Terraform

Terraform
Terraform
Agenda Terraform
● Introduction to Terraform Instructions / Notes
● Terraform Installation ● Starts: 27 June, 7:30am PDT/PST or 27 June, 8pm IST
● Terraform command ● 2 Hours session with 10 minutes Break
● Terraform Variables ● Except Instructor, everyone is on mute

● Please use the Q/A Window to Ask Questions
● Terraform AWS EC2 creating
● The recording & slides will be shared after session
● Terraform Installing nginx ● More Info: CloudxLab.com
● Terraform Module
● Terraform Templates
● Installing EKS on AWS
Ashok Singh
Terraform
Introduction to Terraform
Terraform
What is Terraform?
● Infrastructure as a Code
● Execution plan
● Resource Graph
● Automation of Infrastructure
● Keep your Infrastructure in certain state
● Make your infra auditable - in version control like GIT
Terraform
Terraform
● Tool for building, changing, and versioning infrastructure.
● It created a execution plan describing infrastructure changes.
● Change are applied once confirmed by user
● When updating Infrastructure terraform determines changes and create
incremental execution plans which can be applied.
● Terraform can work with many providers like AWS, Azure, Digital ocean and
in-house solutions.
Terraform
Use Case : Why Terraform?
● Heroku App Setup

● Multi-Tier Applications
● Self-Service Clusters
● Software Demos
● Disposable Environments
● Software Defined Networking
● Resource Schedulers
● Multi-Cloud Deployment
Terraform
Terraform Installation
Download the zipped binary from below link

https://www.terraform.io/downloads.html
[root@ip-172-31-47-70 ~]# wget

https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
--2020-06-27 19:21:15-- https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 199.232.57.183, 2a04:4e42:4b::439
Connecting to releases.hashicorp.com (releases.hashicorp.com)|199.232.57.183|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28425934 (27M) [application/zip]
Saving to: ‘terraform_0.12.28_linux_amd64.zip’
100%[=====================================================================>] 28,425,934 81.1MB/s in 0.3s
2020-06-27 19:21:16 (81.1 MB/s) - ‘terraform_0.12.28_linux_amd64.zip’ saved [28425934/28425934]

[root@ip-172-31-47-70 ~]# ./terraform --version
Terraform v0.12.28
Terraform
Lab01: Install Terraform on bastion
Task: Prepare host and validate it by launching terraform version.
Step1 : Launch EC2 instance . Tag it as bastion and connect to bastion host
ashoksingh@Ashoks-Air ~/ ssh -i aws-key.pem ec2-user@<PUBLIC_IP>

The authenticity of host '3.8.176.4 (3.8.176.4)' can't be established.
ECDSA key fingerprint is SHA256:qLP4m9hCsRZc2Nnz1kWn0PgjdLay4GyZmzxz+RggHfY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '3.8.176.4' (ECDSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
[ec2-user@ip-172-31-20-142 ~]$
Terraform
Step2 : Become root
[ec2-user@ip-172-31-24-224 ~]$ sudo su -

[root@ip-172-31-24-224 ~]#
Step3 : Download terraform binary

[root@ip-172-31-47-70 ~]# wget
--2020-06-27 19:21:15--
Resolving releases.hashicorp.com (releases.hashicorp.com)... 199.232.57.183, 2a04:4e42:4b::439
Connecting to releases.hashicorp.com (releases.hashicorp.com)|199.232.57.183|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28425934 (27M) [application/zip]
Saving to: ‘terraform_0.12.28_linux_amd64.zip’
100%[=====================================================================>] 28,425,934 81.1MB/s

in 0.3s
2020-06-27 19:21:16 (81.1 MB/s) - ‘terraform_0.12.28_linux_amd64.zip’ saved [28425934/28425934]

Terraform
Step 4 : Unzip binary
[root@ip-172-31-24-224] # unzip terraform_0.12.28_linux_amd64.zip
Archive: terraform_0.12.28_linux_amd64.zip
inflating: terraform
[root@ip-172-31-24-224] #
Step 5 : Move terraform binary to /usr/local/bin
[root@ip-172-31-24-224] #
[root@ip-172-31-24-224] # terraform --version
Terraform v0.12.28
[root@ip-172-31-47-70 ~]#
Terraform
Terraform initialisation
Terraform
Provider - Resource
● Resource Type and argument
AWS Resource type : aws instance Bastion

provider
Azure Resource type : aws vpc

Terraform provider
Azure
provider
Terraform's provider documentation list which resource types are available

and which arguments to use for each resource type.
Terraform
Resources
Resources are the most important element in the Terraform language. Each resource
block describes one or more infrastructure objects, such as compute instances, VPC,
Subnet etc.
● Resource Syntax
resource "aws_instance" "bastion" {

ami = "ami-01a6e31ac994bbc09"
instance_type = "t2.micro"
}
Terraform
Lab01: Deploy Bastion in AWS
Step 1 : Connect to bastion host
ashoksingh@Ashoks-Air ~/Devops-Course/terra ssh -i ~/.ssh/aws-key.pem ec2-user@3.8.145.173
Last login: Sat Jun 27 22:05:42 2020 from 90.254.243.112
__| __|_ )
___|\___|___|
4 package(s) needed for security, out of 23 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-47-70 ~]$
Step 2 : Download terraform code

[ec2-user@ip-172-31-47-70 ~]$ curl -LO
https://raw.githubusercontent.com/singh-ashok25/terraform/master/instance.tf
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 223 100 223 0 0 1827 0 --:--:-- --:--:-- --:--:-- 1827
[ec2-user@ip-172-31-47-70 ~]$
Terraform
Step 3 : Instance.tf Overview
# Configure the AWS Provider
provider "aws" {
version = "~> 2.0"
region = "eu-west-2"
}
# Create a instance
}
Step 4 : Attach a IAM role to bastion host or add aws cred
Terraform
Step 3 : Attach a IAM role to bastion host OR add aws credential on bastion
Terraform
Step 4 : Add AWS credentials
[ec2-user@ip-172-31-47-70 ~]$ more credentials
[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXX
Step 5 : Initialise Terraform directory

[ec2-user@ip-172-31-47-70 ~]$ terraform init
Initializing the backend...
Initializing provider plugins...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
[ec2-user@ip-172-31-47-70 ~]$
Terraform
Step 6 : Run Terraform plan
[ec2-user@ip-172-31-47-70 ~]$ terraform plan
Refreshing Terraform state in-memory prior to plan...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.bastion will be created

+ resource "aws_instance" "bastion" {
+ ami = "ami-01a6e31ac994bbc09"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
…
..
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
[ec2-user@ip-172-31-47-70 ~]$
Terraform
Step 7 : Run Terraform apply
[ec2-user@ip-172-31-47-70 ~]$ terraform apply

+ create
Do you want to perform these actions?

Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.bastion: Creating...
aws_instance.bastion: Still creating... [10s elapsed]
aws_instance.bastion: Creation complete after 21s [id=i-0220643a50c7fd1cd]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

[ec2-user@ip-172-31-47-70 ~]$
Terraform
Step 8 : Validate that instance is created
Terraform
Terraform Commands
Terraform
Terraform init
The terraform init command is used to initialize a working directory .
It read the configuration file and prepare for execution of plan command and download
necessary modules, provider or version needed for planning
[ec2-user@ip-172-31-47-70 ~]$ terraform init
should now work.

[ec2-user@ip-172-31-47-70 ~]$
Terraform
Terraform plan
The terraform plan command is used to create an execution plan.
It determines what actions are necessary to achieve the desired state specified in the
configuration files.
[ec2-user@ip-172-31-47-70 ~]$ terraform plan
+ create
# aws_instance.bastion will be created

+ resource "aws_instance" "bastion" {
+ ami = "ami-01a6e31ac994bbc09"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
…
..

[ec2-user@ip-172-31-47-70 ~]$
Terraform
Terraform apply
The terraform apply command is used to apply the changes required to reach the desired
state of the configuration
[ec2-user@ip-172-31-47-70 ~]$ terraform apply

+ create

Enter a value: yes
aws_instance.bastion: Creation complete after 21s [id=i-0220643a50c7fd1cd]

[ec2-user@ip-172-31-47-70 ~]$
Terraform
Terraform destroy
The terraform destroy command is used to destroy the Terraform-managed infrastructure.
[ec2-user@ip-172-31-47-70 ~]$ terraform destroy

aws_instance.bastion: Refreshing state... [id=i-0220643a50c7fd1cd]

- destroy
# aws_instance.bastion will be destroyed
Enter a value: yes
aws_instance.bastion: Destroying... [id=i-0220643a50c7fd1cd]

aws_instance.bastion: Still destroying... [id=i-0220643a50c7fd1cd, 10s elapsed]
aws_instance.bastion: Still destroying... [id=i-0220643a50c7fd1cd, 20s elapsed]
aws_instance.bastion: Destruction complete after 29s
Destroy complete! Resources: 1 destroyed.

[ec2-user@ip-172-31-47-70 ~]$
Terraform
Terraform Validate
Validate runs checks that verify whether a configuration is syntactically valid and internally
consistent, regardless of any provided variables or existing state. It is thus primarily useful
for general verification of reusable modules, including correctness of attribute names and
value types.
[ec2-user@ip-172-31-47-70 aws-ec2]$ terraform validate
Error: Duplicate provider configuration
on provider.tf line 2:
2: provider "aws" {
A default (non-aliased) provider configuration for "aws" was already given at

ec2-instance.tf:2,1-15. If multiple configurations are required, set the
"alias" argument for alternative configurations.
[ec2-user@ip-172-31-47-70 aws-ec2]$
Terraform
Terraform Graph
The terraform graph command is used to generate a visual representation of either a
configuration or execution plan. The output is in the DOT format, which can be used by
GraphViz to generate charts.
[ec2-user@ip-172-31-47-70 aws-ec2]$ sudo yum -y install graphviz

Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
..
..
Complete!
[ec2-user@ip-172-31-47-70 aws-ec2]$ terraform graph | dot -Tsvg > graph.svg
[ec2-user@ip-172-31-47-70 .aws]$ aws s3 mb s3://devops-tejastech/

make_bucket: devops-tejastech
[ec2-user@ip-172-31-47-70 .aws]$
[ec2-user@ip-172-31-47-70 aws-ec2]$ aws s3 cp graph.svg s3://devops-tejastech/
upload: ./graph.svg to s3://devops-tejastech/graph.svg
[ec2-user@ip-172-31-47-70 aws-ec2]$
Terraform
Terraform Graph
Graph.svg file
Terraform
Terraform troubleshooting
Terraform detailed logs can be enabled by setting the TF_LOG environment variable
You can set TF_LOG to one of the log levels
● TRACE
● DEBUG
● INFO
● WARN
● ERROR
Logged output can be send to file and location exported in env var TF_LOG_PATH
Terraform
Terraform Variables
Terraform
Why Variables?
● Better code organisation.
● Reuse the code for different environment
● Configuration parameter can be amended runtime
● Default value can be set for demos
Terraform
Restructure the code
# Configure the AWS Provider # Configure the AWS Provider

provider "aws" { provider "aws" {
version = "~> 2.0" version = "~> 2.0"
region = "eu-west-2" access_key = var.aws_access_key
} secret_key = var.aws_secret_key
region = var.region
# Create a instance
}
provider.tf
}
ec2-instance.tf
Terraform
Declaring and Defining variables
# Define variables
aws_access_key = "XXXXXXXXXXXXXXXXXXXX"
variable "aws_access_key" { aws_secret_key = "XXXXXXXXXXXXXXXXXXXX"
type = string
}
variable "aws_secret_key" { terraform.tfvars
type = string
}
variable "region" {
type = string
default = "eu-west-2"
}
vars.tf
Terraform
Lab02: Spin ec2-instance in AWS
Step 1 : Connect to bastion
ashoksingh@Ashoks-Air ~/Devops-Course ssh -i ~/.ssh/aws-key.pem ec2-user@52.56.174.96
Last login: Sun Jun 28 10:44:09 2020 from 90.254.243.112
__| __|_ )
___|\___|___|
[ec2-user@ip-172-31-47-70 ~]$
Step 2 : Clone the repository and cd to lab02 directory

[ec2-user@ip-172-31-47-70 ~]$ git clone https://github.com/singh-ashok25/terraform.git
Cloning into 'terraform'...
remote: Enumerating objects: 37, done.
remote: Counting objects: 100% (37/37), done.
remote: Compressing objects: 100% (33/33), done.
remote: Total 37 (delta 14), reused 13 (delta 2), pack-reused 0
Unpacking objects: 100% (37/37), done.
[ec2-user@ip-172-31-47-70 ~]$ cd terraform/lab02-variables/
[ec2-user@ip-172-31-47-70 lab02-variables]$
Terraform
Step 3 : Run terraform init
[ec2-user@ip-172-31-47-70 lab02-variables]$ terraform init
Step 4 : Create variable value file

[ec2-user@ip-172-31-47-70 lab02-variables]$ echo "aws_access_key =
XXXXXXXXXXXXXXXXXXXX" >> terraform.tfvars
[ec2-user@ip-172-31-47-70 lab02-variables]$ echo "aws_secret_key =
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" >> terraform.tfvars
[ec2-user@ip-172-31-47-70 lab02-variables]$ vi terraform.tfvars
[ec2-user@ip-172-31-47-70 lab02-variables]$ cat terraform.tfvars
aws_access_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
aws_secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
Terraform
Step 5 : Run terraform plan
[ec2-user@ip-172-31-47-70 lab02-variables]$ terraform plan
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
Terraform
Step 6 : Run terraform apply
[ec2-user@ip-172-31-47-70 lab02-variables]$ terraform apply

+ create
Enter a value: yes
aws_instance.bastion: Creation complete after 21s [id=i-0de1419b788108a5e]

Terraform
Step 7 : Validate EC2 instance from AWS console
Terraform
Lookup variable
# Define variables
# Create a instance
…
…
ami = "${lookup(var.aws-ami,
variable "aws-ami" { var.region)}"
type = map instance_type = "t2.micro"

default = { }
eu-west-2 = "ami-01a6e31ac994bbc09"
ec2-instance.tf
eu-west-1 = "ami-0ea3405d2d2522162"
}
}
vars.tf
Use Lookup variable to launch different AMI for different AWS region
Terraform
Lab03: Spin ec2-instance in different region
__| __|_ )
___|\___|___|
[ec2-user@ip-172-31-47-70 ~]$

[ec2-user@ip-172-31-47-70 ~]$ cd terraform/lab03-lookup-variables/
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$
Terraform
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ terraform init

