43 lines
2.3 KiB
Markdown
43 lines
2.3 KiB
Markdown
|
# terraform-tester
|
||
|
|
||
|
Testing out a potential infra tooling switch. For infra circle hackers.
|
||
|
Terraform is really good for creating infrastructure, not configuring it.
|
||
|
However, it allows some hooks to run bash scripts and the like. It's wayyyy
|
||
|
easier to setup than Ansible.
|
||
|
|
||
|
## setup
|
||
|
|
||
|
Install Terraform:
|
||
|
|
||
|
```
|
||
|
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl
|
||
|
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
|
||
|
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
|
||
|
sudo apt-get update && sudo apt-get install terraform
|
||
|
```
|
||
|
|
||
|
## test
|
||
|
|
||
|
```
|
||
|
$ terraform init
|
||
|
$ terraform apply
|
||
|
$ terraform destroy
|
||
|
```
|
||
|
|
||
|
## files / commands
|
||
|
|
||
|
- **init**: downloads dependencies, stores them in `.terraform` (downloads hetzner plugin)
|
||
|
- **apply**: generates a plan of what it will do, asks, then does it (creates the hetzner server)
|
||
|
- **destroy**: reads the `.tfstate` files & reverses the state (destroys the hetzner server)
|
||
|
- **newhetzner.tf**: the file that `terraform` reads to implement stuff
|
||
|
- **.terraform.lock.hcl**: state file that makes us all get the same results for `terraform init`
|
||
|
- **user_data.yml**: a `cloud-init` script which runs when the new hetzner VPS is created, provisioning commands!
|
||
|
|
||
|
## notes
|
||
|
|
||
|
- `*.tf` files are rough equivalent of ansible roles. once you run `terraform apply` it generates a state file. the next time someone runs `terraform apply`, the state file is read, `terraform plan` then automatically knows what servers are created, destroyed, etc. instead of having an inventory listing like we have for ansible, we have the actual `.tf` files & the state files (e.g. [this](https://git.autonomic.zone/autonomic-cooperative/terraform-tester/src/commit/f71daa1ea969bff2b08d846c361edae56e14fa75/newhetzner.tf#L16-L24))
|
||
|
|
||
|
- we can wire up minio as a "backend" (see [this](https://dickingwithdocker.com/2019/02/terraform-s3-remote-state-with-minio-and-docker/)) so that `terraform apply` will store the state files it generates there.
|
||
|
|
||
|
- unsure how to test but there is [this](https://www.hashicorp.com/blog/testing-hashicorp-terraform). i'd rather skip all the testing work, it somehow is not really worth it at our scale? i think tool usability is more important for us. can people using it understand what it is doing? then they'll probably be able to fix things.
|