BT

HashiCorp and Contino Share Enterprise Terraform Recommended Practices

| by Daniel Bryant Follow 365 Followers on Jan 11, 2018. Estimated reading time: 4 minutes |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

HashiCorp has published a Terraform Recommend Practices guide to assist enterprises looking to embrace cloud technologies and Infrastructure as Code (IaC). An overflow of a typical recommended Terraform workflow is provided (alongside the organisational personas involved) and a "provisioning maturity model" is presented, which also provides advice on how to evolve current practices from one level of maturity to the next. The guide is a collaboration between HashiCorp -- creator of open source and commercial infrastructure tooling such as Terraform, Packer and Vault -- and one of their system integration partners, Contino.

The HashiCorp blog post that announces the release of the guide states that using cloud-based services enables development teams to operate with a much greater degree of independence from the underlying operational constraints of traditional infrastructure. However, there are both technical and organisational challenges associated to moving from the traditional "racking and stacking" of physical infrastructure within a private data center to the creation and management of Software Defined Everything (SDx) e.g. the orchestration of compute resources via a programmatic API or SDK, and the use of Software Defined Networking (SDN) and Software Defined Storage (SDS).

HashiCorp Terraform enables an engineer to specify infrastructure as declarative code, plan, and provision environments in a "safe and predictable" manner. There are many existing experience reports and suggested best practices for structuring code and collaborating using Terraform, including Charity Majors' series of blog posts and Yevgeniy Brikman's blog posts, the latter of which was ultimately collated and augmented to create the O'Reilly book "Terraform: Up and Running". However, care should be taken when consulting any recommended practices with Terraform, as the framework itself is still evolving, and yesterday's recommended practice quickly becomes baked into the Terraform workflow itself or identified as an unnecessary workaround to overcome a misunderstanding with the framework.

Although Terraform is an open source tool, there is also commercial Terraform Enterprise product available, and the guide is focused towards enterprises adopting IaC (and Terraform Enterprise). However, there are still many useful workflows and recommended practices for any organisation that is looking to embrace the IaC approach to managing cloud infrastructure.

The guide is presented in three parts:

Part one of the guide discusses the organisational and technical challenges with introducing IaC into an enterprise, and presents four main personas for managing infrastructure at scale: Central IT, responsible for defining common infrastructure practices and enforcing policy; Organisation Architect, defining how global infrastructure is divided and delegated to the teams within the business unit; Workspace Owner, an individual that owns a specific set of workspaces and are the main approver of changes to production within their domain; and a Workspace Contributor, who submit changes to workspaces by making (non-production) updates to the infrastructure as code configuration.

Recommended practices are provided for each persona, with the foundational concept of a workspace -- a collection of everything Terraform needs to run, such as Terraform configuration, variables and state data -- being used for managing and delegating control appropriately.

Part two of the guide presents an IaC "provisioning maturity model", which includes: manual; semi-automated; infrastructure as code; and collaborative infrastructure as code. The guide also provides a series of questions for an organisation to conduct a self-assessment. Following from this, part three describes the steps necessary to move an organisation from their current maturity to the next stage.

As an example, the section that describes how to "Move from Semi-Automation to Infrastructure as Code" includes the recommended use of version control, references to learn about creating Terraform modules (the fundamental Terraform unit of componentisation that allows reuse), and how to define organisation guidelines and policy. These guidelines are largely based on a series of very useful architecture guides and recommended practices from the major cloud vendors:

The guide concludes with recommended practices for several more advanced topics, including: integrating Terraform with image building tools like Packer and configuration management frameworks like Chef; writing custom Terraform Providers; running Terraform in CI/CD build pipelines; and the purpose of the Terraform Provider Development Program.

The HashiCorp and Contino Terraform Recommended Practices Guide can be found on the Terraform documentation website.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT