Presentation from Henry Gallo and Steve Paelet at DevOps NYC Meetup on Thursday, February 20, 2020
Understanding the Relationship: Ansible & Terraform
https://www.meetup.com/DevOps-NYC/events/267780085/
2. What is Terraform?
1. Terraform is an open-source tool for Infrastructure as Code (IaC)
2. Terraform is a declarative language based on HCL (Hashicorp Configuration Language)
3. Terraform is used to provision resources that are defined as code
4. Terraform is written in Go
The key advantage of this is that it enables you to manage your infrastructure with the same processes
that you use to manage the source code of an application with tools like git.
4. Overlap between the tools
- Ansible can create physical resources
- But managing relationships between them can be awkward
- E.g. Assigning an EIP to an EC2 instance
- And you can configure machines through Terraform
- User Data
- Takes time for the machine to configure itself on startup.
- Separating gives you more options - Packer, etc.
- Ansible > Shell
- But different tools have different strengths
- Use the best tool for each part of the job
5. Other Tools
● Terraform vs. Cloudformation
○ Cross platform
○ CLI differences - terraform plan, watch progress in console
● Ansible vs. Shell, Chef, Puppet, Salt, etc.
○ Ansible is: agentless, stateless
7. What are providers
A provider is responsible for understanding API interactions and exposing resources.
Providers generally are an IaaS for example AWS, GCP, Azure etc.
Providers serve 4 main purposes
● Create: resourceServerCreate,
● Read: resourceServerRead,
● Update: resourceServerUpdate,
● Delete: resourceServerDelete,
Defining a resource
provider "aws" {
region = "us-east-1"
profile = "henry_gallo"
}
8. What are tf Modules? A module is a collection of multiple resources
that are used together, it can be considered
the base unit of terraform. All terraform
configuration should be written in the form of
a module.
All terraform modules consist of three
distinct parts:
9. What are tf Modules? A module is a collection of multiple resources
that are used together, it can be considered
the base unit of terraform. All terraform
configuration should be written in the form of
a module.
All terraform modules consist of three
distinct parts:
● Input variables to accept values from
the caller.
10. What are tf Modules? A module is a collection of multiple resources
that are used together, it can be considered
the base unit of terraform. All terraform
configuration should be written in the form of
a module.
All terraform modules consist of three
distinct parts:
● Input variables to accept values from
the caller.
● Output values to return results to the
caller.
11. What are tf Modules? A module is a collection of multiple resources
that are used together, it can be considered
the base unit of terraform. All terraform
configuration should be written in the form of
a module.
All terraform modules consist of three
distinct parts:
● Input variables to accept values from
the caller.
● Output values to return results to the
caller.
● Resources to define one or more
infrastructure objects that the module
will manage.
12. Types of Modules
Root Modules
This is the only required element for the standard module structure. Terraform files must exist in the root directory of
the repository. This should be the primary entrypoint for the module and is expected to be opinionated.
module "firewall_ec2" {
security_group_name = "terraform_demo_ec2"
sg_description = "Allow ssh inbound traffic"
source = "git::https://github.com/hgallo0/ec2_sec_group.git?ref=v0.0.2"
…
}
13. Types of Modules
Reusable Modules
Reusable modules are used to create lightweight abstractions of the resources defined by your provider, they enable
the use of terraform files across multiple projects avoiding duplication, this concept is similar to Libraries in
programing languages.
resource "aws_security_group" "allow_http" {
name = var.security_group_name
description = var.sg_description
vpc_id = var.vpc_id
...
14. Terraform State
Terraform must store state about your managed infrastructure and configuration. This state is stored by default in a local file
named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment.
Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a
refresh to update the state with the real infrastructure.
terraform {
backend "s3" {
bucket = "terraform-meetup"
key = "ec2"
encrypt = "true"
region = "us-east-1"
dynamodb_table = "terraform-meetup"
profile = "henry_gallo"
...
15. Modification is highly
discouraged
Inspection and Modification
While the format of the state files are just JSON, direct file editing of the state is discouraged. Terraform provides the terraform
state command to perform basic modifications of the state using the CLI
16. But if you ever needed to
error : Error: orphan resource module.firewall_ec2.aws_security_group.allow_http still has a non-empty state after apply; this is a bug in
Terraform
henrygallo@henrys-MacBook-Pro ec2 % terraform state rm module.firewall_ec2.aws_security_group.allow_http
Removed module.firewall_ec2.aws_security_group.allow_http
Successfully removed 1 resource instance(s).