Terraform Associate Certification – Part 1
Infrastructure as Code consists of three major categories of tools:
Configuration Management Tools are designed to manage software on existing infrastructure using a procedual approach. They maintain a standard structure, version control, and are idempotent. Configuration Management tools should not be used as provisioning tools.
Server Templating Tools are used to create a custom virtual machine or docker image. They promote immutable infrastructure – that is, somethiing taht should not change.
Provisioning Tools are used to provision infrastructure using declarative code. It deploys immutable infrastructure code. Provisioning tools use a declarative approach.
The recommendation is to use a provisioning tool to provision infrastructure as code, and then use a configuration management tool for post provisioning tasks
Installing Terraform and PyCharm Plugins
Installing Terraform differs per operating system, instructions are located here
I will be using PyCharm as an IDE for terraform. A terraform HCL plugin exists for PyCharm and can be downloaded here:
Hashicorp Configuration Language (HCL) is the syntax used for terraform configuration files. The language is designed to be both machine and user readable.
Block Name: Block names are usually a singluar word defining a singular object. They are only plural when acting as a namespace serving multiple other objects.
Resource Type: A resource type consists of a provider (the first word), and a resource (the second word). Each resource type has a defined schema that provides the different arguments that can be used.
Resource Name: are user defined nouns. The best practice is to always begin a resource name with the provider name.
Arguments: are specific to the resource type, and are located within the terraform or associated manuals.
High level Workflow
The terraform file extension is .tf, and the file is written in HCL. The below output is a simple example, which will create a file named helloworld.txt with the contents “this is my first terraform script”.
The terraform init command is the first command used, which initialises a working directory of configuration files. It performs a number of tasks including:
Backend Initialisation: If a backend configuration is not specified, terraform will use the default local backend. This is stored as a file in the working directory. The backend defines where the state is stored (more on states later). If you have multiple users using terraform, it’s common to use a remote backend. There are many types of backends that can be used, and more information is found in the “Available Backends” section here: https://www.terraform.io/language/settings/backends/configuration
Provider Plugin Initialisation: Providers use different plugins, during the init terraform will review the configuration and download any required plugins. Once the plugins are downloaded, terraform will write the information about each plugin to a lock file.
The terraform plan command will read the current state of any existing objects, compare current configuration to the prior state, and propose a set of changes that should be actioned.
Actions: In the example above, no state existed and all actions are a reflection of the configuration file. The list of actions are not an exact reflection of the configuration file. This is because some arguments are optional, example: file_permissions.
Terraform apply will execute the proposed actions from the plan command. It’s possible to pass an option to auto approve an “apply” command, although it’s suggested to avoid this action.
Actions: The actions are displayed, this is the last chance to review the changes proposed.
Confirmation: Terraform will seek confirmation from you to apply the changes
Result: A summary of the changes are displayed to you at the bottom of the output.
Terraform destroy will remove all objects created through a terraform script. If you are unsure of what the impact will be, it’s possible to execute a speculative destroy via terraform plan -destroy
This concludes part 1 of the Infrastructure as Code: Terraform Associate Certification compilation. For more on Network Automation, click here