SlideShare une entreprise Scribd logo

London HUG 12/4

L
London HashiCorp User Group

Mitchell Hashimoto - Terraform hug 2017

Technologie
1  sur  80
Télécharger pour lire hors ligne
Terraform
NYCHashiDays MAY 15 | @CONVENE | NYC, NEW YORK
LONDONHashiDays JUNE 12 | @THE BREWERY | LONDON, UK
@mitchellh MITCHELL HASHIMOTO
Terraform
Terraform Goals • Unified view of infrastructure • Infrastructure as code • Compose multiple tiers (IaaS to PaaS to SaaS) • Safely change/iterate infrastructure over time • One workflow
Terraform Features • Open Source • Infrastructure as Code • Resource Providers • Plan and Apply • Collaboration, History [Enterprise]
Open Source
Open Source
File resource "google_compute_instance" "server" { name = "server" machine_type = "g1-small" zone = "us-central1-a" disk { image = "ubuntu-1404-trusty-v20160114e" } } resource "dnsimple_record" "hello" { domain = "example.com" name = "server" value = "${google_compute_instance.server.network_interface.0.address}" type = "A" }
Terminal $ terraform plan + google_compute_instance.server can_ip_forward: "false" disk.#: "1" disk.0.auto_delete: "true" disk.0.image: "ubuntu-1404-trusty-..." machine_type: "g1-small" metadata_fingerprint: "<computed>" name: "server" network_interface.#: "1" network_interface.0.address: "<computed>" network_interface.0.name: "<computed>" network_interface.0.network: "default" self_link: "<computed>" tags_fingerprint: "<computed>" zone: "us-central1-a" ... Plan: 3 to add, 0 to change, 0 to destroy.
Plan • Plan shows you what will happen • Plans can be saved to guarantee what will happen • Plans show reasons for certain actions (such as re-create) • Not equivalent to "noop" due to the ability to save a plan
Terminal $ terraform apply google_compute_instance.server: Creating... can_ip_forward: "" => "false" disk.#: "" => "1" disk.0.auto_delete: "" => "true" disk.0.image: "" => "ubuntu-1404-trusty..." machine_type: "" => "g1-small" metadata_fingerprint: "" => "<computed>" name: "" => "server" network_interface.#: "" => "1" network_interface.0.address: "" => "<computed>" network_interface.0.name: "" => "<computed>" network_interface.0.network: "" => "default" self_link: "" => "<computed>" tags_fingerprint: "" => "<computed>" zone: "" => "us-central1-a" ... Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Apply • Executes changes in order based on dependencies • Parallelizes changes when possible • Handles and recovers transient errors
Apply for Changes • Not only creation, but changes over time • Plan will show you what will happen • The `-target` flag can be used for fine-grained change
Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
Terraform Enterprise • Remote Plan/Apply • Integration with GitHub (plan PRs, apply on merge) • Variable storage and encryption • State storage, history, rollback, and locking • HTTP API to modify state, queue plans, etc. • Notifications on infra change, plan request, etc.
Terraform 0.8 (December 13, 2016) • "terraform console" • Conditional values • Terraform version requirement in config • Nomad and Vault provider
"terraform console"
Terminal $ terraform console > aws_instance.foo.id i-abcd1234 > 1 + 2 3 > length(aws_instance.web.*.id) 3 > module.child.instance_name child-instance
Terminal $ echo '1+2' | terraform console 3
Terraform Console • Read-only view of your state • Accepts interpolation syntax (including function calls!) • Support for stdin enables scripting • Works with remote state • Good for beginners and advanced users!
Conditional Values
File resource "google_compute_instance" "server" { name = "server" machine_type = "${var.env == "dev" ? "g1-small" : "n1-standard-2"}" ... }
File resource "google_compute_instance" "server" { count = "${var.env == "dev" ? 0 : 3}" ... }
Conditional Values • If-statements for single values within Terraform • Enables on/off of resources (by using count) • The beginning of more logic in Terraform configs
