Getting to know Terraform
Terraform is one of the most used and demanded tools for Infrastructure-as-Code (IaC) deployment. We cannot go directly to Terraform Cloud without first addressing essential aspects of our organization, which make this tool an indispensable element of our day-to-day.
Its use by DevOps teams is essential to organize, orchestrate and maintain up-to-date infrastructures, from the smallest to the most complex. There are several ways in which specialists organize and structure their projects in Terraform to deploy them.
Meanwhile, it integrates with a large number of cloud platforms such as AWS, GCP, Azure and others focused more on managing on premise servers such as VMware, OpenStack. The possibility of managing resources and components on multiple platforms is thanks to its plugin scheme, which gives a high level of flexibility and versatility.
It has a high level of compatibility to run on various operating systems, both Microsoft Windows, macOS and GNU/Linux-based systems such as Ubuntu.
How do we use it?
At Dofleini Software we use it to manage the infrastructure of projects regardless of their size, scope or architecture. In our day to day, using this tool we always keep as a premise the application of good practices:
- Version all written code and keep it up to date.
- Never store Terraform project status locally.
- Place the project status in points accessible to all DevOps, but without public access.
- Fragment component blocks into modules within folders.
- Use the most recent versions of Terraform.
- DFL Ecommerce platform deploying its infrastructure with Terraform.
Under these principles, a good organization of the work performed is guaranteed, the transfer of knowledge to be used between DevOps is facilitated and all the needs related to deployments are satisfactorily covered.
The jump to Terraform Cloud
What is Terraform Cloud
It is an application that works as an online service, it can be accessed from here. It is responsible for managing the executions of each deployment, keeping track of their status. It is basically a Terraform with cloud-oriented functionalities, structured in Organizations and Workspaces, within which each project is inserted.
Projects can be integrated in 3 ways:
- With a version control system to centralize their use.
- With a local project through the CLI.
- With the Terraform API for more advanced and large-scale deployments.
Text below the image: Integration variants of Terraform Cloud with a Terraform project
Terraform Cloud has a number of important advantages that will be highlighted below:
- You can safely add environment variables that for security reasons should not be uploaded to repositories, these are passed to the Terraform project once it is integrated with the Terraform Cloud service.
- It stores history of all the stages through which the deployment of the project has passed as well as of each execution carried out.
- Integrates with various version control systems.
- Allows shared access to multiple users.
- Displays information about commits and their details in the repository.
- Allows from the web, with the appropriate permissions, to create and destroy infrastructure.
- Lists the resources created as well as all the output information generated by the last execution.
- Allows to configure the CI/CD process between the repository and the workspace.
Integrating with GitLab
Integrating repositories with Terraform Cloud is a simple process that starts once a workspace is created within an organization, or it can be done in the general configuration of the organization.
The very process of creating the workspace leads us to the step of selecting the type of integration; in this case it would be with a version control system (CVS) and then the provider is configured, integrating it in this case with GitLab. The process is simple, Terraform Cloud is registered as an application in GitLab, the secrets generated in both parts are exchanged and the integration is ready.
The selection of the repository, as shown in the next images, will help us to integrate the desired project, since we will have access to all the repositories to which the user has the necessary permissions.
With everything integrated and with the necessary communication in this case between Terraform Cloud and GitLab, the code is uploaded to the repository, in our case a simple one to create a Bucket in AWS S3. From the local station where you work, you can execute terraform plan statements, but not a terraform apply.
Once the code is uploaded, a new Pipeline is triggered by GitlLab-CI. It will show the final status of its execution in Terraform Cloud, as well as other details specific to Pipelines in this platform.
The following image shows the details of the last Pipeline executed in GitLab after a code upload to the repository. With the name “Changed S3 name”, this commit triggered the Terraform Cloud execution of the project in question.
The details of each run in Terraform Cloud show the result of the change schedule (whether or not it passed successfully) as well as the implementation of the changes, even listing the resources created/modified/deleted. It also stores who finally authorized the deployment (applying changes can be configured to run automatically or not).