Shashikant shah

Saturday, 25 February 2023

What is a terraform .

 What is a terraform ?



1.terraform is an open-source software tools created by HashiCorp in 2014.

2.Tool used to build, manage and version infrastructure as code.

2.uses HCL to declare desired state.

2.It is developed by Mitchell Hashimoto developer.

3.Terraform is written in GO language.

4.It supports declarative configuration language know as HashiCorp configuration language (HCL).

With the help of terraform we can codify our infrastructure

Infrastructure means our component like EC2, RT, IGW, LB, Autoscaling etc.



Install terraform.

# mkdir /opt/terraform

# yum install wget zip

# wget https://releases.hashicorp.com/terraform/0.14.5/terraform_0.14.5_linux_amd64.zip

# unzip terraform_0.14.5_linux_amd64.zip

# mv terraform /usr/bin

# terraform -v

Terraform v0.14.5


Create user in IAM AWS.

1.User name :- terraform à select programmatic access

2.select à attach existing policies directly à AdministratorAccess.



Next à create user.


Download key.

# aws configure

# AWS Access Key ID [None]: AKIAWOZL57VN52ILHW22

# AWS Secret Access Key [None]: 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

# Default region name [None]: ap-south-1

# Default output format [None]:


# terraform help

Usage: terraform [global options] <subcommand> [args]

Main commands:

  init               Prepare your working directory for other commands.

  validate      Check whether the configuration is valid.

  plan             Show changes required by the current configuration.

  apply           Create or update infrastructure.

  destroy       Destroy previously-created infrastructure.

 

All other commands:

  console       Try Terraform expressions at an interactive command prompt.

  fmt           Reformat your configuration in the standard style.

  force-unlock  Release a stuck lock on the current workspace.

  get           Install or upgrade remote Terraform modules.

  graph         Generate a Graphviz graph of the steps in an operation.

  import        Associate existing infrastructure with a Terraform resource.

  login         Obtain and save credentials for a remote host.

  logout        Remove locally-stored credentials for a remote host.

  output        Show output values from your root module.

  providers     Show the providers required for this configuration.

  refresh       Update the state to match remote systems.

  show          Show the current state or a saved plan.

  state         Advanced state management.

  taint         Mark a resource instance as not fully functional.

  untaint       Remove the 'tainted' state from a resource instance.

  version       Show the current Terraform version.

  workspace     Workspace management.

 

Global options (use these before the subcommand, if any):

  -chdir=DIR    Switch to a different working directory before executing the

                given subcommand.

  -help         Show this help output, or the help for a specified subcommand.

  -version      An alias for the "version" subcommand.

 

terraform apply   

applies state

terraform destroy

destroys all terraform managed state (use with caution)

terraform fmt

Rewrite terraform configuration files to a canonical format and style

terraform get

Download and update modules

terraform graph

Create a visual representation of a configuration or execution plan

terraform [options] ADDRESS ID

Import will try and find the infrastructure resource identified with ID and import the state into terraform.tfstate with resource id ADDRESS

terraform output [options] [NAME]

Output any of your resources. Using NAME will output a specific resource

terraform plan

terraform plan, show the changes to be made to the infrastructure

terraform push

Push changes to Atlas, enterprise tool that can automatically run terraform from a centralized server

terraform refresh

Refresh the remote state. Can identify differences between state file and remote state

terraform remote

Configure remote state storage

terraform show

Show human readable output from a state or a plan

terraform state

Use this command for advanced state management e.g. Rename a resource with terraform state mv aws_instance.example aws_instance.production

terraform taint

Manually mark a resource as tainted, meaning it will be destructed and recreated

at the next apply.

terraform validate

validate your terraform syntax

terraform untaint

Undo a taint


Comments  line in terraform :-

/*

Line1

Line2

*/

#mkdir terraform

# cat main.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region = "ap-south-1"

}

resource "aws_instance" "base" {

 ami = "ami-04b1ddd35fd71475a"

 instance_type = "t2.micro"

}


1.Install plugin like aws.

