Terraform

Today, more and more companies are using the cloud to implement work environments or even complete IT structures. Infrastructure as a Service (IaaS) is often the most simple and inexpensive way to create a basis for planned projects. Cloud solutions also enable you to react precisely to current requirements: While the underlying components, such as servers, firewalls or load balancers are static in the provider’s data center, cloud solutions are not, they can be changed dynamically in a virtualized cloud environment – giving customers the ability to increase or decrease resources as needed at any time.

To ensure this flexibility, providers offer APIs that allow the leased IaaS environment to be scaled at any time with the appropriate software – freedoms that are attractive, but also involve a big administrative effort. With the software Terraform, the US company HashiCorp is providing the right answer to minimize this effort in the long run. What this tool for Infrastructure as Code (IaC) is all about is explained below.

When it comes to underlying infrastructure in software development, administrators always face a challenge: The tendency towards agile development leads to shorter and shorter development cycles and an even faster implementation of changes. In order to meet the high demands of this fast pace, IT managers need to automate resource management as much as possible. This involves writing machine-readable configuration code, also known as Infrastructure-as-Code (IaC).

In order to simplify this process, IT managers can fall back on the services of the Terraform software, which on the one hand enables a uniform description of the target infrastructure and on the other ensures that this is implemented to the standards of supported IaaS providers.

Terraform is basically Open Source (Mozilla Public License 2.0) and can therefore be downloaded and used free of charge. However, several team collaboration features as well as features for public institutions and organizations are only available in the paid editions “Enterprise Pro” and “Enterprise Premium”. The IaC Service 2012 was developed by San Francisco-based HashiCorp.

Since usually it’s not just one, but many cloud services that are used to implement IT infrastructure or the necessary resources for software development, you as the responsible person have to adapt to a number of different interfaces (APIs) by default, as well as familiarize yourself with the nuances of the respective platform. This applies regardless of whether you make changes to the infrastructure, or whether you want to write your own IaC instructions for automated access.

As a Terraform user, you won’t have this problem. Instead of the interface languages, you can either use the simplified JavaScript markup language JSON or the JSON-based HashiCorp Configuration Language (HCL) to describe the desired target infrastructure. The latter is the option HashiCorp recommend, as it makes writing and reading code through comments and other features even easier. Terraform works with the respective configuration files as ordinary text files, whereas the IaC tool uses the extension .tf. Using an appropriate tool such as Git or SVN, you can easily version these files if you wish.

The main function of Terraform is the user-friendly configuration of infrastructure resources, in which HCL or JSON play a central role. However, linguistic simplicity is definitely not all that distinguishes the IaC tool: Created configuration files can only achieve their desired effect with the cooperation of all important software and hardware providers with individually expandable basic architecture, as well as the easy-to-use command line interface.

The HashiCorp Configuration Language mentioned above is primarily intended to describe the desired result, not the steps to achieve it. The most important element of the Terraform language is resources, because these describe the infrastructure components whose management is to be automated with Terraform. All other language features exist exclusively to specify the respective resources. The following three basic elements play an important role:

• Blocks: Blocks are containers for content. In this function, they provide space for configurations of any objects, especially for configured resources. Each block has a block type, one or more labels and a body area. The latter contains any number of arguments and sub-blocks.
• Arguments: To assign a value to a name, use arguments in HCL. These are always declared within blocks.
• Expressions: Expressions represent a value. It can be a concrete value or a reference to one or more other values. An expression occurs either as a value for an argument or within other arguments.

With HCL as a declarative language, the sequence of the individual blocks is not relevant. Terraform automatically processes the described resources in the correct sequence based on predefined relationships. Only the so-called provisioner blocks which are needed to execute scripts, play a role.

Terraform provides its own command line interface so that the created configuration files can be evaluated and used. This interface defines the syntax and overall structure of the Terraform language and coordinates all change steps required to implement the configured infrastructure. The CLI itself has no knowledge of specific types of infrastructure resources, but obtains this information via special “provider” extensions. In this way, the interface knows how to define and manage the individual resource types at the supported cloud providers – and therefore also how to pass on the universally formulated instructions in the Terraform configuration files to the various cloud APIs.

In order to allocate real resources to the configuration, keep track of metadata, and continuously improve the performance of larger infrastructures, Terraform stores the status of resources and the IaC configuration created. By default, the software stores the file terraform.tfstate in a local directory – alternatively, a different location can be selected, which is particularly recommended for team work. In order to compare the status with the current infrastructure each time, Terraform automatically updates the CLI before each program operation.

If you have created an infrastructure by other means, you can import this existing setup thanks to the integrated function to manage the corresponding resources in the future with Terraform. Currently only the resources, but not their configuration, are added to the current status. The latter, however, should be possible in future versions of the IaC tool.

Terraform allows you to create a dependency graph of the defined infrastructure configuration or execution plan. All you need to do is use the CLI command “terraform graph” and define the desired graph type, and Terraform will automatically generate a corresponding output file in DOT format. This can be reproduced using the visualization software Graphviz, which HashiCorp also recommends in the official online documentation. The command line can also be used to easily convert the file into an image format like SVG.

Terraform is based on a plugin-based architecture that makes it possible to extend the functionality of the IaC suite at any time. For example, the commissioners for executing the scripts are among the plugins, as are the provider extensions that provide the CLI with all relevant information about the supported web services. Developers who are proficient in the programming language Go(lang) and have knowledge of the corresponding provider APIs can even write their own extensions to link Terraform with cloud services that are not officially supported. Newly released plugins from HashiCorp are automatically downloaded and included, while all third-party extensions require you to do this manually.

Thanks to the range of supported cloud service providers which HashiCorp is continuously expanding and which can also be independently expanded with the corresponding know-how, Terraform is suitable for a wide variety of applications. Among the most popular use cases of the Infrastructure-as-Code tool are the following three:

Heroku is one of the best known PaaS providers for hosting your own web apps. All tools and services required for the app can be included in the form of add-ons and monitored via the platform’s own dashboard. Terraform does a lot of the work for you by not just writing the code for your app’s setup, but also ensuring that all necessary add-ons are available at all times.

The layer architecture has proven itself as a structuring concept for software systems – the two-layer architecture with web server and subordinate database level is particularly popular. The ability to scale the layers independently is advantageous for many projects. Terraform proves to be an ideal tool: Each layer can be described as a collection of resources. In addition, the IaC software regulates dependencies, e.g. in the case of the model mentioned, it ensures that the database level is available before the web server starts.

Software Defined Networking is becoming more and more important in data centers. Software-controlled management of virtualized network resources offers administrators and developers a high degree of control and flexibility. Terraform allows you to write a complete configuration for these SDN services and use it to automatically set up and customize the software-defined network structures. Among other things, Terraform supports the very popular SDN solution Amazon Virtual Private Cloud (Amazon VPC).

For many managers, distributing infrastructure across multiple clouds is an extremely attractive model. Distributing across multiple providers increases fault tolerance and resilience, and makes it easier to recover lost resources than relying on a single provider. Thanks to its universal syntax, Terraform simplifies the creation of such multi-cloud structures. In addition, the application can manage multiple providers with a single configuration and even manage cross-cloud dependencies.

Infrastructure as Code helps you stay competitive in a constantly changing IT environment. A high level of automation helps you keep track of the resources you need and make the necessary infrastructure changes as quickly as possible. Terraform proves to be an efficient tool for both the creation and execution of “programmable” infrastructure – not least thanks to the support of cloud services like AWS, Azure and Google Cloud. One of the IaC software’s greatest strengths is its uniform syntax for describing the infrastructure. However, you always have the choice between the HashiCorp configuration language HCL and the JSON award.

A further advantage of Terraform is the plugin-based structure, which enables both the manufacturer and third-party providers to extend the functionality of the software at any time. In the case of manufacturer extensions, Terraform even downloads them automatically without you having to initiate the update. In addition, the open source solution convinces with features like a storage function, thanks to which you can call up and conveniently adapt infrastructure setups once they have been set up at any time, as well as the possibility of generating a dependency graph for all steps of the IaC creation and execution.

In terms of costs, Terraform also cuts a good figure due to the open source approach: The use of the IaC software is basically free of charge. However, if you need collaborationfeatures such as a link to the version management of your choice or the possibility to manage resources with Terraform via remote access, you are dependent on the relatively expensive enterprise plans. Small businesses can quickly reach their financial limits at this point. What’s more, regardless of the edition you choose, you have to be prepared for a demanding, time-consuming start. Once you’ve familiarized yourself with how Terraform works and the HCL language you designed, you can use the tool to make tedious routine work and laborious cross-service resource management a thing of the past.