Slides form Config Management Camp, looking at how you can take a collaborative GitFlow approach to Terraform using Remote State, Modules and Dynamically Generated Credentials using Vault
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
HashiCorp’s infrastructure management tool, Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
This talk describes a design pattern to help answer the previous questions. The talk is divided into two sections, with the first section describing and defining the design pattern with a Deployment Example. The second part uses a multi-repository GitHub organization to create a Real World Example of the design pattern.
Listen up, developers. You are not special. Your infrastructure is not a beautiful and unique snowflake. You have the same tech debt as everyone else. This is a talk about a better way to build and manage infrastructure: Terraform Modules. It goes over how to build infrastructure as code, package that code into reusable modules, design clean and flexible APIs for those modules, write automated tests for the modules, and combine multiple modules into an end-to-end techs tack in minutes.
You can find the video here: https://www.youtube.com/watch?v=LVgP63BkhKQ
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
This talk is a very quick intro to Docker, Terraform, and Amazon's EC2 Container Service (ECS). In just 15 minutes, you'll see how to take two apps (a Rails frontend and a Sinatra backend), package them as Docker containers, run them using Amazon ECS, and to define all of the infrastructure-as-code using Terraform.
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
HashiCorp’s infrastructure management tool, Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
This talk describes a design pattern to help answer the previous questions. The talk is divided into two sections, with the first section describing and defining the design pattern with a Deployment Example. The second part uses a multi-repository GitHub organization to create a Real World Example of the design pattern.
Listen up, developers. You are not special. Your infrastructure is not a beautiful and unique snowflake. You have the same tech debt as everyone else. This is a talk about a better way to build and manage infrastructure: Terraform Modules. It goes over how to build infrastructure as code, package that code into reusable modules, design clean and flexible APIs for those modules, write automated tests for the modules, and combine multiple modules into an end-to-end techs tack in minutes.
You can find the video here: https://www.youtube.com/watch?v=LVgP63BkhKQ
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
This talk is a very quick intro to Docker, Terraform, and Amazon's EC2 Container Service (ECS). In just 15 minutes, you'll see how to take two apps (a Rails frontend and a Sinatra backend), package them as Docker containers, run them using Amazon ECS, and to define all of the infrastructure-as-code using Terraform.
https://www.youtube.com/watch?v=IeweKUdHJc4
My presentation from Hashiconf 2017, discussing our use of Terraform, and our techniques
to help make it safe and accessible.
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
This talk is a step-by-step, live-coding class on how to write automated tests for infrastructure code, including the code you write for use with tools such as Terraform, Kubernetes, Docker, and Packer. Topics covered include unit tests, integration tests, end-to-end tests, test parallelism, retries, error handling, static analysis, and more.
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
Introductory Overview to Managing AWS with TerraformMichael Heyns
From the AWS NZ Auckland Community Meetup - May 4th 2017
https://www.meetup.com/AWS_NZ/events/236169428/
We get a first look at Hashicorp's Terraform and how to use it for Infrastructure as Code with Amazon Web Services.
We'll also share how it fits in with our current CI/CD workflow at the Invenco cloud services team
Sample code available at https://github.com/beanaroo/aws_nz_meetup-terraform_intro
You have heard about how great infrastructure as code is. But your organization already has existing infrastructure which were created manually and are now active in production - growing to an unmanageable level. How do you manage them all now in code? This talk will cover how we at Samsung R&D Canada did exactly that with Terraform including the lessons we learned along the way.
Introduction to Terraform - presented at the Perth Python & Django meetup on March 1 2018. Demo code repo can be found here: https://github.com/jaymickey/terraform-demo
This beginning terraform workshop will teach you how to safely create and provision Infrastructure as Code (IAC) using Hashicorp Terraform in an AWS environment. In this class you will learn how to setup and install terraform. You will also be given a walkthrough of Terraform fundamentals. You will be lead through the process of deploying a single server, deploying a cluster and setting up a load balancer. You will also learn how to author Terraform Modules, work with Route53 and how to manage DNS.
Requirements. You will need to have an AWS account set up already with Terraform v0.9.3 installed. You will also need to have git install to download the workshop material.
You can find more informaiton on how to install terraform here: https://www.terraform.io/intro/getting-started/install.html. You can sign up for an AWS account here: https://aws.amazon.com/account/
https://github.com/jasonvance/terraform-introduction
Terraform modules and best-practices - September 2018Anton Babenko
Slides for my "Terraform modules and best-practices" talk on meetups during September 2018.
