terraform

Terraform: module for conditional include of related resources

If you have a set of resources in Terraform that are conditionally included based on the same criteria, instead of appending a “count/for_each” on every resource definition, consider refactoring them into a module. The conditional can then be placed on the module definition instead of polluting each resource definition. For example, if you had several Terraform: module for conditional include of related resources

OpenTofu: installing OpenTofu on Debian/Ubuntu

Terraform has now been open-source and forked with the OpenTofu project.  The ‘tofu’ binary is a drop-in replacement for terraform, and this article will show you how to install on Debian/Ubuntu. After installation, we will then use the Debian/Ubuntu Alternatives concept to supersede existing calls to ‘terraform’ to instead invoke ‘tofu’. Setup OpenTofu apt repository OpenTofu: installing OpenTofu on Debian/Ubuntu

Terraform: external yaml file as a contribution model for outside teams

If you are using Terraform as a way to provide infrastructure/services to outside teams, your Terraform definitions and variables may initially be owned by your team alone, with all “tf apply” operations done by trusted internal group members at the CLI. But once there is a certain amount of maturity in the solution, the Terraform Terraform: external yaml file as a contribution model for outside teams

Terraform: fixing error “querying Cloud Storage failed: storage: bucket doesn’t exist”

If you are attempting to run “terraform init” with a Google Cloud Storage backend and get the following error: Error: Failed to get existing workspaces: querying Cloud Storage failed: storage: bucket doesn’t exist The first check should be that the Google Cloud Storage bucket indeed exists, using gsutil. project_id=myproject-123 gsutil ls -p $project_id If the Terraform: fixing error “querying Cloud Storage failed: storage: bucket doesn’t exist”

GKE: terraform lifecycle ‘ignore_changes’ to manage external changes to GKE cluster

As much as Terraform pushes to be the absolute system of record for resources it creates, often valid external processes are assisting in managing those same resources. Here are some examples of legitimate external changes: Other company-approved Terraform scripts applying labeling to resources in order to track ownership and costs Security teams modifying IAM roles GKE: terraform lifecycle ‘ignore_changes’ to manage external changes to GKE cluster

Terraform: migrate state from local to remote Google Cloud Storage bucket and back

In this article I will demonstrate how to take a Terraform configuration that is using a local state file and migrate its persistent state to a remote Google Cloud Storage bucket (GCS).  We will then perform the migration again, but this time to bring the remote state back to a local file. We will illustrate Terraform: migrate state from local to remote Google Cloud Storage bucket and back

Terraform: creating an Ubuntu 22 template and then guest VM in vCenter

In this article I will demonstrate how to create an Ubuntu 22 template in vCenter.  Then use Terraform to create a vSphere VM based on this template. The VM template creation is done by manually stepping through the Ubuntu server ISO installation wizard, followed by a set of preparation steps. Then Terraform is used to Terraform: creating an Ubuntu 22 template and then guest VM in vCenter

GCP: Private GKE cluster in Autopilot mode using Terraform

GKE Autopilot reduces the operational costs of managing GKE clusters by freeing you from node level maintenance, instead focusing just on pod workloads.  Costs are accrued based on pod resource consumption and not on node resource sizes or node count, which are managed by Google. Since you no longer own the node level, there are GCP: Private GKE cluster in Autopilot mode using Terraform

Terraform: creating a Kubernetes cluster on DigitalOcean with public NGINX ingress

Updated Aug 2023: tested with Kubernetes 1.25 and ingress-nginx 1.8.1 Creating a Kubernetes cluster on DigitalOcean can be done manually using its web Control Panel, but for automation purposes it is better to use Terraform. In this article, we will use Terraform to create a Kubernetes cluster on DigitalOcean infrastructure. We will then use helm Terraform: creating a Kubernetes cluster on DigitalOcean with public NGINX ingress

Terraform: post-configuration by calling remote-exec script with parameters

If you are creating a VM resource and must run a Bash script as part of the initialization, that can be done within Terraform using the remote-exec provisioner and its ability to execute scripts via ssh. If you need to send arguments to this script, there is a standard pattern described in the official documentation Terraform: post-configuration by calling remote-exec script with parameters

Terraform: using dynamic blocks to add multiple disks on a vsphere_virtual_machine

If the Terraform resource you are creating supports multiple dependent entities (e.g. a single VM with multiple disks or networks), but only by adding hardcoded duplicate text blocks, then you should consider Terraform dynamic blocks. For example, if you are creating a vsphere_virtual_machine with two additional data disks, then here is a snippet showing how Terraform: using dynamic blocks to add multiple disks on a vsphere_virtual_machine