[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ echo "aws_access_key =
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ echo "aws_secret_key =
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ vi terraform.tfvars
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ cat terraform.tfvars
Terraform
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ terraform plan
------------------------------------------------------------------------
Terraform
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ terraform apply

+ create
Enter a value: yes
aws_instance.bastion: Creation complete after 21s [id=i-0de1419b788108a5e]

Terraform
Lab03: Spin ec2-instance in different region
Step 7 : Validate EC2 instance from AWS console
Terraform
Software Provisioning
Terraform
AWS KEY PAIR
key pair is generated using ssh-key-gen utility and file name and path is provided to the
resource . This key pair's public key will be registered with AWS to allow logging-in to EC2
instances. "devops_public_key" {
variable
type = string
default = "foo.pub"
}
vars.tf
resource "aws_key_pair" "devops_key" {

key_name = "foo"
public_key = "${file("${var.devops_public_key}")}"
}
ec2-instance.tf
Terraform
Provisioner
Provisioners can be used to model specific actions on the local machine or on a remote
machine in order to prepare servers or other infrastructure objects for service.
provisioner "file" {
source = "script.sh"
File script.sh will be copied from current
directory to EC2 in directory /tmp
destination = "/tmp/script.sh"
}
provisioner "remote-exec" {
inline = [ script.sh file will be made executable and in
" chmod +x /tmp/script.sh" , next step will be executed with root
permission
" sudo /tmp/script.sh"
]
}
Terraform
Connection
Most provisioners require access to the remote resource via SSH or WinRM, and expect a
nested connectionblock with details about how to connect.

variable "username" {
type = string
connection { default = "ec2-user"
host = self.public_ip
}
user = "${var.username}"
variable "devops_private_key" {
private_key = "${file("${var.devops_private_key }")}"
type = string
}
default = "foo"
}
Above blocks connect to ec2 instance using username defined variable file and
private key
Terraform
Lab04: Deploy nginx server using Terraform
__| __|_ )
___|\___|___|
[ec2-user@ip-172-31-47-70 ~]$

[ec2-user@ip-172-31-47-70 ~]$ cd terraform/lab04-install-nginx/
[ec2-user@ip-172-31-47-70 lab04-install-nginx$
Terraform
[ec2-user@ip-172-31-47-70 lab04-install-nginx]$ terraform init

[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ echo "aws_access_key =
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ echo "aws_secret_key =
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ vi terraform.tfvars
[ec2-user@ip-172-31-47-70 lab03-lookup-variables]$ cat terraform.tfvars
Terraform
Step 5 : Generate key pair
[ec2-user@ip-172-31-47-70 lab04-install-nginx]$ ssh-keygen -f foo
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in foo.
Your public key has been saved in foo.pub.
The key fingerprint is:
SHA256:H+d7uZ7cEf8rRhnzohgMTQfLJays1FAwGNmx8qdTe/o
ec2-user@ip-172-31-47-70.eu-west-2.compute.internal
The key's randomart image is:
+---[RSA 2048]----+
| .=++..o.. |
| o oo .o+. |
| . .+ +o. |
| o. = . o |
| ...oS . . =. |
| .+ .+ + + .o|
| o . .+ + .o.|
| . o. . =ooo|
| ..E oo*o+|
+----[SHA256]-----+
[ec2-user@ip-172-31-47-70 lab04-install-nginx]$
Terraform
[ec2-user@ip-172-31-47-70 lab04-install-nginx]$ terraform plan
------------------------------------------------------------------------

+ create
(and 4 more similar warnings elsewhere)
------------------------------------------------------------------------
Terraform
[ec2-user@ip-172-31-47-70 lab04-install-nginx]$ terraform apply

+ create
# aws_instance.nginx will be created

+ resource "aws_instance" "nginx" {
Enter a value: yes
aws_key_pair.devops_key: Creating...
aws_key_pair.devops_key: Creation complete after 0s [id=foo]
aws_instance.nginx: Creating...
aws_instance.nginx: Still creating... [10s elapsed]
aws_instance.nginx: Provisioning with 'file'...
Terraform
aws_instance.nginx: Provisioning with 'remote-exec'...
aws_instance.nginx (remote-exec): Connecting to remote host via SSH...
aws_instance.nginx (remote-exec): Host: 52.56.42.144
aws_instance.nginx (remote-exec): User: ec2-user
aws_instance.nginx (remote-exec): Password: false
aws_instance.nginx (remote-exec): Private key: true
aws_instance.nginx (remote-exec): Certificate: false
aws_instance.nginx (remote-exec): SSH Agent: false
aws_instance.nginx (remote-exec): Checking Host Key: false
aws_instance.nginx (remote-exec): Connected!
aws_instance.nginx (remote-exec): Loaded plugins: extras_suggestions,
ws_instance.nginx (remote-exec): Topic nginx1.12 has end-of-support date of 2019-09-20

aws_instance.nginx (remote-exec): Installing nginx
aws_instance.nginx (remote-exec): Loaded plugins: extras_suggestions,
aws_instance.nginx (remote-exec): : langpacks, priorities,
aws_instance.nginx (remote-exec): : update-motd
aws_instance.nginx: Creation complete after 47s [id=i-0fbeb0de22e14e879]

