Clever Geek Handbook

Description of infrastructure in Terraform for the future. Anton Babenko (2018)



Many people know and use Terraform in their daily work, but there are still no best practices for it. Each team has to invent its own approaches and methods.



Your infrastructure almost certainly starts out simple: a few resources + a few developers. Over time, it grows in all sorts of directions. Do you find ways to group assets into Terraform modules, organize your code into folders, and what could possibly go wrong here? (famous last words)



Time passes and you feel like your infrastructure is your new pet, but why? You are worried about unexplained changes in the infrastructure, you are afraid to touch the infrastructure and the code - as a result, you delay new functionality or reduce the quality ...



After three years of managing a collection of Terraform community modules for AWS on Github and long-term maintenance of Terraform in production, Anton Babenko is ready to share his experience: how to write TF modules so that it doesn't hurt in the future.



Terraform, , Terraform, , .



:





Disclaimer: 2018 — 2 . Terraform 0.11 . 2 2 , , . .





:





. - , . , -, .



Terraform open source , Terraform Amazon 2015- .



, . .



Terraform. HighLoad. .



Terraform-. , . pre-commit hook . .



. , , , Terraform- . , - . . , , «» .



. .



, . .





https://github.com/terraform-aws-modules

https://registry.terraform.io/namespaces/terraform-aws-modules



, Terraform AWS modules, GitHub, : VPC, Autoscaling, RDS.





, , - . , , Terraform, - . . . , , - .





Terraform 2014- , , . « ».



, , terraform.io. , . , .





Terraform- , - .





«aws_region».





, .





- , «terraform init» , , .





«terraform apply» , , . . . , Terraform .





. bucket, seasnail.





. , Amazon, AWS CloudFormation Google Cloud Deployment Manager, Azure Resource Manager. - public cloud . Terraform , 100 . ( )





, Terraform :



  • Terraform .
  • .
  • Terraform , .


2014- «» .





Terraform . API, :



  • 120 , .
  • , Terraform GitHub .
  • Jira .
  • New Relic-.
  • dropbox , .


Terraform-, API, Go.





, Terraform, - , - , main.tf, .





, , VPC.



VPC, 12 . , cidr_block IP- . .





, .





: , , , Terraform , GitHub- . . DNS-, . Terraform .





.





internet_gateway, , VPC . .





main.tf:





main.tf.





main.tf.



subnet. , NAT gateways, routes, routing tables subnets, 38 , 200-300 .





. . main.tf . . main.tf 10-20 Kb. , 10-20 Kb – . . . 10-20 Kb – user case, . , .



, . . , , , , . Terraform .





  • .
  • .




- . , . . 10-20 Kb – , , , network stack, . . . Application Load Balancer, deployment ES cluster, Kubernetes . ., 100 Kb. , , Terraform Terraform-.





Terraform- – Terraform-, . , Terraform-. , - -. . . . - Terraform-, . .





, 10-20-30 Kb . , - .



, , . , , , . , open source , , building blocks .





.





, .





.





. . , , .





, , . . , , .





, . security-group. 640- . security-croup Amazon – . security-group , . . Amazon . , VPC endpoint, prefix list, API , Terraform . Amazon API . , .





, .





, , , . , Terraform - , . , Terraform . . 0.11, - . , jsonnet, cookiecutter , .



.





.





, .





, .





VPC Application Load Balancer, security-group Elastic Container Service .





. , , , .



Terraform , , , . , , . -, .





, . , .





Terraform Registry — https://registry.terraform.io/



№ 0 – . . , open source, -, IP-, . . flexible. , , . Amazon . 650. .





- : « . , ». Amazon, Terraform. : « MSSQL». . . , , , time-.





, : MSSQL, , Terraform 0.11 time- .





. , . . , public open source, , , .





, , Terraform - . , Terraform- . , - . .



, Terraform . , , Terraform , , . . 100 200 , 100 200 , . , , , «Terraform init» .





https://github.com/mbtproject/mbt



. , . , (./). , - , Git clone . .



, , downsides. , versioning. .



. - pipeline, MBT, S3. . iam-user-1.0.0.zip 1 Kb, . .





, .





? – assume user. Assume user – , . , . , Terraform . .





, Amazon , , , shared key, , Terraform . , , . . . . , . - .





provisioner. , , , , .





, provisioner , , -. , -, , aws ec2, . . Linux Windows. , -, user cases.





