Introduction to Terraform

Welcome to the introduction of Terraform. We are going to cover what Terraform is, what are its key features, how it is different from existing tools, etc. Terraform is a tool by HashiCorp. There are other tools from the HashiCorp such as Vagrant, Packer, Vault, Consul, and Nomad.

Most of us have used public cloud services like AWS, Azure, Google Cloud Platform, etc. Creating our infrastructure on these platforms are pretty easy and straightforward when done manually.

When we talk about infrastructure, we talk about Networks, Subnets, Firewalls, Storage, Load Balancers, etc and when we talk about automating our infrastructure, we talk about the reusability, reliability and sharable features.

There are already many configuration management tools in the market such as Chef, Ansible, Puppet, Salt, etc. These tools can be used to automate your services running inside the virtual machine. But we need a reusable process to build infrastructure. The idea is to treat the infrastructure in the same way as an application.

So all the principles which can be applied to software development can be applied to infrastructure too like version control. The infrastructure can be shared as it is a code and can be rolled back to the previous version if needed.

 

What is Terraform?

Terraform is a tool for building, changing and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

[Definition from terraform.io]

The configuration file described in Terraform can create a single application or the entire data center. Terraform even generates an execution plan before creating the actual infrastructure.

As the configuration changes, Terraform is capable of updating the infrastructure with the new changes made to it.

Terraform can even manage low-level components such as compute, networking, storage as well as high-level components like DNS entries, SaaS features, etc.

Key features of Terraform

  • Infrastructure as Code: The infrastructure is described using an advanced configuration language. It can be changed, shared and re-used.
  • Execution Plans: Terraform has a planning strategy where it executes a dry run to the configuration. It shows the changes to be made to infrastructure even before making the actual changes.
  • Resource Graph: The tool creates a graph of all the resources and shows the dependency on one another.
  • Change Automation: The changes can be made to your infrastructure with very less human intervention avoiding possible human error.

 

Why can’t Chef, Ansible, Puppet or Salt?

The configuration management tools install and manage software on a machine that already exists. Terraform does the same and it also allows to focus on bootstrapping and initializing resources.

Having said that you can also use configuration management tools along with Terraform to configure things inside the virtual machine. Using provisioners, terraform enables any configuration management tool to be used to set up a resource once it has been created.

If you are using Docker containers for running your application, these are self-sufficient and will contain the whole configuration for your application. In this case, the tools like Chef, Puppet, Ansible, etc is not needed. But you still need something to manage your infrastructure because the container will run anyway in the top of a server/virtual machine. Terraform can be used to create your infrastructure for your containers to run on.

The tools like Chef, Puppet, Ansible, etc are used as IAC (Infrastructure as Code) but Terraform is best suited for this as it can even maintain the state of the infrastructure.

 

Why can’t Amazon AWS or Microsoft Azure?

All the major cloud vendors provide their own tools to define their infrastructure in the form of templates that can be reused. These tools are very similar to Terraform in achieving their goals.

The only problem with these templates is that they are cloud-specific that means AWS CloudFormation templates can only be used to create AWS resources and Azure ARM templates can only be used to create Azure resources.

Basically, you cannot migrate to different cloud providers as they are closely integrated with their cloud vendors.

When writing a Terraform file, we can easily migrate it within cloud providers. It is a cloud-agnostic tool which enables the provisioning of hybrid-cloud infrastructures with a single tool.

Terraform even ships with providers for lots of different services including AWS, Google Cloud, OpenStack, CloudFlare, DNSimple, and more.

 

Advantages of Terraform

Orchestration, not merely Configuration: All the configuration management tools were created for server configuration and their primary goal was to install and manage the software already existed in the server / virtual machine. Terraform concentrates more on server provisioning. When the whole cloud infrastructure is treated as a code and all the parameters are combined in a configuration file, all the members of the team can easily collaborate on them as they would do on any other code.

Multi-Provider: This is the most versatile feature of Terraform that it supports multi-cloud orchestration such as AWS, Azure, OpenStack, etc as well as on-premises deployments. This is really helpful when we use two different resources from two different cloud providers at the same time.

Immutable infrastructure: When Chef, Salt, Puppet, and Ansible runs any software updates on servers, this can quite often lead to a configuration drift when differences in the configuration lead to bugs that can lead to security breaches. Terraform addresses the issue by utilizing an immutable infrastructure approach where every configuration change leads to a separate configuration snapshot which means deployment of a new server and de-provisioning the old one. This way, updating the development environment goes very smooth and bug-free and even returning to the old configuration is as easy as rolling back to a specific version.

Syntax: Terraform uses a custom language known as HCL (HashiCorp Configuration Language). This language was designed to compromise the human readable and the machine friendly languages.

Dry Runs: One another advantages of Terraform is that it supports something called Plan. This looks at the Terraform file and determines the changes you are going to make in the infrastructure before actually making it.

Client-only architecture: Terraform leverages the cloud provider’s API for provisioning the infrastructure which eliminates the need for additional checks and also running the configuration management system in a separate server. Ansible does this by connecting through SSH, yet with limitations. Terraform works with APIs and opens up the endless varieties of options which makes it more secure, reliable and easy to use.

Super Portability: You have only one tool and one language for describing the infrastructure for multiple cloud providers. Migrating to vendors is not a problem anymore.

Disadvantages of Terraform

Terraform is a new tool so it’s not that perfect. With less user base and developers, it’s still in developing phase. Even the community size is not that big as compared to the other tools in the competition.

It was developed by keeping cloud orchestration in mind but Ansible, Puppet works super fine with bare-metal servers too. That makes Terraform configurations nice but not an all-in-one solution.

Terraform resources are created by HashiCorp, so there can be a delay in adding something which is newly released. Just take an example of a new resource created in AWS. After the functionality is added in AWS, HashiCorp will start working on integrating that in Terraform.

CONCLUSION

Being an open-source tool, Terraform has a strong community of developers all around the world. It will not be the fall of other tools like Ansible, Chef or Puppet but Terraform will take a right place in the DevOps Toolkit.

***

For more details on Terraform functionalities, installation and configuration, click here.

Post Views: 19,925
The following two tabs change content below.

Ankesh K

Hello, my name is Ankesh and I work as a Sr. DevOps Engineer in an IT firm where I have hands-on experience in supporting and automating deployments in the cloud, leveraging configuration management and DevOps process. I like to keep myself always in the learning path and love to share knowledge with others. One of my other interests is Graphics Designing and my hobbies are Cooking and Playing Cricket.