# terraform init


# ls -la


2.Dry mode command use for check changes and which resources will creating.

# terraform plan

# terraform plan -help

Plan: 1 to add, 0 to change, 0 to destroy.












3. apply command use for create resources then automatic create one more terraform.tfstate.

# terraform apply

# terraform apply -help

# terraform apply -target=aws_instance.base (single resource target) 

All instance details save in terraform.tfstate file.

# cat terraform.tfstate

"monitoring": false,

            "network_interface": [],

            "outpost_arn": "",

            "password_data": "",

            "placement_group": "",

            "primary_network_interface_id": "eni-0472b8f7436e30719",

            "private_dns": "ip-172-31-39-218.ap-south-1.compute.internal",

            "private_ip": "172.31.39.218",

            "public_dns": "ec2-15-206-172-204.ap-south-1.compute.amazonaws.com",

            "public_ip": "15.206.172.204",


4. destroy command for delete resources and read state file like terraform.tfstate.

# terraform destroy

# terraform destroy -help

# terraform destroy -target=aws_instance.base  (Destroying Specific Resource)

OR

/*

s3 resource name

*/

# terraform destroy (s3 bucket delete)

i)terraform.tfstate

ii) terraform.tfstate.backup

5.validate command for check syntax in template.

# terraform  validate

6.fmt command use for arrange format.

# terraform  fmt main.tf

# terraform fmt -help


# terraform  fmt main.tf


7.providers command use for show providers plugin used.

# terraform providers

Providers required by configuration:

.

└── provider[registry.terraform.io/hashicorp/aws]

8.show command use for essay to read files.

# terraform show

# terraform show terraform.tfstate.backup


Set the environment

All template create in Defaut

Create a terraform.tfstate.d

1.list command.

# terraform  workspace list

* default

2.create a env.

How to create environments DEV, UAT, PROD.

# terraform   workspace  new  dev

# terraform   workspace  new  uat

# terraform   workspace  new  prod

# terraform workspace list


3.show command for currently which workspace are work.

# terraform workspace show


4.select command for change workspace.

# terraform workspace select dev


5.created one directory terraform.tfstate.d and three directory dev,prod,uat in  terraform.tfstate.d.

# tree terraform.tfstate.d

6. running main.tf and all state file save in dev directory.

# terraform apply

Do you want to perform these actions in workspace "dev"?

# ls -l terraform.tfstate.d/dev/


7.taint, untaint command use for particular resource recreate/changes/any correction. 


# terraform taint aws_instance.base

# terraform untaint aws_instance.base

Show to taint status

# terraform show


# terraform plan


Note :- instance rename then apply command.

apply ke badh taint remove ho jata hai.

Delete hoga fir se create karega.

# terraform apply

1.Terraform State File

1.terraform stores the state of the infrastructure that is being created from the TF files.

2.This state allow terraform to map real world resource to your existing configuration.

if manual change a ec2 instance through aws portal.

# terraform plan (one change show hoga.)

# terraform apply  {fir se t2.micro set kar dega.}


2.What is Desired state and Current state.

i)desired state à Main.tf   (what resource are launch)

ii)current state à terraform.tfstate (what resource are running in aws )

Plan command matching files

desired state == current state

refresh command use for fetch current status from aws portal and update in terraform.tfstate file.

Note :- ec2-instance stop manual and how to terraform fetch status from aws. 

To refresh the current state

# terraform refresh

# vim /terraform.tfstate.d/dev/terraform.tfstate

# terraform show


3.terrafrom provider versioning.



#example :-



4.Types of terraform providers.

i) hashiCorp Distributed :- init command use install plugin automatic.

ii) 3rd Party :- manual download plugin and install.



5.Attributes and Output Values:-

i)Many attributes for ec2-instance and other resources.