TF Version Requirement
File terraform { required_version = "> 0.8.0" }
File terraform { required_version = "> 0.8.0, < 0.9.0" }
Terminal $ terraform console The currently running version of Terraform doesn't meet the version requirements explicitly specified by the configuration. Please use the required version or update the configuration. Note that version requirements are usually set for a reason, so we recommend verifying with whoever set the version requirements prior to making any manual changes. Module: root Required version: < 0.5.0, > 1.0 Current version: 0.9.1
Terraform Version Requirement • Restrict Terraform version against config • Avoid known-bad Terraform versions for your resources • Modules can also restrict Terraform versions!
Nomad Provider
File provider "nomad" { address = "nomad.mycompany.com" region = "us-east-2" } resource "nomad_job" "monitoring" { jobspec = "${file("${path.module}/jobspec.hcl")}" }
Nomad Provider • Setup system level jobs that are required • Configure Nomad after setting up Nomad cluster • Not expected to replace "nomad run"
Vault Provider
File data "vault_generic_secret" "rundeck_auth" { path = "secret/rundeck_auth" } provider "rundeck" { url = "http://rundeck.example.com/" auth_token = "${data.vault_generic_secret.rundeck_auth.data["auth_token"]}" }
File resource "vault_generic_secret" "example" { path = "secret/foo" data_json = <<EOT { "foo": "bar", "pizza": "cheese" } EOT }
File resource "vault_policy" "example" { name = "dev-team" policy = <<EOT path "secret/my_app" { policy = "write" } EOT }
Vault Provider • Read secrets from Vault • Write secrets to Vault • Configure Vault policy • Imagine: Terraform to initialize Vault cluster, setup initial Vault policy, manage Vault policy over time.
Terraform 0.9 (March 15, 2017) • Destroy provisioners • Remote backends • State locking • State environments
Destroy Provisioners
Provisioners (Terraform <= 0.8) • Run arbitrary code locally or remotely on resource creation • If provisioner fails, resource is tainted and scheduled for recreation on the next apply
File resource "null_resource" "example" { provisioner "local-exec" { command = "echo foo" } }
File resource "null_resource" "example" { provisioner "local-exec" { command = "echo foo" } provisioner "local-exec" { command = "echo destroying" when = "destroy" } }
Terminal $ terraform apply null_resource.example: Creating... null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "echo foo" null_resource.example (local-exec): foo null_resource.example: Creation complete (ID: 1965091882910923448) Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Terminal $ terraform destroy -force null_resource.example: Refreshing state... (ID: 1965091882910923448) null_resource.example: Destroying... (ID: 1965091882910923448) null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "echo destroying" null_resource.example (local-exec): destroying null_resource.example: Destruction complete
Destroy Provisioners • Configured with when = "destroy" • Run on resource destroy (not just "terraform destroy") • Failure cancels physical resource destruction by default • Can allow failure with on_failure = "continue"
File resource "null_resource" "example" { provisioner "local-exec" { command = "exit 1" when = "destroy" } }
Terminal $ terraform destroy -force null_resource.example: Refreshing state... (ID: 8665586891184105369) null_resource.example: Destroying... (ID: 8665586891184105369) null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "exit 1" Error applying plan: 1 error(s) occurred: * null_resource.example (destroy): 1 error(s) occurred: * Error running command 'exit 1': exit status 1.
File resource "null_resource" "example" { provisioner "local-exec" { command = "exit 1" when = "destroy" on_failure = "continue" } }
