Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
November	15,	2016
Terraforming	Your	Infrastructure
From	Beginner	to	Semi-Pro	in	30	Minutes
Britt	Treece
Production	Enginee...
November	15,	2016
November	15,	2016
Load
Web
App
Data
region-a region-b
November	15,	2016
November	15,	2016
Load
Web
App
Data
provider	a provider	b
November	15,	2016
We	needed
A	tool	that	wasn’t	specific	to	AWS
Something	that	was	easier	to	read	and	understand
To	fully	u...
November	15,	2016
TERRAFORM
November	15,	2016
What	is	Terraform
“…is	a	tool	for	building,	changing,	and	versioning	infrastructure	safely	and	efficient...
November	15,	2016
What	Terraform	isn’t
A	programming	language
A	preclusion	for	understanding	best	practices	of	your	provid...
November	15,	2016
K.I.S.S.
Keep	It	Simple	Stupid
November	15,	2016
KISS
Pick	a	pattern	and	stick	with	it
addo
├── main.tf
├── outputs.tf
└── vars.tf
addo
├── instances.tf
...
November	15,	2016
KISS
Put	all	your	variable	declarations	in	one	file
addo
├── main.tf
├── outputs.tf
└── vars.tf
addo
├──...
November	15,	2016
KISS
Name	your	resources	with	intention
resource "aws_instance" ”web-1” {
ami = "ami-b73b63a0”
instance_...
November	15,	2016
KISS
Use	tags!
resource "aws_instance" ”haproxy” {
ami = "ami-b73b63a0”
instance_type = ”t2.medium”
tags...
November	15,	2016
K.Y.S.S.
Keep	Your	Secrets	Secret
November	15,	2016
Keep	Your	Secrets	Secret
Your	keys	and	pems don’t	belong	in	your	configurations
provider "aws" {
access_...
November	15,	2016
Keep	Your	Secrets	Secret
Use	TF_VARs	to	store	your	secrets	as	environment	variables
TF_VAR_access_key = ...
November	15,	2016
Keep	Your	Secrets	Secret
Take	a	dotfiles approach	to	setting	the	TF_VARs
.env.d/aws_credentials
export T...
November	15,	2016
Keep	Your	Secrets	Secret
Use	direnv to	switch	your	environment	 variables	for	different	configurations
....
November	15,	2016
STATE	OF	THE	TERRAFORM
November	15,	2016
Protect	your	State
The	statefile	is	the	*actual*	state	of	your	infrastructure!	It	must	be	protected!
Dir...
November	15,	2016
Remote	State
Check	your	configurations	into	Git,	not	your	statefiles.
Remote	state	allows	for	easier	col...
November	15,	2016
Use	Terragrunt
Terragrunt is	a	thin	wrapper	for	Terraform	created	by	Gruntwork (gruntwork.io)
It	enforce...
November	15,	2016
SEPARATION	OF	POWERS
November	15,	2016
Blast	Radius	– Wide
One	statefile	per	environment
S3://tfstate/addo/staging
S3://tfstate/addo/production...
November	15,	2016
Blast	Radius	– Narrow
One	statefile	per	service	per	environment
networking
├── …
└── vars.tf
compute
├──...
November	15,	2016
Blast	Radius	– Regional
One	statefile	per	service	per	environment
networking
├── …
└── vars.tf
compute
├...
November	15,	2016
Use	Terragrunt
Did	I	mention	Terragrunt?
lock = {
backend = "dynamodb”
config {
state_file_id = ”addo_pr...
November	15,	2016
USE	MODULES
November	15,	2016
Use	Modules
Modules	are	a	way	to	“package”	Terraform	configurations
Modules	are	just	an	isolated	Terrafo...
November	15,	2016
Use	Modules
When	your	configurations	 start	to	look	like	this…
addo/production/
├── compute
│ ├── main.t...
November	15,	2016
Use	Modules
You	should	do	this…
addo/modules/
├── compute
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
├...
November	15,	2016
Use	Modules
You	should	do	this…
addo/modules/compute/main.tf
resource "aws_instance" ”haproxy” {
ami = "...
November	15,	2016
November	15,	2016
Próxima SlideShare
Cargando en…5
×

Terraforming your Infrastructure

343 visualizaciones

Publicado el

Britt Treece, PhishMe

Terraform is a tool that enables you to easily orchestrate potentially complex infrastructure. The simplicity of the tool also allows you to code yourself into a corner. This talk aims to offer practical techniques to avoid common hurdles that often result in a refactor.

