Terrafrunt : Michael

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Recording : 

https://api-vo.jitsi.net/conference-history/v1/shared-recording/876de66a-2415-45ba-826a-dee0a5324e6aff3f346a-f25c-4821-9465-1e2f7ba8a5db

https://github.com/8x8/auto_gitops_oci_workspaces_tree_main/tree/master/eightxeightmain/children/ops/children/production/resources 

We are using Hasicorp Vault.

vault.es.8x8.com    -- Okta login for this.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/compartment

Terragrunt runs on dry principle : Do not repeat yourself

One of the key concept is the ability to share values between compartments , for example if I create something example networking - lets say we hand off the network configuration to our netops team, which we do , they define a subnet in their code somewhere it is going to have a OCID attached to it when you build an instance you need to reference this subnet oci id-- Rather you having to take this ocid into a variable somewhere , manual copy that ocid - what happens when netops re-deploy that stuff the OCID for that subnet changes , then you need to go into your code and find out what the OCID is add it to your variable and the reploy your stuff . You need to redefine thinks as you are repeating things.

In terragunt what the concept is that , when you are at the compartment level if you at the compartment level , I do not know if this quite true here.

auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/compartment/
 
> terragrunt.hcl 

For any one of the terraform statefile that you have created any of the output from statefile can be reused else where . You can really inherit the values that you have exported from this terraform code into another area of the project

auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production/resources/

The way the tree is organized -- we are going to copy this tree structure to our on-premise environment and the same work is happening in the aws side as well

we have resources and we happen to organize by region .

auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production/resources/

 

In our environment that may be divided by datacenter or something - WE WILL FIGURE THAT UP.

under phoneix , you are going to see a loads of other directories .

we have region.hcl -- anylevel you can define additonal hcl files

for every region we want to create a reusable variable region .


And that defines the oci region .

datacenter we call it us1 , it is friendly name

lets go to > intraswitch-logs-object-storage-01   -- This is what is going to be more relevant for you 

In our case we will probably create another directory called : HIPAA Log Object Storage

Underneath this if it is production :

auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production/resources/us-phoenix-1/intraswitch-logs-object-storage-01 
 

auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production/resources/us-phoenix-1/intraswitch-logs-object-storage-01/workflow_params.yml

> workflow_params.yml

This is more specific for the workflow of the Jenkins , vault access -- I haven't looked at this - Vlad is going to walk me into some of this stuff.

We are using actually - Hasicorp Vault


These values , none of them is hardcoded anywhere 

terragunt.hcl file

Find their locations : 

# Automatically load account-level variables
workspace_tree_config_account = read_terragrunt_config(find_in_parent_folders("account.hcl")) --  auto_gitops_oci_workspaces_tree_main/eightxeightmain/   
# Automatically load business-unit-level variables
workspace_tree_config_bu = read_terragrunt_config(find_in_parent_folders("bu.hcl")) -- auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/
# env vars
workspace_tree_config_env = read_terragrunt_config(find_in_parent_folders("env.hcl"))  
auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production



 
workspace_tree_config_region= read_terragrunt_config(find_in_parent_folders("region.hcl"))
# ========= WS Tree Configs


We are not hardcoding these variable , what happens is when the Jenkins job get run . This get pulled in from vault. 

Account.hcl & region.hcl are found here   > auto_gitops_oci_workspaces_tree_main/eightxeightmain/

Env.hcl : auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production/env.hcl

 bu.hcl  >  auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/
Compartment OCID is not part of the thing ,  is an output of this module . That is the out of this terraform module. 

 


 
auto_gitops_oci_workspaces_tree_main/eightxeightmain/children/ops/children/production/resources/us-phoenix-1/intraswitch-logs-object-storage-01/terragrunt.hcl 

 

The above file has some variable defined here such as "local.ws_data.terragrunt.resources.bucket_name", we can define the values here, Michael is not a great fan of these. these variables are defined in some file.

All the configuration is defined right here.
git clone <>

$ git checkout -b feature/hipaa_bucket


We are using something called OPA- Open Policy agent - When you say terraform plan (it generates a plan file ) this plan is pushed to OPA.  This plan is evaluated against the policies.

Lets say you cannot create OCI Bucket with public access. ==

Important : The Terraform code must be very generic and all the configuration that makes your code unique must go into the terragrunt.hcl file










Comments

Post a Comment

Popular posts from this blog

Terraform : AWS : Terraform on AWS with SRE & IaC DevOps | Section 2 : Terraform basics

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Username :sreejith.awsspace@gmail.com Password : E  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ How to run Ansible playbook from Terraform | Terraform Ansible Integration | WhatsAPP No-8817442344  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Learning Path Terraform  -- Whatever we do in AWS is all the services we will present Ansible -- configuration with jenkins with oracle script Linux Shell  Patching AWS SysOps last DevOps : Pipeline Terraform Basics : 4. Step-01: MacOS: Install Terraform  Install Terraform CLI  : Terraform binary which we need to install on our local desktop   AWS CLI : If we are using AWS as the provider to provision the infrastructure on AWS cloud the AWS CLI needs to be installed. VS code editor has the IDE for writing terraform configuration file  Terraform syntax related language ...
Read more

Terraform : AWS : Terraform on AWS | Section 4: Terraform Input Variables and Datasources

Image
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   25. Step-01: Introduction to Variables Section From the terraform perspective . we are going to learn the following on the left and from AWS perspective  We are going to dynamically get the latest AMI id from AWS, using data source terraform concept and then create the EC2 Instance . In addition to that we are also going to associate an existing Key pair to for whatever is present in our EC2 key Pairs to our EC2 instance when it is creating . Earlier we manually configured the NSG - Network security group. here we are going to create two resources called VPC-SSH , VPC-Web,  so that can be used to access the EC2 instance . So using ssh you should be able to access the EC2 instance and using VPC Web security will be used to access the web server. We also need to understand why are we creating two security groups ...
Read more

Terraform VPC - on AWS : Three tier architecture design

Image
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ We are going to build a three tier architecture as follows.   AWS Management Console : First Build manually  We are going to build a VPC \ We are going to create public and private subnets under two different available zone . Two more private subnets for database. In addition to that we are going to create an InternetGateway.  And add the routes for the public subnets where by incoming traffics are also allowed by this public subnets. In addition to that we will create NAT Gateway with elastic IPs. Therefore the EC2 instances in the private subnet can communicate to the internet world using the NAT gateway created on the Public subnets.  Above diagram represents what we are planning to build. We will learn about Terraform Modules and Local Values.    43 . Building VPC Manually using AWS Console. http...
Read more