Terminal $ terraform destroy -force null_resource.example: Refreshing state... (ID: 8665586891184105369) null_resource.example: Destroying... (ID: 8665586891184105369) null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "exit 1" null_resource.example: Destruction complete Destroy complete! Resources: 1 destroyed.
Destroy Provisioners • Useful for resource cleanup • Can SSH into machine (any machine!) prior to destruction • Recommend resource cleanup live as part of the resource itself, but destroy provisioners give you another option
Remote Backends
Before Remote Backends (TF <= 0.8) • Awkward "remote config" command • Users could accidentally run Terraform without remote init • Configuration only via CLI • Local cache of state stored in .terraform/terraform.tfstate • Changed remote configuration was manual
Terminal $ # TERRAFORM <= 0.8, BEFORE REMOTE BACKENDS $ terraform remote config -backend=S3 -backend-config="bucket=<bucket>" -backend-config="key=<path to file>" ...
Remote Backends • Subsumes "remote state", enables locking, environments, more • Configure from tf files, external configuration, or CLI • Detects configuration change • Forces new users of a TF configuration to initialize • One command to init them all: `terraform init`
File terraform { backend "s3" { bucket = "<bucket>" key = "<path to file>" } }
Terminal $ terraform init Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Terraform has been successfully initialized!
Terminal $ # New user, didn't run init $ terraform console Backend reinitialization required. Please run "terraform init". Reason: Initial configuration of the requested backend "s3" ...
File terraform { backend "s3" { bucket = "CHANGED-THIS-SETTING" key = "<path to file>" } }
Terminal $ terraform console Backend reinitialization required. Please run "terraform init". Reason: Backend configuration changed for "s3" ...
Terminal $ terraform console Backend reinitialization required. Please run "terraform init". Reason: Unsetting the previously set backend "s3" ...
Remote Backends • One command to init: `terraform init` • Automatic detection of backend change (set, change, unset) • No state stored locally at all • Always gitignore ".terraform" folder
A Focus on Safety • Common complaint: easy to corrupt remote state • Remote backends add new layer of safety: detecting changes, checking "lineage", disallowing writing unsafe state, more.
A New "Init" • Init has existed since Terraform 0.1 • Used to just setup folder structure for new projects • Now the single source of init, safe to run multiple times • Initializes backend, downloads modules, creates folders • One day: downloads providers, verifies versions, more...
State Locking
State Locking • For supported backends, Terraform automatically locks state on write operations • If unlock fails, error is shown with lock ID to allow a force unlock • Doesn't lock against concurrent reads
File terraform { backend "consul" {} } resource "null_resource" "example" { provisioner "local-exec" { command = "sleep 10" } }
Terminal $ terraform apply null_resource.example: Creating... null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "sleep 10"
Terminal $ terraform apply Error loading state: failed to lock state in Consul: Lock Info: ID: 5c0b66d6-018f-59b4-5536-499fec947fb2 Path: foo Operation: OperationTypeApply Who: mitchellh@Mitchells-iMac.lan Version: 0.9.1 Created: 2017-04-04 16:16:59.733058195 +0000 UTC Info: $ terraform console >
State Environments
State Environments • A state namespace • Allows single folder of TF config to manage multiple distinct sets of infrastructure resources
Terminal $ terraform env list * default $ terraform env new mitchellh-test Created and switched to environment "mitchellh-test"! $ terraform env list default * mitchellh-test
File resource "aws_instance" "example" { count = "${terraform.env == "default" ? 5 : 1}" tags { Name = "web - ${terraform.env}" } # ... other fields }
Terraform
THANKS! Q/A HTTPS://WWW.TERRAFORM.IO

