You're reading from Modern DevOps Practices

Product typeBook

Published inSep 2021

PublisherPackt

ISBN-139781800562387

Edition1st Edition

Tools

Docker Kubernetes

Concepts

Continuous Delivery

Author (1)

Gaurav Agarwal

Chapter 6: Infrastructure as Code (IaC) with Terraform

Cloud computing is one of the primary factors of DevOps' enablement today. The initial apprehensions that there were about the cloud are a thing of the past. With an army of security and compliance experts manning cloud platforms 24x7, organizations are now trusting the public cloud like never before. Along with cloud computing, another buzzword is taking the industry by storm – Infrastructure as Code (IaC). This chapter will focus on IaC with Terraform, and by the end of this chapter, you will understand the concept and have enough hands-on experience with Terraform to get you started in your journey.

In this chapter, we're going to cover the following main topics:

Introduction to IaC
Setting up Terraform and Azure providers
Understanding Terraform workflows and creating your first resource using Terraform
Terraform state and backends
Terraform workspaces
Terraform outputs, state...

Technical requirements

For this chapter, you can use any machine to run Terraform. Terraform supports a large number of platforms, including Windows, Linux, macOS, and others.

You will need an active Azure subscription to follow the exercises. Currently, Azure is offering a free trial for 30 days with $200 worth of free credits; you can sign up at https://azure.microsoft.com/en-in/free.

You will also need to clone the following GitHub repository for some of the exercises:

https://github.com/PacktPublishing/Modern-DevOps-Practices

Run the following command to clone the repository into your home directory, and cd into the ch6 directory to access the required resources:

$ git clone https://github.com/PacktPublishing/Modern-DevOps-\
Practices.git modern-devops
$ cd modern-devops/ch6

So, let's get started!

Introduction to IaC

IaC is the concept of using code to define infrastructure. While most people can visualize infrastructure as tangible, virtual infrastructure is already commonplace and has existed for around two decades. Cloud providers provide a web-based console through which you can manage your infrastructure intuitively. But the process is not repeatable or recorded.

If you spin up a set of infrastructure components using the console in one environment and want to replicate it in another, it is a duplication of effort. To solve this problem, cloud platforms provide APIs to manipulate resources within the cloud and some command-line tools that can help trigger the APIs. You can then start writing scripts using commands to create the infrastructure and parameterize them to use the same scripts in another environment. Well, that kind of solves the problem, right?

Not really! Writing scripts is an imperative way of managing infrastructure. Though you can still call it IaC...

Terraform providers

Terraform has a decentralized architecture. While the Terraform CLI contains Terraform's core functionality and provides all functionalities not related to any specific cloud provider, Terraform providers provide the interface between the Terraform CLI and the cloud providers themselves. This decentralized approach has allowed public cloud vendors to offer their Terraform providers so that their customers can use Terraform to manage infrastructure in their cloud. Such is Terraform's popularity that it has now become an essential requirement for every public cloud provider to offer a Terraform provider.

We will be interacting with Azure for this chapter's entirety; therefore, we will use the Azure Terraform provider for our activity.

To access the resources for this section, cd into the following:

$ cd ~/modern-devops/ch6/terraform-exercise/

Before we go ahead and configure the provider, we need to understand how Terraform needs to authenticate...

Terraform variables

To declare variables, we will need to create a vars.tf file with the following data:

variable "subscription_id" {
  type        = string
  description = "The azure subscription id"
}
variable "client_id" {
  type        = string
  description = "The azure service principal appId"
}
variable "client_secret" {
  type        = string
  description = "The azure service principal password"
  sensitive   = true
}
variable "tenant_id" {
  type        = string
  description = "The azure tenant id"
}

So, we've defined four variables here using variable blocks. Variable blocks typically have a type and a description. The type attribute...

