Skip to main content

Terraform

                                           

Terraform is not a cloud-agnostic tool It’s not a magic wand that gives you power over all clouds and systems. It embraces all major Cloud Providers and provides a common language to orchestrate your infrastructure resources.

                                        Terraform

 ● A provisioning declarative tool that based on Infrastructure as a Code paradigm 

● Uses own syntax - HCL (Hashicorp Configuration Language)

 ● Written in Golang

● Helps to evolve you infrastructure, safely and predictably

 ● Applies Graph Theory to IaaC 

● Terraform is a multipurpose composition tool: 

○ Composes multiple tiers (SaaS/PaaS/IaaS)

○ A plugin-based architecture model

 ● Open-source. Backed by Hashicorp company and Hashicorp Tao (Guide/Principles/Design)


Terraform Core: Init

 1. This command will never delete your existing configuration or state. 

2. Checkpoint → https://checkpoint.hashicorp.com/ 

3. .terraformrc → enable plugin_cache_dir, disable checkpoint 

4. Parsing configurations, a syntax check

 5. Checking for provisioners/providers (by precedence, only once)→ “.”, terraform_bin_dir, terraform.d/plugins/linux_amd64 .terraform/plugins/linux_amd64

 6. File lock.json contains sha-512 plugin hashes (.terraform) 

7. Loading backend config ( if it’s available, local instead ) Backend Initialization: Storage for Terraform state file. example 

Terraform Core: Plan + Apply

 1. Starting Plugins: Provisioners/Providers 

2. Building graph a. Terraform core traverses each vertex and requests each provider using parallelism 3. Providers syntax check: resource validation

 4. If backend == , use local

 5. If “-out file. plan” provided - save to file - the file is not encrypted 

6. Terraform Core calculates the difference between the last-known state and the current state

 7. Presents this difference as the output of the terraform plan operation to users in their terminal 

Terraform Core: Destroy

 1. Measure twice, cut once 

2. Consider -target flag

 3. Avoid running on production 

4. No “Retain” flag - Remove a resource from the state file instead 

5. terraform destroy tries to evaluate outputs that can refer to non-existing resources #18026 

6. prevent_destroy should let you succeed #3874 

7. You can’t destroy a single resource with the count in the list Terraform Backends

 ● Locking

 ● Workspaces (former known as environments) 

● Encryption at rest

 ● Versioning 

● Note: Backend configuration doesn’t support interpolations.

Comments

Post a Comment

Popular posts from this blog

Jenkins Terraform Integration | How do you integrate Terraform with Jenkins | Automate Infrastructure setup using Terraform and Jenkins Pipeline

  Pre-requistes: Jenkins  is up and running Terraform  is installed in Jenkins Terraform files already created in your SCM Make sure you have necessary IAM role created with right policy and attached to Jenkins EC2 instance. see below for the steps to create IAM role. I have provided  my public repo  as an example which you can use. Create IAM role to provision EC2 instance in AWS  Select AWS service, EC2, Click on Next Permissions Type EC2 and choose AmazonEC2FullAccess as policy Click on Next tags, Next Review give some role name and click on Create role. Assign IAM role to EC2 instance Go back to Jenkins EC2 instance, click on EC2 instance, Security, Modify IAM role Type your IAM role name  my-ec2-terraform-role  and Save to attach that role to EC2 instance. Create a new Jenkins Pipeline Give a name to the pipeline you are creating. Add parameters to the pipeline Click checkbox - This project is parameterized, choose Choice Parameter Enter name...
Post a Comment
Read more

TIME-STAMP

NOTE: whenver we start provisioner we have to define ami_name always other it will give error  example we have already defined to install git . later i need to install tree also once i define my command and  try to buid it it give give error ami_name exist  so the solution is timestamp that we need to define in  ami_name: "dev-team-{{timestamp}}" {        "builders": [            {            "type": "amazon-ebs",            "access_key": "AVUGQ",            "secret_key": "KfVkt1aurid",            "region": "us-east-1",            "instance_type": "t2.micro",            "source_ami": "ami-02e136e904f3da870",            "ssh_username": "ec2-user",            "ami_name": "moonu-amiii-...
Post a Comment
Read more

AWS KEY PAIR , vpc, Elastic-key, Security-group

 NOTE: once we make-instance it doesn't provide elastic IP, security group and key pair. go to docs  copy key pair code  go to the main console type ssh-keygen  type key name afreen  enter twice ls vim afreen.pub copy key  and paste in code     vim key.tf  provider "aws" {   region     = "us-east-1"   access_key = "AKIARUPJBFN6BKVUGQ"   secret_key = "KfU0tFpao0bDvc+GG63xN99jTMdfVkt1aurid" } resource "aws_instance" "web" {   ami           = "ami-02e136e904f3da870"   instance_type = "t2.micro"   key_name      = "afreen"   vpc_security_group_ids  = [aws_security_group.apple.id]   tags = {     Name = "HelloWorld"   } } resource "aws_key_pair" "moon" {   key_name   = "afreen"   public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCms+0pf8D2EEtdnVA3v+zc/P7ztVP/DrmdKOB1ZRfy2NYQ7faxKTuvVrNdzKvEdyxmnwK3+/+PrYL...
Post a Comment
Read more