CI Automation on Terraform – Whizlabs Webinar

Whizlabs, on 22 Jan, 2022, conducted a webinar on ‘CI Automation on Terraform’ with two of the Senior DevOps consultants, Mehul Sharma and Aastha Rai.

About the Speakers

Mehul Sharma is a Senior DevOps Consultant at OpsTree Solutions. He is a technology enthusiast with a keen interest in the latest DevOps practices. He is passionate about training and keeps conducting regular workshops and corporate training. Apart from being an Azure Developer Community Organizer, he is also an Open-Source contributor for Azure Terraform Modules and Ansible.

Aastha Rai is a DevOps Consultant at OpsTree Solutions. She is an active open-source contributor for the Jenkins plugin and loves to explore the latest DevOps practices. Being passionate about technology herself, she loves to share her knowledge with tech enthusiasts by conducting training sessions.

Lets learn about the points discussed in the Webinar in brief.

What is Terraform?

In the words of HashiCorp, the official website, Terraform is Infrastructure as Code(IaaC).

There are multiple infrastructures around us including AWS, Google Cloud, and more, and Terraform helps us build the infrastructure for code for all these platforms.

What are the steps for this process?

Build, change, version, and the application of these changes to the infrastructure, safely and efficiently.

Why Terraform?

Let’s assume a testing team, and they want a Monday Infrastructure for a short period of time, so they ask their CIS admins to configure an infrastructure for their testing scenario. Now, when the CIS admins have done that, they demolish the infrastructure after the said time. So, if the testing team again wants the same infrastructure, they will go to the CIS team again for the same work. Here, the CIS teams would want the testing team to be self-sufficient, meanwhile reducing the cost of the infrastructure provisioning. So, they will assign them restricted access to the infrastructure provisioning, which will enable the testing team to become self-sufficient in provisioning a small infrastructure for their need of testing or development.

So, this is more like a person giving a high-five to himself.

How does Terraform ensure speed and safety?

Let us consider a small scale scenario.

For Example, you are required to provision a Virtual Machine in your Infrastructure. As per the process, you will move on the GUI, be it Azure, AWS, or any other. The next step you will form is to make some clicks, put some variables, and the EC2 machines will be there to support.

But, in a large scale scenario, wherein you are required to provision 100 VP2 Instances and Virtual Machines, you cannot go to the GUI each time and repeat the process, for it will also cause a risk of misspelling the variable, putting long checks and missing some of the checks, which will affect the whole infrastructure.

Here, Terraform comes into play. Once you have your old code written on paper, you can go one by one through the whole code and decide on the variable names, the checks that need to be there, the checks that should not be there. While typing and making the GUI clicks, your speed gets much slower than that of a computer, but with Terraform, you can quickly and safely deploy the whole Infrastructure in a moment of seconds.

Why Terraform?

We have seen coders around the world pushing their code to a Version Control System.

Now, we have a code in the form of ‘Infrastructure as a Code’, which should be on the version control, so that we do not have to pass the folders along. So, once we have our whole Terraform on the Version Control System, we can take all the good things out of it.

For example, if you are trying to enhance your infrastructure, and it requires you to add a new module or to make some changes in the already existing module, and you try to move on with it, there are two possibilities:

1. It will go forward, we can go ahead with the code.
2. It won’t move forward, then you will have to delete everything and recall all the steps taken. However, with Terraform, you will just have to move a commit back, or a certain no. of commits, till you reach the perfectly running code that you wanted and could be deployed easily.

Validity

If the state of your Infrastructure is defined in code, then for every single change, you can perform a code review, run a suite of automated tests, and pass the code through static analysis tools, which are some of the practices that are known to significantly reduce the chance of defects.

Reusability

For Instance, Terraform Registry, wherein all the already created modules are written for use, you are only required to make a search and reuse them. This enhances the capability to bring something new rather than working on the same things, moving around a circle that the company has been following for a long time.

Happiness

Generally, the person who manages the infrastructure does not get appraisal unless there is some kind of creativity. Till the time the infrastructure and developments are going well, and there exist no problems, no one notices the hard efforts. But, with Terraform, it has been possible to pinpoint the area of problem easily, making people happy.

What is CI?

On one side, there exists the code repository, i.e., the application code, and on the other side the artifactory, then the process happening in the middle is CI.

Why is CI required in Terraform?

Terraform is an Infrastructure as a Code (IaaC) tool, i.e., IaaC is code in the end, therefore it is handled in the very same way.

As a responsible DevOps consultant, our job is to 

• Ensure quality of code
• Validate, format, lint, test, and more
• Provide smooth deployment

Try “Infrastructure Automation with Terraform” Video Course

What stages should be added in Terraform CI?

Various commands of Terraform

Init: Command is ‘terraform init’

• init is short for initialize, and the basics of what it does are exactly inherent in the name, i.e., it initializes things.
• It looks for module blocks in the configuration inside of  the directory and then tracks down the source code for these modules based on arguments provided in source in the configuration.

Validate: Command is ‘terraform Validate’

• To make sure that the IaaC code is syntactically valid, and internally consistent, regardless of any provided variables or existing state.
• Validation requires an initialized working directory with the referenced plugins and modules installed.

Formating: Command is ‘terraform fmt’

• Rewrites Terraform configuration files to a canonical format and style. 
• Terraform configuration produces configuration files that conform to the style imposed by ‘terraform fmt’ to ensure consistency.
• Also makes other minor adjustments for readability.
• Deceases code manageability in version control.

Lint: Command is ‘tflint’

• Linting is a static code analysis process that flags potential problems like syntax errors, deviations from a prescribed coding style or using constructs known to be unsafe.

Security: Command is ‘tfsec’

This stage ensures that the best security practices are being followed by IaaC.

There are multiple tools available for the Security scan:

• tfsec
• checkov
• Terrascan

Test:

Testing ensures the basic functionality of the code. In programmatic language, we have unit testing and integration testing.

Pure unit testing is not possible in the case of IaaC, as it is about interacting with external systems. So a combination of unit and integration testing is carried out. Like modules are tested alone as part of a bigger setup.

Terraform Testing tools

• TerraTest
• KitchenCI

Plan: Command is ‘terraform plan’

Creates an execute plan to review the changes terraform will make to your infrastructure, in case you apply the changes.

Stages of Terraform CI

These were only some of the points discussed. For elaborate learning of the concept, refer to our webinar recording!

https://www.youtube.com/watch?v=zF20Sgu6Hp8

Happy Learning!

• About the Author
• More from Author

About Abilesh Premkumar

Abilesh holds a Master's degree in Information technology and Master of Philosophy Degree in Computer Science and did his Research on Information security via Collaborative Inference Detection. Also, received an Honorary Doctorate from UNO recognized organization. He contributes to Cloud research and supports building cloud computing tools.

• Top 25 DevSecOps Interview Question and Answers for 2024 - March 1, 2023
• How to prepare for VMware Certified Technical Associate [VCTA-DCV] Certification? - February 14, 2023
• Top 20 Cloud Influencers in 2024 - January 31, 2023
• 25 Free Question on SC-100: Microsoft Cybersecurity Architect - January 27, 2023
• Preparation Guide on MS-101: Microsoft 365 Mobility and Security - December 26, 2022
• Exam tips to prepare for Certified Kubernetes Administrator: CKA Exam - November 24, 2022
• Top Hands-On Labs To Prepare For AWS Certified Cloud Practitioner Certification - October 27, 2022
• Why do you need to upskill your teams with the Azure AI fundamentals? - October 11, 2022