Terraform workflow

The Terraform workflow typically consists of the following:

init – Initializes the Terraform workspace and backend (more on them later) and downloads all required providers. You can run the init command multiple times during your build as it does not make changes to your workspace or state.
plan – Runs a speculative plan on the requested resources. This command typically connects with the cloud provider, then checks whether the objects managed by Terraform exist within the cloud provider and whether they have the same configuration as defined in the Terraform template. It then shows the delta in the planned output that an admin can review and change the configuration if they are not satisfied. If they are satisfied, they can apply the plan to commit the changes to the cloud platform. The plan command does not make any changes to the current infrastructure.
apply – This applies the delta configuration to the cloud platform. When...

terraform state

Terraform uses a state file to track what it has deployed and what resources it is managing. The state file is essential as it contains a record of all the infrastructure Terraform is maintaining, and if you lose it, Terraform will lose track of what it has done so far and start treating resources as if they are new and need to be created again. Therefore, you should protect your state as you would protect code.

Terraform stores state in backends. By default, Terraform stores the state file as a file called terraform.tfstate within the workspace directory, which is called the local backend. However, that is not one of the best ways of managing the state. There are several reasons why you should not store state in a local system:

Multiple admins cannot work on the same infrastructure if the state file is stored within someone's local directory.
Local workstations are not backed up, and therefore even if you have a single admin doing the job, the risk...

Terraform workspaces

Software development requires multiple environments. You develop software within your workspace, deploy it into the development environment, unit test it, and then promote the tested code to a test environment. Your QA team will test the code extensively in the test environment, and once all test cases pass, you can promote your code to production.

Well, that means you need to maintain a similar infrastructure in all environments. With an IaC tool such as Terraform, infrastructure is represented as code, and we have to manage our code to fit multiple environments. But Terraform is not just code, it also contains state files, and we have to maintain state files for every environment.

Let's suppose you need to create three resource groups, terraform-exercise-dev, terraform-exercise-test, and terraform-exercise-prod. Each resource group will contain a similar set of infrastructure with similar properties. For example, let's say each resource group...

Terraform output, state, console, and graphs

While we understand that Terraform uses state files to manage resources, let's look at some advanced commands that will help us appreciate and make more sense of the Terraform state concept.

To access the resources for this section, cd into the following:

$ cd ~/modern-devops/ch6/terraform-workspaces/

Now, let's go ahead and look at our first command – terraform output.

terraform output

So far, we've looked at variables, but we haven't yet discussed outputs. Terraform outputs are return values of a Terraform configuration that allow users to export configuration to users or any modules that might use the current module. We won't be creating modules in this book, however, to learn more about it, refer the official documentation at https://learn.hashicorp.com/tutorials/terraform/module.

For now, let's go with the last example and add an output variable that exports the private IP of the...

Summary

In this chapter, we've discussed Terraform's core and understood some of the most common commands and functionalities from a hands-on perspective. We started with understanding IaC, introduced Terraform as an IaC tool, installed Terraform, understood Terraform providers, and used the Azure Terraform provider to manage infrastructure in Azure.

We then looked at Terraform variables and multiple ways of supplying values to the variables. We discussed the core Terraform workflow, where we talked about several commands that you would use to manage infrastructure using Terraform. We then looked at Terraform state as an essential component that helps Terraform keep track of the infrastructure it is managing.

We looked at local and remote state storage and used Azure Blob Storage as the remote state backend. We then discussed Terraform workspaces and how they enable us to use the same Terraform configuration to build multiple environments with hands-on exercises.

...

Questions

Why should we constrain the provider version?
You should always use the fmt and validate functions before a Terraform plan – True/False?
What does the Terraform plan command do? (Multiple answers are possible.)
A. Refreshes the current state with the existing infrastructure state
B. Gets the delta between the current configuration and the expected configuration
C. Applies the configuration to the cloud
D. Destroys the configuration in the cloud
What does the terraform apply command do? (Multiple answers are possible.)
A. Refreshes the current state with the existing infrastructure
B. Gets the delta between the current configuration and the expected configuration
C. Applies the configuration to the cloud
D. Destroys the configuration in the cloud
Why should you never store state files in source control? (Multiple answers are possible.)
A. State files are plaintext, and therefore you expose sensitive information to unprivileged users.
B. Source control does...