# terraform apply 


ii) aws_instance.my_machine (show all attributes) 

# terraform apply


6.Referening Cross-account resource attributes.

Example 1:-  EIP and EC2 instance.


2.Example :-

Create a security group and add Elastic IP(other security group)


7.Terraform Variables :-

Repeated static value can create more work in the future.

Create one vpc and security group and set IP variables in security group.

1.create variable file.

# vim variables.tf


2.create main.tf file


Approaches to variable Assignment.


1.Defaults variable.

# cat variables.tf

variable " instancetype" {

  default = "t2.micro"

}

# terraform plan

2.command line Flags.

# terraform plan -var="instancetype=t2.small"

# terraform plan

Note :-  Not define default variable then ask to variable name.

# cat variables.tf

variable "instancetype" {}

# terraform plan


3.From a File (first variable read to terraform.tfvars file after that default variable read).

Example - 01

# cat variables.tf

variable " instancetype" {

  default = "t2.micro"

}

# vim terraform.tfvars

instancetype="t2.large"

# terraform plan


Example – 02

# vim  custom.tfvars

instancetype="t2.large"

# terraform plan -var-file=custom.tfvars


4. Environment variable.

# export TF_VAR_instancetype="t2.nano"

 

Data type of variables :-



# cat main.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

resource "aws_elb" "test_lb" {

  name              = var.elb_name

  availability_zones = var.az

  listener {

    instance_port     = 8000

    instance_protocol = "http"

    lb_port           = 80

    lb_protocol       = "http"

  }

  health_check {

    healthy_threshold   = 2

    unhealthy_threshold = 2

    timeout             = 3

    target              = "HTTP:8000/"

    interval            = 30

  }

  cross_zone_load_balancing   = true

  idle_timeout                = 400

  connection_draining         = true

  connection_draining_timeout = 400

  tags = {

    Name = "test_terraform_elb"

  }

}

#cat vaiables.tf

variable "elb_name" {

  type = string

}

variable "az" {

  type = list

}

variable "timeout" {

  type = number

}

# cat terraform.tfvars

elb_name = "myelb"

timeout  = "400"

az       = ["us-west-1a", "us-west-1b"]

# terraform  plan


Fetching data from Maps and List in Variable.

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

resource "aws_instance" "myec2" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = var.types["ap-south-1"]

 

  tags = {

    Name = "dev server1"

  }

}

variable "types" {

  type = map

  default = {

    us-east-1  = "t2.micro"

    us-west-2  = "t2.nano"

    ap-south-1 = "t2.small"

  }

}

# terraform validate

# terraform plan

List use

# cat main.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

resource "aws_instance" "myec2" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = var.list["0"]

 

  tags = {

    Name = "dev server1"

  }

}

variable "list" {

  type    = list

  default = ["m5.large", "m5.xlarge", "t2.medium"]

}

}



Count Parameter.

With count parameter, we can simply specify the count value and the resource can be scaled accordingly.

Example 01 :-

3 instance is create .

Count Index

In resource blocks where count is set, an additional count object is available in expression, so you can modify the configuration of each instance.

This object has one attribute:

count.index – The distinct index number (starting with 0) corresponding to this instance.

Understanding Challenge with Count.

With the below code, terraform will create 3 instances. But the problem is that all will have the same name.

count.index allows us to fetch the index of each iteration in the loop.

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

resource "aws_instance" "base" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = "t2.micro"

  count         = 3

  tags = {

    Name = "dev server_${count.index}"

  }

}

Output Instance name numbering like :-

dev server_0

dev server_1

dev server_2

multiple name add in instances.

Output like :-

          + "Name" = "dev-server"

          + "Name" = "stage-server"   

          + "Name" = "prod-server"


Conditional Expression.

1.Value is true then 3 dev instance is create.

