6. Terraform Goals
• Unified view of infrastructure
• Infrastructure as code
• Compose multiple tiers (IaaS to PaaS to SaaS)
• Safely change/iterate infrastructure over time
• One workflow
7. Terraform Features
• Open Source
• Infrastructure as Code
• Resource Providers
• Plan and Apply
• Collaboration, History [Enterprise]
12. Plan
• Plan shows you what will happen
• Plans can be saved to guarantee what will happen
• Plans show reasons for certain actions (such as re-create)
• Not equivalent to "noop" due to the ability to save a plan
14. Apply
• Executes changes in order based on dependencies
• Parallelizes changes when possible
• Handles and recovers transient errors
15. Apply for Changes
• Not only creation, but changes over time
• Plan will show you what will happen
• The `-target` flag can be used for fine-grained change
16. Resource Providers
Amazon BitBucket CenturyLink Cloud
CloudFlare CloudStack Cobbler
Consul Datadog DigitalOcean
DNSMadeEasy DNSimple Docker
Dyn GitHub Fastly
Google Heroku Librato
Microsoft Azure MySQL OpenStack
Packet PostgreSQL SoftLayer
UltraDNS VMware Sphere and more...
17. Resource Providers
Amazon BitBucket CenturyLink Cloud
CloudFlare CloudStack Cobbler
Consul Datadog DigitalOcean
DNSMadeEasy DNSimple Docker
Dyn GitHub Fastly
Google Heroku Librato
Microsoft Azure MySQL OpenStack
Packet PostgreSQL SoftLayer
UltraDNS VMware Sphere and more...
18. Resource Providers
Amazon BitBucket CenturyLink Cloud
CloudFlare CloudStack Cobbler
Consul Datadog DigitalOcean
DNSMadeEasy DNSimple Docker
Dyn GitHub Fastly
Google Heroku Librato
Microsoft Azure MySQL OpenStack
Packet PostgreSQL SoftLayer
UltraDNS VMware Sphere and more...
19. Resource Providers
Amazon BitBucket CenturyLink Cloud
CloudFlare CloudStack Cobbler
Consul Datadog DigitalOcean
DNSMadeEasy DNSimple Docker
Dyn GitHub Fastly
Google Heroku Librato
Microsoft Azure MySQL OpenStack
Packet PostgreSQL SoftLayer
UltraDNS VMware Sphere and more...
20. Resource Providers
Amazon BitBucket CenturyLink Cloud
CloudFlare CloudStack Cobbler
Consul Datadog DigitalOcean
DNSMadeEasy DNSimple Docker
Dyn GitHub Fastly
Google Heroku Librato
Microsoft Azure MySQL OpenStack
Packet PostgreSQL SoftLayer
UltraDNS VMware Sphere and more...
21. Terraform Enterprise
• Remote Plan/Apply
• Integration with GitHub (plan PRs, apply on merge)
• Variable storage and encryption
• State storage, history, rollback, and locking
• HTTP API to modify state, queue plans, etc.
• Notifications on infra change, plan request, etc.
22. Terraform 0.8 (December 13, 2016)
• "terraform console"
• Conditional values
• Terraform version requirement in config
• Nomad and Vault provider
26. Terraform Console
• Read-only view of your state
• Accepts interpolation syntax (including function calls!)
• Support for stdin enables scripting
• Works with remote state
• Good for beginners and advanced users!
30. Conditional Values
• If-statements for single values within Terraform
• Enables on/off of resources (by using count)
• The beginning of more logic in Terraform configs
34. Terminal
$ terraform console
The currently running version of Terraform doesn't meet the
version requirements explicitly specified by the configuration.
Please use the required version or update the configuration.
Note that version requirements are usually set for a reason, so
we recommend verifying with whoever set the version requirements
prior to making any manual changes.
Module: root
Required version: < 0.5.0, > 1.0
Current version: 0.9.1
35. Terraform Version Requirement
• Restrict Terraform version against config
• Avoid known-bad Terraform versions for your resources
• Modules can also restrict Terraform versions!
46. Provisioners (Terraform <= 0.8)
• Run arbitrary code locally or remotely on resource creation
• If provisioner fails, resource is tainted and scheduled for
recreation on the next apply
51. Destroy Provisioners
• Configured with when = "destroy"
• Run on resource destroy (not just "terraform destroy")
• Failure cancels physical resource destruction by default
• Can allow failure with on_failure = "continue"
56. Destroy Provisioners
• Useful for resource cleanup
• Can SSH into machine (any machine!) prior to destruction
• Recommend resource cleanup live as part of the resource itself,
but destroy provisioners give you another option
58. Before Remote Backends (TF <= 0.8)
• Awkward "remote config" command
• Users could accidentally run Terraform without remote init
• Configuration only via CLI
• Local cache of state stored in .terraform/terraform.tfstate
• Changed remote configuration was manual
59. Terminal
$ # TERRAFORM <= 0.8, BEFORE REMOTE BACKENDS
$ terraform remote config
-backend=S3
-backend-config="bucket=<bucket>"
-backend-config="key=<path to file>"
...
60. Remote Backends
• Subsumes "remote state", enables locking, environments, more
• Configure from tf files, external configuration, or CLI
• Detects configuration change
• Forces new users of a TF configuration to initialize
• One command to init them all: `terraform init`
62. Terminal
$ terraform init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Terraform has been successfully initialized!
63. Terminal
$ # New user, didn't run init
$ terraform console
Backend reinitialization required. Please run "terraform init".
Reason: Initial configuration of the requested backend "s3"
...
66. Terminal
$ terraform console
Backend reinitialization required. Please run "terraform init".
Reason: Unsetting the previously set backend "s3"
...
67. Remote Backends
• One command to init: `terraform init`
• Automatic detection of backend change (set, change, unset)
• No state stored locally at all
• Always gitignore ".terraform" folder
68. A Focus on Safety
• Common complaint: easy to corrupt remote state
• Remote backends add new layer of safety: detecting changes,
checking "lineage", disallowing writing unsafe state, more.
69. A New "Init"
• Init has existed since Terraform 0.1
• Used to just setup folder structure for new projects
• Now the single source of init, safe to run multiple times
• Initializes backend, downloads modules, creates folders
• One day: downloads providers, verifies versions, more...
71. State Locking
• For supported backends, Terraform automatically locks state on
write operations
• If unlock fails, error is shown with lock ID to allow a force unlock
• Doesn't lock against concurrent reads
76. State Environments
• A state namespace
• Allows single folder of TF config to manage multiple distinct
sets of infrastructure resources
77. Terminal
$ terraform env list
* default
$ terraform env new mitchellh-test
Created and switched to environment "mitchellh-test"!
$ terraform env list
default
* mitchellh-test