Terraform: Konfigurationsmanagement für Wolkendienste

Similar documents
Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins. Duncan Hutty

AUTOMATION ACROSS THE ENTERPRISE

Terraform & Infrastructure as Code. Ben Higginbottom (kind of a big deal) ((seriously - I ve helped hijack a spacecraft))

Infrastructure as Code CS398 - ACC

Managing Microservices using Terraform, Docker, and the Cloud

HASHICORP TERRAFORM AND RED HAT ANSIBLE AUTOMATION Infrastructure as code automation

Tools for the Vagabonding Samba Developer

ANSIBLE AUTOMATION AT TJX

Ansible Tower Quick Setup Guide

Terraform. Oracle Cloud Magyar Zsanett, Kiss Olivér. Magyar Telekom Nyrt

Ansible Tower Quick Setup Guide

Introduction to Ansible

Ansible at Scale. David Melamed Senior Research Engineer, CTO Office, CloudLock

Webserver deployment on. Amazon Web Services using IAC tool Terraform

Building and Managing Clouds with CloudForms & Ansible. Götz Rieger Senior Solution Architect January 27, 2017

Sanjay Shitole, Principle Solutions Engineer

Ansible - Automation for Everyone!

Managing Microservices Using Terraform, Docker, and the Cloud

We are ready to serve Latest IT Trends, Are you ready to learn?? New Batches Info

IN DEPTH INTRODUCTION ARCHITECTURE, AGENTS, AND SECURITY

MULTI CLOUD AS CODE WITH ANSIBLE & TOWER

OPEN SOURCING ANSIBLE

Zero Touch Provisioning of NIOS on Openstack using Ansible

Getting Started with Ansible - Introduction

Ansible. Go directly to project site 1 / 36

Automation and configuration management across hybrid clouds with CloudForms, Satellite 6, Ansible Tower

Ansible in Depth WHITEPAPER. ansible.com

Cloud and Devops - Time to Change!!! PRESENTED BY: Vijay

INTRODUCTION CONTENTS BEGINNER S GUIDE: CONTROL WITH RED HAT ANSIBLE TOWER

Button Push Deployments With Integrated Red Hat Open Management

ANSIBLE TOWER OVERVIEW AND ROADMAP. Bill Nottingham Senior Principal Product Manager

Ansible Essentials 5 days Hands on

vagrant up for Network Engineers Do it like they do on the Developer Channel!

Ansible + Hadoop. Deploying Hortonworks Data Platform with Ansible. Michael Young Solutions Engineer February 23, 2017

AUTOMATING THE ENTERPRISE WITH ANSIBLE. Dustin Boyd Solutions Architect September 12, 2017

RED HAT TECH EXCHANGE HOUSE RULES

The Foreman. Doina Cristina Duma, cristina.aiftimiei<at>cnaf.infn.it Diego Michelotto, diego.michelotto<at>cnaf.infn.it INFN-CNAF

Infoblox and Ansible Integration

Getting started with Ansible and Oracle

Ansible Tower Quick Install

Splunk and Ansible. Joining forces to increase implementation power. Rodrigo Santos Silva Head of Professional Services, Tempest Security Intelligence

J, K, L. Each command, 31. Fully qualified domain name (FQDN), 116

DevOPS, Ansible and Automation for the DBA. Tech Experience 18, Amsersfoot 7 th / 8 th June 2018

Ansible and Ansible Tower by Red Hat

Contents. Prerequisites 1. Linux 1. Installation 1. What is Ansible? 1. Basic Ansible Commands 1. Ansible Core Components 2. Plays and Playbooks 8

ANSIBLE TOWER IN THE SOFTWARE DEVELOPMENT LIFECYCLE

Ask an Expert: Ansible Network Automation

ANSIBLE SERVICE BROKER Deploying multi-container applications on OpenShift Todd Sanders John Matthews OpenShift Commons Briefing.

SELF-SERVICE IT WITH ANSIBLE TOWER & MICROSOFT AZURE. Chris Houseknecht Dave Johnson. June #redhat #rhsummit

From Docker les to Ansible Container

Dominating Your Systems Universe with Ansible Daniel Hanks Sr. System Administrator Adobe Systems Incorporated

AUTOMATION FOR EVERYONE Accelerating your journey to the Hybrid Cloud with Ansible Tower

Enhancing Secrets Management in Ansible with CyberArk Application Identity Manager

Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks

ansible-workshop Documentation

The power of Rest API

Vagrant CookBook. A practical guide to Vagrant. Erika Heidi. This book is for sale at

The recommended way for deploying a OSS DC/OS cluster on GCE is using Terraform.

