Terraform

Creating infrastructure using Terraform

Terraform About the tool

•  What is Terraform?

•  Terraform is an infrastructure management tool created by HashiCorp

•  It allows to Develop, Provision and Change infrastructure

•  Written in GO Language

•  What are the key features?

•  Provides declarative language

•  Mostly Idempotent

•  Automated changes

•  Supports multiple providers

•  Webpage: https://www.terraform.io/

Terraform

About

•  Terraform vs. AWS CloudFormation

•  Terraform is similar to AWS CloudFormation

•  CloudFormation stack creation can be executed from Terraform

•  Terraform vs. Chef

•  Chef is a configuration management tool – manages software on existing machine

•  Terraform is infrastructure management tool

•  Chef can be invoked from Terraform

•  Terraform vs. BOTO

•  BOTO is API provided by AWS to manage the Cloud

•  Terraform uses BOTO (AWS SDK for GO language) to manage resources

Terraform

AWS CF

Terraform

Chef BOTO

Terraform vs. Others

Terraform DEMO

Example, how to use Terraform

For more information contact:

Przemysław Iwanek

Systems Engineer

T +48 61 271 4913 M +48 726 997 715 przemyslaw.iwanek@cognifide.com

Thank you

main.tf

   1  # Copyright (C) 2016 Cognifide Limited    2  #    3  # Licensed under the Apache License, Version 2.0 (the "License");    4  # you may not use this file except in compliance with the License.    5  # You may obtain a copy of the License at    6  #    7  #      http://www.apache.org/licenses/LICENSE-2.0    8  #    9  # Unless required by applicable law or agreed to in writing, software   10  # distributed under the License is distributed on an "AS IS" BASIS,   11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   12  # See the License for the specific language governing permissions and   13  # limitations under the License.   14  #   15  # Written by:   16  #   Przemysław Iwanek <przemyslaw.iwanek@cognifide.com> and contributors   17  #   March 2016   18  #   19      20  ###### PREPARING THE CONNECTION   21      22  # Define required variables   23  variable "aws_access" {}   24  variable "aws_secret" {}   25  variable "przemek_key" {}   26      27  # Initialize AWS connection   28  provider "aws" {   29      access_key = "${var.aws_access}"   30      secret_key = "${var.aws_secret}"   31      region = "eu-west-1"   32  }   33      34  ###### CREATING THE NETWORKS   35      36      37  # Create VPC   38  resource "aws_vpc" "demo-vpc" {   39      cidr_block = "10.11.12.0/28"   40  }   41      42  # Create DHCP Options   43  resource "aws_vpc_dhcp_options" "dhcp-opts" {   44      domain_name = "example.domain.local"   45      domain_name_servers = [   46          "127.0.0.1",   47          "AmazonProvidedDNS"   48      ]   49  }   50      51  # Associate DHCP options with VPC   52  resource "aws_vpc_dhcp_options_association" "dhcp-opts-assoc" {   53      vpc_id = "${aws_vpc.demo-vpc.id}"   54      dhcp_options_id = "${aws_vpc_dhcp_options.dhcp-opts.id}"   55  }   56      57  # Create Internet Gateway   58  resource "aws_internet_gateway" "igw" {   59      vpc_id = "${aws_vpc.demo-vpc.id}"   60  }   61      62  # Create Route Table   63  resource "aws_route_table" "rt-public" {

  64      vpc_id = "${aws_vpc.demo-vpc.id}"   65      66      # Associate IGW with this Route Table as default route   67      route {   68          cidr_block = "0.0.0.0/0"   69          gateway_id = "${aws_internet_gateway.igw.id}"   70      }   71  }   72      73  # Create Subnet in second availability zone   74  resource "aws_subnet" "subnet-public" {   75      vpc_id = "${aws_vpc.demo-vpc.id}"   76      77      cidr_block = "10.11.12.0/28"   78      availability_zone = "eu-west-1b"   79  }   80      81  # Associate Subnet with Route Table   82  resource "aws_route_table_association" "subnet-public-assoc" {   83      subnet_id = "${aws_subnet.subnet-public.id}"   84      route_table_id = "${aws_route_table.rt-public.id}"   85  }   86      87      88  ###### CREATING THE INSTANCE   89      90      91  # Create security group   92  resource "aws_security_group" "sg-demo" {   93      vpc_id = "${aws_vpc.demo-vpc.id}"   94        95      name = "demo-sg-allow-ssh-and-http"   96      description = "Allow SSH and HTTP ingress traffic and all egress"   97        98      # Allow Port 22 (SSH)   99      ingress {  100          from_port = 22  101          to_port = 22  102          protocol = "TCP"  103          cidr_blocks = ["0.0.0.0/0"]  104      }  105       106      # Allow Port 80 (HTTP)  107      ingress {  108          from_port = 80  109          to_port = 80  110          protocol = "TCP"  111          cidr_blocks = ["0.0.0.0/0"]  112      }  113       114      # Allo all outgoing traffix  115      egress {  116          from_port = 0  117          to_port = 0  118          protocol = "-1"  119          cidr_blocks = ["0.0.0.0/0"]  120      }  121  }  122     123  # Create Key pair  124  resource "aws_key_pair" "przemek" {  125      key_name = "przemek-key"  126      public_key = "${var.przemek_key}"  127  }  128   

