TERRAFORM AS A TOOL FOR IaC

TERRAFORM AS A TOOL FOR IaC

Over the past months, I have been getting in-depth knowledge of cloud computing. One of the things I have learnt so far is that service models can be provided;

  • Infrastructure as a service: When we talk about IaaS, what comes to mind is a pay-as-you-go online service that provides network infrastructure like physical computing resources, backups, data partitioning, securities, scaling, security, backup, etc.

  • Platform as a service is made such that it allows customers to provision, instantiate, run, and manage a modular bundle comprising of computing platforms, application(s), without the complexity of building and maintaining the infrastructure typically associated with developing and launching the application(s)

  • Software as a service: This is simply a software distribution model in which a cloud provider hosts applications.

For this article, I'd be talking about Terraform as a tool for IaC

INFRASTRUCTURE AS CODE

Wikipedia defines Infrastructure as code (IaC) as the process of managing and provisioning computer data centres through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

Simply defining, it is the use of configuration files to manage and provision infrastructure in place of manual processes.

There are generally two approaches to Iac; Declarative and Imperative.

The declarative approach tells us how or declares the final result or desired outcome should be, it defines the resources and properties that allow an IaC tool to chose the workflow to get the desired result.

The imperative approach defines the specific commands needed to achieve the desired configuration in sequence to get to the final result. i.e. workflow are defined.

Terraform

Terraform is an open-source declarative Iac tool in which users define and provide data centre infrastructure using a declarative configuration language. It is able to create, read, update and delete on the user's behalf to get the said desired result. It supports and manages external resources with most cloud providers. Its major commands include;

$ terraform init
$ terraform plan
$ terraform apply
$ terraform destroy
  • terraform init queries infrastructure provider to communicate with the rest API
  • terraform plan creates an execution plan of what needs to be done
  • terraform apply is a preview of the plan. i.e to executes the plan made
  • terraform destroy actually deletes in sequence all the setup in the config file as well as the clean up of the resources.

Terraform modules A module is a standalone piece of code that provides specific and tightly coupled functionality, which can serve as a routine within a program in different systems.

Terraform modules consists of the root and child modules in which resources are defined in the .tf files in the main working directory.

Screenshot from 2021-04-21 13-56-39.png

Why terraform?

  • Terraform is a declarative IaC tool in that it simply defines the desired state, not the workflow or processes. So, therefore, it's easy to manipulate the configuration file without giving rise to subtle bugs that would pose a problem to diagnose later known as config drift.

  • Terraform is mainly an infrastructure provisioning that also has the ability to deploy applications.

-Terraform uses modules that collect inputs and create desired output in connection with cloud providers

  • Terraform is a more advanced orchestration tool and is easily able to manage and replicate existing infrastructure

-Terraform gives the possibility to create things on higher levels in conjunction with cloud providers.

  • Terraform gives room for a large community to easily operate on projects/Apps.

Terraform provisioning on GCP Prerequisites

  • A Project on GCP that has its billing enabled.
  • Connected service account to project.
  • Installed Terraform
  • Installed gcloud

Steps

  1. On your terminal create a folder to keep terraform files, in the folder create a "main.tf" Terraform config file, it should look like this;
// Configure the Google Cloud provider
provider "google" {
  project = "{YOUR GCP PROJECT}"
  credentials = “${file(“credential.json”)}”
  region  = "us-west1"
  zone    = "us-west1-b"
}
  • The project field contains the new project you created or an existing project in your console.
  • The credential holds details required for the GCP authentication processes

Screenshot from 2021-04-21 11-45-28.png

  • Region and zone represents the chosen default location for regional and zonal resources respectively. (Not all resources require a location as some GCP resources are global).

  • Add the following to your main.tf config file:

resource "google_compute_instance" "vm_instance" {
  name         = "terraform-instance"
  machine_type = "f1-micro"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  network_interface {
    # A default network is created for all GCP projects
    network = "default"
    access_config {
    }
  }
}
  • A Google compute Engine VM instance is named google_compute_instance in Terraform, indicating the provider, product family and resource name.

  • The network_interface gives the default setting for the network interface

  • Adding VPC network resource block to the main.tf config file;

resource "google_compute_network" "vpc_network" {
  name                    = "terraform-network"
  auto_create_subnetworks = "true"
}

Your final config file should look like this:

provider "google" {
  credentials = “${file(“credential.json”)}”
  project = "YOUR GCP PROJECT"
  region  = "us-west1"
  zone    = "us-west1-b"
}

resource "google_compute_instance" "vm_instance" {
  name         = "terraform-instance"
  machine_type = "f1-micro"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  network_interface {
    # A default network is created for all GCP projects
    network = "${google_compute_network.vpc_network.self_link}"
    access_config {
    }
  }
}

resource "google_compute_network" "vpc_network" {
  name                    = "terraform-network"
  auto_create_subnetworks = "true"
}

Now that you have completed your terraform config file and configured your credential, In your root directory, use the command terraform init to initialize, i.e. Terraform would detect the provider in main.tf file and downloads it to be used in getting the desired result.

Screenshot from 2021-04-21 15-14-29.png Next is to use terraform plan to see the changes that would be made to our GCP account.

Screenshot from 2021-04-21 15-19-11.png And now, we use terraform apply to apply changes made from terraform plan to GCP.

Screenshot from 2021-04-21 15-40-04.png

And start using the terraform provisioned GCP Instance.

Screenshot from 2021-04-21 13-43-44.png

To tear down or delete the resources, app, instance created, use terraform destroy.

CONCLUSION Terraform is a standard IaC tool that integrates with almost all cloud providers allowing you to safely provision and manages multi-cloud infrastructure. Its configuration can be stored in version control systems, allowing for declarations that can be treated as a code. To get a better understanding in a video format check here.