[Terraform] Terraform Workflow (실행 순서)
✔️ 실행 순서
✔️ 초기화
terraform init
프로바이더 플러그인을 설치한다.
terraform init은 언제 실행하는가 ?
- 최초로 프로바이더를 설치할 때
- 프로바이더 버전을 업데이트할 때
[vagrant@controller 01]$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 3.27"...
- Installing hashicorp/aws v3.75.1...
- Installed hashicorp/aws v3.75.1 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
[vagrant@controller 01]$ ls -a
. .. main.tf .terraform .terraform.lock.hcl
[vagrant@controller 01]$ tree
.
└── main.tf
0 directories, 1 file
[vagrant@controller 01]$ tree .terraform
.terraform
└── providers
└── registry.terraform.io
└── hashicorp
└── aws
└── 3.75.1
└── linux_amd64
└── terraform-provider-aws_v3.75.1_x5 # 얘가 실행파일
6 directories, 1 file
프로바이더 확인
[vagrant@controller 01]$ cd .terraform/providers/registry.terraform.io/hashicorp/aws/3.75.1/
[vagrant@controller 3.75.1]$ ls
linux_amd64
[vagrant@controller 3.75.1]$ cd linux_amd64/
[vagrant@controller linux_amd64]$ ls
terraform-provider-aws_v3.75.1_x5
[vagrant@controller linux_amd64]$ file terraform-provider-aws_v3.75.1_x5
terraform-provider-aws_v3.75.1_x5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
[vagrant@controller linux_amd64]$ ls -l
total 244132
-rwxr-xr-x. 1 vagrant vagrant 249991168 Apr 21 02:57 terraform-provider-aws_v3.75.1_x5
[vagrant@controller linux_amd64]$
.terraform
, .terraform.lock.hcl
은 git에 업로드해서는 안된다.
✔️ 포맷팅
terraform fmt
테라폼 코드의 포맷을 자동 정렬해준다.
ansible의 yaml 파일처럼 띄어쓰기가 잘못되어 있으면 실행 자체가 되지 않는 것과 다르게
테라폼 코드는 코드의 구조에 대해 엄격하지 않다.
하지만 구조가 같아야 다른 사람들이 읽을 때도 가독성이 높고 이해하기 좋으며 유지보수 하기에도 좋기때문에
자동으로 포매팅되도록 명령으로 만들어 놓은 것이다.
그렇다면 포맷팅은 언제 해야하는가 ?
- 새로운 파일을 작성했을 때
- 기존 파일을 변경했을 때
✔️ 유효성 검증
작성한 코드가 문법상으로 이상이 없는지를 검사한다.
terraform validate
Success! The configuration is valid.
ansible의 syntax check와 같은 개념이다.
✔️ 계획
terraform plan
plan은 apply 작업에서 진행되므로 필수 작업은 아니지만 실제 apply 하기 전에 잘못된 부분을 체크해볼 수 있다.
[vagrant@controller 01]$ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.app_server will be created
+ resource "aws_instance" "app_server" {
+ ami = "ami-02de72c5dc79358c9"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = (known after apply)
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "ExampleAppServerInstance"
}
+ tags_all = {
+ "Name" = "ExampleAppServerInstance"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ capacity_reservation_specification {
+ capacity_reservation_preference = (known after apply)
+ capacity_reservation_target {
+ capacity_reservation_id = (known after apply)
}
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ enclave_options {
+ enabled = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
+ instance_metadata_tags = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
✔️ 적용
terraform apply
리소스 구성을 정의한 코드를 적용하여 실제 리소스를 생성한다.
[vagrant@controller 01]$ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.app_server will be created
+ resource "aws_instance" "app_server" {
+ ami = "ami-02de72c5dc79358c9"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = (known after apply)
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "ExampleAppServerInstance"
}
+ tags_all = {
+ "Name" = "ExampleAppServerInstance"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ capacity_reservation_specification {
+ capacity_reservation_preference = (known after apply)
+ capacity_reservation_target {
+ capacity_reservation_id = (known after apply)
}
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ enclave_options {
+ enabled = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
+ instance_metadata_tags = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
한번 리소스가 모두 생성되고 나면
다시 terraform plan, terraform apply 명령을 실행해도 변경될 것이 없다.