Recommandé

London Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in ProductionLondon Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in Production
London HashiCorp User Group
 
Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021
TomStraub5
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
Wesley Charles Blake
 
Docker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profitDocker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profit
Maxime Petazzoni
 
Ansible Oxford - Cows & Containers
Ansible Oxford - Cows & ContainersAnsible Oxford - Cows & Containers
Ansible Oxford - Cows & Containers
jonatanblue
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
Atlassian
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of Kubernetes
Mike Splain
 

Recommandé

London Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in ProductionLondon Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in Production
London HashiCorp User Group
 
Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021
TomStraub5
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
Wesley Charles Blake
 
Docker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profitDocker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profit
Maxime Petazzoni
 
Ansible Oxford - Cows & Containers
Ansible Oxford - Cows & ContainersAnsible Oxford - Cows & Containers
Ansible Oxford - Cows & Containers
jonatanblue
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
Atlassian
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of Kubernetes
Mike Splain
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
ZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processes
Julia Proskurnia
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker, Inc.
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitters
smalltown
 
Kube-AWS
Kube-AWSKube-AWS
Kube-AWS
CoreOS
 
Service discovery in Docker environments
Service discovery in Docker environmentsService discovery in Docker environments
Service discovery in Docker environments
alexandru giurgiu
 
Setup 3 Node Kafka Cluster on AWS - Hands On
Setup 3 Node Kafka Cluster on AWS - Hands OnSetup 3 Node Kafka Cluster on AWS - Hands On
Setup 3 Node Kafka Cluster on AWS - Hands On
hkbhadraa
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
Docker, Inc.
 
Terraform 101: What's infrastructure as code?
Terraform 101: What's infrastructure as code?Terraform 101: What's infrastructure as code?
Terraform 101: What's infrastructure as code?
GDX Wu
 
Discovering Docker Volume Plugins and Apps using VirtualBox
Discovering Docker Volume Plugins and Apps using VirtualBoxDiscovering Docker Volume Plugins and Apps using VirtualBox
Discovering Docker Volume Plugins and Apps using VirtualBox
Clinton Kitson
 
Hashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOpsHashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOps
Ramit Surana
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
smalltown
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
Timo Derstappen
 
Beyond static configuration
Beyond static configurationBeyond static configuration
Beyond static configuration
Stefan Schimanski
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
Victor S. Recio
 
Cloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring CloudCloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring Cloud
Conor Svensson
 
Docker cluster with swarm, consul, registrator and consul-template
Docker cluster with swarm, consul, registrator and consul-templateDocker cluster with swarm, consul, registrator and consul-template
Docker cluster with swarm, consul, registrator and consul-template
Julien Maitrehenry
 
DockerDay2015: Docker orchestration for developers
DockerDay2015: Docker orchestration for developersDockerDay2015: Docker orchestration for developers
DockerDay2015: Docker orchestration for developers
Docker-Hanoi
 
[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...
[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...
[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...
OpenStack Korea Community
 
Scaling Development Environments with Docker
Scaling Development Environments with DockerScaling Development Environments with Docker
Scaling Development Environments with Docker
Docker, Inc.
 
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
NETWAYS
 
TIAD : Automating the modern datacenter
TIAD : Automating the modern datacenterTIAD : Automating the modern datacenter
TIAD : Automating the modern datacenter
The Incredible Automation Day
 

Contenu connexe

Tendances

runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
Docker, Inc.
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
Timo Derstappen
 
Scaling Development Environments with Docker
Scaling Development Environments with DockerScaling Development Environments with Docker
Scaling Development Environments with Docker
Docker, Inc.
 

Tendances (20)

runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
ZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processes
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitters
 
Kube-AWS
Kube-AWSKube-AWS
Kube-AWS
 
Service discovery in Docker environments
Service discovery in Docker environmentsService discovery in Docker environments
Service discovery in Docker environments
 
Setup 3 Node Kafka Cluster on AWS - Hands On
Setup 3 Node Kafka Cluster on AWS - Hands OnSetup 3 Node Kafka Cluster on AWS - Hands On
Setup 3 Node Kafka Cluster on AWS - Hands On
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
 
Terraform 101: What's infrastructure as code?
Terraform 101: What's infrastructure as code?Terraform 101: What's infrastructure as code?
Terraform 101: What's infrastructure as code?
 
