Terraform (Application)

From campisano.org
Jump to navigation Jump to search

Terraform

Install

# shared/opt install schema v1.5.6

#### as common user ####
# define applications vars
export SOFTWARE_PATH="/home/shared/opt/software"
export NAME="terraform"
export VERSION="1.1.9"
export URL="https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip"
su - -w SOFTWARE_PATH,NAME,VERSION

#### as root ####
# install packages and prepare destination path
apt-get -q -y install wget coreutils findutils < /dev/null
apt-get -q -y install unzip < /dev/null
mkdir -m 777 "${SOFTWARE_PATH}/tmp_install/" "${SOFTWARE_PATH}/${NAME}_${VERSION}/"
exit

#### as common user ####
umask 0027
cd "${SOFTWARE_PATH}/tmp_install"
wget -c --no-check-certificate "${URL}"
unzip "terraform_${VERSION}_linux_amd64.zip"
mv terraform "${SOFTWARE_PATH}/${NAME}_${VERSION}"
cd
su - -w SOFTWARE_PATH,NAME,VERSION

#### as root ####
# ensure permissions to destination path
cd "${SOFTWARE_PATH}"
chown -R root:users "${NAME}_${VERSION}"
find "${NAME}_${VERSION}" -type d -exec chmod a-s,u+rwx,g+rx,g-w,o-rwx {} \;
find "${NAME}_${VERSION}" -type f -exec chmod a-s,u+rw,g+r,g-w,o-rwx {} \;
rm -rf tmp_install
ln -s -f -T "${NAME}_${VERSION}" "${NAME}"
exit

#### as common user ####
# test the application (you can put the follow in ~/.profile)
export SOFTWARE_PATH="/home/shared/opt/software"
export PATH="${PATH}:${SOFTWARE_PATH}/terraform"
terraform --version

Configure a project with a remote state

By default, Terraform stores the state of your resources locally, into files and folders of the project root directory. A list of remote state backends is available there.

Interesting non provider-specific backends are http (rest), pg (postgres), kubernetes and s3 (aws or compatible).

In this example we will use the GitLab free http state backend service for terraform.

Select your gitlab profile, go to "Access Tokens" and create a personal token with the "api" scope.

Remember to save the token.

Please note that in GitLab tokens will expire. You can use a personal token (sig!) and a scheduled pipeline to daily rotate your token!

Now create a backend.tf file with the following command

Please rembember to replace <PROJECT_ID> with your project repository id and <TERRAFORM_STATE_NAME> with a name for your terraform state 

cat > backend.tf << 'EOF'
terraform {
  backend "http" {
    address        = "https://gitlab.com/api/v4/projects/<PROJECT_ID>/terraform/state/<TERRAFORM_STATE_NAME>"
    lock_address   = "https://gitlab.com/api/v4/projects/<PROJECT_ID>/terraform/state/<TERRAFORM_STATE_NAME>/lock"
    unlock_address = "https://gitlab.com/api/v4/projects/<PROJECT_ID>/terraform/state/<TERRAFORM_STATE_NAME>/lock"
    lock_method    = "POST"
    unlock_method  = "DELETE"
    update_method  = "POST"
    retry_wait_min = 5
  }
}
EOF

Now [use env vars to use authentication in a secure way, exporting the following variables 

TF_USERNAME="<YOUR-GITLAB-USERNAME>"
TF_PASSWORD="<YOUR-GITLAB-CREATED-TOKEN>"

Now you can apply your terraform project storing the project state in a persistent and shareable place.

  • Update go back to a local backend

The gitlab token expiration is a pain, so just in case, if you want to go back to a local backend, you need just to remove the backend.tf file and run 

terraform validate
terraform init -migrate-state
terraform state list
Retrieved from "https://www.campisano.org/mediawiki/index.php?title=Terraform_(Application)&oldid=2732"