2.1 How to Utilize Terraform

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 48 minutes
Video Transcription
before going too far in our terra form adventure. Let's take a moment to understand where it fits as a tool into the bigger picture.
Welcome to Module two.
A little history about terra form. It's one of the newer kids on the block in the infrastructure as code movement and as a solution. It started in 2014 in his gained significant Momenta MME in the marketplace and an adoption amongst the development community.
It was started by Hashey. Corporate really continues to be really driven by that company.
They have a lot of different products it and it's part of a grander sweet. You may have heard of some of these products. You may even use some of these products and they're very complimentary to terra form, including Vega and Packer. Vault Consul and Nomad didn't plan to get too deep into those, but definitely
recommend you check out hashey corpse side. Take a look at the variety of
cloud products they have even within terra form. We're gonna be working with the open source version of terra form in our examples today and learning real core terra form and terra form concepts and scripting, but has She Corp has commercial paid for options that give you some more functionality
in terms of terra form. And they also take care of
some of the support of infrastructure for you and and make things a little more enterprise ready. So, having enforcing of standards and policies, for example, more detailed auditing trails things like that that if you are adopting terror form on a on a grander scale in a commercial capacity, these air capabilities you'll really want to
give ah, good look, too, because,
you know, hats off to Cash Corp They've done some great contributions into the open source community, and these extra little commercial ad aunts or extensions and service is they've built on top. Really? Do help bring things full circle f ur prime time with terra form
Terra Form
is really for provisioning infrastructure in the cloud that is its sweet spot, and it supports doing that in many different clouds providers. So this includes A W S, Microsoft Azar,
Google Oracle, Ali Baba Cloud in quite a few other providers. And, um, one of the things to note is multi cloud support does not mean cloud agnostic, and that's a common Ms know more about terra form. So if I create a terra form script,
that's a provision sweet of
five servers puts them behind a load balancer gives each one of them Ah, certain hard disk, Um uh, and and defines maybe a virtual network for the service. Sit on and be abstracted and sitting behind that load balancer that same script, while the concept that I just described
could work at any one of these cloud providers,
you really can't take that script verbatim and just run it against a W S or as ER but what you could do, especially if you're multi cloud, is you can have a single script that's provisioning some resource is an Amazon, and then at the same time, provisioning resource is and as ER or any one of these other
cloud providers, you can have that.
And when you move across the different cloud providers, you're keeping some consistency there in terms of the technology that you're using. That being terra form, uh, Amazon has their own technology for doing what I was describing called cloud formation as er has there the resource manager arm arm templates.
They're these providers all created a p eyes. You can create scripts,
but they're all very provider specific. So the effort to move your your your materials and your provisioning code from one of these providers of the other is going to be a lot higher. So I wouldn't say it's completely cloud agnostic. But Terra form definitely is multi cloud support and gives you a lot of extend ability there
if we take a look at other technologies, because when you start going down, this infrastructure is a code or they're just so many things out there. There's a lot of complementary technologies, and it could be very confusing. So we wanna set this up and understand. Where is terror forms best fit? And where does some of these other complementary technologies
line up about the other areas of overlap? When you get into these a depth
but really looking at their core competencies in what they do, we have
what I'll refer to his configuration management technologies, right. So when you have a server, a suite of servers and you want them to be into a certain state, you want certain packages installed, applications installed, you want configured in a particular way. There's a variety of mechanisms to do that, typically, you're gonna have a base image,
the operating system image boom to Lennox, Windows server, something like that.
And then you're running a sequence of procedures on that machine to get it into a certain state. And then you may even adjust what you want. And if you have to manage this across ah, farm of servers, you're gonna want to employ a technology like any of these appear answerable chef, puppet salt stack
to really help that. So you're not logging into each server and running scrips one of the time on potentially hundreds of servers across your entire cloud, enforcing policies and so forth. So these type of configuration management, they're operating at a level a little
below where terra form sits. I also have to call out Hash Corpse Packer product. This is a take a little different spin on solving this problem, as opposed to creating a server on a base image and then performing a variety of operations to get it into a specific state and then
coming back and performing additional operations to adjust that state and
in an an attempt, the best attempt to establish consistency across your servers, Packers approach and hash corpse, looking at it a little differently in saying,
instead of doing that, create different find images to do all that work. All that building all those configurations on top of your base operating system. Do those build yourself, Ah, virtual machine image file. Deploy those images and then,
as you need to rotate an update, things will continue to update those base images and deploy the base images. So you're
never actually doing much change to the server itself. Once it's been deployed in the cloud, it's doing it at a server basis. Packer is and where his doctor is a light version of a server, so, uh, specifically referred to as a container
doctor. And then Kubernetes goes really hand in hand with Dockers. It's become just such a
ah popular marketplace for managing your containers at large. Potentially hundreds of instances of the containers and deploying them. Ah Hodja Corp also has no mad. It's comparable to Cooper nineties in managing containers. I'm not an expert on that particular product,
but these are all complimentary, so it could be very confusing to understand. Okay, terra form or
go use danceable or Jeff. Hopefully, this clears up the strengths and weaknesses of these, and I'll give you even a little more example. So when you want provisioned, the infrastructure define at at a metal air. How many servers, load balances, virtual networks, kubernetes clusters, right?