Ansible Tower on the AWS Cloud

Study Guide. Expertise in Ansible Automation

IAC on OpenStack (feat. ansible) 김용기부장 Sr. Solution Architect Red Hat

Automate Patching for Oracle Database in your Private Cloud

Ansible Tower 3.0.x Upgrade and Migration

MARCO MALAVOLTI

AWS and Ansible. Automating Scalable (and Repeatable) Architecture

PaperCut Cloud Services: FAQs and Troubleshooting. Channel Availability Release: 18.3

Ansible Tower Upgrade and Migration

Red Hat Ansible Workshop. Lai Kok Foong, Kelvin

Class Projects: Project 2 and Version Control Systems

Get Automating with Infoblox DDI IPAM and Ansible

Ansible Tower Quick Install

Ansible Tower Upgrade and Migration

Scalable and Lightweight CTF Infrastructures Using Application Containers

GERRIT User Summit Robot Comments Edwin Kempin, Google

GIVING POWER TO THE PEOPLE With General Mills

An IoT Based Real-Time Environmental Monitoring System Using Arduino and Cloud Service

Ansible: Server and Network Device Automation

Sharing Oblique and Oriented Imagery. Cody Benkelman Cristelle D Souza UC2018

AGENTLESS ARCHITECTURE

Automation: Making the Best Choice for Your Organization

Ansible Bootcamp. Bruce Becker: Coordinator, Africa-Arabia ROC

To import custom AD attribute we have to perform the following steps:

Ansible Tower Upgrade and Migration

Deploying MySQL HA. with Ansible and Vagrant (101) Daniel Guzman Burgos (Percona) Robert Barabas (Percona)

Inkpebble Documentation

Socially conscious software at scale. Ram Mehta, CTO Propel Inc

mastering ansible A622DFD780311BCF8921DE033F8C7977 Mastering Ansible 1 / 6

SAP Dynamic Edge Processing IoT Edge Console - Administration Guide Version 2.0 FP01

Ansible Tower Release Notes

INTRODUCTION WHY CI/CD

Ansible Tower Release Notes

OpenStack Summit Austin

Contribute to CircuitPython with Git and GitHub

Provisioning MongoDB with Vagrant and Chef. Nathen Harvey Web Opera=ons, CustomInk

WUBRG: Web Application for Magic: The Gathering Card Game.

Choosing an orchestration tool: Ansible and Salt. Ken Wilson Opengear. Copyright 2017 Opengear, Inc. 1

EZLBot Documentation. Release 1.0. EZLBot

Just a T.A.D. (Traffic Analysis Drone)

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other

Web of Things architecture update

Transcription:

Terraform: Konfigurationsmanagement für Wolkendienste Martin Schütte 7 April 2016 SAGE @ GUUG Hamburg

TERRAFORM Build, Combine, and Launch Infrastructure

Concepts

From Servers by Rodzilla at Wikimedia Commons (CC-BY-SA-3.0) Martin Schütte Terraform GUUG HH 3/29

to Services Martin Schütte Terraform GUUG HH 4/29

Services also need Configuration Management Replace click paths with source code in VCS Lifecycle awareness, not just a setup.sh Reproducible environments Specification, documentation, policy enforcement Martin Schütte Terraform GUUG HH 5/29

Core Ideas in Terraform Simple model of resource entities with attributes Stateful lifecycle with CRUD operations Declarative configuration Dependencies by inference Parallel execution Martin Schütte Terraform GUUG HH 6/29

Core Concepts in Terraform Provider: a source of resources (usually with an API endpoint & authentication) Resource: every thing that has a set of configurable attributes and a lifecycle (create, read, update, delete) implies ID and state Provisioner: initialize a resource with local or remote scripts Martin Schütte Terraform GUUG HH 7/29

Core Concepts in Terraform Order: directed acyclic graph of all resources Plan: generate an execution plan for review before applying a configuration State: execution result is kept in state file (local or remote) Lightweight: little provider knowledge, no error handling Martin Schütte Terraform GUUG HH 8/29

Available services Providers: AWS Azure Google Cloud Heroku DNSMadeEasy OpenStack Docker Resources: aws_instance aws_vpc aws_elb aws_iam_user azure_instance heroku_app Provisioners: chef file local-exec remote-exec Martin Schütte Terraform GUUG HH 9/29

DSL Syntax Hashicorp Configuration Language (HCL), think JSON-like but human-friendly Variables Interpolation, e. g. number ${count.index + 1 Attribute access with resource_type.resource_name Few build-in functions, e. g. base64encode(string), format(format, args ) Martin Schütte Terraform GUUG HH 10/29

HCL vs. JSON # An AMI variable ami { description = custom AMI /* A multi line comment. */ resource aws_instance web { ami = ${var.ami count = 2 source_dest_check = false connection { user = root { variable : { ami : { description : custom AMI, resource : { aws_instance : { web : { ami : ${var.ami, count : 2, source_dest_check : false, connection : { user : root Martin Schütte Terraform GUUG HH 11/29

Example: Simple Webservice

Example: Simple Webservice (part 1) ### AWS Setup provider aws { access_key = ${var.aws_access_key secret_key = ${var.aws_secret_key region = ${var.aws_region # Queue resource aws_sqs_queue importqueue { name = ${var.app_name-${var.aws_region-importqueue # Storage resource aws_s3_bucket importdisk { bucket = ${var.app_name-${var.aws_region-importdisk acl = private Martin Schütte Terraform GUUG HH 12/29