Terraform
Step 8 : Access nginx server from browser
Terraform
Deploying EKS using Terraform
Terraform
● Step 1: Connect to bastion server . Become root
ashoksingh@Ashoks-Air ~/Devops-Course/git/ ssh -i ~/.ssh/aws-key.pem ec2-user@3.8.3.192
Last login: Sat Jul 4 00:16:03 2020 from 90.254.242.102
__| __|_ )
___|\___|___|
[ec2-user@ip-172-31-18-61 ~]$ sudo su -
Last login: Sat Jul 4 00:17:24 UTC 2020 on pts/0
[root@ip-172-31-18-61 ~]# git clone https://github.com/singh-ashok25/aws-eks.git
Terraform
● Step 4 : Install Kubectl following instruction from below link
https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
● Step 5 : Install aws-iam-authenticator following instruction from below link

https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
● Step 6 : Create keypair

[root@ip-172-31-18-61 aws-eks]# ssh-keygen -f devops
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in devops.
Your public key has been saved in devops.pub.
The key fingerprint is:
SHA256:cE7ljHZ4BYA3kBWr51ygaFfQ0UHQeSIlmOBHx1npGVo root@ip-172-31-18-61.eu-west-2.compute.internal
The key's randomart image is:
[root@ip-172-31-18-61 aws-eks]#
Terraform
● Step 7 : Upload key pair in AWS
Terraform
● Step 8 : Run terraform init
[root@ip-172-31-18-61 aws-eks]# terraform init

- Checking for available provider plugins...
- Downloading plugin for provider "http" (hashicorp/http) 1.2.0...
- Downloading plugin for provider "aws" (hashicorp/aws) 2.69.0...
The following providers do not have any version constraints in configuration,

so the latest version was installed.

[root@ip-172-31-18-61 aws-eks]#
Terraform
● Step 9 : Run terraform plan
[root@ip-172-31-18-61 aws-eks]# terraform plan
[root@ip-172-31-18-61 aws-eks]# terraform plan

data.http.workstation-external-ip: Refreshing state...

data.aws_availability_zones.available: Refreshing state...
data.aws_region.current: Refreshing state...
------------------------------------------------------------------------
[root@ip-172-31-18-61 aws-eks]#
Terraform
● Step 10 : Run terraform apply
[root@ip-172-31-18-61 aws-eks]# terraform apply
Enter a value: yes
aws_iam_role.eks_cluster: Creating...
aws_iam_role.eks-node: Creating...
aws_vpc.eks_vpc: Creating...
aws_iam_role.eks_cluster: Creation complete after 0s [id=tejas-tech-IAM]
aws_iam_role.eks-node: Creation complete after 0s [id=tejas-tech-node]
aws_iam_role_policy_attachment.eks_cluster-AmazonEKSServicePolicy: Creating...
aws_iam_role_policy_attachment.eks-node-AmazonEC2ContainerRegistryReadOnly: Creating...
aws_iam_role_policy_attachment.eks_cluster-AmazonEKSClusterPolicy: Creating...
aws_iam_role_policy_attachment.eks-node-AmazonEKS_CNI_Policy: Creating...
aws_iam_role_policy_attachment.eks-node-AmazonEKSWorkerNodePolicy: Creating...
aws_eks_node_group.eks-node: Still creating... [1m50s elapsed]

aws_eks_node_group.eks-node: Still creating... [2m0s elapsed]
aws_eks_node_group.eks-node: Creation complete after 2m6s [id=tejas-tech:tejas-tech-NodeGroup]

[root@ip-172-31-18-61 aws-eks]#
Terraform
● Step 11 : Check the EKS cluster on AWS console
Terraform
● Step 12: Configure kubectl and mapping nodes
[root@ip-172-31-18-61 aws-eks]# terraform output kubeconfig > ~/.kube/config

[root@ip-172-31-18-61 aws-eks]# terraform output config_map_aws_auth >
config_map_aws_auth.yaml
[root@ip-172-31-18-61 aws-eks]# kubectl apply -f config_map_aws_auth.yaml
Warning: kubectl apply should be used on resource created by either kubectl create
--save-config or kubectl apply
configmap/aws-auth configured
[root@ip-172-31-18-61 aws-eks]# kubectl get nodes # To validate if nodes have joined
NAME STATUS ROLES AGE VERSION
ip-172-1-0-159.eu-west-2.compute.internal Ready <none> 6m10s v1.16.8-eks-fd1ea7
[root@ip-172-31-18-61 aws-eks]#
Terraform
● Step 11 : Deploy flask app on EKS
[root@ip-172-31-18-61 aws-eks]# curl -LO