Discovering Docker Volume Plugins and Apps using VirtualBox
Discovering Docker Volume Plugins and Apps using VirtualBoxDiscovering Docker Volume Plugins and Apps using VirtualBox
Discovering Docker Volume Plugins and Apps using VirtualBox
 
Hashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOpsHashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOps
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
 
Beyond static configuration
Beyond static configurationBeyond static configuration
Beyond static configuration
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
 
Cloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring CloudCloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring Cloud
 
Docker cluster with swarm, consul, registrator and consul-template
Docker cluster with swarm, consul, registrator and consul-templateDocker cluster with swarm, consul, registrator and consul-template
Docker cluster with swarm, consul, registrator and consul-template
 
DockerDay2015: Docker orchestration for developers
DockerDay2015: Docker orchestration for developersDockerDay2015: Docker orchestration for developers
DockerDay2015: Docker orchestration for developers
 
[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...
[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...
[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...
 
Scaling Development Environments with Docker
Scaling Development Environments with DockerScaling Development Environments with Docker
Scaling Development Environments with Docker
 

Similaire à London HUG 12/4

OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
NETWAYS
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayAprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Plain Concepts
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017
Jonathon Brouse
 
Easy deployment & management of cloud apps
Easy deployment & management of cloud appsEasy deployment & management of cloud apps
Easy deployment & management of cloud apps
David Cunningham
 

Similaire à London HUG 12/4 (20)

OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
 
TIAD : Automating the modern datacenter
TIAD : Automating the modern datacenterTIAD : Automating the modern datacenter
TIAD : Automating the modern datacenter
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
 
Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipeline
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and Ops
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
 
Declarative Infrastructure Tools
Declarative Infrastructure Tools Declarative Infrastructure Tools
Declarative Infrastructure Tools
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
 
Terraform infraestructura como código
Terraform infraestructura como códigoTerraform infraestructura como código
Terraform infraestructura como código
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayAprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practices
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013
 
Terraform 101
Terraform 101Terraform 101
Terraform 101
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
 
Easy deployment & management of cloud apps
Easy deployment & management of cloud appsEasy deployment & management of cloud apps
Easy deployment & management of cloud apps
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
 

Plus de London HashiCorp User Group

Plus de London HashiCorp User Group (11)

London HUG 15/8/17 - Elseviers World using Nomad
London HUG 15/8/17 - Elseviers World using NomadLondon HUG 15/8/17 - Elseviers World using Nomad
London HUG 15/8/17 - Elseviers World using Nomad
 
London HUG 15/8/17 - Lifeguard
London HUG 15/8/17 - LifeguardLondon HUG 15/8/17 - Lifeguard
London HUG 15/8/17 - Lifeguard
 
London Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using ConsulLondon Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using Consul
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault production
 
London HUG 14/3
London HUG 14/3London HUG 14/3
London HUG 14/3
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vault
 
London HUG 14/4 - Infratructure mgmt
London HUG 14/4 - Infratructure mgmtLondon HUG 14/4 - Infratructure mgmt
London HUG 14/4 - Infratructure mgmt
 
London HUG 14/4 - Deploying and Discovering at Scale with Consul and Nomad
London HUG 14/4 - Deploying and Discovering at Scale with Consul and NomadLondon HUG 14/4 - Deploying and Discovering at Scale with Consul and Nomad
London HUG 14/4 - Deploying and Discovering at Scale with Consul and Nomad
 
London HUG 8/3 - Nomad
London HUG 8/3 - NomadLondon HUG 8/3 - Nomad
London HUG 8/3 - Nomad
 
London HUG 8/3 - Developing a (VCD) Terraform Provider
London HUG 8/3 - Developing a (VCD) Terraform ProviderLondon HUG 8/3 - Developing a (VCD) Terraform Provider
London HUG 8/3 - Developing a (VCD) Terraform Provider
 
London HUG 8/3 - JustEat - Andrew Brown / Alberto Blanco
London HUG 8/3 - JustEat - Andrew Brown / Alberto BlancoLondon HUG 8/3 - JustEat - Andrew Brown / Alberto Blanco
London HUG 8/3 - JustEat - Andrew Brown / Alberto Blanco
 

Dernier

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Dernier (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

London HUG 12/4

  • 2. NYCHashiDays MAY 15 | @CONVENE | NYC, NEW YORK
  • 3. LONDONHashiDays JUNE 12 | @THE BREWERY | LONDON, UK
  • 6. Terraform Goals • Unified view of infrastructure • Infrastructure as code • Compose multiple tiers (IaaS to PaaS to SaaS) • Safely change/iterate infrastructure over time • One workflow
  • 7. Terraform Features • Open Source • Infrastructure as Code • Resource Providers • Plan and Apply • Collaboration, History [Enterprise]
  • 10. File resource "google_compute_instance" "server" { name = "server" machine_type = "g1-small" zone = "us-central1-a" disk { image = "ubuntu-1404-trusty-v20160114e" } } resource "dnsimple_record" "hello" { domain = "example.com" name = "server" value = "${google_compute_instance.server.network_interface.0.address}" type = "A" }
  • 11. Terminal $ terraform plan + google_compute_instance.server can_ip_forward: "false" disk.#: "1" disk.0.auto_delete: "true" disk.0.image: "ubuntu-1404-trusty-..." machine_type: "g1-small" metadata_fingerprint: "<computed>" name: "server" network_interface.#: "1" network_interface.0.address: "<computed>" network_interface.0.name: "<computed>" network_interface.0.network: "default" self_link: "<computed>" tags_fingerprint: "<computed>" zone: "us-central1-a" ... Plan: 3 to add, 0 to change, 0 to destroy.
  • 12. Plan • Plan shows you what will happen • Plans can be saved to guarantee what will happen • Plans show reasons for certain actions (such as re-create) • Not equivalent to "noop" due to the ability to save a plan
  • 13. Terminal $ terraform apply google_compute_instance.server: Creating... can_ip_forward: "" => "false" disk.#: "" => "1" disk.0.auto_delete: "" => "true" disk.0.image: "" => "ubuntu-1404-trusty..." machine_type: "" => "g1-small" metadata_fingerprint: "" => "<computed>" name: "" => "server" network_interface.#: "" => "1" network_interface.0.address: "" => "<computed>" network_interface.0.name: "" => "<computed>" network_interface.0.network: "" => "default" self_link: "" => "<computed>" tags_fingerprint: "" => "<computed>" zone: "" => "us-central1-a" ... Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
  • 14. Apply • Executes changes in order based on dependencies • Parallelizes changes when possible • Handles and recovers transient errors
  • 15. Apply for Changes • Not only creation, but changes over time • Plan will show you what will happen • The `-target` flag can be used for fine-grained change
  • 16. Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
  • 17. Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
  • 18. Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
  • 19. Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
  • 20. Resource Providers Amazon BitBucket CenturyLink Cloud CloudFlare CloudStack Cobbler Consul Datadog DigitalOcean DNSMadeEasy DNSimple Docker Dyn GitHub Fastly Google Heroku Librato Microsoft Azure MySQL OpenStack Packet PostgreSQL SoftLayer UltraDNS VMware Sphere and more...
  • 21. Terraform Enterprise • Remote Plan/Apply • Integration with GitHub (plan PRs, apply on merge) • Variable storage and encryption • State storage, history, rollback, and locking • HTTP API to modify state, queue plans, etc. • Notifications on infra change, plan request, etc.
  • 22. Terraform 0.8 (December 13, 2016) • "terraform console" • Conditional values • Terraform version requirement in config • Nomad and Vault provider
  • 24. Terminal $ terraform console > aws_instance.foo.id i-abcd1234 > 1 + 2 3 > length(aws_instance.web.*.id) 3 > module.child.instance_name child-instance
  • 25. Terminal $ echo '1+2' | terraform console 3
  • 26. Terraform Console • Read-only view of your state • Accepts interpolation syntax (including function calls!) • Support for stdin enables scripting • Works with remote state • Good for beginners and advanced users!
  • 28. File resource "google_compute_instance" "server" { name = "server" machine_type = "${var.env == "dev" ? "g1-small" : "n1-standard-2"}" ... }
