Terraform on AWS, GCP, and Azure
This is a Unix-focused guide to Terraform. It will work on Linux distributions and Mac OS X. During this video, I will be using a Mac or CentOS 7.
What is Terraform?
Terraform is an infrastructure tool for Building, changing, and Versioning infrastructure. Often referred to as Infrastructure as Code. It is released by the HashiCorp organization
It works with two coding data languages:
- HashiCorp Config Language (HCL)
- JSON
What is Terraform used for?
In its simplest form, Terraform can be used to automatically create server infrastructure on several different platforms. It can also be integrated into Continuous Integration and Continuous Delivery (CICD).
Terraform is a cloud-agnostic platform and is popular for the following cloud platforms :
- The Google Cloud Platform (GCP)
- Amazon Web Services (AWS)
- Microsoft Azure
- VMware
- Red Hat OpenStack
What is a Terraform Provider?
Terraform providers are now known as the Terraform Registry
https://registry.terraform.io/browse/providers
For a full list of temporary providers, see:
https://www.terraform.io/docs/providers/index.html
What is the use of Terraform in DevOps?
It can also be used as a bulk configuration tool, similar to products like Ansible. It requires a Plan, Execution of the plan, and Applying to the infrastructure. There is minimal human interaction and it is an incredibly powerful tool.
In this example, I will be using Google Cloud Platform (GCP) and Github to implement terraform infrastructure. GCP will be the cloud provider where I will build the infrastructure, and GitHub is a cloud-based code repository to store revisions and versions of code.
You will need an account on GCP and Github.
See the prerequisites below for instructions on how to do this:
Terraform: Google Cloud Platform (GCP)
I am using GCP as this is something I already have an account on. You may choose to use AWS or Azure for testing. I also use OpenStack. I will be adding instructions here for those providers at some point in the future.
Download the Google SDK for Linux – https://cloud.google.com/sdk/docs/quickstart-redhat-centos
Configure Google SDK for CentOS
From the CentOS command line, type:
sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM
[google-cloud-sdk]
name=Google Cloud SDK
baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOM
How to Install the Google SDK
sudo yum install google-cloud-sdk
Next, initialize the Google SDK and create or select a project.
I am using a Project I have previously created in the Google Cloud Console
gcloud init
Just Exit out CRTL C, and we will come back to this later
How to set Terraform and connect it to GitHub
If you have not already got a GitHub account, sign up at https://github.com
Log into GitHub and create a new repository
The Next Steps are :
- Choose the name of your GitHub repo
- Choose public or private
- tick initialize this report and choose the Terraform gitignore and apache license 2.0
- Then click Create the repository
- Press the Create Repository button
- then, once created, click the clone repository and copy the GitHub URL
- Next, go back to our CentOS installation. I had to install the CentOS git applications and pre-req files (I was using CentOS core, which doesn’t include git by default)
yum install git -y
next, Clone the GitHub repo to the CentOS shell
git clone https://github.com/TurboBailey1980/Terraform-Turbogeek.git
You are now synced to your GitHub repo and you can read/write to your Github repo.
If you want to learn about GitHub, check out the GitHub website help files
How to configure Terraform on Linux (Mac / Ubuntu / Centos)
Linux is my preferred Operating System for installing Terraform. It is natively supported. In this example, I will be using Centos 7 Core (or Minimal installation)
Terraform also works on Windows 10 Desktop and Windows Server products. Click here for a guide to install on Windows.
Download terraform using curl
curl -O https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_linux_amd64.zip
(You can also download the latest Terraform binaries from the HashiCorp website and FTP to your server)
Next, unzip it to your /usr/bin directory (note I am doing this as root)
unzip terraform_0.11.10_linux_amd64.zip -d /usr/bin/
(As I am using a CentOS7 core I needed to yum install unzip first.)
Next test the binary is working as part of your system environment variables
[root@Ansible-Terraform-Control tmp]# terraform -v
Next, you need to create a working directory for terraform and an empty terraform config file.
This step is really important and will greatly help organize your projects once you start using Terraform
[root@Ansible-Terraform-Control /]# mkdir terraform-templates && cd terraform-templates [root@Ansible-Terraform-Control terraform-templates]# touch template.tf [root@Ansible-Terraform-Control terraform-templates]# terraform apply Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
You now have to terraform installed on your Linux distribution, and can execute the terraform command from any location as we have installed directly to /usr/bin system $PATH
type terraform to test this
[root@Ansible-Terraform-Control Terraform-Turbogeek]# terraform
If you want to learn more about the core command lists above – check out this page on my site
Configure Google Cloud Platform (GCP) to work with Terraform
Log in to the Google Cloud Platform and create a new project https://console.cloud.google.com
Create an IAM Service Account for Terraform to use.
Select IAM & Admin > Service Accounts > Create Service Account
Enter a name for the service account
Set the role as Service Account Admin
Create a JSON key
Check the key has downloaded to your computer
Copy the JSON file to the CentOS Server, for ease of use save it “below” your project folder
Now we can write the connections.tf file to “connect” to GCP
I prefer to use vi or nano, but you can use whatever text editor you prefer
[root@Ansible-Terraform-Control Terraform-Turbogeek]# vi connections.tf
update the connections.tf with
provider "google" {
credentials = "${file("../turbogeek-terraform-d64341070e0c.json")}"
project = "turbogeek-terraform"
region = "us-west1"
}
If you have other providers, such as AWS, Azure - you can add them here as well
Next, we test the settings are correct by running
[root@Ansible-Terraform-Control Terraform-Turbogeek]# terraform ini
Test create a resource on Google Cloud Platform (GCP)
For this test to work – make sure your terraform service account has the following permissions
- Compute Network Admin
- Service Account Admin
Next, we can test the automated creation of a resource within GCP. We will create a simple network name
resource "google_compute_network" "our_development_network" {
name = "turbogeek"
auto_create_subnetworks = true
}
next type
[root@Ansible-Terraform-Control Terraform-Turbogeek]# terraform plan
This will cause terraform to reach out to GCP and see if the turbogeek network already exists
Next type
[root@Ansible-Terraform-Control Terraform-Turbogeek]# terraform apply
Now if you check GCP you will see the automatically created resource
MAKE SURE YOU DELETE THE VPC NETWORK TO ENSURE YOU ARE NOT BILLED BY GOOGLE
Recent Comments