Terraform IaC for Apache Cloudstack 4.12
This project helps in codifying the network infrastructure and the instance provisioning .
Seperate TF scripts by rate of change (those that run once and those that run more than once) . For example, set up of VPC/Subnet happens one time, instance provisioning can happen a few times, but application deployments can happen numerous times .
Scripts that are security related can also be seperated since they might have a different rate of change than provisioning.
==================================================================================
Written in GoLang and very easy to install .
- TF Executable
- TF File - (.tf and .tfvars or any other .tf* it might spot in the executing directory )
- TF State file
For Load order Hashicorp states : "When invoking any command that loads the Terraform configuration, Terraform loads all configuration files within the directory specified in alphabetical order."
- Variables - Seperates Code from actual values , helps as a placeholder , environment wise differing values (Dev/QA/Prod)
- Provider - Target Technology or Platform Stack ("aws")
- Resource - Target Resource within that Provider that needs to be provisioned ("aws_instance") .
- connection
- provisioner (For example - "remote-exec
- Output - Output emitted by Terraform as a result of a provisioning action.
- Data - Data performs metadata lookups on provisioners (For ex., "aws_availability_zones" for AWS provider)
| Provisioning Resources | Planning Updates | Use Source Control or IaC | Reusing Templates
- JSON Format (Do not edit the file ever)
- Within the file - resource mappings and metadata
- Represents a Resource Tree / Dependency Tree (this helps TF orchestrate across providers) - For ex., A DNS address of a ALB is available only after AWS creates the resource during execution and these kind of run-time info gets persisted in state file.
- This Resource Tree enables TF to work across muliple providers.
- Making updates to configuration - State file gets locked , very useful when multiple people or process (like Jenkins) on the same infrastructure and when the stated is stored remotely.
- State is stored locally or remotely (ex., NFS, Consul , S3 bucket) . As long as all process/people working with the state can reach the location it should be fine.
- Inspects Terraform state - What is the current state of the enviroment. It might refresh the state as needed.
- Based on what is already configured, what is configuration submitted looking at these it builds a Dependency Graph aka Dependency Tree (For ex., subnet needs to be created only after VPC) .
- It will determine additions and deletions and presents that info back to the user .
- Terraform then "walks the line" as per the plan that was displayed .