Those kind of things. Storage locations.
That's where you could use the clouds provider specific technologies that we spoke around about in the last slide, such as cloud formation arm. But you could also use terra form, and that's what we're here for. But once you've defined your infrastructure, then you want to do potentially some manipulation on the specific servers.
This is where you're you could be creating bash and power shell scripts,
but also these configuration management tools like answerable chef puppets all stack they come into play. Packer is there to solve a very similar problem,
but just taking a little different approaching mentality that you don't change the server. Once deployed, you do all your configuration. You define a stack image and then you deploy that static image out. And if you need to make any updates,
then you will update that static image all under the premise that the data itself the state. Full data is not obviously residing on the server itself. It's often are in some sort of a data store relational database, some some other kind of a database document database. What have you
or or an external storage location?
And then finally we get to the concept of Okay, What if we want to deploy and manage orchestration of massive number of containers or even just a few containers? Terra form can help define that kubernetes cluster right? Or you can use per cloud provider specific kubernetes implementations. Simplify a lot of things for yourself.
Aziakou burn a tea service.
Um, Amazon has their their cougar nays implementation and as well as, of course, Google Cloud. And those are helping to get your containers out there, have them run and balance the load and create more instances when there's load, monitor health, restart your containers and so forth
tear forms. Not gonna be solving those problems for you.
So let's take a moment and talk about declare a tive versus procedural. So terra form terra form scripts there declared of in nature. So by declared, if I mean you're defining how the end state of the application infrastructure, right? Should look procedural
is more describing the set of actions
to take the current state, which could be nothing on get it to the desired and state. Right? So one is saying this is how it shall be. The other is saying, I'm gonna do this. I'm gonna do this. I'm going to do that. A zit. More concrete example.
And in your terror form file, you will declare, Let's say there shall be a load balance or in front of a pool that is backed by three virtual servers. And
from a procedural perspective, though, if you were writing a script made of power shell script, bash, script, something of that nature, it would look a little different. The code will look a little different. And the mentality and the thinking behind it would be a little different, You would say. Okay, I need to create a load balancer. And then I'm gonna create
server for one. I'm gonna put that in the pool. I'm gonna create server to I'm gonna add that to the pool behind the load balancer. I'm gonna create. It's over three, and I'm gonna add that to the pool
behind the load balancer.
So as you can see in the procedural, you're building off of certain assumptions about what is the current state of the environment, and you're accomplishing an end state. Where is with the declarative you are just defining. Here's I want things to look.
And if we were to expand that example of or let's say you find out you need to expand a little more
declared of approach would say OK, I want that load balancer and I want a pool of four serves behind it. And so you would change your terra form file to declare that they're gonna be four servers behind this load balancer, and then those activities when when you're applying the Terra form infrastructure out into the cloud provider
activities, would
procedures would be executed to result in and put you in that state on the procedural side. If you took that same script that we were just looking at that created the three servers, created the load balancer and then created the three service and you run those again,
you're gonna end up with a whole another load balancer and another additional three servers, right? So for a total of two, load balancers and six servers.
So then what you'd have to do instead? If you're going, a procedural mindset is you're gonna need to create another script that then creates, or four, and then it adds it to the pool. So hopefully this describes and helps clarify a little bit, declarative versus procedural and terra form being a much more declare a tive
type language, and it takes that mindset with it.
So in closing very brief, we're gonna get a lot more detailed. But I I want to make sure that you understand where terra form fits. And you're always important that that you're using the right tool for the right job. And sometimes you can take other tools and people extend them and bend them and twist them and and all sorts of ways
that can make them do things that maybe are outside of their core competency.
Um, and there's definitely overlap between different tools, but I hope you got a good understanding of not only where the complementary technologies of terra form obviously the major cloud providers what we mean when we say
it's multi cloud compatible versus being quote cloud agnostic, which terra form really isn't,
um and then getting a good, solid understanding of declared of type mindset versus procedural programming. Thank you. And I look forward to getting our hands dirty in the coming modules. Here is, as we get much more in depth into terra form and the power behind it.
Up Next