Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Nouvelles chaudes

Making Your First Terraform File Doesn't Have to Be Scary

15 août 2023 Hi-network.com

For the past several years,I've tried to give at least one Terraform-centric session at Cisco Live. That's because they're fun and make for awesome demos. What's a technical talk without a demo? But I also see huge crowds every time I talk about Terraform. While I wasn't an economics major,I do know if demand is this large,we need a larger supply!

That's why I decided to step back and focus to the basics of Terraform and its operation. The configuration applied won't be anything complex, but it should explain some basic structures and requirements for Terraform to do its thing against a single piece of infrastructure, Cisco ACI. Don't worry if you're not an ACI expert; deep ACI knowledge isn't required for what we'll be configuring.

The HCL File: What Terraform will configure

A basic Terraform configuration file is written in Hashicorp Configuration Language (HCL). This domain-specific language (DSL) issimilarin structure to JSON, but it adds components for things like control structures, large configuration blocks, andintuitive variable assignments (rather than simple key-value pairs).

At the top of every Terraform HCL file, we must declare the providers we'll need to gather from the Terraform registry. A provider supplies the linkage between the Terraform binary and the endpoint to be configured by defining what can be configured and what the API endpoints and the data payloads should look like. In our example, we'll only need to gather the ACI provider, which is defined like this:

terraform {  required_providers {    aci = {      source = "CiscoDevNet/aci"    }  }}

Once you declare the required providers, you have to tell Terraform how to connect to the ACI fabric, which we do through the provider-specific configuration block:

provider "aci" {username = "admin"password = "C1sco12345"url      = "https://10.10.20.14"insecure = true}

Notice the name we gave the ACI provider (aci) in theterraformconfiguration block matches the declaration for the provider configuration. We're telling Terraform the provider we namedacishould use the following configuration to connect to the controller. Also, note theusername, password, url, andinsecureconfiguration options are nested within curly braces { }. This indicates to Terraform that all this configuration should all be grouped together, regardless of whitespaces, indentation, or the use of tabs vs. spaces.

Now that we have a connection method to the ACI controller, we can define the configuration we want to apply to our datacenter fabric. We do this using a resource configuration block. Within Terraform, we call something a resource when we want to change its configuration; it's a data source when we only want to read in the configuration that already exists. The configuration block contains two arguments, the name of the tenant we'll be creating and a description for that tenant.

resource "aci_tenant" "demo_tenant" {name        = "TheU_Tenant"description = "Demo tenant for the U"}

Once we write that configuration to a file, we can save it and begin the process to apply this configuration to our fabric using Terraform.

The Terraform workflow: How Terraform applies configuration

Terraform's workflow to apply configuration is straightforward and stepwise. Once we've written the configuration, we can perform aterraform init, which will gather the providers from the Terraform registry who have been declared in the HCL file, install them into the project folder, and ensure they are signed with the same PGP key that HashiCorp has on file (to ensure end-to-end security). The output of this will look similar to this:

[I] theu-terraform ? terraform initInitializing the backend...Initializing provider plugins...- Finding latest version of ciscodevnet/aci...- Installing ciscodevnet/aci v2.9.0...- Installed ciscodevnet/aci v2.9.0 (signed by a HashiCorp partner, key ID 433649E2C56309DE)Partner and community providers are signed by their developers.If you'd like to know more about provider signing, you can read about it here:https://www.terraform.io/docs/cli/plugins/signing.htmlTerraform has created a lock file .terraform.lock.hcl to record the providerselections it made above. Include this file in your version control repositoryso that Terraform can guarantee to make the same selections by default whenyou run "terraform init" in the future.Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see any changes required for your infrastructure. All Terraform commands should now work.

If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

Once the provider has been gathered, we can invoketerraform planto see what changes will occur in the infrastructure prior to applying the config. I'm using the reservable ACI sandbox from Cisco DevNet  for the backend infrastructure but you can use the Always-On sandbox or any other ACI simulator or hardware instance. Just be sure to change the targetusername, password, and urlin the HCL configuration file.

Performing theplanaction will output the changes that need to be made to the infrastructure, based on what Terraform currently knows about the infrastructure (which in this case is nothing, as Terraform has not applied any configuration yet). For our configuration, the following output will appear:

[I] theu-terraform ? terraform planTerraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + createTerraform will perform the following actions:#aci_tenant.demo_tenant will be created+ resource "aci_tenant" "demo_tenant" {+ annotation                    = "orchestrator:terraform"+ description                   = "Demo tenant for the U"+ id                            = (known after apply)+ name                          = "TheU_Tenant"+ name_alias                    = (known after apply)+ relation_fv_rs_tenant_mon_pol = (known after apply)}Plan: 1 to add, 0 to change, 0 to destroy.

tag-icon Tags chauds: Cisco DevNet #CiscoACI HashiCorp Terraform

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.
Our company's operations and information are independent of the manufacturers' positions, nor a part of any listed trademarks company.