Some links from the slides:
https://www.terraform-best-practices.com/
https://cloudcraft.co/
https://github.com/terraform-aws-modules/
https://github.com/antonbabenko/modules.tf-lambda
https://www.youtube.com/watch?v=IeweKUdHJc4
My presentation from Hashiconf 2017, discussing our use of Terraform, and our techniques
to help make it safe and accessible.
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
This talk is a step-by-step, live-coding class on how to write automated tests for infrastructure code, including the code you write for use with tools such as Terraform, Kubernetes, Docker, and Packer. Topics covered include unit tests, integration tests, end-to-end tests, test parallelism, retries, error handling, static analysis, and more.
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
Introductory Overview to Managing AWS with TerraformMichael Heyns
From the AWS NZ Auckland Community Meetup - May 4th 2017
https://www.meetup.com/AWS_NZ/events/236169428/
We get a first look at Hashicorp's Terraform and how to use it for Infrastructure as Code with Amazon Web Services.
We'll also share how it fits in with our current CI/CD workflow at the Invenco cloud services team
Sample code available at https://github.com/beanaroo/aws_nz_meetup-terraform_intro
You have heard about how great infrastructure as code is. But your organization already has existing infrastructure which were created manually and are now active in production - growing to an unmanageable level. How do you manage them all now in code? This talk will cover how we at Samsung R&D Canada did exactly that with Terraform including the lessons we learned along the way.
Introduction to Terraform - presented at the Perth Python & Django meetup on March 1 2018. Demo code repo can be found here: https://github.com/jaymickey/terraform-demo
This beginning terraform workshop will teach you how to safely create and provision Infrastructure as Code (IAC) using Hashicorp Terraform in an AWS environment. In this class you will learn how to setup and install terraform. You will also be given a walkthrough of Terraform fundamentals. You will be lead through the process of deploying a single server, deploying a cluster and setting up a load balancer. You will also learn how to author Terraform Modules, work with Route53 and how to manage DNS.
Requirements. You will need to have an AWS account set up already with Terraform v0.9.3 installed. You will also need to have git install to download the workshop material.
You can find more informaiton on how to install terraform here: https://www.terraform.io/intro/getting-started/install.html. You can sign up for an AWS account here: https://aws.amazon.com/account/
https://github.com/jasonvance/terraform-introduction
Terraform modules and best-practices - September 2018Anton Babenko
Slides for my "Terraform modules and best-practices" talk on meetups during September 2018.
Some links from the slides:
https://www.terraform-best-practices.com/
https://cloudcraft.co/
https://github.com/terraform-aws-modules/
https://github.com/antonbabenko/modules.tf-lambda
Kubernetes and AWS Lambda can play nicely togetherEdward Wilde
Vendor lock-in can be a worry for many engineers . A new innovative approach, will for the first time, allow open-source serverless to run on AWS Lambda or Kubernetes using the same deployment artefact, packaged using the tools we love: containers.
OpenFaaS is an open-source function as a service (FaaS) platform on the [CNCF serverless landscape](https://landscape.cncf.io/format=serverless).
With OpenFaaS you can package anything as a serverless function and deploy to Kubernetes using containers. Due to UNIX-like primitives in the core architecture, it was possible to extend the system to run functions on both Kubernetes and AWS Lambda depending on user preference. The core components of OpenFaaS still run on Kubernetes but the functions are deployed and invoked on AWS Lambda
AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...Amazon Web Services
Through a combination of Amazon ECS and open source technologies, customers are able to build portable CI/CD pipelines on AWS. As container based deployments become more complex, they require additional rigging for integration. In this session, we show how popular Apache products like Kakfa, Storm, and Zookeeper are being deployed on top of Amazon ECS. We hear from HERE, a provider of mapping data, technologies, and services to the automotive, consumer, and enterprise sectors about an approach that leverages Consul from Hashicorp and Amazon ECS clusters for short-cycle deployments and tag-based environment promotion.
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
Alfresco Summit 2014 (London)
Though best practice is to leverage Alfresco through the well defined API's, it can be useful to understand the internals of the repository so that your development efforts are the most effective. A deep understanding of the repository will help you to evaluate performance bottlenecks, look for bugs, or make contributions. This session provides an overview of the repository internals, including the major components, the key services, subsystems, and database. We then provide an example where we leverage the repository in a micro-service architecture while building Alfresco's future cloud products and show how the different parts of the repository interact to fulfill requests.
http://summit.alfresco.com/london/sessions/diving-deep-alfresco-repository
https://www.youtube.com/watch?v=TAE9UjC0xxc
We are sharing our process of migrating to the container based DroneCI platform and our lessons learned when scaling it up for an active open source project like ownCloud. Our journey started with a static legacy CI system, which was gradually replaced with, at first, a static DroneCI infrastructure. Over the course of half a year, we further more migrated to a cloud provider in order to dynamically scale the CI system based on the build volume. The lessons learned during this journey, were transformed and contributed to the DroneCI project and resulted in the DroneCI autoscaler - which allows for automatic scaling of infrastructure resources with common cloud providers.
