Terraform: Tales from the Trenches

RobertFox5 337 views 81 slides Feb 22, 2019

Slide 1 of 81

About This Presentation

Terraform is an infrastructure-as-code software solution that enables businesses to safely and predictably create, change, and improve infrastructure. It is all the rage right now in the DevOps community. In this presentation, experts from HG Data share some hands-on experiences and introduce some p...

Size: 12.69 MB

Language: en

Added: Feb 22, 2019

Slides: 81 pages

Slide Content

Presenters Rob Fox CTO Sam Chapin Chief Architect Brendan Keane DevOps Engineer Chris Deutsch DevOps Architect

The Story Thus Far... Rob Fox

Background Product: https://discovery.hgdata.com ( SaaS Platform and related services) Issues Includes: Previous iteration of infrastructure as code fell way short Rigid configuration Ansible+bash hell No automation No ability to validate No visibility as to what was actually running and where Holes around secrets management Had to run on a specific version of Ubuntu Copyright © HG Data 2019

Success so far... Customer facing platform completely refactored using Terraform, Kubernetes, Vault Blue/Green Deployment tied into CI/CD Many shared modules and libraries in github created and distributed to rest of engineering Platform rock solid (easy to deploy, easy to manage and monitor) Big Data team now adopting Terraform and related tooling to manage large-scaled Spark clusters and pipeline automation/orchestration Engineers much happier and way more productive!! Copyright © HG Data 2019

Evolution of a Terraform project Sam Chapin

me.tf :

Step 1. Experimentation (Someone allowed me to play with cool new toys) The starting state of the tf project: Single developer Toy deployment No "environment" No modularization No shared state Copyright © HG Data 2019

Step 2. Reality sets in (My boss tells me I need to actually deploy it) The OLD State of the tf project: Single developer Toy deployment No "environment" No modularization No shared state The NEW State of the tf project: Single developer Toy deployment Prod/Stage/Dev deployment No "environment" Environment management No modularization No shared state Copyright © HG Data 2019

Step 3. Refactor (I panic at how much I've been copy-pasting) The OLD State of the tf project: Single developer Prod/Stage/Dev deployment Environment management (confs, copies, or workspaces) No modularization No shared state The NEW State of the tf project: Single developer Prod/Stage/Dev deployment Environment management (confs, copies, or workspaces) No modularization Modularization ( inner modules / module library ) No shared state Copyright © HG Data 2019

Step 3. Refactor - Modules Hierarchy: modules/instance/main.tf:

Step 4. Make it easy (Someone is going to see the mess I made) The OLD State of the tf project: Single developer Prod/Stage/Dev deployment Environment management (confs, copies, or workspaces) Modularization (inner modules or reusable module library) No shared state The NEW State of the tf project: Single developer Multiple developers Prod/Stage/Dev deployment Environment management (confs, copies, or workspaces) Modularization (inner modules or reusable module library) No shared state Shared state Copyright © HG Data 2019

Step 4. Make it easy - Shared state across environments Hierarchy: ./main.tf: Modularize this!

Step 4. Make it easy - What Hurts? no sandbox isn't parameterizable hard to test non-DRY can't execute anywhere Collaboration with others (PR plan workflow) CI/CD locking your state all the time (Build queue) Check out https://www.runatlantis.io/ Okay, okay... What Still Hurts? Copyright © HG Data 2019

In summary... Experiment and get familiar with your new declarative friend Solve your environment problem with convention & opinions Make your codebase small and testable with modules Ease collaboration & FUD via state sharing & locking Copyright © HG Data 2019

Terraform, Behave! Brendan Keane

Do what I say not what I mean Terraform does this for you with every action. resource “aws_instance” “my_server” { ami = “ami-0c32356aac847d7e8” } resource “aws_rds_instance” “my_database” { ami = “ami-0c223918e1” } Copyright © HG Data 2019

Base Case: Assert: A can ping B B A Tests more than at first sight: security groups, subnets, routing, dns… Terraform tells me everything is as I declared it. Terraform does not tell me if it does what I want it to do. Copyright © HG Data 2019

Building Blocks

Building Blocks - Bats! https://github.com/bats-core/bats-core Rspec-ish.No ‘shelling out’, can run where infra is stood up Good helpers for stdout, stderr, and exit status. Before and after hooks if needed. Copyright © HG Data 2019

Building Blocks - Templating https://www.terraform.io/docs/providers/template/d/file.html ssh driven: this is a plus and minus. Many approaches: scripts, inline, powerful when combined with templating. Copyright © HG Data 2019

Concluding Thoughts Keep the tests simple, too many null_providers == bad Positive assertions are usually functionality: A can ping B Negative assertions are usually security: B cannot ping A Future: dockerize, dashboard of health tests orthogonal from application health checks. Copyright © HG Data 2019

Terraforming Blue/Green Deployments Chris Deutsch

The problem... “One of the challenges with automating deployment is the cut-over itself, taking software from the final stage of testing to live production.” https://www.martinfowler.com/bliki/BlueGreenDeployment.html Copyright © HG Data 2019

1. Infrastructure We have two clusters: blue and green Each cluster should be configured in the same way Each cluster should operate independently and be easy to maintain In addition, the more we split things up, the more value we can get out of blue/green deploys for our infrastructure . But we also increase cost and complexity. Copyright © HG Data 2019

2. Configuration Management Applications should have the same configuration regardless of whether they are blue or green. Applications should have the same configuration regardless whether they are the live version or the next version. (Well… as much as is reasonable.) Copyright © HG Data 2019

3. Application State “Twelve-factor processes are stateless and share-nothing. Any data that needs to persist must be stored in a stateful backing service, typically a database.” https://12factor.net/processes Copyright © HG Data 2019

Module 2: the blue deployment

Attaching the Instance to a Target Group my_arns = { next = “some_next_arn” live = “some_live_arn” } lookup(var. my_arns, “next”) => “some_next_arn”

Verify With Curl $ curl http://live.example.com/ I'm an app running in the production environment on green $ curl http://live.example.com/ I'm an app running in the production environment on blue Copyright © HG Data 2019

Verify With Curl $ curl http://live.example.com/ I'm an app running in the production environment on green $ curl http://next.example.com/ 503 Service Temporarily Unavailable # Wait a couple of minutes... $ curl http://next.example.com/ I'm an app running in the production environment on blue Copyright © HG Data 2019

Terraform: Tales from the Trenches

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Terraform: Tales from the Trenches

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

Slide 73

Slide 74

Slide 75

Slide 76

Slide 77

7-10. STP + Branding and Product & Services Strategies.pptx