Introduction to Terraform
Your applications are code.
The configurations of your servers are now code.
So the next logical step is to have the creation of the machine resources for your application run as code too!
"Terraform provides a common configuration to launch and manage infrastructure. ... Simple file based configuration gives you a single view of your entire infrastructure." Terraform is open source and watched over by creator Mitchell Hashimoto and the team at Hashicorp.
Official Intro to Terraform
Paper plates vs fine china
Think of the analogy of Paper plates vs fine china. The china is *nice*.
Alas the china is also an expensive alternative to the equally functional paper plate.
Your work wants you to be functional, not luxurious. To be functional you need to be fast and efficient. So deploy your app on to the commodity compute resource that is akin to a paper plate. And make your requests for paper plates efficient and repeatable with code!
Infrastructure as Code
This genre of tool goes by the name "Infrastructure as Code". A good tool in this space will have support for all aspects of your provider. We are not just able to request compute resources, but also requesting storage and networking configurations with code!
Aside from Terraform, there are other tools in this space you can research too.
- Scalr
- SparkleFormation
- AWS CloudFormation
- OpenStack Heat Templates
- Azure Resource Manager (ARM) templates
Terraform Providers
The reason I prefer Terraform over some of the alternatives above is because of the thorough support for the leading providers of API based resources - AKA Providers.
- AWS
- And all the resouces in AWS like S3, EC2, IAM roles, Route 53, etc...
- Azure
- VMWare vCloud or vSphere
- GitHub
- New Relic
- DataDog
- PagerDuty
- PostgreSQL
- Docker
- many others
Managing State in Terraform
As much fun as using Terraform is, it has one hard aspect to manage. That is the idea of State.
In order for Terraform to keep track of all the things it is managing it uses state files. On every run after the first, Terraform compares the state files to what is in the Terraform code to determine what has changed and needs to added, modified or deleted from the provider that is being managed.
This becomes a problem as soon as more than one person wants to run the Terraform code. How does user John get the state from when user Jane last ran Terraform? This used to be a difficult prospect that many people would role their own solutions for. But sharing state using "backends" has been added as a first class citizen in Terraform since version 0.7 was released. The following list are some of the supported backends for shared state management.
Extra Reading
Here are some articles from people who have put Terraform through the paces more than I have
- Two Weeks with Terraform by Charity Majors
- Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
- Terraforming workloads with Docker and Digital Ocean by Long Nguyen
Workout
We are going to complete the following actions
- Terraform is already installed on our VM. So we are all ready to dive in.
- Go in to the
/vagrant/terraform/tutum
directory on the VM. - Run the command
terraform
to verify Terraform is ready to use. - Review the
tutum-hello-world.tf
file that already exists. - What Provider is it using? What resources are being created?
- The first thing we need to do with Terraform is init the project to make sure Terraform has required providers. So run
terraform init
- Check what will happen if Terraform ran this file with the
terraform plan
command. - Now that we know what Terraform will do have Terraform do it by running the
terraform apply
command. - The container will be up and serving out a Hello World page now on localhost:8088.
- Running Docker containers is often about quantity. So let's now run five of the
hello-world
container instead of three. Change thetutum-hello-world.tf
file to spin up five instances of our container. - Verify what is going to change by running
terraform plan
again. - We can make the change happen with
terraform apply
and verify it is running with theterraform show
command. - Take note of the
terraform.tfstate
file now in your working directory. This is how Terraform knows the difference between runningterraform
commands. - Let's put our Terraform state in to a shared location in Artifactory.
- Go to the Artifactory repository admin section and on the top right click New, to create a Generic repo with the Repository Key of
terraform-state
- Create a new file
main.tf
with your prefered code editor. - Add the following lines of code to the
main.tf
file. Changing the password to match your Artifactory admin user's password.terraform { backend "artifactory" { username = "admin" # never actually put passwords in code, but that's beyond our scope today password = "password" url = "http://localhost:8081/artifactory" repo = "terraform-state" subpath = "tutum-demo" } }
- Now we need to run
terraform init
again. You will be prompted to upload your state to Artifactory, typeyes
when prompted. - Done! Even before we
plan
orapply
Terraform has uploaded our current state. Go check it out in Artifactory. - We are done with this generic container. Time to destroy everything. Again, verify the work to be done with
terraform plan -destory
. And then turn off all the containers with theterraform destroy
command.