Automating production infrastructure with Terraform

Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

https://www.terraform.io

This is same as Amazon Cloudformation, but allow you to work with other cloud providers like OpenStack, Google Cloud, etc..

You can download Terraform for your OS from

https://www.terraform.io/downloads.html

Installing it is easy, just unzip it. Place it in a folder that is in Path, for example ~/bin or /usr/local/bin on Ubuntu.

Getting Started

You need an Amazon AWS account for this. First get your access_key and secret_key from your Amazon AWS account.

https://console.aws.amazon.com/iam/home?#security_credential

You can create a new IAM or just use your main account keys.

Create your terraform configuration file, these ends with .tf

Here is my file.

root@hon-vpn:~# cat first.tf 
provider "aws" {
	access_key = "AKAHPJEUHCNJLWRKQVAI"
	secret_key = "k9QAPb9NljZ+vNAAJ2NVo+QRZCN+6FKi9EVqQhU"
	region = "ap-southeast-2"
}

resource "aws_instance" "moodle" {
	ami = "ami-fe71759d"
	instance_type = "t2.micro"
}

root@hon-vpn:~# 

Here,

provider specify the provider used to provision the resources. In a configuration file you can have multiple provider.

resource specify the resource we want to provision. In this case, we creating resource of type “aws_instance” with name “moodle”. ami is unique identification given to an image. In our cause, ami-fe71759d is AMI for Ubuntu 16.04 image.

instance_type is like plan, t2.micro provide 1 CPU core and 1 GB RAM. You can find more at

https://aws.amazon.com/ec2/instance-types/

Now lets test our config by running

terraform plan

Example

root@hon-vpn:~# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.


The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_instance.moodle
    ami:                         "ami-0d729a60"
    associate_public_ip_address: "<computed>"
    availability_zone:           "<computed>"
    ebs_block_device.#:          "<computed>"
    ephemeral_block_device.#:    "<computed>"
    instance_state:              "<computed>"
    instance_type:               "t2.micro"
    key_name:                    "<computed>"
    network_interface_id:        "<computed>"
    placement_group:             "<computed>"
    private_dns:                 "<computed>"
    private_ip:                  "<computed>"
    public_dns:                  "<computed>"
    public_ip:                   "<computed>"
    root_block_device.#:         "<computed>"
    security_groups.#:           "<computed>"
    source_dest_check:           "true"
    subnet_id:                   "<computed>"
    tenancy:                     "<computed>"
    vpc_security_group_ids.#:    "<computed>"


Plan: 1 to add, 0 to change, 0 to destroy.
root@hon-vpn:~#

In the above, the + indicated, we will be creating a new resource of type “aws_instance” with name “moodle”. The files with value “computed” are not yet available.

Executing Terraform configuration

We have our first.tf terraform configuration ready, lets execute it by running

terraform apply

It will look for .tf file in current directory and execute it.

Example

root@hon-vpn:~# terraform apply
aws_instance.moodle: Creating...
  ami:                         "" => "ami-fe71759d"
  associate_public_ip_address: "" => "<computed>"
  availability_zone:           "" => "<computed>"
  ebs_block_device.#:          "" => "<computed>"
  ephemeral_block_device.#:    "" => "<computed>"
  instance_state:              "" => "<computed>"
  instance_type:               "" => "t2.micro"
  key_name:                    "" => "<computed>"
  network_interface_id:        "" => "<computed>"
  placement_group:             "" => "<computed>"
  private_dns:                 "" => "<computed>"
  private_ip:                  "" => "<computed>"
  public_dns:                  "" => "<computed>"
  public_ip:                   "" => "<computed>"
  root_block_device.#:         "" => "<computed>"
  security_groups.#:           "" => "<computed>"
  source_dest_check:           "" => "true"
  subnet_id:                   "" => "<computed>"
  tenancy:                     "" => "<computed>"
  vpc_security_group_ids.#:    "" => "<computed>"
aws_instance.moodle: Still creating... (10s elapsed)
aws_instance.moodle: Still creating... (20s elapsed)
aws_instance.moodle: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate
root@hon-vpn:~# 

This take few minutes as terraform will wait for resources to be created. Now login to AWS Console, i have a new EC2 instance running.

Lets try running terraform plan again

root@hon-vpn:~# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_instance.moodle: Refreshing state... (ID: i-0b2aa59aa61a750bf)

No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
root@hon-vpn:~# 

Since terraform found the resource with the name specified, it won’t create new EC2 instance.

terraform show

Terrform save information about resources it created in file terraform.tfstate

To see the details, run

root@hon-vpn:~# terraform show
aws_instance.moodle:
  id = i-0b2aa59aa61a750bf
  ami = ami-fe71759d
  associate_public_ip_address = true
  availability_zone = ap-southeast-2c
  disable_api_termination = false
  ebs_block_device.# = 0
  ebs_optimized = false
  ephemeral_block_device.# = 0
  iam_instance_profile = 
  instance_state = running
  instance_type = t2.micro
  key_name = 
  monitoring = false
  network_interface_id = eni-b91cfae1
  private_dns = ip-172-31-2-223.ap-southeast-2.compute.internal
  private_ip = 172.31.2.223
  public_dns = ec2-52-63-216-245.ap-southeast-2.compute.amazonaws.com
  public_ip = 52.63.216.245
  root_block_device.# = 1
  root_block_device.0.delete_on_termination = true
  root_block_device.0.iops = 100
  root_block_device.0.volume_size = 8
  root_block_device.0.volume_type = gp2
  security_groups.# = 0
  source_dest_check = true
  subnet_id = subnet-99fc49c0
  tags.% = 0
  tenancy = default
  vpc_security_group_ids.# = 1
  vpc_security_group_ids.213731071 = sg-3a11bf5d

root@hon-vpn:~# 

Posted in Cloud