HashiCorp Terraform

Terraform is an #open source automation tool used for #Infrastructure as Code (IaC) which is available in multiple platforms such as Windows, Apple and Linux. It can manage on-premise server, Cloud Computing# (AWS, Azure, Google Could Platform), #Virtual Machine (VM) (VMWare), Version Control System (VCS) and protocol (HTTP, TLS, Domain Name Server (DNS)) using Terraform Providers# available in Terraform Registry#.

Terraform uses HashiCorp Configuration Language (HCL)# as its configuration language and utilises its declarative nature to set up infrastructure accordingly.

A usual Terraform workflow should start with initialising the project and identify the Terraform Providers# to be used for the target environment using the command terraform init (initialise phase). Then, dry-run or test blueprint for each target environment by laying out the action that will be carried out with the command terraform plan (planning phase). Finally, apply the blueprint and make necessary changes for the target environment accordingly by running terraform apply (apply phase). Both terraform plan and terraform apply change the state of Terraform. The state of the resources is recorded in the file terraform.tfstate. If there is a disparity between current environment and the blueprint such as missing plugins#, Terraform will fix it in order to adhere to the specified requirements. Otherwise, one could simply run terraform refresh to synchronise the state of Terraform and the underlying infrastructure. We can import resources that is created manually or providers that is outside Terraform Registry# (from other #Infrastructure as Code (IaC) tools).

Note: You could modify the state using terrafrom state. However, it is for advanced usage so use it with care. You can inspect the state of a resource using terraform state {provider}.{resource} syntax.

One don’t need to run the mentioned two commands in order to find out configuration errors within the project, terraform validate should be enough to do the job. Be aware that the command can’t access any remote service such as remote state and provider APIs, so the values might not be checked. The command terraform show can be used to show the resource’s details defined in the file. Pass the option -json if you want them to be in JSON format. We can inspect all the output variables# or only the specific one, if there’s any, by calling the command terraform output. To show the current required providers for the project, run terraform providers, and we can export these providers into another directory using the subcommand mirrors.

We can destroy a Terraform infrastructure with the command terraform destroy.

All configuration and execution plans, and dependencies could be visualised using the command terraform graph. Since its output is in Graphviz format, you can pipe it to the software dot as follows.

terraform graph | dot -Tsvg terraform.svg

terraform fmt could be run in order to format all HCL files in the project directory.

Terraform Cloud and Terraform Enterprise provide a Web UI that centralised all Terraform components which ease the management.

Links to this page

Terraform Variable

Variable can be defined in a variable block in #HashiCorp Configuration Language (HCL) for #HashiCorp Terraform in the file variables.tf. A comprehensive definition for a variable block should look like the following:
Terraform State

Terraform State is a metadata used by #HashiCorp Terraform to track the status of the real world infrastructure. It is usually stored as a JSON file with the file name terraform.tfstate. Every time we hit terraform plan or terraform apply, we’ll refresh the state. In order to not do so, we can perform terraform plan --refresh=false so that Terraform will deploy the server referring to the file terraform.tfstate and do not refresh it.
Terraform Providers

There are several #HashiCorp Terraform providers available from HashiCorp either through official support, verified, or community support. They can be downloaded from Terraform Registry# as a Terraform Plugins# if needed and stored into the local directory .terraform/plugins/.

This will establish an implicit dependency of my_file on other_file as #HashiCorp Terraform able to recognise such relationship when running terraform apply. However, in some cases, explicit dependency might exist even though it is not being referred. As such, use the #optional argument depends_on, and defined a list of dependency the resource is relying on.
Terraform Project Structure

If the #HashiCorp Terraform Project grows larger, there is a need to have a more organised directory structure. The conventional project structure is as follows:
Terraform Plugins

#HashiCorp Terraform stores plugins under the local directory (the one where configuration files# located) .terraform/plugins/. Terraform will download any missing plugins for the infrastructure after calling terraform init.
Terraform Lifecycle

If we don’t want the changes result in altering the state of resource, that is whether it should be created or destroyed, we could tell #Terraform to ignore changes according to a list. We could define which variable should be ignored inside a list and then pass it to the option ignore_changes. If all changes should be ignored in the resource, then we could use the special keyword all and assigned it to the option.
Terraform Data Source

#HashiCorp Terraform could provision other resources that are managed by other Infrastructure as Code (IaC) tools or manual maintenance using Data Sources. However, it doesn’t have any permission other than reading the infrastructure in contrast to Terraform Providers. It can be defined in HashiCorp Configuration Language (HCL)# as follows:
Infrastructure Provisioning

HashiCorp Terraform#
HashiCorp Configuration Language (HCL)

HCL is a declarative configuration language developed by HashiCorp where .tf is its well known file extension. It is mainly used in HashiCorp products such as #HashiCorp Terraform. It is one of the good example of domain language. The general syntax is looked like below:

#devops #iac #automation