'%3E%3Cpath fill='%233A5C8D' d='M18.08 2H1.93C.87 2 0 2.85 0 3.9v15.5l.22.02c9.75 0 17.7-7.8 17.86-17.42Z' /%3E%3Cpath fill='%233A5C8D' d='M26.33 2H24.2C24.05 14.97 13.35 25.48.22 25.48L0 25.47v2.61C0 29.14.87 30 1.93 30h24.4c1.06 0 1.94-.86 1.94-1.92V3.91c0-1.05-.88-1.9-1.94-1.9Z' /%3E%3Cpath fill='%23262C49' d='M39.27 31.8c-.74-.2-1.28-.74-1.28-1.48 0-.88.67-1.55 1.56-1.55.23 0 .37.03.64.03 1.7 0 2.92-.63 2.92-3.02V10.52c0-1.04.74-1.81 1.8-1.81 1.01 0 1.76.77 1.76 1.81v15.73c0 3.9-2.34 5.75-5.83 5.75a5.1 5.1 0 0 1-1.57-.2Zm8.01-28.87a2.34 2.34 0 0 1-2.37 2.28 2.32 2.32 0 0 1-2.38-2.28 2.31 2.31 0 0 1 2.38-2.3 2.35 2.35 0 0 1 2.37 2.3Zm9.26 14.31a2.62 2.62 0 0 1-2.66 2.57 2.6 2.6 0 0 1-2.67-2.57 2.6 2.6 0 0 1 2.67-2.56 2.63 2.63 0 0 1 2.66 2.56Zm4.56 6.89V1.81C61.1.77 61.84 0 62.9 0c1.01 0 1.76.77 1.76 1.81v22.32c0 1.05-.75 1.82-1.76 1.82-1.02 0-1.8-.77-1.8-1.82Zm21.93-8.53v8.57a1.7 1.7 0 0 1-1.76 1.78 1.73 1.73 0 0 1-1.76-1.78v-.2a6.88 6.88 0 0 1-5.13 1.98c-3.46 0-5.8-1.92-5.8-4.77 0-2.9 2.37-4.7 6.14-4.7h4.72v-1.09c0-2.25-1.3-3.52-3.57-3.52-1.39 0-2.64.5-3.69 1.54-.44.37-.82.54-1.23.54-.84 0-1.55-.7-1.55-1.48 0-.5.23-.97.7-1.44a8.39 8.39 0 0 1 6.08-2.32c4.31 0 6.85 2.55 6.85 6.89Zm-3.6 3.73v-.3h-4.27c-1.93 0-2.95.7-2.95 2.01 0 1.35 1.15 2.19 2.92 2.19 2.4 0 4.3-1.72 4.3-3.9Zm25.67-1.99c0 4.98-3.46 8.61-8.14 8.61-2.38 0-4.38-.9-5.64-2.42v.6c0 1.08-.74 1.82-1.72 1.82-1.06 0-1.8-.77-1.8-1.82V1.81C87.8.77 88.58 0 89.6 0c1.01 0 1.76.74 1.76 1.81v9.32a7.07 7.07 0 0 1 5.56-2.42c4.72 0 8.18 3.66 8.18 8.63Zm-3.66-.03c0-3.09-2.14-5.38-5.1-5.38-3.01 0-5.02 2.19-5.02 5.41 0 3.2 2.04 5.38 5.03 5.38 2.95 0 5.09-2.28 5.09-5.4Zm6.66 6.09c-.34-.3-.51-.67-.51-1.15 0-.84.71-1.54 1.6-1.54.37 0 .74.13 1.11.47a5.66 5.66 0 0 0 3.9 1.71c1.46 0 2.68-.6 2.68-1.85 0-1.07-.98-1.5-2.34-2.05l-1.7-.7c-2.67-1.11-4.34-2.32-4.34-4.81 0-3.06 2.58-4.77 5.88-4.77 2.13 0 4 .77 5.29 2.01.37.34.54.74.54 1.18a1.5 1.5 0 0 1-1.5 1.51c-.37 0-.67-.16-1.11-.5a5.47 5.47 0 0 0-3.3-1.14c-1.32 0-2.27.5-2.27 1.58 0 .9.68 1.34 2.2 1.95l1.6.63c3.02 1.25 4.55 2.56 4.55 4.98 0 3.32-2.85 5.04-6.17 5.04a8.25 8.25 0 0 1-6.11-2.56Z' /%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='a'%3E%3Cpath fill='%23fff' d='M0 0h120.38v32H0z' /%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E)
State management and project structure with Terraform
Terraform is an open-source Infrastructure as Code tool created by HashiCorp. It allows users to manage various types of IT resources (especially cloud ones) using a declarative language known as HashiCorp Configuration Language. From this article, you will learn how to manage project state and structure to simplify teamwork.
State
When running examples from previous articles, or when applying your own Terraform scripts you’ve definitely seen the terraform.tfstate file appearing in your project main folder just after applying terraform configuration. This file is nothing more than a description of binding between resources in your configuration files and “real” resources provisioned in the cloud.
When you add a new resource to your configuration and apply it, terraform updates the state file with binding between local resource configuration (module, type, name) and an instance of this resource (unique id, attributes) in the cloud. Every time you plan changes terraform synchronizes the terraform.tfstate file with real resources attributes. When you remove any resource from your configuration terraform can simply detect this change because your local configuration does not contain the resource definition present in your state. The state file is pure JSON – you can inspect or even modify it every moment.
The concept of a state file kept locally is simple and powerful enough to start playing with Terraform. In bigger projects, especially those maintained by a team of developers, this might not be enough. You could possibly keep your state file under a version control system together with all other files but this means that after every ‘terraform apply’ command the state must be published to a common repository so that other team members can use it. It is neither convenient nor safe. The solution for this will be keeping the state in a remote location, available to all developers, automatically updated by Terraform. This solution is called a remote state.
For the sake of simplicity we start with the single file module creating storage bucket:
provider "google" {
project = "terraform-sandbox-302013"
region = "europe-west3"
}
resource "google_storage_bucket" "default" {
name = "terraform-sandbox-302013-my-storage"
}
Now we will add remote state configuration to this file:
terraform {
backend "gcs"{
bucket = "terraform-sandbox-302013-tfstate"
prefix = "dev"
}
}
What does this configuration do? It tells Terraform that Google Cloud Storage gcs should be used as a backend and all state files should be kept in the bucket named terraform-sandbox-302013-tfstate in folder dev. Thanks to the prefix we can keep multiple state files in the same bucket. Unfortunately, we need to use hardcoded values in this configuration – variables cannot be used during the initialization state. Also, the bucket must exist before running the ‘terraform init’ command – Terraform does not support creating backends “on-demand”. Of course, nothing can stop us from creating this bucket using terraform script, just without a remote state.
Running terraform init, followed by terraform plan, and finally applying it proves that our configuration works correctly.
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/google...
- Installing hashicorp/google v3.53.0...
- Installed hashicorp/google v3.53.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ terraform apply -auto-approve
google_storage_bucket.default: Creating...
google_storage_bucket.default: Creation complete after 1s [id=terraform-sandbox-302013-my-storage]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
After opening the Storage browser in the web console of our project we can see, that a default.tfstate file appeared in the backend bucket.
From this point, we are ready to share our infrastructure code with teammates, without any worries about the state – Terraform will keep it up-to-date after every change.
The shared remote state is the first step to hassle-free teamwork. In the second part of this article, you will find some bits of advice on project structure and best practices that will make your work smooth.
Project Structure
Small to medium project structure
When working with small projects it might be best for you to keep everything in a single repository (I’m not even trying to convince you that using VCS is beneficial). The single repository is, in most cases, simpler to navigate and maintain but even for a small project with a limited number of resources, your activities should be focused on creating reusable modules that can reduce code duplication between different environments.
Sample project structure can look as follows:
infrastructure
|- modules
| |- network
| | |- main.tf
| | |- variables.tf
| | |- output.tf
| |- gce
| |- main.tf
| |- variables.tf
| |- output.tf
|- dev
| |- main.tf
|- stage
| |- main.tf
|- prod
|- main.tfAs you can see we are keeping modules(network, gce) as an additional folder in the central infrastructure repo and one folder for each environment (dev, stage, and prod). Why different environments are separated instead of using variables to customize between environments? There are two reasons – the first one is remote state configuration – as you remember from the previous part of this article – remote state location cannot be parametrized. The second reason is additional flexibility – we can modify dev resources, use additional modules, completely change the structure without worrying about potential production infrastructure breaks.
Medium to big projects structure
For bigger projects, it is not uncommon to have hundreds or even thousands of resources managed by Terraform. Complex solutions are provided using complex modules consisting many smaller modules. Big projects also involve more developers and more teams working within the same infrastructure. In such a case, it will be beneficial to keep modules in a separate repository. This gives you the ability to develop modules completely independently from the main infrastructure project – as long as you give your module users the ability to refer to a particular repository version (for example by using tags):
module "bucket_with_iam" {
source = "git::https://example.com/bucket_with_iam.git?ref=v1.2.0"
}Easy to use modules
Below you will find some rules, that will help you to design easy to use modules.
- Do not hardcode values within your module. It is always better to expose variables and provide default values that the user can but needn’t provide.
- Create layered modules. When creating a module that provides managed Kubernetes service – is it worth to do also a network setup there? Maybe it would be better to create a separate module with a network setup and reuse it here? Networking seems to be quite a common thing and might be reused somewhere else.
- Document your work. Tools like terraform-docs help you to generate documentation, for example in markdown format that can be shipped together with your module code.
- Test your code. Infrastructure as a Code can be tested as easily as any other type of code. It doesn’t matter if you use tools like terratest, write bash, or python scripts – tests are crucial for any resilient and reliable infrastructure.
Summary
In this article, we have learned how to use a remote state in our projects to enable teamwork. We also learned about a project structure that fits projects of all sizes.
Links
https://www.terraform.io/docs/language/state/index.html
Poznaj mageek of j‑labs i daj się zadziwić, jak może wyglądać praca z j‑People!
Skontaktuj się z nami