Cloud Computing is a broad term that describes a diverse and rapidly expanding set of on-demand services. The availability of these services does not mean they are simple to use or easily integrated with each other or with your infrastructure. Terraform provides a common interface for these services and allows for the expression of your infrastructure as code. Terraforming Your Infrastructure will get you started with Terraform and help you avoid common hurdles that are encountered as your configurations get more advanced. We will…

learn how Terraform simplifies infrastructure management.
demonstrate practical techniques to avoid common problems.
deploy single and multi-provider configurations using Terraform.

Publicado en: Software
  • Sé el primero en comentar

Terraforming your Infrastructure

  1. 1. November 15, 2016 Terraforming Your Infrastructure From Beginner to Semi-Pro in 30 Minutes Britt Treece Production Engineer at PhishMe @abtreece
  2. 2. November 15, 2016
  3. 3. November 15, 2016 Load Web App Data region-a region-b
  4. 4. November 15, 2016
  5. 5. November 15, 2016 Load Web App Data provider a provider b
  6. 6. November 15, 2016 We needed A tool that wasn’t specific to AWS Something that was easier to read and understand To fully understand what was going to change upon execution The ability to collaborate more easily on our infrastructure
  7. 7. November 15, 2016 TERRAFORM
  8. 8. November 15, 2016 What is Terraform “…is a tool for building, changing, and versioning infrastructure safely and efficiently.” Uses configuration files to describe the desired infrastructure. Has providers which are the interface between Terraform and cloud services Has provisioners which it can execute to initialize a resource in some way Can be packaged by creating modules… DRY IaC?
  9. 9. November 15, 2016 What Terraform isn’t A programming language A preclusion for understanding best practices of your providers Going to save you from doing something dumb
  10. 10. November 15, 2016 K.I.S.S. Keep It Simple Stupid
  11. 11. November 15, 2016 KISS Pick a pattern and stick with it addo ├── main.tf ├── outputs.tf └── vars.tf addo ├── instances.tf ├── load-balancers.tf ├── variables.tf └── provider.tf addo └── main.tf
  12. 12. November 15, 2016 KISS Put all your variable declarations in one file addo ├── main.tf ├── outputs.tf └── vars.tf addo ├── instances.tf ├── load-balancers.tf ├── variables.tf └── provider.tf addo └── main.tf
  13. 13. November 15, 2016 KISS Name your resources with intention resource "aws_instance" ”web-1” { ami = "ami-b73b63a0” instance_type = "t2.medium” } resource "aws_instance" ”web-2” { ami = "ami-153e6470” instance_type = ”c4.large” } resource "aws_instance" ”haproxy” { ami = "ami-b73b63a0” instance_type = "t2.medium” } resource "aws_instance" ”nodejs” { ami = "ami-153e6470” instance_type = ”c4.large” }
  14. 14. November 15, 2016 KISS Use tags! resource "aws_instance" ”haproxy” { ami = "ami-b73b63a0” instance_type = ”t2.medium” tags { Name = “haproxy“ Environment = “production“ } }
  15. 15. November 15, 2016 K.Y.S.S. Keep Your Secrets Secret
  16. 16. November 15, 2016 Keep Your Secrets Secret Your keys and pems don’t belong in your configurations provider "aws" { access_key = ”AKIEYUS7VABTGDC4AP4Q” secret_key = ”W/akHyLA8ScewFNDsOYS8/KJoYSci2yoqrewlCp” region = "us-east-1” }
  17. 17. November 15, 2016 Keep Your Secrets Secret Use TF_VARs to store your secrets as environment variables TF_VAR_access_key = ”AKIEYUS7VABTGDC4AP4Q” TF_VAR_secret_key = ”W/akHyLA8ScewFNDsOYS8/KJoYSci2yoqrewlCp” main.tf variable “access_key” {} variable “secret_key” {} provider "aws" { region = "us-east-1” }
  18. 18. November 15, 2016 Keep Your Secrets Secret Take a dotfiles approach to setting the TF_VARs .env.d/aws_credentials export TF_VAR_access_key=”AKIEYUS7VABTGDC4AP4Q” export TF_VAR_secret_key=”W/akHyLA8ScewFNDsOYS8/KJoYSci2yoqrewlCp” main.tf variable “access_key” {} variable “secret_key” {} provider "aws" { region = "us-east-1” }
  19. 19. November 15, 2016 Keep Your Secrets Secret Use direnv to switch your environment variables for different configurations .envrc source ~/.env.d/aws_credentials source ~/.env.d/us-east-1.tfvars $ cd production direnv: loading .envrc direnv: export +TF_VAR_access_key +TF_VAR_key_name +TF_VAR_public_key_path +TF_VAR_secret_key $ cd .. direnv: unloading
