demo_ec2" sg_description = "Allow ssh inbound traffic" source = "git::https://github.com/hgallo0/ec2_sec_group.git?ref=v0.0.2" … }
  13. 13. Types of Modules Reusable Modules Reusable modules are used to create lightweight abstractions of the resources defined by your provider, they enable the use of terraform files across multiple projects avoiding duplication, this concept is similar to Libraries in programing languages. resource "aws_security_group" "allow_http" { name = var.security_group_name description = var.sg_description vpc_id = var.vpc_id ...
  14. 14. Terraform State Terraform must store state about your managed infrastructure and configuration. This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure. terraform { backend "s3" { bucket = "terraform-meetup" key = "ec2" encrypt = "true" region = "us-east-1" dynamodb_table = "terraform-meetup" profile = "henry_gallo" ...
  15. 15. Modification is highly discouraged Inspection and Modification While the format of the state files are just JSON, direct file editing of the state is discouraged. Terraform provides the terraform state command to perform basic modifications of the state using the CLI
  16. 16. But if you ever needed to error : Error: orphan resource module.firewall_ec2.aws_security_group.allow_http still has a non-empty state after apply; this is a bug in Terraform henrygallo@henrys-MacBook-Pro ec2 % terraform state rm module.firewall_ec2.aws_security_group.allow_http Removed module.firewall_ec2.aws_security_group.allow_http Successfully removed 1 resource instance(s).
  17. 17. Demo from Steve
  18. 18. Base code https://github.com/contino/terraform_talk.git
  19. 19. Initial files
  20. 20. Initializing terraform
  21. 21. .terraform dir content
  22. 22. The modules file
  23. 23. The remote state

×