Provisioners are used to execute scripts and make configurations across resources created by Terraform.
TERRAFORM ALIGNS WITH SEVERAL PROVISIONERS Such as:
- Terraform file provisioner
- Remote Provisioner
- Local exec Provisioner
- Chef and puppet
TERRAFORM FILE PROVISIONER: It is used to copy certain files or directories from your remote systems (using SSH) to your local using a window or linux machine. At the level of the file provisioner, we are asking terraform to copy whatever is inside provisioner file from our local to the destination.
Potential Interview Question: HOW HAVE YOU TAKING ADVANTAGE OF FILE PROVISIONER?
USED CASE:
EFS mount: In my project, we actually had to create different virtual machines for different developers that joined the project, the reason for creating this different environment is because the developers needed it to complete their development. And they would need storage facilities to store all the application files. They were few files that were generic as a result, when new machines gets created this different resources needs to be uploaded across all the VM. For this, you can create a mount point and upload files in which File provisioner was established to accomplish the project orchestrating with terraform.
STEP 1:
NB: Create all the file before deploying step 4 and 5.
File provisioner- We are using ubuntu 18.04 operating system. Create a folder for example "file-provisioner"
STEP 2:
Within the "file folder" create a file "app" and within the app create a folder "ec2-keypair".
STEP 3:
Within the ec2-keypair folder, create a file "ec2.tf" and pass the config file below within ec2.tf file. And you specify the connection block using the link below.
There are two ways to pass a user data in terraform, you can pass it as "raw data" below. As well as passing user data as external file where "shell script" is created within the local environment.
resource "aws_instance" "Test-VM" {
ami = "ami-061d******4525c"
instance_type = "t3.micro"
#count = 3 # create three similar EC2 instances
key_name = "cicd"
vpc_security_group_ids = ["sg-0b00b*******7539"]
user_data = <<-EOF
sudo apt update -y
sudo apt -y install apache2
sudo systemctl start apache2
sudo systemctl enable apache2
EOF
tags = {
Name = "Test-VM"
}
# Copies the file as the root user using SSH
connection {
type = "ssh"
user = "ubuntu"
password = ""
host = self.public_ip
private_key = file("ec2-keypair/cicd.pem")
}
provisioner "file" {
source = "app/"
destination = "/home/ubuntu"
}
}
STEP 4:
Your terminal
"cd" into the folder file provisioner to ec2-keypair
ls
ls ~/downloads/cicd.pem
The location of the pem ( local) should be specified.
STEP 5:
cp ~/downloads/cicd.pem . /
STEP 6:
"ls"
STEP 7:
You invoked the keypair from your local into the keypair configuration folder.
STEP 8:
Create a file for example "provider.tf"
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.39.0"
}
}
}
provider "aws" {
region = "us-east-1"
profile= "default"
}
REMOTE PROVISIONER: You can bootstrap/user data to pass and configure it. For example instance, after it has been created. At this point your bash shell command or linux command would be required.
STEP 1:
Create a folder for example "Remote-exec".
STEP 2:
Create another folder "ec2-keypair" within the "Remote-exec".
STEP 3:
Within ec2-keypair folder create a file "ec2.tf" below. "EOF" indicate your user data is done in flight.
resource "aws_instance" "Test-VM" {
ami = "ami-061dbd1******5c"
instance_type = "t3.micro"
#count = 3 # create three similar EC2 instances
key_name = "cicd"
vpc_security_group_ids = ["sg-0b0***b77****9"]
user_data = <<-EOF
sudo apt update -y
sudo apt -y install apache2
sudo systemctl start apache2
sudo systemctl enable apache2
EOF
tags = {
Name = "Test-VM"
}
# Copies the file as the root user using SSH
connection {
type = "ssh"
user = "ubuntu"
password = ""
host = self.public_ip
private_key = file("ec2-keypair/cicd.pem")
}
provisioner "remote-exec" {
inline = [
"sudo apt update -y"
]
}
}
output "public_ip" {
value = aws_instance.Test-VM.*.public_ip
}
STEP 4:
Create a file for example "provider.tf"
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.39.0"
}
}
}
provider "aws" {
region = "us-east-1"
profile= "default"
}
LOCAL EXEC PROVISIONER: This provisioner runs local scripts after resources has been created. You mostly use it if you want to lock IP which stores the value locally. It can be used to capture the metadata of the resources that you created.
For example:
Resources can be EC2, DNS (PUBLIC OR PRIVATE), IP (PUBLIC OR PRIVATE)
STEP 1:
Create a folder for example "Local-exec"
STEP 2:
Within the local folder, create "ec2.tf".
resource "aws_instance" "Test-VM" {
ami = "ami-061d*********5c"
instance_type = "t3.micro"
#count = 3 # create three similar EC2 instances
key_name = "cicd"
vpc_security_group_ids = ["sg-0b00bb***7539"]
user_data = <<-EOF
sudo apt update -y
sudo apt -y install apache2
sudo systemctl start apache2
sudo systemctl enable apache2
EOF
tags = {
Name = "Dev-VM"
}
provisioner "local-exec" {
command = "echo ${self.public_ip} >> public_ips.txt"
}
}
output "public_ip" {
value = aws_instance.Test-VM.*.public_ip
}
STEP 3:
Create a file for example "provider.tf"
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.39.0"
}
}
}
provider "aws" {
region = "us-east-1"
profile= "default"
}
STEP 4:
Create a file for example "public_ips.txt"
"44.**.171.1*5"
STEP 5 :
"cd" into the path
STEP 6 :
Run the terraform commands : This below error is as a result of incorrect keypair in your configuration file.
-Init
-Validate
-plan
-apply
STEP 7:
Verify in your console the resources provisioned and open port 22.
-destroy
NOTE: You need to change the "source and destination" by passing the "user data" and "security group"in the steps.
Potential Interview Question: HOW WILL TERRAFORM AUTHENTICATE?
If you're creating a VM, you need to login. Terraform provide you a "CONNECTION BLOCK".
If you're using Linux, you need to provide the SSH KEY, user, the PRIVATE KEY, and terraform will use that access to authenticate in the connection block.
And to authenticate for windows we use "WINRM".
SELF FUNCTION:
Allows terraform to create the instance after and start executing it from the actual resource.
OR
"self" is a function in terraform that used to reference a particular configuration to its self.
Referencing: https://github.com/UCHE2022?tab=repositories
No comments:
Post a Comment