 129  # Create EC2 Instance (amzn-ami-hvm - eu-west-1 - ami-e1398992)  130  # https://aws.amazon.com/marketplace/pp/B00CIYTQTC  131  resource "aws_instance" "demo-instance" {  132      # Provide the type  133      instance_type = "t2.nano"     134     135      # Provide the image ID  136      ami = "ami-e1398992"  137     138      # Create the Instance in second AZ and in our subnet  139      availability_zone = "eu-west-1b"  140      subnet_id = "${aws_subnet.subnet-public.id}"  141     142      # Create Root EBS Volume - 20 GB, SSD backed  143      root_block_device {  144          volume_size = 20  145          volume_type = "gp2"  146      }  147     148      # Use our key  149      key_name = "${aws_key_pair.przemek.key_name}"  150     151      # Use created Security Group  152      vpc_security_group_ids = [  153          "${aws_security_group.sg-demo.id}"  154      ]  155  }  156     157  # Create EIP  158  resource "aws_eip" "demo-instance-eip" {  159      instance = "${aws_instance.demo-instance.id}"  160     161      vpc = true  162  }  163     164  ###### OUTPUTS  165     166  # Return EIP on screen  167  output "eip" {  168      value = "${aws_eip.demo-instance-eip.public_ip}"  169  }  170     171     172  ###### EXECUTING CHEF  173     174     175  # Install Chef, and execute cookbook installation  176  # Use resource that does nothing  177  resource "null_resource" "simple-chef" {  178      # Depends it on the Instance creation  179      depends_on = [  180        "aws_instance.demo-instance"  181      ]  182     183      # Execute commands in remote server  184      provisioner "remote-exec" {  185          # In order:  186          #  - elevate the rights to root  187          #  - go to /root 188          #  - download and install chef-client  189          #  - create cookbooks directory  190          #  - download 'learn_chef_httpd' cookbook and unpack it  191          #  - execute chef-client in local mode and install cookbook  192          inline = [

 193              "if [ $EUID != 0 ]; then sudo \"$0\" \"$@\"; exit $?; fi",  194              "cd /root",  195              "curl -L https://www.opscode.com/chef/install.sh | bash",  196              "mkdir -p ./cookbooks",  197 

            "curl -L https://supermarket.chef.io/cookbooks/learn_chef_httpd/download | gzip -d | tar -xvvf - -C ./cookbooks",

 198              "chef-client -z -o learn_chef_httpd" 199          ]  200     201          # The connection details  202          connection {  203              user = "ec2-user"  204              host = "${aws_eip.demo-instance-eip.public_ip}"  205          }  206      }  207  }  208   

terraform.tfvars

  1  # Copyright (C) 2016 Cognifide Limited   2  #   3  # Licensed under the Apache License, Version 2.0 (the "License");   4  # you may not use this file except in compliance with the License.   5  # You may obtain a copy of the License at   6  #   7  #      http://www.apache.org/licenses/LICENSE-2.0   8  #   9  # Unless required by applicable law or agreed to in writing, software  10  # distributed under the License is distributed on an "AS IS" BASIS,  11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  12  # See the License for the specific language governing permissions and  13  # limitations under the License.  14  #  15  # Written by:  16  #   Przemysław Iwanek <przemyslaw.iwanek@cognifide.com> and contributors  17  #   March 2016  18  #  19  # THIS FILE SHOULD NOT BE VERSIONED SINCE IT HOLDS SENSITIVE DATA!!!  20     21  aws_access = ""  22  aws_secret = ""  23     24  przemek_key = "ssh-rsa ..."