Apache Solr on Hadoop is enabling organizations to collect, process and search larger, more varied data. Apache Spark is is making a large impact across the industry, changing the way we think about batch processing and replacing MapReduce in many cases. But how can production users easily migrate ingestion of HDFS data into Solr from MapReduce to Spark? How can they update and delete existing documents in Solr at scale? And how can they easily build flexible data ingestion pipelines? Cloudera Search Software Engineer Wolfgang Hoschek will present an architecture and solution to this problem. How was Apache Solr, Spark, Crunch, and Morphlines integrated to allow for scalable and flexible ingestion of HDFS data into Solr? What are the solved problems and what's still to come? Join us for an exciting discussion on this new technology.
MongoDB World 2019: Terraform New Worlds on MongoDB Atlas MongoDB
MongoDB Atlas, MongoDB's database as a service platform, has made it faster and easier than ever to use MongoDB and as teams find their Atlas "flow" they smartly want to automate it to increase developer velocity. Many are creating this kind of automation with HashiCorp's Terraform so let's bring these two great platforms together! We'll look at the resources provided by the Atlas API and then I'll show how to automate a flow securely with a Terraform Provider for Atlas. We will end by covering how MongoDB is making this experience even better going forward.
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Docker, Inc.
Terraform is a tool for building and safely iterating on infrastructure, while Consul provides service discovery, monitoring and orchestration. In this talk we discuss using Terraform and Consul together to build a Docker-based Service Oriented Architecture at scale. We use Consul to provide the runtime control plane for the datacenter, and Terraform is used to modify the underlying infrastructure to allow for elastic scalability.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
4.
Adgenda
• Why you have a problem
• Quick Terraform intro
• Collaborating with Terraform
• Remote State
• Modules
• GitFlow
• CI/CD
• Managing provider secrets
7.
Why you have a problem
• Infrastructure as a service (e.g. AWS, Azure, GCP, DigitalOcean)
• Platform as a service (e.g. Heroku)
sheriffjackson
8.
Why you have a problem
• Many organizations start with PaaS
• Fast default to IaaS as organization grows
• PaaS is amazing, but limitations do not scale with well with
application complexity
sheriffjackson
10.
What is Terraform? - Write
• Define infrastructure as code to increase operator productiveity
and transparency
• Configuration can be stored in version control, shared, and
collaborated on by teams
• If it can be codified, it can be automated
sheriffjackson
11.
What is Terraform? - Plan
• Understand how a minor change could have cascading effects
across infrastructure before executing the change
• Plans show operators what would happen, applies execute
changes
• Single workflow across all infrastructure providers (AWS, GCP,
Azure, OpenStack, VMware, and more)
sheriffjackson
12.
What is Terraform? - Apply
• Use the same configuration in multiple places to reduce
mistakes and save time
• Provision identical staging, QA, and production environments
• Effortlessly combine high-level system providers
• Dependency resolution means things happen in the right order
sheriffjackson
17.
Collaborating with Terraform - Remote state
• Backends are responsible for storing state and providing an API for
state locking. State locking is optional.
• Backends determine where state is stored
• 10 officially supported backends
• Allows state to be stored remotely
• Keeps sensitive information off disk
sheriffjackson
18.
Remote state backends
• artifactory - not locking
• azurerm - locking
• consul - locking
• etcd - not locking
• gcs - locking
• http - optional locking
• manta - locking
• s3 - locking
• swift - not locking
• terraform enterprise - not
locking
21.
Introduction to Modules - What is a module?
• A module is simply a blueprint for your application
• A module is a high level abstraction
• A module is your own PaaS
• Modules can be shared in Github or the Terraform Module
registry
sheriffjackson
22.
Introduction to Modules - What is a module?
• Modules abstract complexity
• Module perform a single task and have a single purpose
• Build once, use many
sheriffjackson
28.
Introduction to Modules - Modules can contain modules
• Modules can be composed of sub-modules
• Sub-modules can be composed of sub-sub-modules
• Sub-sub-modules can be composed of sub-sub-sub-modules
• ...
sheriffjackson
29.