2.value is false then 1 prod instance is create.  

count = var.istest == true ? 3 : 0

##################

# vim main.tf


# vim terraform.tfvars

istest = false


3.value is true then 3 instance create if not true then 1 instance create.

count = var.istest == true ? 3 : 1


Local Values :-



# vim main.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

 

 

locals {

  common_tags = {

    Name    = "server1"

    Owner   = "DevOps team"

    service = "backend"

  }

}

resource "aws_instance" "db-dev" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = "t2.micro"

  tags          = local.common_tags

}

resource "aws_ebs_volume" "db-ebs" {

  availability_zone = "ap-south-1a"

  size              = 8

  tags              = local.common_tags

}

# terraform apply 





Terraform Functions :-

1.The terraform language include a number of built-in functions that you can use to transform and combine values.

2.The general syntax for function calls is a function  name followed by comma-separated arguments in parentheses.

# function (argument1, argument2)

Example:

max (5, 12, 9) 

12



# ssh-keygen -t rsa

]# cat main.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = var.region

}

locals {

  time = formatdate("DD MMM YYYY hh:mm ZZZ", timestamp())

}

variable "region" {

  default = "ap-south-1"

}

variable "tags" {

  type    = list

  default = ["firstec2", "secondec2"]

}

variable "ami" {

  type = map

  default = {

    "ap-south-1" = "ami-04b1ddd35fd71475a"

    "us-east-1"  = "ami-01b3d4d785f71475n"

  }

}

resource "aws_key_pair" "loginkey" {

  key_name   = "login-key"

  public_key = file("${path.module}/id_rsa.pub")

}

 

resource "aws_instance" "app-dev" {

  ami           = lookup(var.ami, var.region)

  instance_type = "t2.micro"

  key_name      = aws_key_pair.loginkey.key_name

  count         = 2

  tags = {

    Name = element(var.tags, count.index)

  }

}

Data Sources: -





Region according fetch image.

Amazon image:-

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

data "aws_ami" "app_ami" {

  most_recent = true

  owners      = ["amazon"]

  filter {

    name   = "name"

    values = ["amzn2-ami-hvm*"]

  }

  filter {

    name   = "virtualization-type"

    values = ["hvm"]

  }

}

resource "aws_instance" "instance-1" {

  ami           = data.aws_ami.app_ami.id

  instance_type = "t2.micro"

  key_name = "new-keypair-aws"

 

  tags = {

    Name = "dev server1"

  }

}


Ubuntu image:-

data "aws_ami" "app_ami" {

  most_recent = true

  owners      = ["099720109477"]

 

  filter {

    name   = "name"

    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

  }

  filter {

    name   = "virtualization-type"

    values = ["hvm"]

  }

}

# image details

# aws ec2 describe-images --region ap-south-1 --image-ids ami-042b34111b1289ccd

Debugging in Terraform :-




# export TF_LOG=TRACE

# export TF_LOG_PATH=/tmp/terraform-crash.log

# terraform plan

Terraform Format  check:-


Validating Terraform configuration files.


Load Order & Semantics:

# ec2.tf,  iam_user.tf,  provider.tf,  variable.tf

 

# cat provider.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

 

# cat variable.tf

variable "iam_user" {

  default = "demouser"

}

 

# cat ec2.tf

resource "aws_instance" "base" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = "t2.micro"

  tags = {

    Name = "dev server1"

  }

}

 

# cat iam_user.tf

resource "aws_iam_user" "userdemo" {

  name = var.iam_user

  path = "/system/"

}

# terraform fmt

# terraform validate

# terraform plan

# terraform apply


Dynamic Block



# file dynamic-block.tf    , provider.tf

# cat dynamic-block.tf

variable "sg_ports" {

  type        = list(number)

  description = "list of ingress ports"

  default     = [8200, 8201, 8300, 9200, 9500]

}

resource "aws_security_group" "dynamicsg" {

  name        = "dynamic-sg"

  description = "Ingress for vault"

  dynamic "ingress" {

    for_each = var.sg_ports

    content {

      from_port   = ingress.value

      to_port     = ingress.value

      protocol    = "tcp"

      cidr_blocks = ["0.0.0.0/0"]

    }

  }

ingress {

  from_port   = 9090

  to_port     = 9090

  protocol    = "tcp"

  cidr_blocks = ["192.168.1.0/0"]

}

}

# terraform plan

 


Terraform taint



Eg :- terraform taint <resource>.<name>

# terraform taint aws_instance.myec2


Splat expression

Example01

Output showing all user.


