Terraform - Installation, File Syntax, Resources and modules, providers, variables, infrastructure management

Terraform is a tool for building, modifying, and versioning infrastructure securely and efficiently. It is an Open Source project developed by HashiCorp , which emerged in 2014. It generates an execution plan (preview) indicating what it will do to achieve the desired state. If there are changes to the configuration, Terraform detects the changes and creates an incremental plan to reach the new state.

Installing Terraform is very easy. It is downloaded as a binary that must be decompressed. It is then placed in a directory included in the system PATH. We test its operation from the terminal with terraform
Usage: terraform [-version] [-help] <command> [args]
The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you are just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.
Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    login              Obtain and save credentials for a remote host
    logout             Remove locally-stored credentials for a remote host
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management
All other commands:
    0.12upgrade        Rewrites pre-0.12 module source code for v0.12
    0.13upgrade        Rewrites pre-0.13 module source code for v0.13
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    push               Obsolete command for Terraform Enterprise legacy (v1)
    state              Advanced state management
File Syntax
Hashicorp uses its own configuration language for infrastructure description.
Terraform files can be written in two formats:

  • HashiCorp Configuration Language (HCL). The file extension is.tf
  • JSON. The file extension is.tf.json

The preferred format is HCL. Since Terraform 0.12 HCL2 is available and it is recommended to use HCL2.
Resources and modules
The goal of Terraform is to declare resources . All the features of the language revolve around making the definition of resources more flexible and convenient.
Resources can be grouped into modules, which create a higher level configuration unit. A resource describes a basic infrastructure object, while a module describes a set of objects and their relationships to create a larger system.
Example: Example of a resource to create in OpenStack a floating IP of the networkext-net

resource "openstack_networking_floatingip_v2" "tf_vm_ip" {
  pool = "ext-net"
A Terraform configuration consists of a root module where evaluation begins. The module can contain child modules that call each other. The simplest module configuration would contain just one file .tf( main.tf) although an organization like the following is recommended:

  • main.tf: Configuration of module resources
  • providers.tf: Provider of module resources
  • variables.tf input variables
  • output.tf: Output variables

Organization example:

├── README.md
├── main.tf
├── providers.tf
├── variables.tf
├── outputs.tf
├── ...
├── modules/
│   ├── moduleA/
│   │   ├── README.md
│   │   ├── main.tf
│   │   ├── providers.tf
│   │   ├── variables.tf
│   │   ├── outputs.tf
│   ├── moduleB/
│   ├── .../

Terraform can build infrastructure stacks across multiple vendors. For example, a setup might build infrastructure on Google Cloud Platform and OpenStack-DI.
There are a large number of Terraform providers, both official , maintained by Hashicorp, (AWS, Azure, Google Cloud Platform, Heroku, Kubernetes, MongoDB Atlas, OpenStack, VMware Cloud, VMware vSphere, …) and from the community and third parties (OpenShift, Trello, Telegram, …​)


input variables
Input variables are used as parameters for modules. They are created by blocks variable

variable "openstack_user_name" {
    type = string
    description = "The username for the Tenant."
    default  = "mtorres"

variable "security_groups" {
    type    = list(string)
    default = ["default"]

Variables are used following this syntax var.<variable>.

provider "openstack" {
  user_name   = var.openstack_user_name #1
  1. Variable Usageopenstack_user_name
More information about the declaration, use of variables and type constructors in the official documentation .
Output variables
Output variables are used to pass values ​​to other modules or to display a result in the CLI after a deployment with terraform apply.
Output variables are defined with blocks outputand a unique identifier. Normally, they take as value an expression (eg a generated IP for a created instance).
output tf_vm_Floating_IP {
  value      = openstack_networking_floatingip_v2.tf_vm_ip.address #1
  depends_on = [openstack_networking_floatingip_v2.tf_vm_ip] #2
  1. Expression that returns the IP address of a previously created resource.
  2. Optional argument that establishes a dependency on a created resource.
State file
Terraform saves the infrastructure information created in a Terraform state file ( terraform.tfstate). This file is used when running commands terraform planor terraform applyto determine what changes to apply. Thanks to this you can:

  • Keep track of infrastructure changes
  • Update only the necessary components
  • Delete components

A very interesting feature of Terraform is the idempotence, as well as the ease of applying changes. If we run a deployment again with terraform applyand there have been no changes to the configuration files after the last deployment (whose state was stored in the file .tfstate), the deployment will remain intact. That is, duplicate infrastructure will not be re-created or the infrastructure created will not be replaced by a new one if there are no changes to the configuration files.
However, if we modify the configuration by modifying the Terraform files, we will be indicating a new state that we want to reach. In this case, applying terraform applywill display the changes made to the configuration. However, only the changes will be displayed, keeping the unmodified configuration intact.

Attention to the status file
The state file may contain sensitive information and should be excluded from the version control system.
Remember to include the status file in .gitignore .
Also, local state does not work well in a collaborative environment, since running locally would store state on each local machine and will not match state stored on another member's machine. If two or more people need to run the Terraform configuration, it is necessary to store the file in a remote place in order to avoid errors and not to damage the existing infrastructure.
More information on remote state and configuration of backends .
Google Cloud Storage offers support for Terraform state storage with the lock option. Create a segment ( bucket ) and enable versioning of objects to recover from previous states in case of accidental errors.
Terraform also allows you to use a PostgreSQL database for state storage with the lock option. Provision a SQL virtual machine or use a PostgreSQL cloud service for PostgreSQL state storage.

At the moment. Terraform gives a fairly extensive list of backends for state storage.

Azure Blob Storage
Google Cloud Storage
HTTP REST client. Try this example in Go MongoDB
Kuberntes Secrets (Maximum 1 MB)
Amazon S3

Infrastructure management
Here are the steps to follow to build, maintain, and remove an infrastructure with Terraform.

  1. Initialize the Terraform project directory (terraform init). The command downloads all the necessary components, including modules and plugins.
  2. Create an execution plan (terraform plan). The command determines the actions necessary to reach the desired state specified in the configuration files.
  3. Create or modify the infrastructure (terraform apply). Terraform is idempotent. Using this command only changes that have been made to the configuration files are executed without recreating what already exists and has not been modified. The state files are used for this.
  4. Show the output variables of a display (terraform output).
  5. Delete the infrastructure (terraform destroy). It is used to delete the created infrastructure.

No comments

Powered by Blogger.