Terraform

Today, more and more companies are using the cloud to implement work en­vi­ron­ments or even complete IT struc­tures. In­fra­struc­ture as a Service (IaaS) is often the most simple and in­ex­pen­sive way to create a basis for planned projects. Cloud solutions also enable you to react precisely to current re­quire­ments: While the un­der­ly­ing com­po­nents, such as servers, firewalls or load balancers are static in the provider’s data center, cloud solutions are not, they can be changed dy­nam­i­cal­ly in a vir­tu­al­ized cloud en­vi­ron­ment – giving customers the ability to increase or decrease resources as needed at any time.

To ensure this flex­i­bil­i­ty, providers offer APIs that allow the leased IaaS en­vi­ron­ment to be scaled at any time with the ap­pro­pri­ate software – freedoms that are at­trac­tive, but also involve a big ad­min­is­tra­tive effort. With the software Terraform, the US company HashiCorp is providing the right answer to minimize this effort in the long run. What this tool for In­fra­struc­ture as Code (IaC) is all about is explained below.

When it comes to un­der­ly­ing in­fra­struc­ture in software de­vel­op­ment, ad­min­is­tra­tors always face a challenge: The tendency towards agile de­vel­op­ment leads to shorter and shorter de­vel­op­ment cycles and an even faster im­ple­men­ta­tion of changes. In order to meet the high demands of this fast pace, IT managers need to automate resource man­age­ment as much as possible. This involves writing machine-readable con­fig­u­ra­tion code, also known as In­fra­struc­ture-as-Code (IaC).

In order to simplify this process, IT managers can fall back on the services of the Terraform software, which on the one hand enables a uniform de­scrip­tion of the target in­fra­struc­ture and on the other ensures that this is im­ple­ment­ed to the standards of supported IaaS providers.

Terraform is basically Open Source (Mozilla Public License 2.0) and can therefore be down­loaded and used free of charge. However, several team col­lab­o­ra­tion features as well as features for public in­sti­tu­tions and or­ga­ni­za­tions are only available in the paid editions “En­ter­prise Pro” and “En­ter­prise Premium”. The IaC Service 2012 was developed by San Francisco-based HashiCorp.

Since usually it’s not just one, but many cloud services that are used to implement IT in­fra­struc­ture or the necessary resources for software de­vel­op­ment, you as the re­spon­si­ble person have to adapt to a number of different in­ter­faces (APIs) by default, as well as fa­mil­iar­ize yourself with the nuances of the re­spec­tive platform. This applies re­gard­less of whether you make changes to the in­fra­struc­ture, or whether you want to write your own IaC in­struc­tions for automated access.

As a Terraform user, you won’t have this problem. Instead of the interface languages, you can either use the sim­pli­fied JavaScript markup language JSON or the JSON-based HashiCorp Con­fig­u­ra­tion Language (HCL) to describe the desired target in­fra­struc­ture. The latter is the option HashiCorp recommend, as it makes writing and reading code through comments and other features even easier. Terraform works with the re­spec­tive con­fig­u­ra­tion files as ordinary text files, whereas the IaC tool uses the extension .tf. Using an ap­pro­pri­ate tool such as Git or SVN, you can easily version these files if you wish.

The main function of Terraform is the user-friendly con­fig­u­ra­tion of in­fra­struc­ture resources, in which HCL or JSON play a central role. However, lin­guis­tic sim­plic­i­ty is def­i­nite­ly not all that dis­tin­guish­es the IaC tool: Created con­fig­u­ra­tion files can only achieve their desired effect with the co­op­er­a­tion of all important software and hardware providers with in­di­vid­u­al­ly ex­pand­able basic ar­chi­tec­ture, as well as the easy-to-use command line interface.