  • 29. File resource "google_compute_instance" "server" { count = "${var.env == "dev" ? 0 : 3}" ... }
  • 30. Conditional Values • If-statements for single values within Terraform • Enables on/off of resources (by using count) • The beginning of more logic in Terraform configs
  • 33. File terraform { required_version = "> 0.8.0, < 0.9.0" }
  • 34. Terminal $ terraform console The currently running version of Terraform doesn't meet the version requirements explicitly specified by the configuration. Please use the required version or update the configuration. Note that version requirements are usually set for a reason, so we recommend verifying with whoever set the version requirements prior to making any manual changes. Module: root Required version: < 0.5.0, > 1.0 Current version: 0.9.1
  • 35. Terraform Version Requirement • Restrict Terraform version against config • Avoid known-bad Terraform versions for your resources • Modules can also restrict Terraform versions!
  • 37. File provider "nomad" { address = "nomad.mycompany.com" region = "us-east-2" } resource "nomad_job" "monitoring" { jobspec = "${file("${path.module}/jobspec.hcl")}" }
  • 38. Nomad Provider • Setup system level jobs that are required • Configure Nomad after setting up Nomad cluster • Not expected to replace "nomad run"
  • 40. File data "vault_generic_secret" "rundeck_auth" { path = "secret/rundeck_auth" } provider "rundeck" { url = "http://rundeck.example.com/" auth_token = "${data.vault_generic_secret.rundeck_auth.data["auth_token"]}" }
  • 41. File resource "vault_generic_secret" "example" { path = "secret/foo" data_json = <<EOT { "foo": "bar", "pizza": "cheese" } EOT }
  • 42. File resource "vault_policy" "example" { name = "dev-team" policy = <<EOT path "secret/my_app" { policy = "write" } EOT }
  • 43. Vault Provider • Read secrets from Vault • Write secrets to Vault • Configure Vault policy • Imagine: Terraform to initialize Vault cluster, setup initial Vault policy, manage Vault policy over time.
  • 44. Terraform 0.9 (March 15, 2017) • Destroy provisioners • Remote backends • State locking • State environments
  • 46. Provisioners (Terraform <= 0.8) • Run arbitrary code locally or remotely on resource creation • If provisioner fails, resource is tainted and scheduled for recreation on the next apply
  • 47. File resource "null_resource" "example" { provisioner "local-exec" { command = "echo foo" } }
  • 48. File resource "null_resource" "example" { provisioner "local-exec" { command = "echo foo" } provisioner "local-exec" { command = "echo destroying" when = "destroy" } }
  • 49. Terminal $ terraform apply null_resource.example: Creating... null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "echo foo" null_resource.example (local-exec): foo null_resource.example: Creation complete (ID: 1965091882910923448) Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
  • 50. Terminal $ terraform destroy -force null_resource.example: Refreshing state... (ID: 1965091882910923448) null_resource.example: Destroying... (ID: 1965091882910923448) null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "echo destroying" null_resource.example (local-exec): destroying null_resource.example: Destruction complete
  • 51. Destroy Provisioners • Configured with when = "destroy" • Run on resource destroy (not just "terraform destroy") • Failure cancels physical resource destruction by default • Can allow failure with on_failure = "continue"
  • 52. File resource "null_resource" "example" { provisioner "local-exec" { command = "exit 1" when = "destroy" } }
  • 53. Terminal $ terraform destroy -force null_resource.example: Refreshing state... (ID: 8665586891184105369) null_resource.example: Destroying... (ID: 8665586891184105369) null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "exit 1" Error applying plan: 1 error(s) occurred: * null_resource.example (destroy): 1 error(s) occurred: * Error running command 'exit 1': exit status 1.
  • 54. File resource "null_resource" "example" { provisioner "local-exec" { command = "exit 1" when = "destroy" on_failure = "continue" } }
