Skip to main content

Terraform

                                           

Terraform is not a cloud-agnostic tool It’s not a magic wand that gives you power over all clouds and systems. It embraces all major Cloud Providers and provides a common language to orchestrate your infrastructure resources.

                                        Terraform

 ● A provisioning declarative tool that based on Infrastructure as a Code paradigm 

● Uses own syntax - HCL (Hashicorp Configuration Language)

 ● Written in Golang

● Helps to evolve you infrastructure, safely and predictably

 ● Applies Graph Theory to IaaC 

● Terraform is a multipurpose composition tool: 

○ Composes multiple tiers (SaaS/PaaS/IaaS)

○ A plugin-based architecture model

 ● Open-source. Backed by Hashicorp company and Hashicorp Tao (Guide/Principles/Design)


Terraform Core: Init

 1. This command will never delete your existing configuration or state. 

2. Checkpoint → https://checkpoint.hashicorp.com/ 

3. .terraformrc → enable plugin_cache_dir, disable checkpoint 

4. Parsing configurations, a syntax check

 5. Checking for provisioners/providers (by precedence, only once)→ “.”, terraform_bin_dir, terraform.d/plugins/linux_amd64 .terraform/plugins/linux_amd64

 6. File lock.json contains sha-512 plugin hashes (.terraform) 

7. Loading backend config ( if it’s available, local instead ) Backend Initialization: Storage for Terraform state file. example 

Terraform Core: Plan + Apply

 1. Starting Plugins: Provisioners/Providers 

2. Building graph a. Terraform core traverses each vertex and requests each provider using parallelism 3. Providers syntax check: resource validation

 4. If backend == , use local

 5. If “-out file. plan” provided - save to file - the file is not encrypted 

6. Terraform Core calculates the difference between the last-known state and the current state

 7. Presents this difference as the output of the terraform plan operation to users in their terminal 

Terraform Core: Destroy

 1. Measure twice, cut once 

2. Consider -target flag

 3. Avoid running on production 

4. No “Retain” flag - Remove a resource from the state file instead 

5. terraform destroy tries to evaluate outputs that can refer to non-existing resources #18026 

6. prevent_destroy should let you succeed #3874 

7. You can’t destroy a single resource with the count in the list Terraform Backends

 ● Locking

 ● Workspaces (former known as environments) 

● Encryption at rest

 ● Versioning 

● Note: Backend configuration doesn’t support interpolations.

Comments

Post a Comment

Popular posts from this blog

Packer Environment Variable

Note:  1011  export AWS_ACCESS=AKGQ                         do this on console not on editor  1012  export AWS_SECRET=KfVkt1aurid  1013  echo $AWS_ACCESS  1014  AKVUGQ   vim moon.json {     "variables": {       "aws_access_key": "{{env `AWS_ACCESS`}}",       "aws_secret_key": "{{env `AWS_SECRET`}}"     },        "builders": [            {            "type": "amazon-ebs",            "region": "us-east-1",            "access_key": "{{user `aws_access_key`}}",            "secret_key": "{{user `aws_secret_key`}}",            "instance_type": "t2.micro",            "source_ami": "ami-02e136e904f3da870", ...
Post a Comment
Read more

copying snap from one REGION to another

 while copying snap from one to another we need to change region provider "aws" {   region     = "us-west-1"   access_key = "AGQ"   secret_key = "Kurid" } resource "aws_ebs_snapshot_copy" "example_copy" {   source_snapshot_id = "snap-08bc5c27dad8e82b3"   source_region      = "us-east-1"   tags = {     Name = "HelloWorld_copy_snap"   } }
Post a Comment
Read more

ONLY & MULTIPLE PARAMTER IN PACKER

if we have to define 3 builders from different services azure, gcp,aws here we can  provisioner will run on all builders  if we want to run on specific builder then we can use only parameter  "only": ["prod-team","test-team"]  {        "builders": [            {            "name": "test-team",            "type": "amazon-ebs",            "access_key": "AUGQ",            "secret_key": "Kaurid",            "region": "us-east-1",            "instance_type": "t2.micro",            "source_ami": "ami-02e136e904f3da870",            "ssh_username": "ec2-user",            "ami_name": "test-team-{{timestamp}}"            },   ...
Post a Comment
Read more