The post Retrieving Resource IDs in Terraform – The Terraform Data Block appeared first on For all your terraform needs.
]]>data “google_project” “project” {
}
output "project_number" {
value = data.google_project.project.number
}Terraform Destroy and the Data Block
When executing the terraform destroy command on our Terraform configuration, Terraform does not perform a destroy action on the resource called by the data block. It is a read only block.
The data block is also called when executing the terraform plan command, so your external resource must be present before you execute the terraform plan and terraform apply commands.
One can apply a filter to search for specific projects – e.g. projects about to be deleted
data "google_projects" "my-organization-projs" {
filter = "parent.id:23232323 lifecycleState:DELETE_REQUESTED"
}
data "google_project" "deletion-candidate" {
project_id = data.google_projects.my-organization-projs.projects[0].project_id
}
Instead of hard coding IDs of resources, the terraform data block allows dynamic retrieval of resource IDs. It also allows searching / filtering based a filter inside the data block.
Need an experienced Cloud Networking or a Cloud Data Protection Expert? Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.
The post Retrieving Resource IDs in Terraform – The Terraform Data Block appeared first on For all your terraform needs.
]]>The post tfvars versus variables.tf appeared first on For all your terraform needs.
]]>To me, the primary use case is that I want to prompt a user to provide the value for the input variable. In that case, I HAVE to use variables.tf.. I simply define the variable and leave it’s value blank (of course, within the resource, this variable has to be a REQUIRED value).
The post tfvars versus variables.tf appeared first on For all your terraform needs.
]]>The post Using -out with terraform plan – terraform plan -out appeared first on For all your terraform needs.
]]>
Need an experienced Cloud Networking or a Cloud Data Protection Expert? Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.
The post Using -out with terraform plan – terraform plan -out appeared first on For all your terraform needs.
]]>The post Data Block External Data – Querying External Resources in Terraform appeared first on For all your terraform needs.
]]>Use either the data block or the terraform_remote_state block to retrieve external data.
However, there are scenarios where the data block does not exist in the provider or terraform_remote_state cannot be used, such as when we need to process with an external API or need to use a local tool and process its output.
# Read the JSON payload from stdin
$jsonpayload = [Console]::In.ReadLine()
# Convert JSON to a string
$json = ConvertFrom-Json $jsonpayload
$environment = $json.environment
if($environment -eq "Production"){
$location="westeurope"
}else{
$location="westus"
}
# Write output to stdout
Write-Output "{ ""location"" : ""$location""}"
Retrieving External data
data "external" "getlocation" {
program = ["Powershell.exe", "./GetLocation.ps1"]
query = {
environment = "${var.environment_name}"
}
}
Summary
External data sources are extremely useful in terraform – the data ‘external’ is defined for just this use case.
Need an experienced Cloud Networking or a Cloud Data Protection Expert? Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.
The post Data Block External Data – Querying External Resources in Terraform appeared first on For all your terraform needs.
]]>The post Referencing outputs from one terraform file in another terraform file appeared first on For all your terraform needs.
]]>Split Configuration across multiple files
You can (and should) split resources across multiple files (even folders, if you so desire). The entire deployment will have a single state file managing all the resources.
Accessing Resources across files
When you split resources in such a way (e.g loadbalancer.tf and backend.tf), how do you actually access resources defined in one file from another?
All of this works, because these split configuration files are still part of a single module – the root module.
What if the configuration is split across modules?
You have two options here – simply use the module keyword to access any resources (or output values) in one module from another.
The second option is to use the statefile of the second module – and use IT as a data source! See the sample below:
Define output values in your first file
Define the state (state file) of the 1st file as a data source for the second file
data "terraform_remote_state" "firstfile_data" {
backend = "local"
config = {
path = "../my_folders/terraform.tfstate"
}
}firstfile_data.outputs.keyversionThe post Referencing outputs from one terraform file in another terraform file appeared first on For all your terraform needs.
]]>The post Terraform Basics appeared first on For all your terraform needs.
]]>tf apply target
How do you destroy without being prompted?
terraform destroy --approval-true flag
When would you use a null resource in terraform?
To call an external script – e.g. to call a provisioner script
resource "null_resource" "execfile"
{ provisioner "local-scripts"
{ command = "${path.module}/hello.sh" interpreter = ["/bin/bash"]
}
}
What is the root module?
When you run Terraform commands directly from such a directory, it is considered the root module.
How do you plan before destroying?
terraform plan -destroy
How do you prevent a resource from being deleted by a subsequent tf script?
For resources that support it, the prevent_destroy attribute is what is needed.
What is Configuration management? How does it differ from provisioning?
Provisioning is Terraform. CM is tools such as Ansible and Jenkins which allow for actual VM configuration.They provide a consistent structure for folders, secrets etc. However, there is an overlap between these two areas. Mostly, you could use terraform (and some python) to do all your configuration management. user_data and Systems Manager in AWS or custom_script in GCP will allow
What is State File Locking?
State file locking is a mechanism in terraform where operation on a specific state file is blocked to avoid conflicts between multiple users performing the same operation.
The simplest workaround is to store the state in a remote bucket (s3 or cloud storage on gcp). See Multi Developer Terraform
How do you pass in a database password to a terraform resource?
TBD
How do you isolate the web tier from the database tier?
Separate Configuration Files and folders, so you can deploy the web tier independently of the db tier.
How do you prevent state file checkins?
In git, ensure you have a .gitignore that contains:
How do you add a git repo as an origin for git?
git remote add origin git@github.com:USERNAME/REPONAME.git
What is the difference between git push and git commit?
commit is just to your branch.
git push pushes YOUR branch commits to the origin (so other team mates can access them).
Similarly, git pull pulls all the changes from the origin / master.
Count in Terraform
resource "ec2" instances
{
count = 3
name = ec2.${count.,index}
}
TF Lists and Indexing a List Element
element(LIST, INDEX)
Dynamic Data
Either returned from a data element or from the output of a created resource.
What is the null resource?
How do you ensure that a resource is deleted in TF?
What is a tainted resource in terraform?
When a resource declaration is modified, Terraform usually attempts to update the existing resource in place (although some changes can require destruction and re-creation, usually due to upstream API limitations).
In some cases, you might want a resource to be destroyed and re-created even when Terraform doesn’t think it’s necessary.
for example, a virtual machine that configures itself with cloud-init on startup might no longer meet your needs if the cloud-init configuration changes.
terraform taint command tells Terraform to destroy and re-create a particular resource during the next apply, regardless of whether its resource arguments would normally require that.terraform untaint command undoes a previous taint, or can preserve a resource that was automatically tainted due to failed provisioners.Why would you need to UNTAINT a TAINTED resource?
If Terraform currently considers a particular object as tainted but you’ve determined that it’s actually functioning correctly and need not be replaced, you can use terraform untaint to remove the taint marker from that object.
How do you pass the output of a module to another module?
The post Terraform Basics appeared first on For all your terraform needs.
]]>