Effective terraform
-
Upload
calvin-french-owen -
Category
Engineering
-
view
89 -
download
0
Transcript of Effective terraform
Effective TerraformCalvin French-Owen@calvinfo
SF Devops for Startups2/28/2017
But it wasn’t always that way…
Where we started
Let’s provision some infrastructure!
Let’s provision some infrastructure!
uhh… now what?
It was… janky.
github.com/ivolo/animals
So we defaulted to the easiest alternative
😱
✅ Initial Speed ❌ No audits. No changelog. ❌ No reproduceability.❌ ❌ No fun :(
💖
✅ Initial Speed ✅ Audits. ✅ Changelog.
Reproduceability.✅ ✅ Fun :) (if you do it right)
This Talk• What is Terraform?
• The Segment AWS Stack
• Writing and managing “good” Terraform
• Moving beyond infrastructure
What is Terraform?
Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.- terraform.io
Infrastructure == Code
Terraform at work
Terraform Nouns
resource: configuration for a given cloud entity (instance, load balancer, image, network)
resources take inputs as configuration, and can produce outputs once they are created in your infrastructure
type identifierresource
inputs
module: a re-usable collection of resources that can be passed its own inputs and outputs
How does it know?
.tfstate
Terraform Workflow• $ terraform plan
• $ terraform apply
Terraform workflow1. load the desired configuration2. load the stored .tfstate file3. calculate the diff between the current and
desired states4. use CRUD APIs to update the current state to
match the desired state5. update the state file
Terraform internals1. First READ the state2. If a resource is not in the state, CREATE3. If a resource is in the state and the config
UPDATE4. If a resource is in the state and not the
config DELETE
Terraform Workflow• $ terraform plan
• $ terraform apply
Terraform applies diffs in your configuration to manage your infrastructure
Segment Terraform by the numbers- 25 developers working with
Terraform- hundreds of microservices- thousands of AWS resources
The Segment AWS Stack
AWSScalableFlexibleCheapEasy-to-use
Production-ready infrastructure in under 5 minutes
A set of terraform modules for easily booting infrastructure on AWS
The Segment AWS Stack• an auto-scaling group of instances to run
your services• a multi-az VPC with different subnets for
availability• self-managed services run via docker and
ECS• an ELB and ECS definition for each service• docker logs that populate in CloudWatch• a bastion node for manual SSH access• automatic ELB logging to S3
Writing “good” Terraform
Writing good Terraform
• Managing state
• Organizing your modules
Managing State
dev stage prod old prodvpc peering
managed by Terraform
The advantage of states per environment?
The advantage of states per environment?
Safety
Developers avoid selecting tools if the probability of the effect of the tools is unknown, and the tools have some risks.
To promote development support tools, we have to suppress the risk of the tools.
- Analyzing the Decision Criteria of Software Based on Prospect Theory
States per service
core(vpc, networking, security groups,
asgs)
auth api site db cdn
services
core(vpc, networking, security groups,
asgs)
auth api site db cdn
services→
read
onl
y →
read only!
reference
State Management• separate core from services• states per service and env• use atlas or s3
Writing modules
Writing modules• Variables
• Composability
• Visibility
• In practice
Modules - Variables• Use variables liberally, everywhere you might
need config
• Use defaults even more liberally
Clever defaults ==Simple end-user interface
“${coalesce( var.cpu, lookup( map("low", "64", "medium", "256", "high", “1024”), var.resource_allocation), “64”)}”
Modules - Composability
• Don’t start with a large set of modules
• Start by combining a few resources, then combine them
A simple example:An IAM user
Another example:Workers and Services
module “consumer” {source = “modules/worker”…
}
module “webapp” {source = “modules/service”…
}
module “consumer” {source = “modules/worker”…
}
module “webapp” {source = “modules/service”…
}
Modules - Visibility• Outputs and template_file
Normally opaque (a hash)
Modules - in practice
Repo Structure
Beyond Infrastructure
If all of our infrastructure is now applied programmatically...
…how else can we use it?
Alerting
Cost analysis
Cloud package manager?
Kube and Docker provide an awesome API…
Kube and Docker provide an awesome API…
…but cloud hosted services are here to stay
$ terraform plan <org/repo>
Terraform
• Powerful
• Flexible
• Audible
• The cross-cloud API
Fin@calvinfo