Introduction to Modules - Multi-Cloud
• It will never be possible to write a common abstraction at a
resource level for an instance in different cloud providers
• Modeling infrastructure on a high level such as K8s cluster with
modules allows abstraction and hides implementation
sheriffjackson
38.
Public Service Announcement!
• DO NOT EXPOSE Vault / CI WITH PUBLIC GitHub
• THIS IS A SIMPLIFIED EXAMPLE FOR DEMONSTRATION ONLY
39.
Collaborating with Terraform - Fork me
sheriffjackson
https://github.com/nicholasjackson/
terraform-cfgmgmtcamp
1) Fork the below repository
2) Create a new branch
3) Refactor into a module
4) Pull request
41.
Managing Credentials with Vault - Why?
• Separating read / write credentials
• TTL on credentials with automatic revoke
• Fine grained control over access
• Audit log
• Reduce secret sprawl
• Developers / operators DO NOT require explicit credentials
sheriffjackson
42.
Managing Credentials with Vault - Process
sheriffjackson
login to vault
create AWS
credentials
(with TTL)
create IAM
user
(with policy)
request AWS
credentials
terraform
plan/apply/
destroy
write to audit
log
revoke
credentials
(TTL expired)
delete IAM
user
return credentials
GitHub token
validate login
with GitHub
vault token
admin IAM
policy IAM
43.
AWS Secrets
Managing Credentials with Vault - hierarchy
sheriffjackson
role A
(aws_read)
role B
(aws_write)
policy A
(aws_read)
[read]
policy C
(aws_write)
[read]
policy B
(aws_read)
[read, create]
GitHub Auth
user B
(ricksanchez)
user A
(nicholasjackson)
44. Terminal
# enable the vault secrets engine for AWS
$ vault secrets enable aws
Success! Enabled the aws secrets engine at: aws/
# add IAM credentials which have the capability to manage IAM credentials
$ vault write aws/config/root
access_key=AKIAJWVN5Z4FOFT7NLNA
secret_key=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
region=us-east-1
Configure AWS
secret engine
45. Terminal
# enable the vault secrets engine for AWS
$ vault auth enable github
# set the auth endpoint to a GitHub organization
$ vault write auth/github/config organization=hashicorp
Configure GitHub
auth
48. Terminal
# create the read only role
$ vault write aws/roles/aws_readonly policy=@aws_read_policy.json
Success! Data written to: aws/roles/aws_readonly
# create the write role
$ vault write aws/roles/aws_write policy=@aws_write_policy.json
Success! Data written to: aws/roles/aws_write
Configure roles
51. Terminal
# Add the read only policy to vault
$ vault write sys/policy/aws_readonly policy=@aws_readonly.hcl
Success! Data written to: sys/policy/aws_readonly
# Add the write policy to vault
$ vault write sys/policy/aws_write policy=@aws_write.hcl
Success! Data written to: sys/policy/aws_write
Add the policy to
Vault
52. Terminal
# Assign the policy to the GitHub user
$ vault write auth/github/map/users/nicholasjackson
value=aws_readonly,aws_write
Success! Data written to: auth/github/map/users/nicholasjackson
# Or assign the policy to a GitHub team
$ vault write auth/github/map/teams/hasicorp value=aws_readonly,aws_write
Success! Data written to: auth/github/map/teams/hashicorp
Assign the policy
to the GitHub
user
53. Terminal
# login to vault with GitHub token
$ vault login -token-only -method=github token=${GITHUB_TOKEN}
The token was not stored in token helper. Set the VAULT_TOKEN environment
variable or pass the token below with each request to Vault.
ebb39457-cdb8-41ae-c227-9e0245837873
# use vault token to obtain AWS credentials
$ VAULT_TOKEN=ebb39457-cdb8-41ae-c227-9e0245837873 vault read aws/creds/
aws_readonly
Key Value
--- -----
lease_id aws/creds/aws_readonly/0bb798a3-c4fd-0609-6bcd-
f34673156c8a
lease_duration 15m
lease_renewable true
access_key AKIAJMWSOATIG3VQJCNA
secret_key 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
security_token <nil>
Login with GitHub
obtain IAM
credentials
54. provider "vault" {
address = "http://pi01.local.demo.gs:8200"
}
module "vault" {
source = "./vault"
github_org = "hashicorp"
aws_access_key_id = "xxxxxxxxxxxxxx"
aws_access_key_secret = "xxxxxxxxxxxxxxxxxxxxxx"
aws_region = "us-east-1"
}
We can also
do this with
a module
https://github.com/nicholasjackson/terraform-cfgmgmtcamp/tree/master/vault