  • 55. Terminal $ terraform destroy -force null_resource.example: Refreshing state... (ID: 8665586891184105369) null_resource.example: Destroying... (ID: 8665586891184105369) null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "exit 1" null_resource.example: Destruction complete Destroy complete! Resources: 1 destroyed.
  • 56. Destroy Provisioners • Useful for resource cleanup • Can SSH into machine (any machine!) prior to destruction • Recommend resource cleanup live as part of the resource itself, but destroy provisioners give you another option
  • 58. Before Remote Backends (TF <= 0.8) • Awkward "remote config" command • Users could accidentally run Terraform without remote init • Configuration only via CLI • Local cache of state stored in .terraform/terraform.tfstate • Changed remote configuration was manual
  • 59. Terminal $ # TERRAFORM <= 0.8, BEFORE REMOTE BACKENDS $ terraform remote config -backend=S3 -backend-config="bucket=<bucket>" -backend-config="key=<path to file>" ...
  • 60. Remote Backends • Subsumes "remote state", enables locking, environments, more • Configure from tf files, external configuration, or CLI • Detects configuration change • Forces new users of a TF configuration to initialize • One command to init them all: `terraform init`
  • 61. File terraform { backend "s3" { bucket = "<bucket>" key = "<path to file>" } }
  • 62. Terminal $ terraform init Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Terraform has been successfully initialized!
  • 63. Terminal $ # New user, didn't run init $ terraform console Backend reinitialization required. Please run "terraform init". Reason: Initial configuration of the requested backend "s3" ...
  • 64. File terraform { backend "s3" { bucket = "CHANGED-THIS-SETTING" key = "<path to file>" } }
  • 65. Terminal $ terraform console Backend reinitialization required. Please run "terraform init". Reason: Backend configuration changed for "s3" ...
  • 66. Terminal $ terraform console Backend reinitialization required. Please run "terraform init". Reason: Unsetting the previously set backend "s3" ...
  • 67. Remote Backends • One command to init: `terraform init` • Automatic detection of backend change (set, change, unset) • No state stored locally at all • Always gitignore ".terraform" folder
  • 68. A Focus on Safety • Common complaint: easy to corrupt remote state • Remote backends add new layer of safety: detecting changes, checking "lineage", disallowing writing unsafe state, more.
  • 69. A New "Init" • Init has existed since Terraform 0.1 • Used to just setup folder structure for new projects • Now the single source of init, safe to run multiple times • Initializes backend, downloads modules, creates folders • One day: downloads providers, verifies versions, more...
  • 71. State Locking • For supported backends, Terraform automatically locks state on write operations • If unlock fails, error is shown with lock ID to allow a force unlock • Doesn't lock against concurrent reads
  • 72. File terraform { backend "consul" {} } resource "null_resource" "example" { provisioner "local-exec" { command = "sleep 10" } }
  • 73. Terminal $ terraform apply null_resource.example: Creating... null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: /bin/sh -c "sleep 10"
  • 74. Terminal $ terraform apply Error loading state: failed to lock state in Consul: Lock Info: ID: 5c0b66d6-018f-59b4-5536-499fec947fb2 Path: foo Operation: OperationTypeApply Who: mitchellh@Mitchells-iMac.lan Version: 0.9.1 Created: 2017-04-04 16:16:59.733058195 +0000 UTC Info: $ terraform console >
  • 76. State Environments • A state namespace • Allows single folder of TF config to manage multiple distinct sets of infrastructure resources
  • 77. Terminal $ terraform env list * default $ terraform env new mitchellh-test Created and switched to environment "mitchellh-test"! $ terraform env list default * mitchellh-test
  • 78. File resource "aws_instance" "example" { count = "${terraform.env == "default" ? 5 : 1}" tags { Name = "web - ${terraform.env}" } # ... other fields }