HashiCorp Terraform is an open source infrastructure as code (IaC) software tool that allows DevOps engineers to programmatically provision the physical resources an application requires to run.
Infrastructure as code is an IT practice that manages an application's underlying IT infrastructure through programming. This approach to resource allocation allows developers to logically manage, monitor and provision resources -- as opposed to requiring that an operations team manually configure each required resource.
Terraform users define and enforce infrastructure configurations by using a JSON-like configuration language called HCL (HashiCorp Configuration Language). HCL's simple syntax makes it easy for DevOps teams to provision and re-provision infrastructure across multiple cloud and on-premises data centers.
HashiCorp offers a commercial version of Terraform called Terraform Enterprise. According to the HashiCorp website, the commercial version includes enterprise features on top of open source Terraform and includes a framework called Sentinel that can implement policy as code.
How does Terraform work?
Terraform allows users to define their entire infrastructure simply by using configuration files and version control. When a command is given to deploy and run a server, database or load balancer, Terraform parses the code and translates it into an application programming interface (API) call to the resource provider. Because Terraform is open source, developers are always able to extend the tool's usefulness by writing new plugins or compiling different versions of existing plugins.
Terraform has two important components: Terraform Core and Terraform Plugins.
Terraform Core oversees the reading and interpolation of resource plan executions, resource graphs, state management features and configuration files. Core is composed of compiled binaries written in the Go programming language. Each compiled binary acts as a command-line interface (CLI) for communicating with plugins through remote procedure calls (RPC).
Terraform Plugins are responsible for defining resources for specific services. This includes authenticating infrastructure providers and initializing the libraries used to make API calls. Terraform Plugins are written in Go as executable binaries that can either be used as a specific service or as a provisioner. (Provisioner plugins are used to execute commands for a designated resource.)
Terraform modules allow complex resources to be used and reused as needed. Each module is essentially a container for multiple infrastructure resources that the developer wants to group together. Modules have both input and output variables. Input variables accept values from a calling module. Output variables return data to the calling module. Modules can call each other, which helps make configurations faster.
In order to be published to the Terraform Registry, each module must have a naming structure, a repository description, a standard module structure, a supported version control system and tags for release. The Terraform Registry acts as a centralized repository for module sharing and enables the discovery and distribution of Terraform modules to users. The Registry is available in two variants:
- Public Registry -- holds services that interact with an API to expose and manage specific resource and community-contributed modules.
- Private Registry -- holds services for modules used internally within an organization.
What is Terraform used for?
- External resource management -- Terraform supports public and private cloud infrastructure, as well as network appliances and software as a service (SaaS) deployments.
- Multi-cloud deployment -- the software tool's native ability to support multiple cloud services helps increase fault tolerance.
- Multi-tier applications -- Terraform allows each resource collection to easily be scaled up or down as needed.
- Self-service clusters -- the registries make it easy for users to find prepackaged configurations that can be used as is or modified to meet a particular need.
- Software defined networking (SDN) -- Terraform's readability makes it easy for network engineers to codify the configuration for an SDN.
- Resource scheduler -- Terraform modules can stop and start resources on AWS and allow Kubernetes to schedule Docker containers.
- Disposable environments -- modules can be used to create an ad hoc, throwaway test environment for code before it's put into production.
Features of Terraform
Terraform works by building a graph database that provides operators with insight into resource dependencies. It also generates an execution plan that allows operators to see what sequence of steps Terraform will take when a setting is applied or a change is made. Terraform software also includes the following:
- a console that allows users to observe functions such as numeric, string, date and time, collections as well as encoding functions;
- a configuration language that supports interpolation and enables admins to pass functions as a string to perform a range of operations;
- the ability to translate HCL code into the JSON format; and
- a feature called Module Count that specifies the number of modules that have been applied to an infrastructure.
Benefits and challenges of using Terraform
The advantages of using Terraform include the ability to:
- translate HCL code into JSON;
- support multiple cloud platforms;
- make incremental changes to resources;
- provide support for software-defined networking;
- import existing resources to a Terraform state; and
- lock modules before applying state changes to ensure that only one person can make changes at a time.
There are some disadvantages, however, to using Terraform.
- New releases and updates may have bugs.
- States have to be in sync with the infrastructure at all times.
- If users don't opt to use JSON, they will have to learn a new language, HCL.
- It doesn't have error handling.
- Renaming resources and moving them deeper into modules can be difficult.
Alternatives to Terraform
Two examples of alternative tools to Terraform are Pulumi and SaltStack.
SaltStack is an event-driven automation and IaC tool that helps IT organizations manage and secure cloud infrastructure. The tool can be used to automate the efficient orchestration of an enterprise DevOps workflow. Features of SaltStack include automated provisioning, network provisioning, scheduling, automation of device configuration maintenance and remote access from mobile devices.