https://raw.githubusercontent.com/singh-ashok25/kubernates-ansible-aws/master/flask
-app.yml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 333 100 333 0 0 2870 0 --:--:-- --:--:-- --:--:-- 2846
[root@ip-172-31-18-61 aws-eks]# kubectl apply -f flask-app.yml
deployment.apps/flask-dep created
[root@ip-172-31-18-61 aws-eks]#
[root@ip-172-31-18-61 aws-eks]# kubectl get pods
NAME READY STATUS RESTARTS AGE
flask-dep-858855b99d-4bf7w 1/1 Running 0 24s
flask-dep-858855b99d-rcbt9 1/1 Running 0 24s
[root@ip-172-31-18-61 aws-eks]#
Terraform
Terraform Datasources
Terraform
Datasources
Data source definition and declaration
# Using these data sources allows the configuration to be
# generic for any region.
data "aws_region" "current" {}
data "aws_availability_zones" "available" {}
Access data source variable when creating infrastructure
resource "aws_subnet" "eks_vpc" {

count = 2
availability_zone = data.aws_availability_zones.available.names[count.index]
cidr_block = "172.1.${count.index}.0/24"
vpc_id = aws_vpc.eks_vpc.id
map_public_ip_on_launch = true
tags = map(
"Name", "${var.cluster-name}-subnet",
"kubernetes.io/cluster/${var.cluster-name}", "shared",
Terraform )
Templates
The template_file data source renders a template from a template string, which is usually loaded
from an external file.
variable "region" { data "template_file" "init" {

type = string template = "${file("${path.module}/init.tpl")}"
default = "eu-west-2" vars = {
} # aws_ami = "ami-01a6e31ac994bbc09"
variable "aws-ami" { aws_ami = "${lookup(var.aws-ami, var.region)}"
type = map
}
default = {
}
eu-west-2 = "ami-01a6e31ac994bbc09"
eu-west-1 = "ami-0ea3405d2d2522162"
output "init-template" {
} }
value = "${data.template_file.init.rendered}"
}
Terraform
Terraform output
Terraform
Output
Using resource generate in next section
VPC ID generated in
resource aws_vpc is used
in generating resource
aws_subnet
Terraform
Output
Data source definition and declaration
# Using these data sources allows the configuration to be
# generic for any region.
data "aws_region" "current" {}
data "aws_availability_zones" "available" {}
Access data source variable when creating infrastructure
resource "aws_subnet" "eks_vpc" {

count = 2
availability_zone = data.aws_availability_zones.available.names[count.index]
cidr_block = "172.1.${count.index}.0/24"
map_public_ip_on_launch = true
tags = map(
"Name", "${var.cluster-name}-subnet",
"kubernetes.io/cluster/${var.cluster-name}", "shared",
Terraform )
Terraform Modules
Terraform
Modules
● A module is a group of terraform file to achieve desired functionality
● It creates multiple resources that are used together to perform one of more
function of desired architecture
● The .tf files in your working directory when you run terraform plan or terraform
apply together form the root module. That module may call other modules and
connect them together by passing output values from one to input values of
another.
Terraform
Registry
● Terraform registry is a web interface of all publically available modules
● These module are organised based on providers
● Registry provide more structured information on available module and their use in
terraform eco-system
● Code for the modules is available in GIT
https://registry.terraform.io
Terraform
Lab06: Deploy ECS cluster in AWS using public module
Step1 : Connect to bastion and become root
ashoksingh@Ashoks-Air ~ ssh -i ~/.ssh/aws-key.pem ec2-user@35.177.231.210
__| __|_ )
___|\___|___|
[ec2-user@ip-172-31-18-61 ~]$ sudo su -
Step2 : Connect to bastion

[root@ip-172-31-18-61 ~]# git clone https://github.com/singh-ashok25/terraform.git
[root@ip-172-31-18-61 ~]#
Terraform
Step3 : change directory lab06-modules and run terraform init
[root@ip-172-31-18-61 ~]# cd terraform/lab06-modules/
[root@ip-172-31-18-61 lab06-modules]# ls
main.tf
[root@ip-172-31-18-61 lab06-modules]# terraform init
Initializing modules...
Downloading terraform-aws-modules/ecs/aws 2.3.0 for ecs...
- ecs in .terraform/modules/ecs/terraform-aws-ecs-2.3.0

- Checking for available provider plugins...
- Downloading plugin for provider "aws" (hashicorp/aws) 2.69.0...

[root@ip-172-31-18-61 lab06-modules]#
Terraform
Step4 : Run terraform init from the example of module
[root@ip-172-31-18-61 lab06-modules]# cd
.terraform/modules/ecs/terraform-aws-ecs-2.3.0/examples/complete-ecs/
[root@ip-172-31-18-61 complete-ecs]# ls
main.tf README.md service-hello-world templates
[root@ip-172-31-18-61 complete-ecs]# terraform init
Initializing modules...
- ec2-profile in ../../modules/ecs-instance-profile
- ecs in ../..
- hello-world in service-hello-world
Downloading terraform-aws-modules/autoscaling/aws 3.5.0 for this...
- this in .terraform/modules/this/terraform-aws-autoscaling-3.5.0
Downloading terraform-aws-modules/vpc/aws 2.44.0 for vpc...
- vpc in .terraform/modules/vpc/terraform-aws-vpc-2.44.0
[root@ip-172-31-18-61 complete-ecs]#
Terraform
Step5 : Run terraform plan and provide variable values
[root@ip-172-31-18-61 complete-ecs]# terraform plan
provider.aws.region
The region where AWS operations will take place. Examples
are us-east-1, us-west-2, etc.
Enter a value: eu-west-2

data.template_file.user_data: Refreshing state...

