Transcript for:
Lecture on Terraform

in this video we're gonna talk about terraform first I'm gonna explain to you what terraform is and what it's used for then we will see what is the difference between terraform and in Zabul and when to use each we will also look at the terraform architecture and commend as well as an example terraform configuration file after which you will have a good overview and understanding of how terraform actually works and how it does its job so first of all what is terraform terraform allows you to automate and manage your infrastructure and your platform and services that run on that infrastructure it's open source and it uses the clarity of language meaning you don't have to define every step of how these automation and management isn't done you just clear what you want the final result or end result and terraform will figure out how to execute it versus imperative style where you specify how to execute each step so as I said terraform is a tool for infrastructure provisioning so what does it mean exactly let's say you just started a project where you create some application and you want to set up an infrastructure from scratch where this application will run how does your infrastructure look like let's say you want to spin up several servers where you will deploy your five micro service applications that make up your application as docker containers and also you are going to deploy a database container you decide to use AWS platform to build your whole infrastructure on so first step will be to go to AWS and prepare the setup so the applications can be deployed there this means you create your private network space you create an employee server in situ server instances you install docker on each one of those plus any other tools that you might need for your application you set up security on your servers like firewalls you set up network etc once the infrastructure is prepared you can now deploy your docker applications or docker containers on that prepared infrastructure so as you see these are two different tasks or two separate steps of creating the whole setup one is provisioning the infrastructure preparing everything so the application can be deployed the second one is actually deploying the applications on it so you might even have two separate teams or two individuals who do these two separate tasks so a possible scenario DevOps team member configures the infrastructure and a developer then deploys the applications on the prepared infrastructure so where does terraform come into this whole thing terraform is used for the first part where you provision the infrastructure to prepare it for the application deployment creating the EPC spinning up the servers creating the security the AWS user with its permissions may be installing docker specific version on servers etc and obviously all of this needs to be done in a correct order because one task may be depends on the other now here I must mention something that a lot of people ask when it comes to terraform and that is what is a difference between ends bowl and terraform because they seem to be doing the same thing especially if you read the official definitions or official documentation they're sound like the same tools so the question is pretty logical what is the difference between them and which one should I use for my project so let's say the similarities and differences between these two using our example setup first of all terraform and in Siebel are both infrastructure as a code meaning they're both used to automate provisioning configuring and managing the infrastructure however terraform is mainly infrastructure provisioning tool that's where its main power lies but it also has possibilities to deploy applications in other tools on that infrastructure in Siebel on the other hand is mainly a configuration tool so once the infrastructure is provision and is it's there in Siebel can now be used to configure it and deploy applications install and update software on that infrastructure etc so as you see there overlaps of what each tool does and this creates the confusion other differences to consider in terms of those overlaps are in Siebel is more mature and terraform is relatively new and because of that is also changing dynamically and terraform is more much more advanced in orchestration so to summarize the difference terraform is a better tool for provisioning infrastructure and in Siebel is a better tool for configuring that infrastructure deploying installing applications and services on them so it's a common practice where DevOps engineers use the combination of these tools to cover the whole set up into end using both for their own strengths instead of just using one tool now if you want to learn more about in scible as well I have on video that I made about it where I explain exactly what ends bullies and how to use it so you can check it out and I also create another video where I will compare the infrastructure is a code tools like in Siebel chef terraform CloudFormation etc in more detail and also explain why each is best in one area even though they can do other tasks as well so if you want to see those videos and if you want to learn more then you can subscribe to my channel you can click the notification bell and stay tuned for the upcoming videos as well so now let's go back to our use case where we created the infrastructure using terraform and on AWS provision successfully for your project and you deployed the application on it now we decide that you want to add five more servers to the existing infrastructure to deploy more micro services because your team develops some more features and they need to be deployed and you also want to add some security configuration or maybe remove some stuff that you configure at the beginning so now we are in the phase of managing the existing infrastructure adding some stuff reconfiguring removing some stuff etc and using terraform you can make such adjustments to infrastructure pretty easily and this task of managing the infrastructure is just as important because once you've created the initial infrastructure for your project you will be continually adjusting and changing it and because of that you also need some automation tool that will do most of the heavy lifting for you so that you don't have to manually configure and do some stuff so once you are set up with terraform to create and change or maintain your infrastructure another useful thing or a common use case could be replicating that infrastructure let's say after you have tested this setup and everything works fine you decide now you want to release your application in production environments so you want to create a production environment that replicates this exact setup and keep the first as a development environment where you can test new features new micro services and updates before you launch it into production again you can use terraform here to automate that process so you can easily spin up an identical infrastructure and setup using the same tariffs run code that you use for the first setup the development environment setup and you can do the same to speed up at identical staging server as well so that makes these tasks also very easy so how does terraform do all this how does their firm actually connect to this infrastructure provider platforms and use all these technologies to provision stuff so for example how does terraform connect to AWS to create virtual space start ec2 instances configure networking etc in order to do the job terraform has two main components that make up its architecture the first one is telephones core and the core uses two input sources in order to do its job so we take cell phone figuration that you as a user right and where you defined what needs to be created