The HashiCorp Con­fig­u­ra­tion Language mentioned above is primarily intended to describe the desired result, not the steps to achieve it. The most important element of the Terraform language is resources, because these describe the in­fra­struc­ture com­po­nents whose man­age­ment is to be automated with Terraform. All other language features exist ex­clu­sive­ly to specify the re­spec­tive resources. The following three basic elements play an important role:

• Blocks: Blocks are con­tain­ers for content. In this function, they provide space for con­fig­u­ra­tions of any objects, es­pe­cial­ly for con­fig­ured resources. Each block has a block type, one or more labels and a body area. The latter contains any number of arguments and sub-blocks.
• Arguments: To assign a value to a name, use arguments in HCL. These are always declared within blocks.
• Ex­pres­sions: Ex­pres­sions represent a value. It can be a concrete value or a reference to one or more other values. An ex­pres­sion occurs either as a value for an argument or within other arguments.

With HCL as a de­clar­a­tive language, the sequence of the in­di­vid­ual blocks is not relevant. Terraform au­to­mat­i­cal­ly processes the described resources in the correct sequence based on pre­de­fined re­la­tion­ships. Only the so-called pro­vi­sion­er blocks which are needed to execute scripts, play a role.

Terraform provides its own command line interface so that the created con­fig­u­ra­tion files can be evaluated and used. This interface defines the syntax and overall structure of the Terraform language and co­or­di­nates all change steps required to implement the con­fig­ured in­fra­struc­ture. The CLI itself has no knowledge of specific types of in­fra­struc­ture resources, but obtains this in­for­ma­tion via special “provider” ex­ten­sions. In this way, the interface knows how to define and manage the in­di­vid­ual resource types at the supported cloud providers – and therefore also how to pass on the uni­ver­sal­ly for­mu­lat­ed in­struc­tions in the Terraform con­fig­u­ra­tion files to the various cloud APIs.

In order to allocate real resources to the con­fig­u­ra­tion, keep track of metadata, and con­tin­u­ous­ly improve the per­for­mance of larger in­fra­struc­tures, Terraform stores the status of resources and the IaC con­fig­u­ra­tion created. By default, the software stores the file terraform.tfstate in a local directory – al­ter­na­tive­ly, a different location can be selected, which is par­tic­u­lar­ly rec­om­mend­ed for team work. In order to compare the status with the current in­fra­struc­ture each time, Terraform au­to­mat­i­cal­ly updates the CLI before each program operation.

If you have created an in­fra­struc­ture by other means, you can import this existing setup thanks to the in­te­grat­ed function to manage the cor­re­spond­ing resources in the future with Terraform. Currently only the resources, but not their con­fig­u­ra­tion, are added to the current status. The latter, however, should be possible in future versions of the IaC tool.

Terraform allows you to create a de­pen­den­cy graph of the defined in­fra­struc­ture con­fig­u­ra­tion or execution plan. All you need to do is use the CLI command “terraform graph” and define the desired graph type, and Terraform will au­to­mat­i­cal­ly generate a cor­re­spond­ing output file in DOT format. This can be re­pro­duced using the vi­su­al­iza­tion software Graphviz, which HashiCorp also rec­om­mends in the official online doc­u­men­ta­tion. The command line can also be used to easily convert the file into an image format like SVG.

Terraform is based on a plugin-based ar­chi­tec­ture that makes it possible to extend the func­tion­al­i­ty of the IaC suite at any time. For example, the com­mis­sion­ers for executing the scripts are among the plugins, as are the provider ex­ten­sions that provide the CLI with all relevant in­for­ma­tion about the supported web services. De­vel­op­ers who are pro­fi­cient in the pro­gram­ming language Go(lang) and have knowledge of the cor­re­spond­ing provider APIs can even write their own ex­ten­sions to link Terraform with cloud services that are not of­fi­cial­ly supported. Newly released plugins from HashiCorp are au­to­mat­i­cal­ly down­loaded and included, while all third-party ex­ten­sions require you to do this manually.