Terraform: using json files as input variables and local variables

Specifying input variables in the “terraform.tfvars” file in HCL syntax is commonly understood.   But if the values you need are already coming from a json source, it might make more sense to feed those directly to Terraform. Here is an example where the simple variable “a” is provided via an external json file. # Terraform: using json files as input variables and local variables

Terraform: converting ordered lists to sets to avoid errors with for_each

If you are using a Terraform “for_each” and get the error message below, it is most likely because you are sending an ordered list instead of an unordered set (which is not supported at the resource level). The given “for_each” argument value is unsuitable: the “for_each” argument must be a map, or set of strings, Terraform: converting ordered lists to sets to avoid errors with for_each

Terraform: creating an Ubuntu 20 Focal template and then guest VM in vCenter

In this article I will demonstrate how to create an Ubuntu 20 Focal template in vCenter.  Then use Terraform to create a vSphere VM based on this template. The VM template creation is done by manually stepping through an installation using the minimal Ubuntu server ISO followed by a set of preparation steps. Then Terraform Terraform: creating an Ubuntu 20 Focal template and then guest VM in vCenter

Kubernetes: microk8s cluster on Ubuntu using terraform and libvirt

microk8s is a lightweight Kubernetes deployment by Canonical that is enterprise-grade, yet also compact enough to run on development boxes and edge devices. In this article, I will show you how to deploy a  three-node microk8s cluster on Ubuntu nodes that are created using Terraform and a local KVM libvirt provider. This article focuses on Kubernetes: microk8s cluster on Ubuntu using terraform and libvirt

KVM: installing Terraform and the libvirt provider for local KVM resources

Terraform is a popular tool for provisioning infrastructure on cloud providers such as EC2 and Azure, but there is also a provider written for local KVM libvirt resources. Using the libvirt provider, we can use standard Terraform constructs to create local VMs, networks, and disks.  And unlike older versions of this provider, the plugin binary KVM: installing Terraform and the libvirt provider for local KVM resources

Terraform: provisioning GCP servers in both public and private subnets

It is relatively straightforward to create a GCP public subnet where the compute instances have access to the public internet via the default internet gateway. But once you start building private subnets behind it, you must start considering firewall, routing, and the NAT gateways required to reach public services. In this article, I will use Terraform: provisioning GCP servers in both public and private subnets

Terraform: provisioning AWS servers in both public and private subnets

It is relatively straightforward to create an AWS public subnet where the compute instances have access to the public internet via the default internet gateway. But once you start building private subnets behind it, you must start considering security groups, routing, and the NAT gateways required to reach public services. In this article, I will Terraform: provisioning AWS servers in both public and private subnets

Terraform: provisioning an RDP enabled Windows server in Azure

The ‘azurerm‘ Terraform provider allows you to build a Windows server in Microsoft’s Azure hyperscaler. However, in order to use this provisioner, you must first install the Azure CLI. And in line with automation best practices we will use a Service Account (Principal) to create the networks, security rules, and compute instances. When complete, you’ll Terraform: provisioning an RDP enabled Windows server in Azure

Terraform: installing Terraform manually on Ubuntu

Terraform is a popular tool for provisioning infrastructure on cloud providers such as EC2, Azure, and GCP.    If you want to install Teraform on Ubuntu using apt-get, follow HashiCorp’s standard installation document. However, I find that I often need multiple versions for different projects.  Find your desired version of the binaries at the Terraform download Terraform: installing Terraform manually on Ubuntu

Terraform: invoking a startup script for an EC2 aws_instance

You can bake a startup script directly into the creation of your EC2 instance when using Terraform.  Although complex post-configuration should be left to tools such as Ansible, essential bootstrap type commands or custom routes for instances in private subnets are reasons why you might need to use this hook. Below is an example of Terraform: invoking a startup script for an EC2 aws_instance

Terraform: using update-alternatives to manage multiple terraform binaries

If you have multiple terraform projects, it can be necessary to support multiple versions of the terraform binary to match module and provider dependencies. Instead of creating a custom solution of binary copies and links, this can be done using the Alternatives concept which handles these symbolic links in a standard way using links in Terraform: using update-alternatives to manage multiple terraform binaries

Terraform: Using non-authoritative resources to avoid IAM membership dependency web

One of the most challenging aspects of using Terraform is dealing with external changes and sprawl of dependent objects that may originate outside your control.  Terraform wants to be a system of record and have everything documented in its state as resource/data, however keeping your state in sync when other groups may be doing automation Terraform: Using non-authoritative resources to avoid IAM membership dependency web

KVM: Terraform and cloud-init to create local KVM resources

Terraform is a popular tool for provisioning infrastructure on cloud provider such as EC2 and Azure, but there is also a provider written for local KVM libvirt resources. Using the libvirt provider, we can use standard Terraform constructs to create local VMs, networks, and disks.