or provisioned and the second one is there from state where Terra firme keeps the up-to-date state of how the current set up of the infrastructure looks like so what core then does is it takes this input and it figures out the plan of what needs to be done so it compares the state what is the current state what is the configuration that you desire the end result as I mentioned at the beginning and compares that and when it sees there is a difference so you want something else than what the current state is it figures out what needs to be done to get to that desired state in the configuration file so what needs to be created what needs to be updated deleted in which order on that infrastructure setup and the second component or the second part of the architecture are providers for specific technologies this could be cloud providers like AWS measurer or other infrastructure as a service platforms so for the infrastructure level tasks but terraform as I mentioned is also providers for more high-level components like kubernetes or other platform as-a-service tools even some software is a self-service tool so it gives you possibility to create stuff on different levels like create a AWS infrastructure then deploy or create kubernetes on top of it and then create services inside that or components inside that kubernetes cluster so it gives you all these possibilities and it does that through those providers terraform has over hundred providers for these different technologies and each provider then gives terraform user access to its resources so through AWS provider for example you have access to hundreds of AWS resources like it's two instances the AWS users etc with kubernetes provider you access to commodities resources like services and deployments and namespaces etc so this is how this works and this way terraform tries to help you provision and cover the complete application setup from infrastructure all the way to the application and this is your convenient but as I mentioned in the comparison between terraform and ansible Tara forms strength is actually in the infrastructure provisioning and for the other stuff you can use ansible or similar tools so once the core creates an execution plan based on the input from config file and state it then uses providers for specific technologies to execute the plane to connect to those platforms and to actually carry out those execution steps so now to also have an idea of how terraform configuration file looks like this is an example where you see AWS provider is configured and through the provider you now have two AWS resource like VPC you can create that with some attributes the same way you have the kubernetes provider here configured and through that now you can create a Cabrini's namespace resource where you pass some attributes and the syntax is very intuitive I would say basically define what she wants you want a resource of a certain technology or certain provider created and then you define its attributes and that's what terraform will create or do for you now one thing I mentioned the beginning and I want to go into detail is the declarative approach that Tara forms configuration files are written in and this is important to understand so what does declarative mean exactly when you create a terraform file instead of defining what steps to be executed to create a BBC or to spin up five ec2 instances or create the network configuration you define the end state you desire so you say I want five servers with network configuration like this and I one AWS user that has these permissions to access all the servers terraform go do that for me so instead of defining exactly what to do which is an imperative approach you define what the end result should be a declarative approach now for the initial setup this may not make much difference so when is the configuration of imperative and declarative approach it might actually look pretty similar but consider when you're updating your infrastructure like removing a server or adding another server or making other adjustments with imperative approach you would say in a configuration file remove two servers add a firewall configuration add some permissions to the AWS user etc so you give instructions of what to do with the clarity of approach like in terraform example you would say my new desired state is now seven servers this firewall configuration and user with this set of permissions do whatever needs to be done to get from the current state to the new desired state so now you don't have to actually calculate and decide how many service needs to be edie you say I want seven servers at the end that's what I want or you don't need to calculate and figure out how many permissions or which permissions you should add you just say I want this set of permissions to come out at the end so with the declarative approach if you just adjust the old configuration file and re execute it instead of adding the new set of instructions this is obviously very comfortable because your configuration files stays clean and small but also you always know what the current setup is just by looking at the configuration file because that's always the end result whereas in the first approach an imperative you have to somehow add this up and figure out the Delta between all the changes applied by multiple instructions so you've created the terraform file configuration file that defines your desired infrastructure set up on AWS now how do you make terraform take action terraform has commence you can execute to go through different stages which is pretty clear and straightforward the first command is refresh with this command terraform will query the infrastructure provider in our case AWS to get the up-to-date state so terraform will now know what is the current state of the infrastructure the next command is plenn remember i said the core is responsible for taking current state in your configuration file is input and decide based on the difference what needs to be done that's the plan so what terraform needs to do in order to achieve that desired state that you defined in a terraform configuration file if it's an initial setup it figures out all the steps to create the desired setup if it's an update it compares the existing setup with a new desired state and figures out what changes and adjustments need to be made in which order to create a new desired State for example at a new server and a new permission etc now this is just a plan this is where the core kind of constructs the the plain logically or what needs to be done the next command is the command where the actual execution happens and that's the apply command so we'd apply you can execute the plan so plan command is like a preview of what's gonna happen if you execute apply obviously terraform in the background will do the refresh at the up-to-date state then create the plan and then apply it which means if you want to execute a configuration file you can just execute the apply command and it will do all this and another command is destroy which obviously destroys the whole setup removing elements one by one in the right order and cleaning up all the resources that were created basically reverting everything that has been created and this could be used if let's say you create an environment for an important demo day and you didn't want to interfere with the existing environments once the demo is over you can destroy the whole setup destroy like apply will also check what's currently running and then create a plan of what needs to be removed in which order so I hope this gives you a good high level overview of terraform and how it works if you want to learn more such stuff then subscribe to my channel and stay tuned for more videos like this thanks for watching and see you in the next video