Infrastructure as Code: Using Terraform in your workflow

Infrastructure as Code: Using Terraform in your workflow

What is Infrastructure as Code (IAC)?

Stackify in this article introduced IAC like this:

In the past, managing IT infrastructure was a hard job. System administrators had to manually manage and configure all of the hardware and software that was needed for the applications to run.

However, in recent years, things have changed dramatically. Trends like cloud computing revolutionized—and improved—the way organizations design, develop, and maintain their IT infrastructure.

One of the critical components of this trend is called “infrastructure as code”.

Wikipedia defines IaC as follows:

Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

In simpler terms,

Infrastructure as code (IaC) means to manage your IT infrastructure using configuration files.

As of today, there are a number of tools that can be used for IAC. Some of which are:

  • Terraform
  • Ansible
  • AWS CloudFormation
  • Azure Resource Manager
  • Google Cloud Deployment Manager
  • Chef
  • Puppet

among others.

Objective

In this article, you will understand how Terraform works and how to configure it.

Prerequisites

This article uses the Ubuntu 18.04 Linux distro. That's all the prerequisite you need.

Let's get started.

Terraform

Installation

Add the HashiCorp GPG key

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

Add the official HashiCorp Linux repository

sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

Update and install

sudo apt-get update && sudo apt-get install terraform

Verify installation by running

terraform -version

If you get this result, then Terraform has been successfully installed.

Terraform v0.14.9
+ provider registry.terraform.io/hashicorp/google v3.60.0

The Terraform version we will be using in this article is v0.14.9 which is the latest version.

Use case

The Terraform use case I'm choosing is the automation of a Virtual Private Cloud using Google Cloud Platform.

Let's get right into it.

Create a directory:

mkdir vpc-with-terraform

Navigate into that directory

cd vpc-with-terraform

Let's start with the main.tf file

nano main.tf

This is a sample of what your main.tf file should look like:

// Configure the Google Cloud Provider

provider "google" {
  credentials  = file(var.credentials)
  project      = var.gcp_project
  region       = var.region
}

// Create VPC

resource "google_compute_network" "vpc" {
  name         = "${var.name}-vpc"
  auto_create_subnetworks = "false"
}

// Create Subnet

resource "google_compute_subnetwork" "subnet" {
  name        =  "${var.name}-subnet"
  ip_cidr_range = var.subnet_cidr
  network = "${var.name}-vpc"
  depends_on  = [google_compute_network.vpc]
  region       = var.region
}


// Firewall Config

resource "google_compute_firewall" "firewall" {
  name         = "${var.name}-firewall"
  network = google_compute_network.vpc.name

  allow {
    protocol = "icmp"
}

  allow {
    protocol = "tcp"
    ports = ["22"]
}

  source_ranges = ["0.0.0.0/0"]
}

We start by configuring the provider which in our case is google.

Next is to provide the credentials. The credentials is fed from a file named credentials.json which we are going to discuss. Next is to provide the project name which will be a variable from an external file. We will also discuss this as we proceed. Same with the region.

As you can see, to use the variables in Terraform 0.14.9, we use the syntax,

var.<variable_name>

When Terraform runs the main.tf file and sees this syntax, it automatically fetches the value from the variables.tf and terraform.tfvars file except otherwise stated (i.e in the case of the credentials where it will fetch the values from credentials.json).

Next, we configure the VPC we want to create.

Here, we specify the resource type and the logical name of the vpc. I'm using "vpc" but you can name it anything. We also specify the actual name of the VPC which is derived from the name variable. Finally, we set auto_create_subnet parameter to false. This is because we want to manually configure the VPC subnets in the regions that we want as opposed to Google automatically configuring the subnets.

Next, we configure the subnets

We specify the resource type, name, IP range, network and region. This is optional but you can add the depends_on parameter that specifies which resource your subnet depends on.

Finally, we configure the firewall rules

Configuring this tells Terraform which protocols your network should be exposed to. Here, I specified icmp and tcp.

Save this file.

Let's create another file. Name it variables.tf

nano variables.tf

This is a typical variables.tf file

variable "region" {}
variable "gcp_project" {}
variable "credentials" {}
variable "name" {}
variable "subnet_cidr" {}

In this file, all the variables used in main.tf are declared. Merely declared. The actual values of these variables are in another file named terraform.tfvars

This is a typical terraform.tfvars file

region = "europe-west2"
gcp_project = "sca-cloud-school"
credentials = "credentials.json"
name = "terraform"
subnet_cidr = "10.10.0.0/24"

Your project name, gcp_project has to be a valid project that exists on your GCP. The other parameters can differ depending on your specification.

Lastly, let's create the credentials.json file.

On GCP, navigate to IAM and Admin. And Service Accounts.

Step 1.png

Click the Create Service Account button.

Give it a name and a description (optional).

Add a role (optional)

Create the account.

Open the created account and navigate to the Keys tab.

Click the Add key button. Create New Key. Click JSON.

image.png

When you click Create, and save the file, copy and paste the entire content of the file to credentials.json

And that's it.

Now we are good to go.

Run

terraform init

to initialize Terraform in your directory

Then run,

terraform plan

This displays all the resources (VPC, subnet and firewall) that will be created at the end of the process.

Finally, run

terraform apply

This creates the VPC, subnet and firewall.

Go to GCP to confirm that the network has been created.

image.png

See? terraform-vpc successfully created!

Conclusion

In DevOps, if you need to perform a task more than once, just automate it. And Infrastructure As Code tools are the best use case.

I hope you enjoyed this.

Cheers!