Thanks to the range of supported cloud service providers which HashiCorp is con­tin­u­ous­ly expanding and which can also be in­de­pen­dent­ly expanded with the cor­re­spond­ing know-how, Terraform is suitable for a wide variety of ap­pli­ca­tions. Among the most popular use cases of the In­fra­struc­ture-as-Code tool are the following three:

Heroku is one of the best known PaaS providers for hosting your own web apps. All tools and services required for the app can be included in the form of add-ons and monitored via the platform’s own dashboard. Terraform does a lot of the work for you by not just writing the code for your app’s setup, but also ensuring that all necessary add-ons are available at all times.

The layer ar­chi­tec­ture has proven itself as a struc­tur­ing concept for software systems – the two-layer ar­chi­tec­ture with web server and sub­or­di­nate database level is par­tic­u­lar­ly popular. The ability to scale the layers in­de­pen­dent­ly is ad­van­ta­geous for many projects. Terraform proves to be an ideal tool: Each layer can be described as a col­lec­tion of resources. In addition, the IaC software regulates de­pen­den­cies, e.g. in the case of the model mentioned, it ensures that the database level is available before the web server starts.

Software Defined Net­work­ing is becoming more and more important in data centers. Software-con­trolled man­age­ment of vir­tu­al­ized network resources offers ad­min­is­tra­tors and de­vel­op­ers a high degree of control and flex­i­bil­i­ty. Terraform allows you to write a complete con­fig­u­ra­tion for these SDN services and use it to au­to­mat­i­cal­ly set up and customize the software-defined network struc­tures.

For many managers, dis­trib­ut­ing in­fra­struc­ture across multiple clouds is an extremely at­trac­tive model. Dis­trib­ut­ing across multiple providers increases fault tolerance and re­silience, and makes it easier to recover lost resources than relying on a single provider. Thanks to its universal syntax, Terraform sim­pli­fies the creation of such multi-cloud struc­tures. In addition, the ap­pli­ca­tion can manage multiple providers with a single con­fig­u­ra­tion and even manage cross-cloud de­pen­den­cies.

In­fra­struc­ture as Code helps you stay com­pet­i­tive in a con­stant­ly changing IT en­vi­ron­ment. A high level of au­toma­tion helps you keep track of the resources you need and make the necessary in­fra­struc­ture changes as quickly as possible. Terraform proves to be an efficient tool for both the creation and execution of “pro­gram­ma­ble” in­fra­struc­ture – not least thanks to the support of cloud services like AWS, Azure and Google Cloud. One of the IaC software’s greatest strengths is its uniform syntax for de­scrib­ing the in­fra­struc­ture. However, you always have the choice between the HashiCorp con­fig­u­ra­tion language HCL and the JSON award.

A further advantage of Terraform is the plugin-based structure, which enables both the man­u­fac­tur­er and third-party providers to extend the func­tion­al­i­ty of the software at any time. In the case of man­u­fac­tur­er ex­ten­sions, Terraform even downloads them au­to­mat­i­cal­ly without you having to initiate the update. In addition, the open source solution convinces with features like a storage function, thanks to which you can call up and con­ve­nient­ly adapt in­fra­struc­ture setups once they have been set up at any time, as well as the pos­si­bil­i­ty of gen­er­at­ing a de­pen­den­cy graph for all steps of the IaC creation and execution.

In terms of costs, Terraform also cuts a good figure due to the open source approach: The use of the IaC software is basically free of charge. However, if you need col­lab­o­ra­tion features such as a link to the version man­age­ment of your choice or the pos­si­bil­i­ty to manage resources with Terraform via remote access, you are dependent on the rel­a­tive­ly expensive en­ter­prise plans. Small busi­ness­es can quickly reach their financial limits at this point. What’s more, re­gard­less of the edition you choose, you have to be prepared for a demanding, time-consuming start. Once you’ve fa­mil­iar­ized yourself with how Terraform works and the HCL language you designed, you can use the tool to make tedious routine work and laborious cross-service resource man­age­ment a thing of the past.