data.aws_ami.amazon_linux_ecs: Refreshing state…

Terraform
Step6 : Run terraform apply
[root@ip-172-31-18-61 complete-ecs]# terraform apply
provider.aws.region
The region where AWS operations will take place. Examples
are us-east-1, us-west-2, etc.
Enter a value: eu-west-2

data.template_file.user_data: Refreshing state...
data.aws_ami.amazon_linux_ecs: Refreshing state...

Enter a value: yes

module.hello-world.aws_ecs_task_definition.hello_world: Creating...
module.hello-world.aws_cloudwatch_log_group.hello_world: Creating...
module.ec2-profile.aws_iam_role.this: Creating...
module.ecs.aws_ecs_cluster.this[0]: Creating...
module.vpc.aws_vpc.this[0]: Creating...
module.vpc.aws_eip.nat[0]: Creating...
Terraform
module.vpc.aws_eip.nat[1]: Creating...
module.hello-world.aws_ecs_task_definition.hello_world: Creation complete after 0s [id=hello_world]
module.hello-world.aws_cloudwatch_log_group.hello_world: Creation complete after 0s [id=hello_world]
module.vpc.aws_eip.nat[1]: Creation complete after 0s [id=eipalloc-075c8d8ec8edf6fe3]
module.vpc.aws_vpc.this[0]: Creation complete after 0s [id=vpc-0b4ffc6c9f02cac5b]
module.ec2-profile.aws_iam_role.this: Creation complete after 0s [id=complete-ecs_ecs_instance_role]
module.ec2-profile.aws_iam_role_policy_attachment.ecs_ec2_cloudwatch_role: Creating...
module.vpc.aws_internet_gateway.this[0]: Creating...
module.vpc.aws_route_table.private[0]: Creating...
module.vpc.aws_subnet.public[0]: Creating...
module.ec2-profile.aws_iam_role_policy_attachment.ecs_ec2_role: Creating...
module.vpc.aws_subnet.public[1]: Creating...
module.ec2-profile.aws_iam_instance_profile.this: Creating...
module.vpc.aws_subnet.private[0]: Creating...
module.vpc.aws_route_table.private[1]: Creating...
module.vpc.aws_route_table.private[0]: Creation complete after 1s [id=rtb-053f0170342d5cc54]
module.vpc.aws_route_table.private[1]: Creation complete after 0s [id=rtb-0f2f22b933dea8c1a]
module.vpc.aws_subnet.private[1]: Creating...
module.vpc.aws_route_table.public[0]: Creating...
module.vpc.aws_internet_gateway.this[0]: Creation complete after 1s [id=igw-0a3bc51ffc4ed8943]
module.vpc.aws_nat_gateway.this[1]: Creation complete after 1m34s [id=nat-0809aa1d1f5985566]
module.vpc.aws_nat_gateway.this[0]: Creation complete after 1m34s [id=nat-0e42131dcdd74bd51]
module.vpc.aws_route.private_nat_gateway[0]: Creating...
module.vpc.aws_route.private_nat_gateway[1]: Creating...
module.vpc.aws_route.private_nat_gateway[1]: Creation complete after 1s [id=r-rtb-0f2f22b933dea8c1a1080289494]
module.vpc.aws_route.private_nat_gateway[0]: Creation complete after 1s [id=r-rtb-053f0170342d5cc541080289494]

Terraform
Step7 : Validate ECS cluster in AWS console
Terraform
Step7 : Clean up
[root@ip-172-31-18-61 complete-ecs]# terraform destroy
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
module.ec2-profile.aws_iam_role_policy_attachment.ecs_ec2_cloudwatch_role: Destroying...
[id=complete-ecs_ecs_instance_role-20200704123828947900000001]
module.ec2-profile.aws_iam_instance_profile.this: Destruction complete after 0s
module.ec2-profile.aws_iam_role.this: Destroying... [id=complete-ecs_ecs_instance_role]
module.ec2-profile.aws_iam_role.this: Destruction complete after 1s
Destroy complete! Resources: 30 destroyed.