, , , aws_instance, , , provisioner «local-exec» ansible-playbook.





– , . , local-exec , , launch_configuration.





launch_configuration, instance autoscaling group, launch_configuration «provisioner». «user data».





user data. instance, instance , user data, autoscaling group launch_configuration.





- provisioner, , provisioner, . .



null_resource. Null_resource – , . , API, autoscaling. , . .





http://bit.ly/common-traits-in-terraform-modules



. . . Terraform , , , open source, - . , . GitHub, . , , . , , , . .



-, , .



:



  • .
  • .
  • .
  • .
  • .


– , . .





, , . . , , , , . . - . , - , provisioner .



. : «- . ». .





, .



, . , 20 . . , , . , - , - . , - , . . . , , , , . .





. – . -. best practice Terraform.



deprecated . Terraform- , best practice, . . , . , «Terraform plan» Terraform , .



– , , 5 . - . , 15 . 15 AWS API , , . .



, , , - , 15 , - . , «Yes», - . . Terraform . . . , . – . Terraform 0.11 . 0.12 , : «, , ?».





, . . .



, , . . , . - . . : « , ». , .





? , , , . . - .



, ? -. .





– - . , , , . , , , .





- stack VPC EC2, . . autoscaling group, subnet, . - : ?



, . Terraform , , make- Terraform. , - , .





? - , ? , .





, . Terraform , Terraform.



: «, ». , . , Terraform Terraform, Terraform, . Terraform .





https://github.com/gruntwork-io/terragrunt/



, - , Terragrunt.



Terragrunt – , Terraform, .





Terraform- .





, .





.





. , Terragrunt.



, 1 700 GitHub . , . , Terraform.





, – Terragrunt. .





, .



. , .





- , , , Terraform , AWS- , , , .





, block.





output id , .





Terraform 0.11 – .





, users.





users, block resource, . , . . , , user3, , , , , , .





stateful-. stateful-? , . , AWS Access Key AWS Secret Key, . . user’, Access Secret Key. , - user’, user’ . , user , user’ , - .





. , Jsonnet. Jsonnet – Google.





json-, .





.



Terraform HCL, Json , Json, Terraform. .tf.json .





: terraform init, terramorm apply. user’.



, - . json-. , . .





Terraform , , Terraform. Terraform . , – Terraform. . Ansible, , .



, Terraform - , - .



. output, .





shell terraform output , . . .





. null_resource . local-exe, ID - .





, , Amazon public- edge cases.



edge cases , , AWS-, , ; ; , 2013- ; , VPC . . . Amazon .





, .



Terraform plan Terraform CLI. tfvars-, .



. Terraform plan – var . – var, – var, , . , , , , , , , . , . tfvars, , .



target . .



parallelism. 150 parallelism Amazon 10, , 100, , , - . , , Amazon , , .



Terraform , . Parallelism=1 – , , - AWS API Terraform-. : parallelism=1 , Terraform , , . .



: « , Terraform workspaces – ?». , , , .



Workspaces . , GitHub issues, Terraform workspaces. , . Terraform Enterprise – . Terraform HashiCorp , workspaces, . , . , .





? , – . Terraform . , . , .





« ». . – , 0.12.





0.12 – . , , , , , . , 0.12 .





! , , , , 0.12 .





! . ? ? ?



, . – . , . , : « », : « ?». , . , . . . . , . . . , .



, . . , . . . , , .



Terratest – , Terraform. . DSL, , rspec.



, ! . . , , provisioning, deployment. Provisioning , deployment - , , , . . , Terraform provisioning, Ansible deployment, Ansible nginx, Postgres. Ansible provisioning, , . Terraform - . , - , Terraform Ansible, ? , , , Ansible – , Terraform ?



, . , Terraform 2014- . . - configuration management Ansible. , user data launch_configuration. Ansible . . , .



in beautiful infrastructure, Packer, . Terraform data source launch_configuration. . . pipeline , Tracker, Terraform. build, .



! ! , RBS. Ansible provisioner . Ansible , . Terraform, Ansible, state . ?



. , Ansible – , autoscaling group. autoscaling group , launch_configuration. launch_configuration , , . Amazon Terraform ts , -, . , «autoscaling group», , DigitalOcean - , autoscaling group, API, IP-, dynamic inventory , Ansible . . . Amazon launch_configuration, dynamic inventory.



More articles:


All Articles