  20. 20. November 15, 2016 STATE OF THE TERRAFORM
  21. 21. November 15, 2016 Protect your State The statefile is the *actual* state of your infrastructure! It must be protected! Direct editing of this file, while possible, is generally a bad idea. If you are going to tinker with your statefiles make sure you have a copy saved somewhere!
  22. 22. November 15, 2016 Remote State Check your configurations into Git, not your statefiles. Remote state allows for easier collaboration between teams It provides ways to expose information between environments using outputs Additionally, where possible enable versioning and encryption… S3
  23. 23. November 15, 2016 Use Terragrunt Terragrunt is a thin wrapper for Terraform created by Gruntwork (gruntwork.io) It enforces best practices for Terraform state It supports locking using Amazon’s DynamoDB as the locking mechanism If your Golang is on point, contribute to the project! https://github.com/gruntwork-io/terragrunt
  24. 24. November 15, 2016 SEPARATION OF POWERS
  25. 25. November 15, 2016 Blast Radius – Wide One statefile per environment S3://tfstate/addo/staging S3://tfstate/addo/production S3://tfstate/addo/global staging ├── … └── vars.tf production ├── … └── vars.tf global ├── … └── vars.tf
  26. 26. November 15, 2016 Blast Radius – Narrow One statefile per service per environment networking ├── … └── vars.tf compute ├── … └── vars.tf database ├── … └── vars.tf storage ├── … └── vars.tf S3://tfstate/addo/production/networking S3://tfstate/addo/production/compute S3://tfstate/addo/production/database S3://tfstate/addo/production/storage
  27. 27. November 15, 2016 Blast Radius – Regional One statefile per service per environment networking ├── … └── vars.tf compute ├── … └── vars.tf database ├── … └── vars.tf storage ├── … └── vars.tf S3://tfstate/addo/us-east-1/production/networking S3://tfstate/addo/us-east-1/production/compute … S3://tfstate/addo/us-west-1/production/networking S3://tfstate/addo/us-west-1/production/compute …
  28. 28. November 15, 2016 Use Terragrunt Did I mention Terragrunt? lock = { backend = "dynamodb” config { state_file_id = ”addo_production” } } remote_state = { backend = "s3” config { encrypt = "true” bucket = "add-tf-state” key = ”addo/production/terraform.tfstate” region = "us-east-1" } } addo/production ├── main.tf ├── outputs.tf ├── vars.tf └── .terragrunt
  29. 29. November 15, 2016 USE MODULES
  30. 30. November 15, 2016 Use Modules Modules are a way to “package” Terraform configurations Modules are just an isolated Terraform configuration Module take inputs as variables and provide outputs as attributes Gitignore your .terraform directory
  31. 31. November 15, 2016 Use Modules When your configurations start to look like this… addo/production/ ├── compute │ ├── main.tf │ ├── outputs.tf │ └── vars.tf ├── database │ ├── … │ └── vars.tf ├── networking │ ├── … │ └── vars.tf └── storage ├── … └── vars.tf addo/staging/ ├── compute │ ├── main.tf │ ├── outputs.tf │ └── vars.tf ├── database │ ├── … │ └── vars.tf ├── networking │ ├── … │ └── vars.tf └── storage ├── … └── vars.tf addo/test/ ├── compute │ ├── main.tf │ ├── outputs.tf │ └── vars.tf ├── database │ ├── … │ └── vars.tf ├── networking │ ├── … │ └── vars.tf └── storage ├── … └── vars.tf
  32. 32. November 15, 2016 Use Modules You should do this… addo/modules/ ├── compute │ ├── main.tf │ ├── outputs.tf │ └── vars.tf ├── database │ ├── … │ └── main.tf ├── networking │ ├── … │ └── main.tf └── storage ├── … └── main.tf addo/production/ ├── main.tf ├── output.tf └── vars.tf addo/staging/ ├── main.tf ├── output.tf └── vars.tf
  33. 33. November 15, 2016 Use Modules You should do this… addo/modules/compute/main.tf resource "aws_instance" ”haproxy” { ami = "${var.ami_id}” instance_type = ”${var.inst_type}” tags { Name = “haproxy“ Environment = “${var.environment}“ } } addo/production/main.tf module “haproxy” { source = “../modules/haproxy” ami = “ami-b73b63a0” inst_type = “t2.medium” environment = “production” }
  34. 34. November 15, 2016
  35. 35. November 15, 2016

×