Example02:-

Showing one user.

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

arns = "arn:aws:iam::444084387163:user/system/iam_user.0"

Terraform Graph :-


# terraform graph > graph.dot

# cat graph.dot | dot -Tsvg > graph.svg

# yum install nginx

# service nginx start

# cp -rvf graph.svg  /usr/share/nginx/

Saving terraform plan to file.



Change in terraform file

# terraform  plan  -out=demopath

# terraform apply demopath

#

resource "aws_iam_user" "userdemo" {

  name  = "iam_user.${count.index}"

  count = 3

  path  = "/system/"

}

output "arns" {

  value = aws_iam_user.userdemo[*].arn

 

# terraform apply

 

How to fetch data.

# terraform output arns

[

  "arn:aws:iam::444084387163:user/system/iam_user.0",

  "arn:aws:iam::444084387163:user/system/iam_user.1",

  "arn:aws:iam::444084387163:user/system/iam_user.2",

]

 

Terraform setting.

The special terraform configuration block type is used to configure some behaviors of terraform itself, such as requiring a minimum terraform version to apply your configuration.

# terraform -v

Terraform v0.14.5

+ provider registry.terraform.io/hashicorp/aws v3.26.0

# require for terraform version and aws version then run int command.

terraform {

 required_version = "0.14.5"

 required_providers {

      aws = "3.26"

}

}

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

# terraform init

Dealing with larger Infrastructure:




Slow Down:

We can prevent terraform from querying the current state during operations like terraform plan.

This can be achieved with the -refresh=false  flag

# terraform  apply -auto-approve 

Refresh to all resource like ec2, iam , vpc. 

# terraform plan

aws_iam_user.userdemo[1]: Refreshing state... [id=iam_user.1]

aws_iam_user.userdemo[2]: Refreshing state... [id=iam_user.2]

aws_iam_user.userdemo[0]: Refreshing state... [id=iam_user.0]

How to disable refresh option :-

# terraform plan  -refresh=false     

 

Specify the Target:

If any specific resource changes in terraform file.

Like :- port change , Ips , instance name

The -target=resource flag can be used to target a specific resource.

Generally used as a means to operate on isolated portions of very large configurations.

# terraform plan -target=<resource>.<name> 

# terraform plan -refresh=false   -target=aws_security_group.allow_ssh_conn

Provisioners :


Create ec2 instance and install nginx service.

 

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

resource "aws_instance" "base" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = "t2.micro"

  key_name      = "new-keypair-aws"

 

  tags = {

    Name = "dev server1"

  }

provisioner "remote-exec" {

inline = [

 "sudo amazon-linux-extras install -y nginx1.12",

 "sudo systemctl start nginx"

]

connection {

type = "ssh"

host = self.public_ip

user = "ec2-user"

private_key = "${file("./terraform.pem")}"

}

}

}









Failure Behavior for Provisioners.

 

Dry Principle :-

Create directory  like ec2, elb , ebs , cdn and put resource and pick resource from directory.