Terraform
Lab07: Deploy Resource group in Azure
Step1 : Launch Bastion on Azure and connect to bastion
ashoksingh@Ashoks-Air ~/.ssh ssh -i bastion_key.pem AzureUser@51.11.149.71
[AzureUser@bastion ~]$
[root@bastion ~]#
Step2 : Install terraform

[root@bastion ~]# wget
https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zi
p
[root@bastion ~]# unzip terraform_0.12.28_linux_amd64.zip
[root@bastion ~]# chmod +x terraform
[root@bastion ~]# sudo mv terraform /usr/local/bin
Terraform
Step3 : Launch Bastion on Azure and connect to bastion
ashoksingh@Ashoks-Air ~/.ssh ssh -i bastion_key.pem AzureUser@51.11.149.71
[AzureUser@bastion ~]$
[root@bastion ~]#
Step4 : Install azure cli on centos

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-l
atest#code-try-3
Terraform
Step5 : login to azure - az login
[root@bastion ~]# az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code
C3BDS3QEH to authenticate.
Terraform
Step6 : Create provider.tf and main.tf as below
resource "azurerm_resource_group"
provider "azurerm" { "example" {
version = "=2.0.0" name =
features {} "example-resource-group"
} location = "West Europe"
provider.tf timeouts {
create = "10m"
delete = "30m"
}
}
main.tf
Terraform
Step7 : Run terraform init
[root@bastion ~]# terraform init
should now work.

[root@bastion ~]#
Terraform
Step8 : Run terraform plan
[root@bastion ~]# terraform plan

+ create
------------------------------------------------------------------------
[root@bastion ~]#
Terraform
Step9 : Run terraform apply
[root@bastion ~]# terraform apply

Enter a value: yes
azurerm_resource_group.example: Creating...
azurerm_resource_group.example: Creation complete after 0s
[id=/subscriptions/4d80cf54-31f0-4a1f-b4be-8c757b93593d/resourceGroups/example-resource-group]

[root@bastion ~]#
Terraform
Step 10 : Validate resource creation on Azure console
Terraform
Thanks you
Terraform
Devops - Project Lab
● Start with Kubernetes

● JIRA server for running scrum and aglie methodology
● Confluence server to share and document learning
● Discuss blocking issue during the class
● Setup slack channel
● VPN access to k8 setup
● Setup project Git
Cost - $200per person for 10 session

● 24 lab access
● support on technical implementation issue
● Collaboration and company like environment
● Learn at your own pace.
Terraform

Terraform

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Terraform

Caricato da

Copyright:

Formati disponibili

Terraform

● Terraform Variables ● Except Instructor, everyone is on mute

● Keep your Infrastructure in certain state

● Make your infra auditable - in version control like GIT

● It created a execution plan describing infrastructure changes.

● Change are applied once conﬁrmed by user

● When updating Infrastructure terraform determines changes and create

incremental execution plans which can be applied.

● Heroku App Setup

Download the zipped binary from below link

[root@ip-172-31-47-70 ~]# wget

100%[=====================================================================>] 28,425,934 81.1MB/s in 0.3s

2020-06-27 19:21:16 (81.1 MB/s) - ‘terraform_0.12.28_linux_amd64.zip’ saved [28425934/28425934]

ashoksingh@Ashoks-Air ~/ ssh -i aws-key.pem ec2-user@<PUBLIC_IP>

[ec2-user@ip-172-31-24-224 ~]$ sudo su -

Step3 : Download terraform binary

100%[=====================================================================>] 28,425,934 81.1MB/s

2020-06-27 19:21:16 (81.1 MB/s) - ‘terraform_0.12.28_linux_amd64.zip’ saved [28425934/28425934]

Step 5 : Move terraform binary to /usr/local/bin

AWS Resource type : aws instance Bastion

Azure Resource type : aws vpc

Terraform's provider documentation list which resource types are available

resource "aws_instance" "bastion" {

Step 2 : Download terraform code

Step 4 : Attach a IAM role to bastion host or add aws cred

Step 5 : Initialise Terraform directory

Initializing the backend...

Initializing provider plugins...

Terraform has been successfully initialized!

If you ever set or change modules or backend configuration for Terraform,

Terraform will perform the following actions:

# aws_instance.bastion will be created

Plan: 1 to add, 0 to change, 0 to destroy.

An execution plan has been generated and is shown below.

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Enter a value: yes

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

[ec2-user@ip-172-31-47-70 ~]$ terraform init

Initializing the backend...

Initializing provider plugins...

Terraform has been successfully initialized!

If you ever set or change modules or backend configuration for Terraform,

Terraform will perform the following actions:

# aws_instance.bastion will be created

can't guarantee that exactly these actions will be performed if

An execution plan has been generated and is shown below.

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Enter a value: yes

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

[ec2-user@ip-172-31-47-70 ~]$ terraform destroy

An execution plan has been generated and is shown below.

Terraform will perform the following actions:

# aws_instance.bastion will be destroyed

Enter a value: yes

aws_instance.bastion: Destroying... [id=i-0220643a50c7fd1cd]

Destroy complete! Resources: 1 destroyed.

Error: Duplicate provider configuration

A default (non-aliased) provider configuration for "aws" was already given at

[ec2-user@ip-172-31-47-70 aws-ec2]$ sudo yum -y install graphviz

[ec2-user@ip-172-31-47-70 .aws]$ aws s3 mb s3://devops-tejastech/

You can set TF_LOG to one of the log levels