I have been obsessed with terraform ever since I used ILP’s terraforms to create ilp connectors. I have mentioned this before. Here is another book where terraform features prominently. This time it is Venus not Mars! I actually have a copy of this book, it was hard to find – ping me if you want to borrow it.
Why and what is Terraform…
There are a ton of options to automate, and ‘code-ify’ dev ops (get it code-codeify hahaha). But most of the tools are about installing software on a server. I think docker sort of owns this. What terraform does is control the deployment of the servers or the platforms. Like you can use terraform to deploy k8 & docker. Terraform is modular and declarative. You could do server deployment using a shell script (I have done this a lot because I dont have to share my code). However, this is harder to read, share, and maintain.
How to do things with Terraform
- Install terraform
- Create a directory where you want to create your terraform project. Git init it!
- Now – run terraform init
- if you do not do this then terraform will not be able to find a “provider”
- Create a main.tf file. This is your terraform file. You can put all kinds of stuff in here and get fancy. But you need to specify a provider. In this case I am using aws:
provider "aws" {
region = "us-east-1"
}
5. Next run terraform plan. This shows you what you are going to deploy. If you want to save the plan so many people can deploy the same plan then just use the –out command.
6. Finally run terraform apply – (or terraform apply “planyoumade”)
7. You will see a terraform.tfstate file
8. fin!
What did I do in my terraform code?
- I have two files:.variable and main. I could also put this in other files to make it more modular, but KISS (keep it simple stupid).
- I try and offload as many variables to environment variables as possible (see the your.env)
- I created a free ec2 machine using the ubuntu 14.04 ami – and then a vpc, routing tables, security settings and I think that is it
-
terraform apply
This was fun, I never thought I would be like one of those dev ops guys with a beeper – but maybe I am one of those guys. Maybe I should get a beeper on ebay and wear it as an anachronistic accessory.
I had a lot of issues around creating route tables (route tables vs default route tables. Basically when you create a route table you have to recreate all the routes and this causes terraform to freak out. There is a scary warning on the hashicorp site about this. I spent a fair amount of time googling to figure out what the heck was going on. At one point it seemed that I would have to use the aws cli instead of terraform and sank into the trough of dispair.
Then I realized I did not git ignore my .terraform file. So I just blew away the whole repo, recreated it ran terraform apply and it worked! Magic
The other magic was reverse tunneling over two machines so that we can use jupyter notebook. I accomplished this though a somewhat hacky local-exec resource. The better solution would be to create a script – or maybe dockerify nginx.
Be careful! You can quickly use up your internet gateways – I dont think my delete works properly.
One thing I would like to leave you with is the notion of Egress only gateways – which is a internet gateway optimized for ipv6 from the VPC to the internet. To quote Amazon:
An egress-only Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances.
I am not sure how this would work with my tunneling though so I would have to do more debugging. Which I am not going to do right now. So this is perhaps an open issue that someone can use to contribute to this repo 😉
The readme is a marginally better than this blog post. So if you actually want to use this to create a ipv4 to ipv6 gateway and reverse tunnel so you can run jupyter notebooks take a look.