# mkdir -p   modules/ec2

# mkdir -p   project

 

# vim modules/ec2/main.tf

resource "aws_instance" "base" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = "t2.micro"

  security_groups = ["default"]

  key_name = "new-keypair-aws"

 

  tags = {

    Name = "dev server1"

  }

}

 

# vim project/provider.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

 

 

# cat project/ec2_web_dry.tf

module "myec2" {

  source = "../modules/ec2"

}

# cd project

# terraform init

# terraform plan


Variable and terraform Modules 

# mkdir -p   modules/ec2

# mkdir -p   project

 

# vim modules/ec2/main.tf

resource "aws_instance" "base" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = var.instance_type

  security_groups = ["default"]

  key_name = "new-keypair-aws"

  tags = {

    Name = "dev server1"

  }

}

# vim modules/ec2/variables.tf

variable  “instance_type”  {

default = “t2.micro”  (second variable)

}

# vim project/provider.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

# cat project/ec2_web_dry.tf

module "myec2" {

  source = "../modules/ec2"

  instance_type = “t2.large”   (first variable)

}

# cd project

# terraform init

# terraform plan

Output showing :-

instance_type =  t2.large

Terraform Registry

The Terraform Registry is a repository of modules written by the Terraform community.

The registry can help you get started with Terraform more quickly


3.1 Module Location

If we intend to use a module, we need to define the path where the module files are present.

The module files can be stored in multiple locations, some of these include:

        Local Path

        GitHub

        Terraform Registry

        S3 Bucket

        HTTP URLs

 

3.2 Verified Modules in Terraform Registry

Within Terraform Registry, you can find verified modules that are maintained by various third-party vendors.

These modules are available for various resources like AWS VPC, RDS, ELB, and others

Using Registry Modules in Terraform

To use Terraform Registry module within the code, we can make use of the source argument that contains the module path.

Below code references to the EC2 Instance module within terraform registry.

module "ec2-instance" {

  source  = "terraform-aws-modules/ec2-instance/aws"

  version = "2.13.0" (code comment version)

  # insert the 10 required variables here

}

# ls main.tf  provider.tf

# cat main.tf 

module "ec2_cluster" {

  source  = "terraform-aws-modules/ec2-instance/aws"

  version = "~>2.0"

  name           = "my-ec2"

  instance_count = 1

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = "t2.micro"

  subnet_id     = "subnet-69d49425"

  tags = {

    Terraform   = "true"

    Environment = "dev"

  }

}

# ls .terraform/modules/ec2_cluster/

CHANGELOG.md  examples  LICENSE  main.tf  Makefile  outputs.tf  README.md  variables.tf  versions.tf

# terraform plan

# terraform apply


Terraform Workspace

Terraform allows us to have multiple workspaces, with each of the workspaces we can have a different set of environment variables associated.

1.Terraform starts with a single workspace named "default".

 

2.Workspaces are managed with the terraform workspace set of commands.

 

3.To create a new workspace and switch to it, you can use terraform workspace new; to switch workspaces you can use terraform workspace select; etc.

 

Environment according variable set.

 

# terraform workspace -h

 

# terraform workspace list

* default

 

# terraform workspace new prd

# terraform workspace new dev

# terraform workspace list

  default

  dev

* prd

 

# terraform workspace select default

# terraform plan

 

# cat main.tf

provider "aws" {

  access_key = "AKIAWOZL57VN52ILHW22"

  secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  region     = "ap-south-1"

}

 

resource "aws_instance" "base" {

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = lookup(var.instance_type,terraform.workspace)

 

}

variable "instance_type" {

  type = map(string)

 

  default = {

    default = "t2.nano"

    dev     = "t2.micro"

    prd     = "t2.large"

  }

 

}

Default workspace showing :-

+ instance_type                = "t2.nano"

# ls terraform.tfstate

Dev workspace showing :-

# terraform workspace select dev

+ instance_type                = "t2.micro"

# ls terraform.tfstate.d/dev/terraform.tfstate

Prd workspace showing :-

# terraform workspace select prd

+ instance_type                = "t2.large"

# ls terraform.tfstate.d/prd/terraform.tfstate

Integrating with GIT for team management.