[vagrant@controller 01]$ terraform plan
aws_instance.app_server: Refreshing state... [id=i-0be836ad757edd88d]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
[vagrant@controller 01]$ terraform apply
aws_instance.app_server: Refreshing state... [id=i-0be836ad757edd88d]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
✔️ 제거
terraform destroy
[vagrant@controller 01]$ terraform destroy
aws_instance.app_server: Refreshing state... [id=i-0be836ad757edd88d]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_instance.app_server will be destroyed
- resource "aws_instance" "app_server" {
- ami = "ami-02de72c5dc79358c9" -> null
- arn = "arn:aws:ec2:ap-northeast-2:471702632719:instance/i-0be836ad757edd88d" -> null
- associate_public_ip_address = true -> null
- availability_zone = "ap-northeast-2c" -> null
- cpu_core_count = 1 -> null
- cpu_threads_per_core = 1 -> null
- disable_api_termination = false -> null
- ebs_optimized = false -> null
- get_password_data = false -> null
- hibernation = false -> null
- id = "i-0be836ad757edd88d" -> null
- instance_initiated_shutdown_behavior = "stop" -> null
- instance_state = "running" -> null
- instance_type = "t2.micro" -> null
- ipv6_address_count = 0 -> null
- ipv6_addresses = [] -> null
- monitoring = false -> null
- primary_network_interface_id = "eni-086de16fb9c2d61b6" -> null
- private_dns = "ip-172-31-37-253.ap-northeast-2.compute.internal" -> null
- private_ip = "172.31.37.253" -> null
- public_dns = "ec2-3-39-195-197.ap-northeast-2.compute.amazonaws.com" -> null
- public_ip = "3.39.195.197" -> null
- secondary_private_ips = [] -> null
- security_groups = [
- "default",
] -> null
- source_dest_check = true -> null
- subnet_id = "subnet-0044a8bc07dc4b889" -> null
- tags = {
- "Name" = "ExampleAppServerInstance"
} -> null
- tags_all = {
- "Name" = "ExampleAppServerInstance"
} -> null
- tenancy = "default" -> null
- vpc_security_group_ids = [
- "sg-099f9baaa17c118e7",
] -> null
- capacity_reservation_specification {
- capacity_reservation_preference = "open" -> null
}
- credit_specification {
- cpu_credits = "standard" -> null
}
- enclave_options {
- enabled = false -> null
}
- metadata_options {
- http_endpoint = "enabled" -> null
- http_put_response_hop_limit = 1 -> null
- http_tokens = "optional" -> null
- instance_metadata_tags = "disabled" -> null
}
- root_block_device {
- delete_on_termination = true -> null
- device_name = "/dev/xvda" -> null
- encrypted = false -> null
- iops = 100 -> null
- tags = {} -> null
- throughput = 0 -> null
- volume_id = "vol-07493c356489334a2" -> null
- volume_size = 8 -> null
- volume_type = "gp2" -> null
}
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_instance.app_server: Destroying... [id=i-0be836ad757edd88d]
aws_instance.app_server: Still destroying... [id=i-0be836ad757edd88d, 10s elapsed]
aws_instance.app_server: Still destroying... [id=i-0be836ad757edd88d, 20s elapsed]
aws_instance.app_server: Destruction complete after 30s
Destroy complete! Resources: 1 destroyed.
지금은 인스턴스 딱 하나 만드는 workflow를 진행했기 때문에 타격이 없지만
기본적으로 테라폼은 IaC로 인프라를 관리하고 있기 때문에
이미 배포한 인프라를 마음대로 aws 관리 콘솔로 속성을 변경하거나 이름을 바꾼거나 수동으로 삭제하거나 하면
테라폼이 알고 있는 내용(이런 코드를 토대로 이러한 리소스를 만들었었다.)과 달라지면 IaC 도구로서의 역할이 꼬인다.
따라서 IaC로 관리를 시작하면 끝까지 IaC를 이용해서 관리하는 것을 강력 권장한다.