Upload
jzielinskipl
View
189
Download
4
Embed Size (px)
Citation preview
Terraform
Creating infrastructure using Terraform
Terraform About the tool
• What is Terraform?
• Terraform is an infrastructure management tool created by HashiCorp
• It allows to Develop, Provision and Change infrastructure
• Written in GO Language
• What are the key features?
• Provides declarative language
• Mostly Idempotent
• Automated changes
• Supports multiple providers
• Webpage: https://www.terraform.io/
Terraform
About
• Terraform vs. AWS CloudFormation
• Terraform is similar to AWS CloudFormation
• CloudFormation stack creation can be executed from Terraform
• Terraform vs. Chef
• Chef is a configuration management tool – manages software on existing machine
• Terraform is infrastructure management tool
• Chef can be invoked from Terraform
• Terraform vs. BOTO
• BOTO is API provided by AWS to manage the Cloud
• Terraform uses BOTO (AWS SDK for GO language) to manage resources
Terraform
AWS CF
Terraform
Chef BOTO
Terraform vs. Others
Terraform DEMO
Example, how to use Terraform
For more information contact:
Przemysław Iwanek
Systems Engineer
T +48 61 271 4913 M +48 726 997 715 [email protected]
Thank you
main.tf
1 # Copyright (C) 2016 Cognifide Limited 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 # 15 # Written by: 16 # Przemysław Iwanek <[email protected]> and contributors 17 # March 2016 18 # 19 20 ###### PREPARING THE CONNECTION 21 22 # Define required variables 23 variable "aws_access" {} 24 variable "aws_secret" {} 25 variable "przemek_key" {} 26 27 # Initialize AWS connection 28 provider "aws" { 29 access_key = "${var.aws_access}" 30 secret_key = "${var.aws_secret}" 31 region = "eu-west-1" 32 } 33 34 ###### CREATING THE NETWORKS 35 36 37 # Create VPC 38 resource "aws_vpc" "demo-vpc" { 39 cidr_block = "10.11.12.0/28" 40 } 41 42 # Create DHCP Options 43 resource "aws_vpc_dhcp_options" "dhcp-opts" { 44 domain_name = "example.domain.local" 45 domain_name_servers = [ 46 "127.0.0.1", 47 "AmazonProvidedDNS" 48 ] 49 } 50 51 # Associate DHCP options with VPC 52 resource "aws_vpc_dhcp_options_association" "dhcp-opts-assoc" { 53 vpc_id = "${aws_vpc.demo-vpc.id}" 54 dhcp_options_id = "${aws_vpc_dhcp_options.dhcp-opts.id}" 55 } 56 57 # Create Internet Gateway 58 resource "aws_internet_gateway" "igw" { 59 vpc_id = "${aws_vpc.demo-vpc.id}" 60 } 61 62 # Create Route Table 63 resource "aws_route_table" "rt-public" {
64 vpc_id = "${aws_vpc.demo-vpc.id}" 65 66 # Associate IGW with this Route Table as default route 67 route { 68 cidr_block = "0.0.0.0/0" 69 gateway_id = "${aws_internet_gateway.igw.id}" 70 } 71 } 72 73 # Create Subnet in second availability zone 74 resource "aws_subnet" "subnet-public" { 75 vpc_id = "${aws_vpc.demo-vpc.id}" 76 77 cidr_block = "10.11.12.0/28" 78 availability_zone = "eu-west-1b" 79 } 80 81 # Associate Subnet with Route Table 82 resource "aws_route_table_association" "subnet-public-assoc" { 83 subnet_id = "${aws_subnet.subnet-public.id}" 84 route_table_id = "${aws_route_table.rt-public.id}" 85 } 86 87 88 ###### CREATING THE INSTANCE 89 90 91 # Create security group 92 resource "aws_security_group" "sg-demo" { 93 vpc_id = "${aws_vpc.demo-vpc.id}" 94 95 name = "demo-sg-allow-ssh-and-http" 96 description = "Allow SSH and HTTP ingress traffic and all egress" 97 98 # Allow Port 22 (SSH) 99 ingress { 100 from_port = 22 101 to_port = 22 102 protocol = "TCP" 103 cidr_blocks = ["0.0.0.0/0"] 104 } 105 106 # Allow Port 80 (HTTP) 107 ingress { 108 from_port = 80 109 to_port = 80 110 protocol = "TCP" 111 cidr_blocks = ["0.0.0.0/0"] 112 } 113 114 # Allo all outgoing traffix 115 egress { 116 from_port = 0 117 to_port = 0 118 protocol = "-1" 119 cidr_blocks = ["0.0.0.0/0"] 120 } 121 } 122 123 # Create Key pair 124 resource "aws_key_pair" "przemek" { 125 key_name = "przemek-key" 126 public_key = "${var.przemek_key}" 127 } 128
129 # Create EC2 Instance (amzn-ami-hvm - eu-west-1 - ami-e1398992) 130 # https://aws.amazon.com/marketplace/pp/B00CIYTQTC 131 resource "aws_instance" "demo-instance" { 132 # Provide the type 133 instance_type = "t2.nano" 134 135 # Provide the image ID 136 ami = "ami-e1398992" 137 138 # Create the Instance in second AZ and in our subnet 139 availability_zone = "eu-west-1b" 140 subnet_id = "${aws_subnet.subnet-public.id}" 141 142 # Create Root EBS Volume - 20 GB, SSD backed 143 root_block_device { 144 volume_size = 20 145 volume_type = "gp2" 146 } 147 148 # Use our key 149 key_name = "${aws_key_pair.przemek.key_name}" 150 151 # Use created Security Group 152 vpc_security_group_ids = [ 153 "${aws_security_group.sg-demo.id}" 154 ] 155 } 156 157 # Create EIP 158 resource "aws_eip" "demo-instance-eip" { 159 instance = "${aws_instance.demo-instance.id}" 160 161 vpc = true 162 } 163 164 ###### OUTPUTS 165 166 # Return EIP on screen 167 output "eip" { 168 value = "${aws_eip.demo-instance-eip.public_ip}" 169 } 170 171 172 ###### EXECUTING CHEF 173 174 175 # Install Chef, and execute cookbook installation 176 # Use resource that does nothing 177 resource "null_resource" "simple-chef" { 178 # Depends it on the Instance creation 179 depends_on = [ 180 "aws_instance.demo-instance" 181 ] 182 183 # Execute commands in remote server 184 provisioner "remote-exec" { 185 # In order: 186 # - elevate the rights to root 187 # - go to /root 188 # - download and install chef-client 189 # - create cookbooks directory 190 # - download 'learn_chef_httpd' cookbook and unpack it 191 # - execute chef-client in local mode and install cookbook 192 inline = [
193 "if [ $EUID != 0 ]; then sudo \"$0\" \"$@\"; exit $?; fi", 194 "cd /root", 195 "curl -L https://www.opscode.com/chef/install.sh | bash", 196 "mkdir -p ./cookbooks", 197
"curl -L https://supermarket.chef.io/cookbooks/learn_chef_httpd/download | gzip -d | tar -xvvf - -C ./cookbooks",
198 "chef-client -z -o learn_chef_httpd" 199 ] 200 201 # The connection details 202 connection { 203 user = "ec2-user" 204 host = "${aws_eip.demo-instance-eip.public_ip}" 205 } 206 } 207 } 208
terraform.tfvars
1 # Copyright (C) 2016 Cognifide Limited 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 # 15 # Written by: 16 # Przemysław Iwanek <[email protected]> and contributors 17 # March 2016 18 # 19 # THIS FILE SHOULD NOT BE VERSIONED SINCE IT HOLDS SENSITIVE DATA!!! 20 21 aws_access = "" 22 aws_secret = "" 23 24 przemek_key = "ssh-rsa ..."