Module Source in terraform

1.Local path :-

 

module “local_dir” {

source = “../local_dir”

} 

2.Git module source:-

 module “vpc” {

source = “git::https://example.com/vpc.git”

}

module “storage” {

source = “git::ssh://username@example.com/storage.git”

}

module “branch_git” {

source = “git::ssh://username@example.com/storage.git?ref=<branch-name/revesion no>”

}

3.Terraform Registry.

module "consul" {

  source = "hashicorp/consul/aws"

  version = "0.1.0"

} 

4.Bitbucket.

module "consul" {

  source = "bitbucket.org/hashicorp/terraform-consul-aws"

}

5.Fetching archives over HTTP.

module "vpc" {

  source = "https://example.com/vpc-module.zip"

} 

6.S3 Bucket.

module "consul" {

  source = "s3::https://s3-eu-west-1.amazonaws.com/examplecorp-terraform-modules/vpc.zip"

}

7.GCS Bucket

module "consul" {

  source = "gcs::https://www.googleapis.com/storage/v1/modules/foomodule.zip"

}

# terraform init

# ls .terraform/modules/consul

Terraform and .gitignore

# vim  .gitignore

.terraform

*.tfvars

Terraform.tfstate

# git status

# git add .gitignore

# git commit -a “add gitignore file”

# git push origin master

 

Remote State management with Terraform.






# ls

backend.tf  main.tf

# cat backend.tf

terraform {

  backend "s3" {

    bucket = "terraform-backend-s3-testing"

    key    = "remotedemo.tfstate"

    region = "ap-south-1"

    access_key = "AKIAWOZL57VN52ILHW22"

    secret_key = "oUlIWDNuFhZ5DD/LdHf/q3dggPCVK9cjy2w7NX4U"

  }

}

# terraform init

# terraform plan

# terraform apply

 


State file locking




Create DynamoDB for terraform lock file save. 



# terraform init

# terraform plan

terraform.lock.hcl save in dynamodb


Terraform state Management

 

1.How many resources are running.

# terraform state list

2. This command is used in many case in which you want to rename an existing resource without destroying and recreating it.

Old resource name :- base

Rename resource name :- base01

# terraform state mv [option]  SORUCE  DESTINATION

resource "aws_instance" "base01"ß change resource name

  ami           = "ami-04b1ddd35fd71475a"

  instance_type = lookup(var.instance_type, terraform.workspace)

  tags = {

    Name = "dev-test02"

  }

# terraform plan

Plan: 1 to add, 0 to change, 1 to destroy.

# terraform state list

aws_instance.base

# terraform state mv aws_instance.base  aws_instance.base01

Move "aws_instance.base" to "aws_instance.base01"

Successfully moved 1 object(s).

# terraform plan

No changes. Infrastructure is up-to-date.

3.pull command use download terraform state “remotedemo.tfstate” from s3 bucket and show output.

# terraform state pull

4.The terraform state push command is used to manually upload a local state file to remote state.

5.rm command is used to remove items from the terraform state “remotedemo.tfstate”  file but resource running in aws.

# terraform state list

aws_instance.base

# terraform state rm  aws_instance.base

# terraform state pull

6.show command use for show the attributes of a single resource  in the Terraform state.

# terraform state show aws_instance.base


Importing Existing resources with terraform Import.

# vim ec2.tf

# terraform import  aws_instance.myec2  i-041732765374fbd98

# check terraform state file.

Terraform provider use case Resources in multiple Regions 




By default, resources use a default provider configuration inferred from the first word of the resource type name.

For example, a resource of type aws_instance uses the default (un-aliased) aws provider configuration unless otherwise stated.

To select an aliased provider for a resource or data source, set its provider meta-argument to a <PROVIDER NAME>.<ALIAS> reference:

# vim providers.tf

# vim main.tf


Handling  multiple aws account

 

# aws   s3   ls    --profile   account02

# cat provider.tf

# cat eip.tf

Terraform & Assume role with AWS STS

Sensitive parameter 







































No comments:

Post a Comment