Example: Simple Webservice (part 2) ### Heroku Setup provider heroku {... # Importer resource heroku_app importer { name = ${var.app_name-${var.aws_region-import region = eu config_vars { SQS_QUEUE_URL = ${aws_sqs_queue.importqueue.id S3_BUCKET = ${aws_s3_bucket.importdisk.id resource heroku_addon mongolab { app = ${heroku_app.importer.name plan = mongolab:sandbox Martin Schütte Terraform GUUG HH 13/29

terraform graph dot -Tpdf heroku_addon.mongolab heroku_app.importer aws_s3_bucket.importdisk aws_sqs_queue.importqueue provider.heroku provider.aws Martin Schütte Terraform GUUG HH 14/29

Terraform Process Modules get *.tf source override.tf terraform.tfvars plan plan apply state destroy Martin Schütte Terraform GUUG HH 15/29

Example: Add Provisioning # Importer resource heroku_app importer { name = ${var.app_name-${var.aws_region-import region = eu config_vars {... provisioner local-exec { command = <<EOT cd ~/projects/go-testserver && git remote add heroku ${heroku_app.importer.git_url && git push heroku master EOT Martin Schütte Terraform GUUG HH 16/29

Example: Add Outputs # Storage resource aws_s3_bucket importdisk {... # Importer resource heroku_app importer {... # Outputs output importer_bucket_arn { value = ${aws_s3_bucket.importdisk.arn output importer_url { value = ${heroku_app.importer.web_url output importer_gitrepo { value = ${heroku_app.importer.git_url Martin Schütte Terraform GUUG HH 17/29

Modules

Modules Plain terraform code lacks structure and reusability Modules are subdirectories with self-contained terraform code may be sourced from Git, Mercurial, HTTPS locations use variables and outputs to pass data Martin Schütte Terraform GUUG HH 18/29

Module Example Every Terraform directory may be used as a module. Here I use the previous webservice example. Martin Schütte Terraform GUUG HH 19/29

Using a Module Example (part 1) module importer_west { source =../simple aws_region = eu-west-1 app_name = ${var.app_name aws_access_key = ${var.aws_access_key aws_secret_key = ${var.aws_secret_key heroku_login_email = ${var.heroku_login_email heroku_login_api_key = ${var.heroku_login_api_key module importer_central { source =../simple aws_region = eu-central-1 #... Martin Schütte Terraform GUUG HH 20/29

Using a Module Example (part 2) # Main App, using modules resource heroku_app main { name = ${var.app_name-main region = eu config_vars { IMPORTER_URL_LIST = <<EOT [ ${module.importer_west.importer_url, ${module.importer_central.importer_url ] EOT output main_url { value = ${heroku_app.main.web_url Martin Schütte Terraform GUUG HH 21/29

Plugins

How to Write Own Plugins Learn you some Golang Use the schema helper lib Adapt to model of Provider (setup steps, authentication) and Resources (arguments/attributes and CRUD methods) Martin Schütte Terraform GUUG HH 22/29

Plugin Example Simple Plugin: MySQL Implements provider mysql with resource mysql_database. Code at builtin/providers/mysql Martin Schütte Terraform GUUG HH 23/29

Usage

Issues Under active development, current version 0.6.14 (March 21) Still a few bugs, e. g. losing state info Modules are very simple Lacking syntactic sugar (e. g. aggregations, common repetitions) General problems for this kind of tool Testing is inherently difficult Provider coverage Resource model mismatch, e. g. with Heroku apps Ignorant of API rate limits, account ressource limits, etc. Martin Schütte Terraform GUUG HH 24/29

Comparable Tools Tools: AWS CloudFormation (with Generator-Tools) OpenStack Heat Configuration Management: SaltStack Salt Cloud Ansible v2.0 includes cloud modules Libraries: fog, Ruby cloud abstraction library boto, Python AWS library Martin Schütte Terraform GUUG HH 25/29

Workflow Use a VCS, i. e. git Use PGP to encrypt sensitive data, e. g. with Blackbox Use separate user credentials, know how to revoke them Take a look at Hashicorp Atlas and its workflow Martin Schütte Terraform GUUG HH 26/29

Hashicorp Workflow image by Hashicorp Atlas: Artifact Pipeline and Image Deploys with Packer and Terraform Martin Schütte Terraform GUUG HH 27/29

Links and Resources Defining system infrastructure as code and building it with tools doesn t make the quality any better. At worst, it can complicate things. Infrastructure as Code by Kief Morris Terraform hashicorp/terraform StackExchange/blackbox Terraforming Export existing AWS resources Terraform: Beyond the Basics with AWS Terraform, VPC, and why you want a tfstate file per env Martin Schütte Terraform GUUG HH 28/29

The End Thank You! Questions? Martin Schütte info@martin-schuette.de http://slideshare.net/mschuett/ Martin Schütte Terraform GUUG HH 29/29

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback