# Terraform  ## Metadata - Author: [[Yevgeniy Brikman]] - Full Title: Terraform - Category: #terraform #devops ## Highlights - Software delivery consists of all of the work you need to do to make the code available to a customer, such as running that code on production servers, making the code resilient to outages and traffic spikes, and protecting the code from attackers. ([Location 267](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=267)) - The goal of DevOps is to make software delivery vastly more efficient. ([Location 297](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=297)) - There are four core values in the DevOps movement: culture, automation, measurement, and sharing (sometimes abbreviated as the acronym CAMS). ([Location 308](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=308)) - The goal is to automate as much of the software delivery process as possible. That means that you manage your infrastructure not by clicking around a web page or manually executing shell commands, but through code. This is a concept that is typically called infrastructure as code. ([Location 313](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=313)) - The idea behind infrastructure as code (IAC) is that you write and execute code to define, deploy, update, and destroy your infrastructure. ([Location 316](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=316)) - a key insight of DevOps is that you can manage almost everything in code, including servers, databases, networks, log files, application configuration, documentation, automated tests, deployment processes, and so on. ([Location 321](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=321)) - There are five broad categories of IAC tools: Ad hoc scripts Configuration management tools Server templating tools Orchestration tools Provisioning tools ([Location 322](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=322)) - ad hoc script. You take whatever task you were doing manually, break it down into discrete steps, use your favorite scripting language (e.g., Bash, Ruby, Python) to define each of those steps in code, and execute that script on your server, ([Location 326](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=326)) - The great thing about ad hoc scripts is that you can use popular, general-purpose programming languages and you can write the code however you want. The terrible thing about ad hoc scripts is that you can use popular, general-purpose programming languages and you can write the code however you want. ([Location 336](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=336)) - Chef, Puppet, Ansible, and SaltStack are all configuration management tools, which means that they are designed to install and manage software on existing servers. ([Location 347](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=347)) - While every developer organizes their ad hoc scripts in a different way, most configuration management tools come with a set of conventions that makes it easier to navigate the code. ([Location 365](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=365)) - Code that works correctly no matter how many times you run it is called idempotent code. ([Location 371](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=371)) - Ansible and other configuration management tools are designed specifically for managing large numbers of remote servers, ([Location 377](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=377)) - rolling deployment, which updates the servers in batches. ([Location 388](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=388)) - An alternative to configuration management that has been growing in popularity recently are server templating tools such as Docker, Packer, and Vagrant. ([Location 393](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=393)) - A virtual machine (VM) emulates an entire computer system, including the hardware. ([Location 405](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=405)) - A container emulates the user space of an OS.2 You run a container engine, such as Docker, CoreOS rkt, or cri-o, to create isolated processes, memory, mount points, and networking. ([Location 413](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=413)) - Server templating is a key component of the shift to immutable infrastructure. This idea is inspired by functional programming and entails variables that are immutable, so after you’ve set a variable to a value, you can never change that variable again. If you need to update something, you create a new variable. Because variables never change, it’s a lot easier to reason about your code. ([Location 455](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=455)) - The idea behind immutable infrastructure is similar: once you’ve deployed a server, you never make changes to it again. ([Location 458](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=458)) - Handling these tasks is the realm of orchestration tools such as Kubernetes, Marathon/Mesos, Amazon Elastic Container Service (Amazon ECS), Docker Swarm, and Nomad. ([Location 472](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=472)) - The answer is that code is powerful. In exchange for the upfront investment of converting your manual practices to code, you get dramatic improvements in your ability to deliver software. ([Location 545](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=545)) - production. This becomes a major bottleneck as the company grows. If your infrastructure is defined in code, the entire deployment process can be automated, and developers can kick off their own deployments whenever necessary. ([Location 551](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=551)) - If the deployment process is automated, it will be significantly faster, since a computer can carry out the deployment steps far faster than a person; and safer, given that an automated process will be more consistent, more repeatable, and not prone to manual error. ([Location 554](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=554)) - Instead of the state of your infrastructure being locked away in a single sysadmin’s head, you can represent the state of your infrastructure in source files that anyone can read. In other words, IaC acts as documentation, allowing everyone in the organization to understand how things work, even if the sysadmin goes on vacation. ([Location 556](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=556)) - You can store your IaC source files in version control, which means that the entire history of your infrastructure is now captured in the commit log. ([Location 559](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=559)) - If the state of your infrastructure is defined in code, for every single change, you can perform a code review, run a suite of automated tests, and pass the code through static analysis tools — all practices that are known to significantly reduce the chance of defects. ([Location 564](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=564)) - You can package your infrastructure into reusable modules, so that instead of doing every deployment for every product in every environment from scratch, you can build on top of known, documented, battle-tested pieces. ([Location 567](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=567)) - Terraform is an open source tool created by HashiCorp and written in the Go programming language. The Go code compiles down into a single binary (or rather, one binary for each of the supported operating systems) called, not surprisingly, terraform. ([Location 580](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=580)) - Although the distinction is not entirely clear cut, given that configuration management tools can typically do some degree of provisioning (e.g., you can deploy a server with Ansible) and provisioning tools can typically do some degree of configuration (e.g., you can run configuration scripts on each server you provision with Terraform), you typically want to pick the tool that’s the best fit for your use case. ([Location 644](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=644)) - Because every deployment uses immutable images on fresh servers, this approach reduces the likelihood of configuration drift bugs, makes it easier to know exactly what software is running on each server, and allows you to easily deploy any previous version of the software (any previous image) at any time. ([Location 667](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=667)) - procedural style in which you write code that specifies, step by step, how to achieve some desired end state. ([Location 677](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=677)) - declarative style in which you write code that specifies your desired end state, and the IaC tool itself is responsible for figuring out how to achieve that state. ([Location 681](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=681)) - Procedural code does not fully capture the state of the infrastructure ([Location 726](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=726)) - Procedural code limits reusability ([Location 730](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=730)) - With Terraform’s declarative approach, the code always represents the latest state of your infrastructure. ([Location 734](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=734)) - master server for storing the state of your infrastructure and distributing updates. Every time you want to update something in your infrastructure, you use a client (e.g., a command-line tool) to issue new commands to the master server, and the master server either pushes the updates out to all of the other servers, or those servers pull the latest updates down from the master server on a regular basis. ([Location 747](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=747)) - agent software (e.g., Chef Client, Puppet Agent, Salt Minion) on each server that you want to configure. ([Location 776](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=776)) - Terraform, Packer, Docker, and Kubernetes. You use Packer to create a VM image that has Docker and Kubernetes installed. You then use Terraform to deploy (a) a cluster of servers, each of which runs this VM image, and (b) the rest of your infrastructure, including the network topology (i.e., VPCs, subnets, route tables), data stores (e.g., MySQL, Redis), and load balancers. ([Location 921](https://readwise.io/to_kindle?action=open&asin=B07XKF258P&location=921))