DevOps Tools/Configuration/Terraform

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
(Created page with "Terraform =Installation= ==CentOS7== Update cache <nowiki>~$ sudo yum check-update</nowiki> Download dependencies <nowiki>~$ sudo y...")
 
 
(2 intermediate revisions by one user not shown)
Line 14: Line 14:
 
  <nowiki>~$ terraform -v
 
  <nowiki>~$ terraform -v
 
Terraform v0.11.13</nowiki>
 
Terraform v0.11.13</nowiki>
 +
 +
=Deploy basic ec2=
 +
 +
==Setup AWS==
 +
If you've not done so already, you will need to [[AWS/CLI | install the AWS CLI]] and create a new account for terraform to access aws programmatically.  For this example i've opted to give my terraform user admin rights and it also needs programatic access (just an access id/secret key pair).
 +
 +
==Create folder and files==
 +
For terraform you will need a folder with at least (3) files.
 +
<nowiki>~$ mkdir ~/terraform && cd ~/terraform
 +
~$ touch main.tf providers.tf variables.tf</nowiki>
 +
 +
==variables.tf==
 +
This is our variable store, it will contain the values for variables we can call from other tf files.
 +
<nowiki>~$ vim variables.tf
 +
variable "aws_access_key" {
 +
  default = "23Y8932D923YHDH2RHR4R"
 +
}
 +
 +
variable "aws_secret_key" {
 +
  default = "DFHuiofh49fyh92h34dfasdryh7893f"
 +
}
 +
 +
variable "aws_region" {
 +
  default = "us-east-1"
 +
}</nowiki>
 +
 +
==providers.tf==
 +
This is our providers file, it has detailed information about the cloud provider you will be using.
 +
<nowiki>~$ vim providers.tf
 +
provider "aws" {
 +
  access_key = "${var.aws_access_key}"
 +
  secret_key = "${var.aws_secret_key}"
 +
  region = "${var.aws_region}"
 +
}</nowiki>
 +
 +
==main.tf==
 +
This is our main file, it contains the instructions about what we want to setup.
 +
<nowiki>~$ resource "aws_instance" "web" {
 +
  ami = "ami-0b898040803850657"
 +
  instance_type = "t2.micro"
 +
 +
  tags = {
 +
    Name = "r00tedvw"
 +
  }
 +
}</nowiki>
 +
'''note:''' Should you need to find the latest Amazon Linux 2 AMI ID, you can use this [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html aws cli query I found here.]
 +
<nowiki>~$ aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn2-ami-hvm-2.0.????????-x86_64-gp2' 'Name=state,Values=available' --query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' --output text</nowiki>
 +
 +
=Deploy basic S3 bucket=
 +
Same as with the EC2 deployment, you will need a <code>variables.tf</code> and <code>providers.tf</code>.<br>
 +
Within the <code>main.tf</code> you'll want to add this resource:
 +
<nowiki>~$ vim main.tf
 +
resource "aws_s3_bucket" "bucket" {
 +
  bucket = "r00tedvw-test-bucket"
 +
  acl = "private"
 +
  region = "us-east-1"
 +
 +
  tags = {
 +
    Name = "r00tedvw-test-bucket"
 +
    Environment = "r00tedvw"
 +
  }
 +
}</nowiki>
 +
 +
=Deploy basic security group=
 +
Building off the prior steps, we can create a security group to allow external access to resources as AWS does not do this by default.<br>
 +
create a new file: <code>security_group.tf</code>
 +
<nowiki>~$ vim security_group.tf
 +
resource "aws_security_group" "instance" {
 +
  name = "r00tedvw-tf-group"
 +
 +
  ingress {
 +
    from_port  = 8888
 +
    to_port    = 8888
 +
    protocol    = "tcp"
 +
    cidr_blocks = ["0.0.0.0/0"]
 +
  }
 +
}</nowiki>
 +
With that in place, we can call on this new security group using a terraform expression for our EC2 deployment.
 +
<nowiki>~$ vim main.tf
 +
resource "aws_instance" "web" {
 +
  ami = "ami-0b898040803850657"
 +
  instance_type = "t2.micro"
 +
  vpc_security_group_ids = [aws_security_group.instance.id]
 +
 +
  tags = {
 +
    Name = "tf-test-vm"
 +
    Environment = "r00tedvw"
 +
  }
 +
}</nowiki>

Latest revision as of 14:55, 30 September 2019

Terraform

Contents

[edit] Installation

[edit] CentOS7

Update cache

~$ sudo yum check-update

Download dependencies

~$ sudo yum install -y wget unzip

Download terraform binary in zip from downloads page.

~$ wget https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip

Extract to PATH directory

~$ sudo unzip ./terraform_0.11.13_linux_amd64.zip -d /usr/local/bin/ 

Verify

~$ terraform -v
Terraform v0.11.13

[edit] Deploy basic ec2

[edit] Setup AWS

If you've not done so already, you will need to install the AWS CLI and create a new account for terraform to access aws programmatically. For this example i've opted to give my terraform user admin rights and it also needs programatic access (just an access id/secret key pair).

[edit] Create folder and files

For terraform you will need a folder with at least (3) files.

~$ mkdir ~/terraform && cd ~/terraform
~$ touch main.tf providers.tf variables.tf

[edit] variables.tf

This is our variable store, it will contain the values for variables we can call from other tf files.

~$ vim variables.tf
variable "aws_access_key" {
  default = "23Y8932D923YHDH2RHR4R"
}

variable "aws_secret_key" {
  default = "DFHuiofh49fyh92h34dfasdryh7893f"
}

variable "aws_region" {
  default = "us-east-1"
}

[edit] providers.tf

This is our providers file, it has detailed information about the cloud provider you will be using.

~$ vim providers.tf
provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region = "${var.aws_region}"
}

[edit] main.tf

This is our main file, it contains the instructions about what we want to setup.

~$ resource "aws_instance" "web" {
  ami = "ami-0b898040803850657"
  instance_type = "t2.micro"

  tags = {
    Name = "r00tedvw"
  }
}

note: Should you need to find the latest Amazon Linux 2 AMI ID, you can use this aws cli query I found here.

~$ aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn2-ami-hvm-2.0.????????-x86_64-gp2' 'Name=state,Values=available' --query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' --output text

[edit] Deploy basic S3 bucket

Same as with the EC2 deployment, you will need a variables.tf and providers.tf.
Within the main.tf you'll want to add this resource:

~$ vim main.tf
resource "aws_s3_bucket" "bucket" {
  bucket = "r00tedvw-test-bucket"
  acl = "private"
  region = "us-east-1"

  tags = {
    Name = "r00tedvw-test-bucket"
    Environment = "r00tedvw"
  }
}

[edit] Deploy basic security group

Building off the prior steps, we can create a security group to allow external access to resources as AWS does not do this by default.
create a new file: security_group.tf

~$ vim security_group.tf
resource "aws_security_group" "instance" {
  name = "r00tedvw-tf-group"

  ingress {
    from_port   = 8888
    to_port     = 8888
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

With that in place, we can call on this new security group using a terraform expression for our EC2 deployment.

~$ vim main.tf
resource "aws_instance" "web" {
  ami = "ami-0b898040803850657"
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.instance.id]

  tags = {
    Name = "tf-test-vm"
    Environment = "r00tedvw"
  }
}
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox