BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News HashiCorp and Contino Share Enterprise Terraform Recommended Practices

HashiCorp and Contino Share Enterprise Terraform Recommended Practices

This item in japanese

Bookmarks

HashiCorp has published a Terraform Recommend Practices guide to assist enterprises looking to embrace cloud technologies and Infrastructure as Code (IaC). An overflow of a typical recommended Terraform workflow is provided (alongside the organisational personas involved) and a "provisioning maturity model" is presented, which also provides advice on how to evolve current practices from one level of maturity to the next. The guide is a collaboration between HashiCorp -- creator of open source and commercial infrastructure tooling such as Terraform, Packer and Vault -- and one of their system integration partners, Contino.

The HashiCorp blog post that announces the release of the guide states that using cloud-based services enables development teams to operate with a much greater degree of independence from the underlying operational constraints of traditional infrastructure. However, there are both technical and organisational challenges associated to moving from the traditional "racking and stacking" of physical infrastructure within a private data center to the creation and management of Software Defined Everything (SDx) e.g. the orchestration of compute resources via a programmatic API or SDK, and the use of Software Defined Networking (SDN) and Software Defined Storage (SDS).

HashiCorp Terraform enables an engineer to specify infrastructure as declarative code, plan, and provision environments in a "safe and predictable" manner. There are many existing experience reports and suggested best practices for structuring code and collaborating using Terraform, including Charity Majors' series of blog posts and Yevgeniy Brikman's blog posts, the latter of which was ultimately collated and augmented to create the O'Reilly book "Terraform: Up and Running". However, care should be taken when consulting any recommended practices with Terraform, as the framework itself is still evolving, and yesterday's recommended practice quickly becomes baked into the Terraform workflow itself or identified as an unnecessary workaround to overcome a misunderstanding with the framework.

Although Terraform is an open source tool, there is also commercial Terraform Enterprise product available, and the guide is focused towards enterprises adopting IaC (and Terraform Enterprise). However, there are still many useful workflows and recommended practices for any organisation that is looking to embrace the IaC approach to managing cloud infrastructure.

The guide is presented in three parts:

Part one of the guide discusses the organisational and technical challenges with introducing IaC into an enterprise, and presents four main personas for managing infrastructure at scale: Central IT, responsible for defining common infrastructure practices and enforcing policy; Organisation Architect, defining how global infrastructure is divided and delegated to the teams within the business unit; Workspace Owner, an individual that owns a specific set of workspaces and are the main approver of changes to production within their domain; and a Workspace Contributor, who submit changes to workspaces by making (non-production) updates to the infrastructure as code configuration.

Recommended practices are provided for each persona, with the foundational concept of a workspace -- a collection of everything Terraform needs to run, such as Terraform configuration, variables and state data -- being used for managing and delegating control appropriately.

Part two of the guide presents an IaC "provisioning maturity model", which includes: manual; semi-automated; infrastructure as code; and collaborative infrastructure as code. The guide also provides a series of questions for an organisation to conduct a self-assessment. Following from this, part three describes the steps necessary to move an organisation from their current maturity to the next stage.

As an example, the section that describes how to "Move from Semi-Automation to Infrastructure as Code" includes the recommended use of version control, references to learn about creating Terraform modules (the fundamental Terraform unit of componentisation that allows reuse), and how to define organisation guidelines and policy. These guidelines are largely based on a series of very useful architecture guides and recommended practices from the major cloud vendors:

The guide concludes with recommended practices for several more advanced topics, including: integrating Terraform with image building tools like Packer and configuration management frameworks like Chef; writing custom Terraform Providers; running Terraform in CI/CD build pipelines; and the purpose of the Terraform Provider Development Program.

The HashiCorp and Contino Terraform Recommended Practices Guide can be found on the Terraform documentation website.

Rate this Article

Adoption
Style

BT