Testing out a potential infra tooling switch. For infra circle hackers. Terraform is really good for creating infrastructure, not configuring it. However, it allows some hooks to run bash scripts and the like. It's wayyyy easier to setup than Ansible.
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install terraform
$ terraform init $ terraform apply $ terraform destroy
files / commands
- init: downloads dependencies, stores them in
.terraform(downloads hetzner plugin)
- apply: generates a plan of what it will do, asks, then does it (creates the hetzner server)
- destroy: reads the
.tfstatefiles & reverses the state (destroys the hetzner server)
- newhetzner.tf: the file that
terraformreads to implement stuff
- .terraform.lock.hcl: state file that makes us all get the same results for
- user_data.yml: a
cloud-initscript which runs when the new hetzner VPS is created, provisioning commands!
*.tffiles are rough equivalent of ansible roles. once you run
terraform applyit generates a state file. the next time someone runs
terraform apply, the state file is read,
terraform planthen automatically knows what servers are created, destroyed, etc. instead of having an inventory listing like we have for ansible, we have the actual
.tffiles & the state files (e.g. this)
we can wire up minio as a "backend" (see this) so that
terraform applywill store the state files it generates there.
unsure how to test but there is this. i'd rather skip all the testing work, it somehow is not really worth it at our scale? i think tool usability is more important for us. can people using it understand what it is doing? then they'll probably be able to fix things.