Mastering Infrastructure As Code at VMwareExplore 2024 – VCFB1813BCN
HashiCorp Terraform is one of the most essential technologies for delivering infrastructure across multiple cloud environments. Using a single “language” enables us to abstract and deploy specific platforms regardless of the underlying architecture, while still tailoring them to meet customer needs. I began learning this technology to deploy virtual machines in a vSphere environment, and I’ve continually enhanced my approach by using modules and templates to streamline daily tasks.
With this experience, I decided to submit a session for VMware Explore 2024 in Barcelona to share everything you need to know to successfully implement Terraform Infrastructure as Code in your organization!
The rules to save your life with IaC
Today, automation is the primary method for deploying and consuming infrastructure resources. However, while automation provides flexibility through templates, it can also introduce errors, misconfigurations, and misunderstandings, especially for those new to Infrastructure as Code (IaC). Here are some key principles to follow:
- Use a Single Source of Truth: Store everything in version control to track deployments and changes in one centralized place.
- Avoid Manual Intervention: Even though tools like Terraform can handle and correct drift, manual changes can lead to unpredictable behaviors. Aim to automate all aspects of deployment.
- Implement Continuous Infrastructure Automation: Regularly apply changes, even with no updates. This ensures that the source of truth consistently reflects the deployed infrastructure.
- Keep Secrets Out of Version Control: While your repository should contain infrastructure templates and environment-specific variables, passwords and secrets should never be included. Instead, use a vault system for secure storage and rotation of secrets.
- Maintain Immutable Artifacts: Any artifact, whether a package or a set of templates, should be immutable across environments. This approach, similar to application deployment, allows you to test infrastructure with minimal changes between environments, easing the transition from testing to production.
- Enforce Role-Based Access Control (RBAC): Define roles and permissions carefully, applying the principle of least privilege. Automation processes should have well-defined, limited permissions to minimize security risks, especially in the context of potential supply-chain attacks.
- Treat Pipeline Failures as Learning Opportunities: Pipeline failures may create frustration, but they’re essential for identifying bugs and hardening your code. Encourage teams to view “red lights” as a chance to improve the system’s reliability.
- Acknowledge Role Distinctions: The responsibilities for building and maintaining the infrastructure differ from those involved in deploying and managing virtual machines. Clear role definitions are crucial for effective team collaboration.
- Align IaC Responsibilities with System Expertise: IaC should be managed by individuals with the same responsibilities and expertise as traditional infrastructure deployment and maintenance. This ensures that infrastructure code is handled by those who understand its operational implications.
Webinars VMUG and Code
VMware User Group (VMUG) Italy and VMware {Code} by Broadcom provided me with two fantastic opportunities to demonstrate how to use Terraform with VMware vSphere, showing how to deploy an entire infrastructure and virtual machine starting from a blank vCenter and an unconfigured ESXi host.
The “mantra” of this webinar was simple: fewer slides, more code! When I shared the concept with Franky, I was excited to show the {Code} community how to use Terraform in a completely clean VMware vSphere environment—just an ESXi host, a vCenter, and a few essential tools to deploy a full virtual infrastructure. And we did it:
https://www.youtube.com/live/DV5p-LMxa88?feature=shared&themeRefresh=1
I didn’t get to cover the “last mile” in this session (deploying a VM to test the environment), but I promised there would be a follow-up episode. In that session, I’ll show how to create a service from an ISO using tools like Packer, Cloud-init, Ansible, and more. Stay tuned!
At VMware Explore 2024 Barca
For the first time ever, I’m presenting a masterclass at VMware Explore on implementing Terraform effectively in an enterprise context—and it turns out my session is fully booked! I’m really proud of this achievement. If you’re interested in joining, there may be a waiting list for those who couldn’t get a spot, or you can catch the on-demand video after the presentation using session code VCFB1813BCN. I’ll also be available throughout the event at the {Code} Theater (vCommunity lounge), so feel free to stop by if you have any questions!
The Code
I can’t leave you without sharing some code! You can find a fully functional template here:
https://github.com/linoproject/terraform_master_class
I don’t want to spoil all the details of my presentation, but in this same repository, you’ll also find Packer code and modules to manage the virtual machine lifecycle. So—are you ready for what’s next?