Answers

Because Terraform providers are released separately to the Terraform CLI, different versions might break the existing configuration
True
A, B
A, B, C
A, B
A, B, C, E, F
The taint command
terraform.tfstate.d
terraform state rm <resource>
terraform import <resource> <id>

The rest of the chapter is locked

You have been reading a chapter from

Modern DevOps Practices

Published in: Sep 2021Publisher: PacktISBN-13: 9781800562387

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Gaurav Agarwal

Gaurav Agarwal is a Senior Cloud Engineer at ThoughtSpot with over a decade of experience as a seasoned Cloud and DevOps Engineer. Previously, Gaurav served as a Cloud Solutions Architect at Capgemini and Software Developer at TCS. With a distinguished list of certifications, including HashiCorp Certified Terraform Associate, Google Cloud Certified Professional Cloud Architect, Certified Kubernetes Administrator, and Security Specialist, he possesses an impressive technical profile. Gaurav's extensive background encompasses roles where he played pivotal roles in infrastructure setup, cloud management, and the implementation of CI/CD pipelines. His technical prowess extends to numerous technical blog posts and a published book, underscoring his commitment to advancing the field.
Read more about Gaurav Agarwal

Other recommended products

Related to this chapter

kubectl: Command-Line Kubernetes in a Nutshell

Kubernetes is a de facto container orchestration system. To manage Kubernetes, you must understand how to work with kubectl, its command-line tool that lets you interact with your clusters to deploy applications and manage their lifecycle. This book is a comprehensive introduction for those who are new to Kubernetes management via the command line.

BookNov 2020136 pages

HashiCorp Infrastructure Automation Certification Guide

Terraform has recently gained in popularity, becoming one of the most widely adopted tools for infrastructure automation. If you're interested in a career in DevOps, this book will be your reference guide to gaining hands-on experience with Terraform from scratch.

BookJul 2021350 pages

Amazon Fargate Quick Start Guide

AWS Fargate allows you to run containers without having to manage servers or clusters. It lets you focus on designing and building your applications without managing the infrastructure. The book will explain what Fargate is and the benefits of using Fargate launch type. It will teach you about using Fargate with a load balancer, an ECS CLI, and CloudWatch logs.

BookJul 2018190 pages

Terraform Cookbook

HashiCorp’s Terraform is a powerful, open source tool that enables you to provision infrastructure by using code. With the help of easy-to-follow recipes, the Terraform Cookbook shows you how to solve problems that you may commonly face when working with Terraform. You’ll learn to use Terraform v0.13 to manage complex infrastructure with ease.

BookOct 2020366 pages

Building Distributed Applications in Gin

Gin is a high-performance HTTP web framework used to build web applications and microservices in Go. This book will teach you how to design lightweight and fast RESTful APIs from scratch and manage scaling, data storage and caching, and authentication alongside deployment on AWS with Kubernetes.

BookJul 2021482 pages

Docker Orchestration

BookJan 2017284 pages

Kubernetes - A Complete DevOps Cookbook

Kubernetes is one of the most popular, sophisticated, and fast-evolving container orchestrators. In this book, you’ll learn the essentials and find out about the advanced administration and orchestration techniques in Kubernetes. Readers will also learn to manage containers using the latest version of Kubernetes with a recipe-based approach.

BookMar 2020584 pages

Kubernetes in Production Best Practices

Kubernetes is a portable, extensible, and open source platform used for orchestrating and managing workloads and services. This book provides detailed coverage of cloud industry standards and best practices and serves as a reference guide for building and operating production-ready Kubernetes infrastructure.

BookMar 2021292 pages

Serverless Architectures with Kubernetes

With this book, you’ll get familiar with the Kubernetes serverless frameworks and develop the skill to create serverless applications. You’ll build out example applications and tackle intellectually stimulating programming challenges that will help prepare you for technical screenings and large, complex engineering problems.

BookNov 2019474 pages

Kubernetes Cookbook

Kubernetes is one of the most popular, sophisticated, and fast-evolving container orchestrators. In this book, you’ll learn the essentials and find out about the advanced administration in Kubernetes. We’ll take you through a step-by-step hands-on approach, which will familiarize you with the Kubernetes ecosystem.

BookMay 2018554 pages

The Docker Workshop

With the help of top-notch examples and activities, this workshop helps you to get practical with Docker containers. You’ll learn its usage, advantages, and best practices to make the software deployment process smoother.

BookOct 2020792 pages5

The Docker Workshop

With the help of top-notch examples and activities, this workshop helps you to get practical with Docker containers. You’ll learn its usage, advantages, and best practices to make the software deployment process smoother.

BookOct 2020792 pages5

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2